www.mediafire.com Open in urlscan Pro
104.16.53.48 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://easysofto.com/
Effective URL:
https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Submission Tags: @ecarlesi threat #phishing Search All
Submission: On September 10 via api (September 10th 2023, 7:23:10 am UTC) from AU — Scanned from AU

Summary HTTP 206 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 69 IPs in 9 countries across 69 domains to perform 206 HTTP transactions. The main IP is 104.16.53.48, located in and belongs to CLOUDFLARENET, US. The main domain is www.mediafire.com. The Cisco Umbrella rank of the primary domain is 37102.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 30th 2022. Valid for: a year.

This is the only time www.mediafire.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	162.255.119.102 162.255.119.102	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1 1	179.43.170.230 179.43.170.230	51852 (PLI-AS) (PLI-AS)
1 18	104.16.53.48 104.16.53.48	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.67.144.62 172.67.144.62	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.250.76.104 142.250.76.104	15169 (GOOGLE) (GOOGLE)
1	104.26.7.139 104.26.7.139	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.203.7 172.67.203.7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	172.217.24.46 172.217.24.46	15169 (GOOGLE) (GOOGLE)
1	104.16.56.101 104.16.56.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.35.148.56 13.35.148.56	16509 (AMAZON-02) (AMAZON-02)
2	104.19.214.37 104.19.214.37	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.66.206 142.250.66.206	15169 (GOOGLE) (GOOGLE)
1	157.240.8.35 157.240.8.35	32934 (FACEBOOK) (FACEBOOK)
3	130.211.23.194 130.211.23.194	15169 (GOOGLE) (GOOGLE)
2	104.26.3.70 104.26.3.70	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.204.6 142.250.204.6	15169 (GOOGLE) (GOOGLE)
1	52.39.211.76 52.39.211.76	16509 (AMAZON-02) (AMAZON-02)
2	216.239.32.181 216.239.32.181	15169 (GOOGLE) (GOOGLE)
2	74.125.24.155 74.125.24.155	15169 (GOOGLE) (GOOGLE)
2	142.250.76.99 142.250.76.99	15169 (GOOGLE) (GOOGLE)
3	172.217.167.67 172.217.167.67	15169 (GOOGLE) (GOOGLE)
3	142.251.221.74 142.251.221.74	15169 (GOOGLE) (GOOGLE)
2	157.240.8.23 157.240.8.23	32934 (FACEBOOK) (FACEBOOK)
2	3.24.63.190 3.24.63.190	16509 (AMAZON-02) (AMAZON-02)
10	172.64.137.23 172.64.137.23	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 4	142.250.66.228 142.250.66.228	15169 (GOOGLE) (GOOGLE)
12	172.217.167.66 172.217.167.66	15169 (GOOGLE) (GOOGLE)
3	142.250.204.3 142.250.204.3	15169 (GOOGLE) (GOOGLE)
1	34.107.148.139 34.107.148.139	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5	54.255.66.128 54.255.66.128	16509 (AMAZON-02) (AMAZON-02)
1	207.65.33.78 207.65.33.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	151.101.129.229 151.101.129.229	54113 (FASTLY) (FASTLY)
1	104.22.52.86 104.22.52.86	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	182.161.73.129 182.161.73.129	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1	13.35.23.33 13.35.23.33	16509 (AMAZON-02) (AMAZON-02)
1	13.35.147.121 13.35.147.121	16509 (AMAZON-02) (AMAZON-02)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	142.250.204.1 142.250.204.1	15169 (GOOGLE) (GOOGLE)
1 2	34.120.135.53 34.120.135.53	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	54.179.248.176 54.179.248.176	16509 (AMAZON-02) (AMAZON-02)
13	142.251.221.65 142.251.221.65	15169 (GOOGLE) (GOOGLE)
2	142.250.67.2 142.250.67.2	15169 (GOOGLE) (GOOGLE)
10	142.250.76.97 142.250.76.97	15169 (GOOGLE) (GOOGLE)
2	142.250.204.10 142.250.204.10	15169 (GOOGLE) (GOOGLE)
1	162.19.138.120 162.19.138.120	16276 (OVH) (OVH)
1 6	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
5 5	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1 1	124.146.215.50 124.146.215.50	2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications)
2 2	13.35.147.94 13.35.147.94	16509 (AMAZON-02) (AMAZON-02)
7 10	142.250.66.194 142.250.66.194	15169 (GOOGLE) (GOOGLE)
9	142.250.204.2 142.250.204.2	15169 (GOOGLE) (GOOGLE)
2	104.74.54.193 104.74.54.193	16625 (AKAMAI-AS) (AKAMAI-AS)
9	23.219.60.21 23.219.60.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.106.127.39 23.106.127.39	59253 (LEASEWEB-...) (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd.)
1 1	64.38.119.42 64.38.119.42	18568 (BIDTELLECT) (BIDTELLECT)
2	54.169.111.87 54.169.111.87	16509 (AMAZON-02) (AMAZON-02)
5 7	35.213.12.39 35.213.12.39	15169 (GOOGLE) (GOOGLE)
1 1	23.108.103.8 23.108.103.8	59253 (LEASEWEB-...) (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd.)
1	52.46.130.91 52.46.130.91	16509 (AMAZON-02) (AMAZON-02)
2	207.65.33.83 207.65.33.83	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	182.161.73.136 182.161.73.136	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1 1	198.8.71.131 198.8.71.131	54312 (ROCKETFUEL) (ROCKETFUEL)
1 1	72.34.250.75 72.34.250.75	27630 (AS-XFERNET) (AS-XFERNET)
2	23.221.21.71 23.221.21.71	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	13.228.234.186 13.228.234.186	16509 (AMAZON-02) (AMAZON-02)
2 2	182.161.73.146 182.161.73.146	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
2 2	70.42.32.95 70.42.32.95	13789 (INTERNAP-...) (INTERNAP-BLK3)
1 1	23.202.168.221 23.202.168.221	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	3.121.177.157 3.121.177.157	() ()
2 2	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1 1	103.229.10.211 103.229.10.211	16509 (AMAZON-02) (AMAZON-02)
14	207.65.33.82 207.65.33.82	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	103.43.90.21 103.43.90.21	29990 (ASN-APPNEX) (ASN-APPNEX)
1 1	18.138.18.111 18.138.18.111	16509 (AMAZON-02) (AMAZON-02)
2 3	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	13.228.47.177 13.228.47.177	16509 (AMAZON-02) (AMAZON-02)
1 2	119.9.108.180 119.9.108.180	45187 (RACKSPACE...) (RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider Hong Kong)
1	34.124.209.251 34.124.209.251	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	54.169.195.178 54.169.195.178	16509 (AMAZON-02) (AMAZON-02)
2 2	18.143.106.89 18.143.106.89	16509 (AMAZON-02) (AMAZON-02)
3	67.199.150.85 67.199.150.85	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	18.176.159.211 18.176.159.211	() ()
3 4	185.84.60.29 185.84.60.29	() ()
1 2	151.101.194.49 151.101.194.49	() ()
1 1	54.144.108.188 54.144.108.188	() ()
1 1	35.186.154.107 35.186.154.107	() ()
1 2	35.186.193.173 35.186.193.173	() ()
1 1	139.162.23.100 139.162.23.100	() ()
2 3	35.190.60.146 35.190.60.146	() ()
2 2	107.178.254.65 107.178.254.65	() ()
1 1	34.98.67.3 34.98.67.3	() ()
1 1	50.116.239.135 50.116.239.135	() ()
2 2	89.207.22.105 89.207.22.105	() ()
206	69

1 162.255.119.102 (United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)

easysofto.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 179.43.170.230 (Zurich, Switzerland) 1 redirects

ASN51852 (PLI-AS, PA)
PTR: hostedby.privatelayer.com

easysofty.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 104.16.53.48 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.mediafire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.mediafire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.144.62 (United States)

ASN13335 (CLOUDFLARENET, US)

the.gatekeeperconsent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
privacy.gatekeeperconsent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.76.104 (Old Bridge, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s24-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.7.139 (None, )

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.203.7 (United States)

ASN13335 (CLOUDFLARENET, US)

www.ezojs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 172.217.24.46 (United States)

ASN15169 (GOOGLE, US)
PTR: hkg07s23-in-f14.1e100.net

translate.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.56.101 (None, )

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.148.56 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-148-56.syd1.r.cloudfront.net

cdn.amplitude.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.214.37 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.otnolatrnup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
otnolatrnup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.66.206 (Old Bridge, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s23-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.240.8.35 (Sydney, Australia)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-syd2.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 130.211.23.194 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 194.23.211.130.bc.googleusercontent.com

api.btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.26.3.70 (None, )

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.204.6 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.39.211.76 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-39-211-76.us-west-2.compute.amazonaws.com

api.amplitude.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.239.32.181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.125.24.155 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f155.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.76.99 (Old Bridge, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s24-in-f3.1e100.net

www.google.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.167.67 (United States)

ASN15169 (GOOGLE, US)
PTR: syd15s06-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.221.74 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s31-in-f10.1e100.net

translate.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.8.23 (Sydney, Australia)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-syd2.fbcdn.net

static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.24.63.190 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-24-63-190.ap-southeast-2.compute.amazonaws.com

g.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.64.137.23 (United States)

ASN13335 (CLOUDFLARENET, US)

go.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.66.228 (Old Bridge, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: syd15s15-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 172.217.167.66 (United States)

ASN15169 (GOOGLE, US)
PTR: syd15s06-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.204.3 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.148.139 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 139.148.107.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 54.255.66.128 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-255-66-128.ap-southeast-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 207.65.33.78 (United States)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.229 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.22.52.86 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.161.73.129 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.23.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-23-33.sin5.r.cloudfront.net

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.147.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-147-121.syd1.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.204.1 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f1.1e100.net

9d3dc99658da8f4872b21ae2a02a5eb7.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.135.53 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 53.135.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.179.248.176 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-179-248-176.ap-southeast-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.251.221.65 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s31-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.67.2 (Old Bridge, United States)

ASN15169 (GOOGLE, US)
PTR: syd15s16-in-f2.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.76.97 (Old Bridge, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s24-in-f1.1e100.net

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.204.10 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.120 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533571.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.244.159.8 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
jp-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.223.40.198 (United States) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 124.146.215.50 (Japan) 1 redirects

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.35.147.94 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-35-147-94.syd1.r.cloudfront.net

cr-p3.ladsp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.66.194 (Old Bridge, United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: syd09s23-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.204.2 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.74.54.193 (Sydney, Australia)

ASN16625 (AKAMAI-AS, US)
PTR: a104-74-54-193.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 23.219.60.21 (Sydney, Australia)

ASN16625 (AKAMAI-AS, US)
PTR: a23-219-60-21.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.106.127.39 (Singapore)

ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.38.119.42 (United States) 1 redirects

ASN18568 (BIDTELLECT, US)

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.169.111.87 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-169-111-87.ap-southeast-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 35.213.12.39 (Tokyo, Japan) 5 redirects

ASN15169 (GOOGLE, US)
PTR: 39.12.213.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.108.103.8 (Singapore) 1 redirects

ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG)

inv-nets.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.46.130.91 (Ashburn, United States)

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 207.65.33.83 (United States)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.161.73.136 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.8.71.131 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.34.250.75 (Beaumont, United States) 1 redirects

ASN27630 (AS-XFERNET, US)

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.221.21.71 (Sydney, Australia)

ASN16625 (AKAMAI-AS, US)
PTR: a23-221-21-71.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.228.234.186 (Singapore) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-13-228-234-186.ap-southeast-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 182.161.73.146 (Singapore) 2 redirects

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 70.42.32.95 (United States) 2 redirects

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.202.168.221 (Sydney, Australia) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-202-168-221.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.121.177.157 (None, ) 2 redirects

ASN- ()

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.90 (Amsterdam, Netherlands) 2 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.229.10.211 (Singapore) 1 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 207.65.33.82 (United States)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.43.90.21 (Singapore) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 597.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.138.18.111 (Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-138-18-111.ap-southeast-1.compute.amazonaws.com

cm.ambientdsp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.111.113.62 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.228.47.177 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-228-47-177.ap-southeast-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 119.9.108.180 (Hong Kong) 1 redirects

ASN45187 (RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider Hong Kong, HK)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.124.209.251 (Singapore)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 251.209.124.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.169.195.178 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-169-195-178.ap-southeast-1.compute.amazonaws.com

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.143.106.89 (Singapore) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-143-106-89.ap-southeast-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 67.199.150.85 (Singapore)

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.176.159.211 (None, ) 2 redirects

ASN- ()

pool.admedo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.84.60.29 (None, ) 3 redirects

ASN- ()

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.194.49 (None, ) 1 redirects

ASN- ()

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.144.108.188 (None, ) 1 redirects

ASN- ()

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.154.107 (None, ) 1 redirects

ASN- ()

cm-supply-web.gammaplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.193.173 (None, ) 1 redirects

ASN- ()

ipac.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.162.23.100 (None, ) 1 redirects

ASN- ()

gocm.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.190.60.146 (None, ) 2 redirects

ASN- ()

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.254.65 (None, ) 2 redirects

ASN- ()

pippio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.3 (None, ) 1 redirects

ASN- ()

tags.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.116.239.135 (None, ) 1 redirects

ASN- ()

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 89.207.22.105 (None, ) 2 redirects

ASN- ()

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	doubleclick.net 7 redirects ad.doubleclick.net — Cisco Umbrella Rank: 183 stats.g.doubleclick.net — Cisco Umbrella Rank: 96 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 215 cm.g.doubleclick.net — Cisco Umbrella Rank: 259 googleads.g.doubleclick.net — Cisco Umbrella Rank: 53	233 KB
23	googlesyndication.com 9d3dc99658da8f4872b21ae2a02a5eb7.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 160 pagead2.googlesyndication.com — Cisco Umbrella Rank: 115	218 KB
22	pubmatic.com hbopenbid.pubmatic.com — Cisco Umbrella Rank: 565 ads.pubmatic.com — Cisco Umbrella Rank: 572 image6.pubmatic.com — Cisco Umbrella Rank: 869 image2.pubmatic.com — Cisco Umbrella Rank: 1056 simage2.pubmatic.com — Cisco Umbrella Rank: 896 image4.pubmatic.com — Cisco Umbrella Rank: 1271 simage4.pubmatic.com	31 KB
21	google.com 2 redirects translate.google.com — Cisco Umbrella Rank: 1318 analytics.google.com — Cisco Umbrella Rank: 181 www.google.com — Cisco Umbrella Rank: 2 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1561	98 KB
18	mediafire.com 1 redirects www.mediafire.com — Cisco Umbrella Rank: 37102 static.mediafire.com — Cisco Umbrella Rank: 60725	253 KB
12	media.net prebid.media.net — Cisco Umbrella Rank: 1453 contextual.media.net — Cisco Umbrella Rank: 712 cs.media.net — Cisco Umbrella Rank: 1635	17 KB
10	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 399	219 KB
10	ezodn.com go.ezodn.com — Cisco Umbrella Rank: 9266	17 KB
8	openx.net 2 redirects oajs.openx.net — Cisco Umbrella Rank: 1391 google-bidout-d.openx.net — Cisco Umbrella Rank: 1399 us-u.openx.net — Cisco Umbrella Rank: 518 jp-u.openx.net — Cisco Umbrella Rank: 11245	2 KB
7	bidswitch.net 5 redirects x.bidswitch.net — Cisco Umbrella Rank: 369	3 KB
7	sharethrough.com btlr.sharethrough.com — Cisco Umbrella Rank: 1222 match.sharethrough.com — Cisco Umbrella Rank: 610	4 KB
6	gstatic.com www.gstatic.com fonts.gstatic.com	79 KB
5	adsrvr.org 5 redirects match.adsrvr.org — Cisco Umbrella Rank: 379	3 KB
5	googleapis.com translate.googleapis.com — Cisco Umbrella Rank: 1124 fonts.googleapis.com — Cisco Umbrella Rank: 58	80 KB
4	adform.net 3 redirects c1.adform.net	3 KB
4	btloader.com btloader.com — Cisco Umbrella Rank: 1112 api.btloader.com — Cisco Umbrella Rank: 1172	7 KB
3	rlcdn.com 2 redirects idsync.rlcdn.com	897 B
3	yahoo.com 2 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 490 ups.analytics.yahoo.com — Cisco Umbrella Rank: 352	1 KB
3	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 524	1 KB
3	criteo.com 2 redirects gum.criteo.com — Cisco Umbrella Rank: 455 dis.criteo.com — Cisco Umbrella Rank: 633	1 KB
3	creativecdn.com 2 redirects invstatic101.creativecdn.com — Cisco Umbrella Rank: 1492 creativecdn.com — Cisco Umbrella Rank: 596	2 KB
3	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 958 bcp.crwdcntrl.net — Cisco Umbrella Rank: 940 sync.crwdcntrl.net — Cisco Umbrella Rank: 957	13 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	223 KB
2	dotomi.com 2 redirects pubmatic-match.dotomi.com	744 B
2	pippio.com 2 redirects pippio.com	880 B
2	ctnsnet.com 1 redirects ipac.ctnsnet.com	672 B
2	everesttech.net 1 redirects sync-tm.everesttech.net	789 B
2	admedo.com 2 redirects pool.admedo.com	1 KB
2	semasio.net 1 redirects uipglob.semasio.net — Cisco Umbrella Rank: 1294	1 KB
2	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 279	2 KB
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com	1 KB
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 597	2 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 1052	2 KB
2	ladsp.com 2 redirects cr-p3.ladsp.com — Cisco Umbrella Rank: 19566	1 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 226	114 KB
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 828 id5-sync.com — Cisco Umbrella Rank: 432	31 KB
2	ezoic.net g.ezoic.net — Cisco Umbrella Rank: 14848	5 KB
2	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 885	136 KB
2	google.com.au www.google.com.au — Cisco Umbrella Rank: 23432	515 B
2	ad-delivery.net ad-delivery.net — Cisco Umbrella Rank: 1195	1 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 49	21 KB
2	otnolatrnup.com cdn.otnolatrnup.com — Cisco Umbrella Rank: 66015 otnolatrnup.com — Cisco Umbrella Rank: 60193	56 KB
2	amplitude.com cdn.amplitude.com — Cisco Umbrella Rank: 3035 api.amplitude.com — Cisco Umbrella Rank: 1806	22 KB
2	gatekeeperconsent.com the.gatekeeperconsent.com — Cisco Umbrella Rank: 30801 privacy.gatekeeperconsent.com — Cisco Umbrella Rank: 35715	9 KB
1	turn.com 1 redirects ad.turn.com	518 B
1	linksynergy.com 1 redirects tags.rd.linksynergy.com	390 B
1	appier.net 1 redirects gocm.c.appier.net	436 B
1	gammaplatform.com 1 redirects cm-supply-web.gammaplatform.com	639 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com	1 KB
1	simpli.fi um.simpli.fi — Cisco Umbrella Rank: 935	610 B
1	ambientdsp.com 1 redirects cm.ambientdsp.com — Cisco Umbrella Rank: 20877	652 B
1	quantserve.com 1 redirects cms.quantserve.com — Cisco Umbrella Rank: 933	591 B
1	bluekai.com 1 redirects stags.bluekai.com — Cisco Umbrella Rank: 628	1 KB
1	sonobi.com 1 redirects sync.go.sonobi.com — Cisco Umbrella Rank: 1120	744 B
1	rfihub.com 1 redirects p.rfihub.com — Cisco Umbrella Rank: 982	668 B
1	amazon-adsystem.com s.amazon-adsystem.com — Cisco Umbrella Rank: 335	479 B
1	admixer.net 1 redirects inv-nets.admixer.net — Cisco Umbrella Rank: 2959	589 B
1	bttrack.com 1 redirects bttrack.com — Cisco Umbrella Rank: 1035	411 B
1	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 906
1	socdm.com 1 redirects tg.socdm.com — Cisco Umbrella Rank: 1207	848 B
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 1891	3 KB
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 653	14 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 1537	8 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 351	897 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 114	16 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1103	7 KB
1	ezojs.com www.ezojs.com — Cisco Umbrella Rank: 30811	44 KB
1	easysofty.com 1 redirects easysofty.com	339 B
1	easysofto.com 1 redirects easysofto.com	244 B
206	69

	Domain	Requested by
14	fundingchoicesmessages.google.com	securepubads.g.doubleclick.net www.mediafire.com
13	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.mediafire.com tpc.googlesyndication.com
12	securepubads.g.doubleclick.net	www.mediafire.com securepubads.g.doubleclick.net www.googletagservices.com
10	cdn.ampproject.org	securepubads.g.doubleclick.net
10	go.ezodn.com	www.mediafire.com
10	static.mediafire.com	www.mediafire.com
9	simage2.pubmatic.com	ads.pubmatic.com www.mediafire.com
9	contextual.media.net	www.mediafire.com contextual.media.net
9	pagead2.googlesyndication.com	www.mediafire.com www.googletagservices.com securepubads.g.doubleclick.net tpc.googlesyndication.com
8	cm.g.doubleclick.net	7 redirects google-bidout-d.openx.net
8	www.mediafire.com	1 redirects www.mediafire.com static.cloudflareinsights.com
7	x.bidswitch.net	5 redirects contextual.media.net www.mediafire.com
5	image2.pubmatic.com	ads.pubmatic.com www.mediafire.com
5	match.adsrvr.org	5 redirects
5	btlr.sharethrough.com	www.mediafire.com
4	c1.adform.net	3 redirects ads.pubmatic.com
4	www.google.com	2 redirects www.mediafire.com tpc.googlesyndication.com
3	idsync.rlcdn.com	2 redirects www.mediafire.com
3	pixel.tapad.com	2 redirects www.mediafire.com
3	us-u.openx.net	1 redirects google-bidout-d.openx.net
3	fonts.gstatic.com	www.mediafire.com fonts.googleapis.com
3	translate.googleapis.com
3	www.gstatic.com	www.mediafire.com www.gstatic.com
3	api.btloader.com	btloader.com
3	www.googletagmanager.com	www.mediafire.com www.googletagmanager.com
2	pubmatic-match.dotomi.com	2 redirects
2	pippio.com	2 redirects
2	ipac.ctnsnet.com	1 redirects ads.pubmatic.com
2	sync-tm.everesttech.net	1 redirects ads.pubmatic.com
2	simage4.pubmatic.com	ads.pubmatic.com
2	pool.admedo.com	2 redirects
2	ups.analytics.yahoo.com	2 redirects
2	uipglob.semasio.net	1 redirects www.mediafire.com
2	ib.adnxs.com	2 redirects
2	creativecdn.com	2 redirects
2	rtb.mfadsrvr.com	2 redirects
2	b1sync.zemanta.com	2 redirects
2	dis.criteo.com	2 redirects
2	pm.w55c.net	2 redirects
2	cs.media.net	contextual.media.net
2	image6.pubmatic.com	ads.pubmatic.com
2	match.sharethrough.com	www.mediafire.com
2	ads.pubmatic.com	www.mediafire.com
2	googleads.g.doubleclick.net	www.mediafire.com
2	cr-p3.ladsp.com	2 redirects
2	jp-u.openx.net	google-bidout-d.openx.net
2	fonts.googleapis.com	securepubads.g.doubleclick.net
2	www.googletagservices.com	securepubads.g.doubleclick.net
2	oajs.openx.net	1 redirects www.mediafire.com
2	g.ezoic.net	www.ezojs.com go.ezodn.com
2	static.xx.fbcdn.net	www.facebook.com
2	www.google.com.au	www.mediafire.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	analytics.google.com	www.googletagmanager.com
2	ad-delivery.net	www.mediafire.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	ad.turn.com	1 redirects
1	tags.rd.linksynergy.com	1 redirects
1	gocm.c.appier.net	1 redirects
1	cm-supply-web.gammaplatform.com	1 redirects
1	sync.srv.stackadapt.com	1 redirects
1	image4.pubmatic.com	www.mediafire.com
1	pr-bh.ybp.yahoo.com	www.mediafire.com
1	um.simpli.fi	www.mediafire.com
1	sync.crwdcntrl.net	www.mediafire.com
1	cm.ambientdsp.com	1 redirects
1	cms.quantserve.com	1 redirects
1	stags.bluekai.com	1 redirects
1	sync.go.sonobi.com	1 redirects
1	p.rfihub.com	1 redirects
1	gum.criteo.com	contextual.media.net
1	s.amazon-adsystem.com	www.mediafire.com
1	inv-nets.admixer.net	1 redirects
1	bttrack.com	1 redirects
1	ssbsync.smartadserver.com	www.mediafire.com
1	tg.socdm.com	1 redirects
1	google-bidout-d.openx.net	oa.openxcdn.net
1	id5-sync.com	cdn.id5-sync.com
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	9d3dc99658da8f4872b21ae2a02a5eb7.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	hbopenbid.pubmatic.com	www.mediafire.com
1	prebid.media.net	www.mediafire.com
1	otnolatrnup.com	cdn.otnolatrnup.com
1	api.amplitude.com	cdn.amplitude.com
1	ad.doubleclick.net	www.mediafire.com
1	www.facebook.com	www.mediafire.com
1	cdn.otnolatrnup.com	www.mediafire.com
1	cdn.amplitude.com	www.mediafire.com
1	privacy.gatekeeperconsent.com	the.gatekeeperconsent.com
1	static.cloudflareinsights.com	www.mediafire.com
1	translate.google.com	www.mediafire.com
1	www.ezojs.com	www.mediafire.com
1	btloader.com	www.mediafire.com
1	the.gatekeeperconsent.com	www.mediafire.com
1	easysofty.com	1 redirects
1	easysofto.com	1 redirects
206	103

This site contains links to these domains. Also see Links.

Domain
download2332.mediafire.com
blog.mediafire.com
fast.io
mediafire.zendesk.com
translate.google.com
twitter.com
www.facebook.com

Subject Issuer	Validity	Valid
*.mediafire.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-30` - `2023-09-30`	a year	crt.sh
*.gatekeeperconsent.com GTS CA 1P5	`2023-09-02` - `2023-12-01`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-06` - `2024-07-05`	a year	crt.sh
www.ezojs.com GTS CA 1P5	`2023-09-10` - `2023-12-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
cdn.amplitude.com Amazon RSA 2048 M01	`2023-01-12` - `2024-02-11`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-06-19` - `2023-09-17`	3 months	crt.sh
api.btloader.com GTS CA 1D4	`2023-08-11` - `2023-11-09`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
*.amplitude.com COMODO RSA Domain Validation Secure Server CA	`2023-01-23` - `2024-02-14`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
*.google.com.au GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
ezoic.net R3	`2023-07-19` - `2023-10-17`	3 months	crt.sh
ezodn.com E1	`2023-08-30` - `2023-11-28`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
prebid.media.net GTS CA 1D4	`2023-08-31` - `2023-11-29`	3 months	crt.sh
*.sharethrough.com Amazon RSA 2048 M01	`2023-02-03` - `2023-11-21`	10 months	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2023-04-20` - `2024-05-20`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-07-27` - `2023-10-25`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-31`	3 months	crt.sh
cdn.prod.uidapi.com R3	`2023-08-10` - `2023-11-08`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2022-11-07` - `2023-12-06`	a year	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-08-26` - `2023-11-24`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
*.id5-sync.com R3	`2023-09-01` - `2023-11-30`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
*.media.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-10` - `2024-02-18`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
s.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-03` - `2024-02-19`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-19` - `2023-10-18`	3 months	crt.sh
*.simpli.fi DigiCert TLS RSA SHA256 2020 CA1	`2022-11-07` - `2023-12-08`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-08-29` - `2024-02-21`	6 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-08-11` - `2024-09-11`	a year	crt.sh
*.ctnsnet.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-04` - `2023-11-06`	10 months	crt.sh

This page contains 26 frames:

Primary Page: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Frame ID: 6CB36601E8F79C1EC2159AE4EFADC48F
Requests: 106 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?href=http://www.facebook.com/MediaFire&width=193&layout=button_count&action=like&show_faces=false&share=true&height=30&appId=124578887583575
Frame ID: 4CE7FB6FF6E0F5456A9D9945A17B6D73
Requests: 3 HTTP requests in this frame

Frame: https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/8827f912/main.js
Frame ID: 056C89D04AEA50CE625B6E1F3648DB74
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: 7031BE235C06CEC455C0AB51FFAAE8AE
Requests: 1 HTTP requests in this frame

Frame: https://9d3dc99658da8f4872b21ae2a02a5eb7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 4239018FEB6CCB750CE6139311ECBF24
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssV8L6Zr_Le9kFi0BHiwHpzxxPc4_5t_OAj3l1vxMxRbbqxtLDViAgs1kYzm6N5B0_owQRyDWL4Homg9b4TeqfR1rG0nIIhUWlZwhadoUiCsDXrkIoTmjJnAzqswWJx2U8gi9EQSn4lL9EfQUsdzjR4OhYPE-ZBeF-7qaFSCNPFXZdUNkU-mjvqpamjTRoOpz6tL5UMyteTdT4QpoBm8XDajuIz436zj0lsVYtWDgPA3TMEP6o8ueqiabMi5ZGbK850FJbuJS-LoBQ0OkBqS0XFzCmM5qFeqbr8sxDjunJuyMYsIDoioAa4ZuFbDH0CfOPBClww4JQMb9Q&sai=AMfl-YQ0tH6fKrQe3HYlBm9H6p3lk4P9RlzgrswGQRZkBCeA40ntZeHmRziSgZIlt5i7xdtlYPG2k2TEeRoSVD-ki0s14K7NYH4oix9Xn7O6GY37tdP1niQszhFe4kRxrFDkoHnfd9qSzx8Ywwn-Hqru&sig=Cg0ArKJSzMBhNLnz3MsSEAE&uach_m=[UACH]&adurl=
Frame ID: 6CD429EF0CD53151D571C647ACF67EEA
Requests: 8 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012307272333000/amp4ads-v0.mjs
Frame ID: 0F6F70248297E02F3D61E4487928266D
Requests: 14 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012307272333000/amp4ads-v0.mjs
Frame ID: D2D1CB860AC58DDA905CA02232313D5B
Requests: 13 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvVSZS_IL_y2prlh05ZpRyNyDMPBOrHYdIUb5ZKZNawsnbYzYeod-S1jANpqdnDw7kdJOYFbHr0XDm-FmSXZrda8YNXv0DgKkK7x3d_SeQzxQmFKK2JDuR88BnQ40s6qf0XYsx5CIlktfNyUcGLfl6RAt_Mf4iHNcA8uh5sReOjX8OZOTCXiQObSQLNj6uY0xZQytnWPRlgPP7yBH9OW0CsRBDeJLA-sdLFMhmlabo4KTCw5g5x_3MxydzY1vFRcj_u8emgiLsjXgtidkzT5TRcp4P-JxyHHq84MywIXZxFwb6ZFv0CQ5pB5w959GllOVrghZO-FvkNER8&sai=AMfl-YTvWhBAuis1Qm-1l1SmaJnH7mHe7E9gTBvoCuvjyNeNeZkGsmA_bmOnlAn611uCws2IMK7PqYsf7e2mGg3iyTFCbo0yyhDZjEs8KMUPOm9dyvb8iU4ErRDiFtyq-jdFTWPrU0VXXm06GP3-LfJH&sig=Cg0ArKJSzNvm1jnvjNp1EAE&uach_m=[UACH]&adurl=
Frame ID: 64EE484AB9AC76B1A27B85FC01F3AED4
Requests: 8 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 573D4DCE905F88785952994D7AD0A0DB
Requests: 6 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Frame ID: 1C0CB6D6FD0CA8F3F5E97D97EB72D4B1
Requests: 20 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C55%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Frame ID: 1847A35F1683995F3138AD7A7520EBAD
Requests: 12 HTTP requests in this frame

Frame: https://contextual.media.net/cksync.html?cs=8&vsid=3373321785163791000V10&type=rkt&refUrl=&vid=43305791843373321785163791000V10&ovsid=1975180293364342981
Frame ID: 7454951A7554291A28C9527F39AB97B0
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=szv9A7Nq_1Soa_9U5G62U7c8rwKoa64Dsz0FkD6s
Frame ID: BDAC5AC6AC7EF5D3A7FB80F0EF9CE0DE
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5307833334708895609&gdpr=0&gdpr_consent=
Frame ID: 5B0B3FCF1992236E2ADE87F1CB3802C5
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=11iywa5d66mu
Frame ID: 48EA0D6F1A8E5AFAA5BEFA4CC8A777D1
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=B5A7AED4-133B-4C82-A414-628077BD0513&gdpr=0&gdpr_consent=
Frame ID: 1D36A91458FA0133E3ABF65A91F92A5D
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Frame ID: D0F6EF3893843DF09489D875175CCB1F
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZP1u1gAAAtDNxgA4
Frame ID: 1DF5920AF60F274BE0C52FA02962C0B9
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=PWfLQdVLUlhq3ZyA3__EX24UuDU&gdpr=0&gdpr_consent=
Frame ID: B5205238C74FD0B8DEAC6F7BBF7C523D
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1i4ifig6wa8k
Frame ID: 59D30360C10DB61D1C5668D32F1A8307
Requests: 1 HTTP requests in this frame

Frame: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Frame ID: E57FD3179CDF3C4F32F76699A7B9283A
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=fd9e438020fc47b0acc067c8fccf1c78
Frame ID: 2C0020B56C7D78037578DC9BB08B9062
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=8-LD-u7uBcy8GVRV1279ZA
Frame ID: 2B03CBF845C1887C057C006673D540E5
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: BEE0B8F026572C7C4A8B68FE9B365EC2
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C371AE75D21A8CCB84D5441CAD8F4A49
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

S0FT PW 2023

Page URL History Show full URLs

http://easysofto.com/ HTTP 302
https://easysofty.com/nmsoft HTTP 301
https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file Page URL

Detected technologies

Amplitude (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.amplitude\.com

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

206
Requests

84 %
HTTPS

0 %
IPv6

69
Domains

103
Subdomains

69
IPs

9
Countries

1986 kB
Transfer

5683 kB
Size

112
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://download2332.mediafire.com/h79p1oeivoogp0bYkC_kQzndkdScTS0zd3ohVG3NugMBsFuLc5V_SZ2lAD9JJM-3k9XrANT0wWt6qbflmOVUEK9uT2OpVOxMZXcEoe-1DhAaHj6fJUY9acd0tpnkipZUgv73dtf_4koidehtyhM912smFRQm0y5jSR0sfV9Q-KhR/qt2ibnzw5ynua07/S0FT+PW+2023.rar
Title: Download (7.99MB)

Search URL Search Domain Scan URL

URL: http://blog.mediafire.com/
Title: Company Blog

Search URL Search Domain Scan URL

URL: https://fast.io/
Title: Team File Sharing

Search URL Search Domain Scan URL

URL: https://mediafire.zendesk.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://translate.google.com/
Title: Translate

Search URL Search Domain Scan URL

URL: https://twitter.com/#!/mediafire

Search URL Search Domain Scan URL

URL: https://www.facebook.com/mediafire

Search URL Search Domain Scan URL

URL: https://twitter.com/mediafire
Title: Twitter Page

Search URL Search Domain Scan URL

URL: https://blog.mediafire.com/
Title: MediaFire Blog

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://easysofto.com/ HTTP 302
https://easysofty.com/nmsoft HTTP 301
https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 30

https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/8827f912/main.js

Request Chain 85

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fqt2ibnzw5ynua07%2FS0FT_PW_2023.rar%2Ffile&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fqt2ibnzw5ynua07%2FS0FT_PW_2023.rar%2Ffile&rid=esp&cc=1

Request Chain 121

https://match.adsrvr.org/track/cmf/openx?oxid=95132eea-615a-711f-f691-3268ed61404c&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmb/openx?oxid=95132eea-615a-711f-f691-3268ed61404c&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072971&val=988e0bd3-5671-4d98-a871-0938c887be13&ttd_puid=95132eea-615a-711f-f691-3268ed61404c&gdpr=0&gdpr_consent=

Request Chain 122

https://tg.socdm.com/rtb/sync_before?proto=openx HTTP 302
https://jp-u.openx.net/w/1.0/sd?id=537072335&val=ZP1u0cCo8YQAABT0qK4AAAAA

Request Chain 123

https://cr-p3.ladsp.com/cookiesender/3 HTTP 302
https://cr-p3.ladsp.com/cookiesender/3?cr=true HTTP 302
https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AQGoZhle_3_Pks8AD7P3udv-JM8AAAGKffjhRA

Request Chain 125

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEG8_wdjtrHpEUGrQMbXCt1I&google_cver=1

Request Chain 128

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 129

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 146

https://bttrack.com/pixel/cookiesync?source=d0afdff5-c51e-4a8d-b07b-b52a29015170&secure=1 HTTP 302
https://match.sharethrough.com/sync/v1?source_id=FGhqNjC2WnFmmvNpTL32LMME&source_user_id=faf08ca0-3075-4958-8afa-4d68a76fb5e1&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}

Request Chain 147

https://x.bidswitch.net/sync?ssp=sharethrough&user_id=1baa80a6-3234-4e20-b91a-e367cd0d3242&gdpr=0&gdpr_consent=&gdpr_pd=1&usprivacy= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=sharethrough&user_id=1baa80a6-3234-4e20-b91a-e367cd0d3242&gdpr=0&gdpr_consent=&gdpr_pd=1&usprivacy= HTTP 302
https://inv-nets.admixer.net/adxcm.aspx?ssp=D41B0D84-4DB7-4D9C-81CC-3A497DB5D0A6&gdpr=0&consent=&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D354%26user_id%3D%24%24visitor_cookie%24%24%26ssp%3Dsharethrough%26bsw_param%3Df16e19db-fdf1-4a28-9d36-531202f9c1f5%26gdpr%3D0%26consent%3D%26gdpr_pd%3D1%26expires%3D7 HTTP 302
https://x.bidswitch.net/sync?dsp_id=354&user_id=47fdb33b69fe4dd39e783e0a14cccfd8&ssp=sharethrough&bsw_param=f16e19db-fdf1-4a28-9d36-531202f9c1f5&gdpr=0&consent=&gdpr_pd=1&expires=7 HTTP 302
https://match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=f16e19db-fdf1-4a28-9d36-531202f9c1f5&seat_user_id=&seat_key=&gdpr=0&gdpr_consent=&gdpr_pd=1&us_privacy=

Request Chain 159

https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D3373321785163791000V10%26type%3Drkt%26refUrl%3D%26vid%3D43305791843373321785163791000V10%26ovsid%3D%7Buserid%7D HTTP 302
https://contextual.media.net/cksync.html?cs=8&vsid=3373321785163791000V10&type=rkt&refUrl=&vid=43305791843373321785163791000V10&ovsid=1975180293364342981

Request Chain 160

https://sync.go.sonobi.com/us?https://contextual.media.net/cksync.php?cs=8&vsid=3373321785163791000V10&type=son&refUrl=&vid=43305791843373321785163791000V10&ovsid=[UID] HTTP 302
https://contextual.media.net/cksync.php?cs=8&vsid=3373321785163791000V10&type=son&refUrl=&vid=43305791843373321785163791000V10&ovsid=885a4b55-5744-4965-92f7-9197c6badc19

Request Chain 161

https://us-u.openx.net/w/1.0/cm?id=78e2dffc-bb89-4bb2-ae92-f592d006518b&ph=6a16560a-f6c6-4851-b7b5-0b2c0190166a&r=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D3373321785163791000V10%26type%3Dopx%26refUrl%3D%26vid%3D43305791843373321785163791000V10%26ovsid%3D HTTP 302
https://contextual.media.net/cksync.html?cs=8&vsid=3373321785163791000V10&type=opx&refUrl=&vid=43305791843373321785163791000V10&ovsid=5d3f4775-ca5a-4bff-95de-4c065f8ed290

Request Chain 162

https://cm.g.doubleclick.net/pixel?cs=8&google_nid=media&google_cm=1&google_hm=MzM3MzMyMTc4NTE2Mzc5MTAwMFYxMA%3D%3D&google_sc=1 HTTP 302
https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEKX1fgV52v1UxwywUUcSXks&google_cver=1

Request Chain 163

https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3373321785163791000V10%26type%3Ddxu%26refUrl%3D%26vid%3D43305791843373321785163791000V10%26ovsid%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3373321785163791000V10%26type%3Ddxu%26refUrl%3D%26vid%3D43305791843373321785163791000V10%26ovsid%3D_wfivefivec_ HTTP 302
https://contextual.media.net/cksync.php?cs=8&vsid=3373321785163791000V10&type=dxu&refUrl=&vid=43305791843373321785163791000V10&ovsid=PuRuohx81QFeMz5

Request Chain 164

https://dis.criteo.com/dis/usersync.aspx?r=115&p=226&cp=medianet&cu=1&gdpr=0&gdpr_consent=&us_privacy=${USPrivacy}&coppa=${COPPA}&gpp=${GPP}&gpp_sid=&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%2 HTTP 302
https://contextual.media.net/cksync.php?cs=1&type=crt%252&gdpr=0&gdpr_consent=&us_privacy=${USPrivacy}

Request Chain 165

https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=medianet&bsw_param=f16e19db-fdf1-4a28-9d36-531202f9c1f5&google_hm=ZjE2ZTE5ZGItZmRmMS00YTI4LTlkMzYtNTMxMjAyZjljMWY1 HTTP 302
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEO-G1-V4YEVd7seITMOlqg4&google_cver=1&ssp=medianet&bsw_param=f16e19db-fdf1-4a28-9d36-531202f9c1f5

Request Chain 166

https://b1sync.zemanta.com/usersync/medianet/?puid=${VSID}&cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dzem%26ovsid%3D__ZUID__https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3373321785163791000V10%26type%3Dzem%26refUrl%3D%26vid%3D43305791843373321785163791000V10%26ovsid%3D__ZUID__ HTTP 302
https://stags.bluekai.com/site/23178?id=sLMsNT2fcpHL7GIWWsWS&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2MJGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPLTJRGXGTSUGJTGG4CIJQ3UOSKXK5ZVOU3IOR2HA4ZFGNASKMSGEUZEMY3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIJJSIZRWW43ZNZRS44DIOASTGRTDOMSTGRBYEZXXM43JMQ6V6X22KVEUIX27EZZGKZSVOJWD2JTUPFYGKPL2MVWSM5DZOBST26TFNUTHM2LEHU2DGMZQGU3TSMJYGQZTGNZTGMZDCNZYGUYTMMZXHEYTAMBQKYYTAJTWONUWIPJTGM3TGMZSGE3TQNJRGYZTOOJRGAYDAVRRGA HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2MJGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPLTJRGXGTSUGJTGG4CIJQ3UOSKXK5ZVOU3IOR2HA4ZFGNASKMSGEUZEMY3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIJJSIZRWW43ZNZRS44DIOASTGRTDOMSTGRBYEZXXM43JMQ6V6X22KVEUIX27EZZGKZSVOJWD2JTUPFYGKPL2MVWSM5DZOBST26TFNUTHM2LEHU2DGMZQGU3TSMJYGQZTGNZTGMZDCNZYGUYTMMZXHEYTAMBQKYYTAJTWONUWIPJTGM3TGMZSGE3TQNJRGYZTOOJRGAYDAVRRGA HTTP 302
https://contextual.media.net/cksync.php?cs=1&ovsid=sLMsNT2fcpHL7GIWWsWShttps%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=43305791843373321785163791000V10&vsid=3373321785163791000V10

Request Chain 167

https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=3373321785163791000V10 HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=medianet&ssp_user_id=3373321785163791000V10 HTTP 302
https://contextual.media.net/cksync.php?type=mf&ovsid=90bf66eb-9261-4d21-b720-424807e0ee01&cs=1

Request Chain 168

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=988e0bd3-5671-4d98-a871-0938c887be13

Request Chain 169

https://creativecdn.com/cm-notify?pi=medianet HTTP 302
https://creativecdn.com/cm-notify?pi=medianet&tc=1 HTTP 302
https://contextual.media.net/cksync.php?cs=1&vsid=%7BMedia.net_User_id%7D&type=rbh&ovsid=9cA9PIRktQMcyA06e4Eu&pi=medianet&tc=1

Request Chain 170

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=szv9A7Nq_1Soa_9U5G62U7c8rwKoa64Dsz0FkD6s

Request Chain 171

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5307833334708895609&gdpr=0&gdpr_consent=

Request Chain 172

https://cm.ambientdsp.com/cm/send?vc=pmj HTTP 301
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=11iywa5d66mu

Request Chain 173

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=taeu1BM7TIKkFGKAd70FEw%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

Request Chain 174

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=B5A7AED4-133B-4C82-A414-628077BD0513 HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=B5A7AED4-133B-4C82-A414-628077BD0513 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=5562652a-610a-40a2-86c3-b149122b0862%252C%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=988e0bd3-5671-4d98-a871-0938c887be13&ttd_puid=5562652a-610a-40a2-86c3-b149122b0862%2C%2C

Request Chain 176

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=B5A7AED4-133B-4C82-A414-628077BD0513&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=B5A7AED4-133B-4C82-A414-628077BD0513&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 177

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjVBN0FFRDQtMTMzQi00QzgyLUE0MTQtNjI4MDc3QkQwNTEz&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 178

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMUyvX--9RHd2xALbkdvKdI&google_cver=1

Request Chain 181

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=988e0bd3-5671-4d98-a871-0938c887be13&gdpr=0&gdpr_consent=

Request Chain 182

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=B5A7AED4-133B-4C82-A414-628077BD0513&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=B5A7AED4-133B-4C82-A414-628077BD0513&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-meNYAfJE2uWYLIIDeIR0Oam4GxZDxpc-~A&gdpr=0

Request Chain 183

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=f16e19db-fdf1-4a28-9d36-531202f9c1f5 HTTP 302
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=f16e19db-fdf1-4a28-9d36-531202f9c1f5 HTTP 302
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=27d027c4-1ee8-403c-bd0e-18d486146c75&user_group=1&ssp=pubmatic&bsw_param=f16e19db-fdf1-4a28-9d36-531202f9c1f5

Request Chain 187

https://c1.adform.net/serving/cookie/match?party=14&cid=B5A7AED4-133B-4C82-A414-628077BD0513&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=B5A7AED4-133B-4C82-A414-628077BD0513&gdpr=0&gdpr_consent=

Request Chain 188

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@ HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

Request Chain 189

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZP1u1gAAAtDNxgA4

Request Chain 190

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=PWfLQdVLUlhq3ZyA3__EX24UuDU&gdpr=0&gdpr_consent=

Request Chain 191

https://cm-supply-web.gammaplatform.com/adx/usersyncsupply?pid=7&t=pixel HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1i4ifig6wa8k

Request Chain 193

https://ipac.ctnsnet.com/int/cm?exc=14&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA%3D%26piggybackCookie%3D%5Buser_id%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=fd9e438020fc47b0acc067c8fccf1c78

Request Chain 194

https://gocm.c.appier.net/pubmatic HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=8-LD-u7uBcy8GVRV1279ZA

Request Chain 195

https://idsync.rlcdn.com/420486.gif?partner_uid=B5A7AED4-133B-4C82-A414-628077BD0513 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJEI1QTdBRUQ0LTEzM0ItNEM4Mi1BNDE0LTYyODA3N0JEMDUxMxAAGg0I1t31pwYSBQjoBxAAQgBKAA HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=00dea0db7e4b34451d31183dad0a0045ae3dcee5d5ffb11f9314d26b7425bda1791426b5417dce21&_=2 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlAwMGRlYTBkYjdlNGIzNDQ1MWQzMTE4M2RhZDBhMDA0NWFlM2RjZWU1ZDVmZmIxMWY5MzE0ZDI2Yjc0MjViZGExNzkxNDI2YjU0MTdkY2UyMRAAGgwI1931pwYSBAgCEABCAEoA HTTP 302
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlAwMGRlYTBkYjdlNGIzNDQ1MWQzMTE4M2RhZDBhMDA0NWFlM2RjZWU1ZDVmZmIxMWY5MzE0ZDI2Yjc0MjViZGExNzkxNDI2YjU0MTdkY2UyMRAAGgwI1931pwYSBAgCEABCAEoA&google_gid=CAESEKEQ95zgVAEJcGutCieX16s&google_cver=1 HTTP 307
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3= HTTP 303
https://idsync.rlcdn.com/458249.gif?partner_uid=bca04692-0bfa-421f-8c85-deb3917155cb

Request Chain 196

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=7292050200996499729

Request Chain 197

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3029490060608907307&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 198

https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=B5A7AED4-133B-4C82-A414-628077BD0513&gdpr=0&gdpr_consent= HTTP 302
https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=216672e6d20924df&is_secure=true&networkId=17100&version=1&nuid=B5A7AED4-133B-4C82-A414-628077BD0513&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAANK40IqBvokgMmnW7hAAAAAAA&expiration=1694416984&nuid=B5A7AED4-133B-4C82-A414-628077BD0513&is_secure=true&gdpr_consent=&gdpr=0

206 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request file Show response
www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/
Redirect Chain

http://easysofto.com/
https://easysofty.com/nmsoft
https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

307 KB
81 KB

448ms
344ms

Document
text/html

104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a61cfe0cd5cf93f5389e16599493ccd7c97b673b03c83af5738ee1f4905d3f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 8045ec15d9c2a817-SYD
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 10 Sep 2023 07:22:51 GMT
expires: 0
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=0
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-robots-tag: noindex, nofollow

Redirect headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Sun, 10 Sep 2023 07:22:50 GMT
Keep-Alive: timeout=5, max=100
Location: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Server: Apache
Transfer-Encoding: chunked
X-Powered-By: PHP/8.2.9
X-Robots-Tag: noindex

GET
H2 200 cmp.min.js Show response
the.gatekeeperconsent.com/ 21 KB
9 KB 1092ms
270ms Script
application/javascript 172.67.144.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the.gatekeeperconsent.com/cmp.min.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.144.62 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b47bcc2d520acbc881bfb776d1f155bd38ef80c4b8db0fe2be452e7de536abde

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 10 Sep 2023 07:17:15 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 263
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EWHpfbYAeLUJMXZHHySAoRoNPY4l6ITYQ0nQ3o1j6vPXQwdJ2TlmbP9hFHS4mdfMrNsH8lk5fYHq2hlFgTaMJvyb7D8YrfymqvF5BRi1c8gCzKCVRkL29JZoyz6FvOPHU1lUHh7ia6H9PCSl"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=14400
x-robots-tag: noindex
cf-ray: 8045ec1dac631fbb-HKG
alt-svc: h3=":443"; ma=86400

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 171 KB
63 KB 639ms
157ms Script
application/javascript 142.250.76.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-829541-1

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.104 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

cd3a41d5961eeb487f3966231b50576166d0c6a2c7275fa16a0011c8ed9e8518

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64246
x-xss-protection: 0
last-modified: Sun, 10 Sep 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 10 Sep 2023 07:22:52 GMT

GET
H2 200 tag Show response
btloader.com/ 15 KB
7 KB 443ms
46ms Script
application/javascript 104.26.7.139
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.139 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ed3af3fb4399f2afeb4d8d3974b3ddab6fbd631e276e3f0cbc22dee5ad0d224

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:52 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 10 Sep 2023 07:09:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 627
etag: W/"1a99d2a01cf1942840eb82c1172dcc0e"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4O%2F0vn%2B3elbH362Qs6ZozjMA9pU7aKzQV0L9IdiJd2lgFA2vwuBofcamvocI441u8ihOFyUbB9M95zhrTdogYw9BbbJuDzl7g2yrwgHRGV6dI8p7H3MbpjlJUhjg0A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
cf-ray: 8045ec1efc30a886-SYD

GET
H2 200 sa.min.js Show response
www.ezojs.com/ezoic/ 125 KB
44 KB 1088ms
274ms Script
application/javascript 172.67.203.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/ezoic/sa.min.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.203.7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e8df1abc8ffaa2b043ca18940ffa094d16ae5d095ad9a8520949682c02923e1

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:53 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 09 Sep 2023 18:39:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 42600
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2mP8FuZaMvd79d56jBMGkKkJe1dMEgDpiqluUXbDVMib%2FXHNF5zihdUwmHFT3xTsnPoKyjNSbyw5q79OslaAzOzOwDsN9K3MBjrR%2FaMHhSa3uWvsw8w1zPZZFMN5eMmo"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=86400
x-robots-tag: noindex
cf-ray: 8045ec246c000fc0-HKG
alt-svc: h3=":443"; ma=86400

GET
H2 200 element.js Show response
translate.google.com/translate_a/ 85 KB
30 KB 685ms
183ms Script
text/javascript 172.217.24.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.google.com/translate_a/element.js?cb=googFooterTranslate

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f14.1e100.net

Software

ESF /

Resource Hash

70a8392ab7a09662ea41f7d0bd4280008062775e6035e382737b45029ad942b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 v8b253dfea2ab4077af8c6f58422dfbfd1689876627854 Show response
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 495ms
91ms Script
text/javascript 104.16.56.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.56.101 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c235f21017bcc11fcaa31d7dfd9855aaebcbf5f6d7ee9bf9f2e98a910907c391

Request headers

Referer: https://www.mediafire.com/
Origin: https://www.mediafire.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:53 GMT
content-encoding: gzip
last-modified: Thu, 20 Jul 2023 18:10:27 GMT
server: cloudflare
etag: W/"2023.7.1"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 8045ec21a980a81d-SYD

GET
H2 200 consent_modules.json Show response
privacy.gatekeeperconsent.com/ 2 B
471 B 1057ms
251ms XHR
application/json 172.67.144.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://privacy.gatekeeperconsent.com/consent_modules.json
Requested by: Host: the.gatekeeperconsent.com
URL: https://the.gatekeeperconsent.com/cmp.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.144.62 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:53 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8f8gMo%2Fl6P5XtSYnKxoWzXWYKGkU8CBj3AtsLpBMnZEN5RtxFr%2Fl9QO2IvB7yRh3iDReAVWFrpc%2FXgBqjWVlZDM%2BNHB24xErMjQxDE4FHqQt%2Fa5ZrtUxwm8OHDcSnTOqBOl4cs1JuwXLoc0oD9y5zg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=15780000, public
cf-ray: 8045ec24698d10a8-HKG
alt-svc: h3=":443"; ma=86400
content-length: 2

GET
H2 200 amplitude-8.5.0-min.gz.js Show response
cdn.amplitude.com/libs/ 68 KB
22 KB 166ms
71ms Script
application/javascript 13.35.148.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.148.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-148-56.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4

Request headers

Referer: https://www.mediafire.com/
Origin: https://www.mediafire.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 23:46:46 GMT
content-encoding: gzip
via: 1.1 fd2442d18add87f1fea3351cec311828.cloudfront.net (CloudFront)
x-amz-version-id: NY8_7uBz3xoXYJBVsMSBAGHOz8ixMBS3
x-amz-cf-pop: SYD1-C1
age: 1668967
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 22154
last-modified: Fri, 13 Aug 2021 22:37:42 GMT
server: AmazonS3
etag: "660c3b546f2a131de50b69b91f26c636"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: yahrI4NIheWhPdgdXfjAXY21SgrCiajbAtavME5hKpj5rIqVNnaUsg==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 246 KB
79 KB 141ms
140ms Script
application/javascript 142.250.76.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.104 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

7408f0f5efd6bc438c05d16fcf194b8a5bbeb885a87bea090a254307f6a90e8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80674
x-xss-protection: 0
last-modified: Sun, 10 Sep 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 10 Sep 2023 07:22:52 GMT

GET
H2 200 mf_logo_full_color.svg
static.mediafire.com/images/backgrounds/header/ 3 KB
2 KB 83ms
78ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/header/mf_logo_full_color.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8539c91ae0a82f8cab27d481ea38ac4e66d1e5b36701fe295bcba4399b9255bd

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:52 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 28 Oct 2016 22:22:42 GMT
server: cloudflare
age: 6268
etag: W/"5813cfb2-d1d"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 8045ec1f3904a817-SYD

GET
H2 200 file-zip-v3.png
static.mediafire.com/images/filetype/ 2 KB
2 KB 82ms
78ms Image
image/png 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/filetype/file-zip-v3.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4448e430d3c53bad548a5d135e1c7e2f9593e806ba47892640d430ea752e979e

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:52 GMT
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 7999
etag: "62deda56-750"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 8045ec1f3903a817-SYD
content-length: 1872
expires: Tue, 10 Oct 2023 04:03:48 GMT

GET
H2 200 icons_sprite.svg
www.mediafire.com/images/icons/svg_light/ 36 KB
8 KB 66ms
65ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mediafire.com/images/icons/svg_light/icons_sprite.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ba1bc2084def769e77a7dbf97cd91d68fe6c6d55b5d183a7d36630da8da2b02

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:52 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 4695
etag: W/"62deda56-90ab"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 8045ec1f18e3a817-SYD

GET
H2 200 apps_list_sprite-v6.png
static.mediafire.com/images/backgrounds/download/ 8 KB
8 KB 77ms
73ms Image
image/png 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/apps_list_sprite-v6.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc54b817820f14ce6395ba2a037f37d4bb0af75d5b017336140793fbe2f7f738

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:52 GMT
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 13902
etag: "62deda56-1fd1"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 8045ec1f3907a817-SYD
content-length: 8145
expires: Tue, 10 Oct 2023 00:06:26 GMT

GET
H2 200 arrow_dropdown.svg
www.mediafire.com/images/icons/svg_dark/ 315 B
338 B 92ms
91ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mediafire.com/images/icons/svg_dark/arrow_dropdown.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82b94716473aa225e715e117802145c5d2d725aa1ba9d476d61a5d3da16a8c26

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:52 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 7559
etag: W/"62deda56-13b"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 8045ec1f3902a817-SYD

GET
H2 200 check_circle_green.svg
static.mediafire.com/images/icons/svg_dark/ 444 B
374 B 83ms
79ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/icons/svg_dark/check_circle_green.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03c8d2dc7d985c3004ff2cd6d8148dd03560f37ed15efdf6c2d7f4d771d0e599

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:52 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 4901
etag: W/"62deda56-1bc"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 8045ec1f3906a817-SYD

GET
H2 200 fb_16x16.png
static.mediafire.com/images/backgrounds/download/social/ 181 B
278 B 81ms
77ms Image
image/png 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/social/fb_16x16.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 720671166ac43aba99e3952b0b9341ab4e0fee1fd891db54e2a07f05db653142

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:52 GMT
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 4695
etag: "62deda56-b5"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 8045ec1f3905a817-SYD
content-length: 181
expires: Tue, 10 Oct 2023 04:22:19 GMT

GET
H2 200 infinity.js.aspx Show response
cdn.otnolatrnup.com/Scripts/ 176 KB
53 KB 442ms
51ms Script
application/x-javascript 104.19.214.37
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.214.37 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 901f94aa7196041f7932db39a61624b5235761274dc864fa9166cc6ea14434b5

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:53 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Sun, 10 Sep 2023 07:20:21 GMT
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
server: cloudflare
age: 144
vary: Accept-Encoding
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
content-type: application/x-javascript; charset=utf-8
cache-control: public, no-transform, max-age=900
cf-ray: 8045ec21ae73a979-SYD
alt-svc: h3=":443"; ma=86400

GET
H2 200 footerIcons.png
static.mediafire.com/images/backgrounds/footer/social/ 583 B
685 B 73ms
73ms Image
image/png 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/footer/social/footerIcons.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f917a9105c311331b1d40f4d2bdbf11233c1c465616c1a9c46232f451463b061

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:52 GMT
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 7262
etag: "62deda56-247"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 8045ec1f491ca817-SYD
content-length: 583
expires: Tue, 10 Oct 2023 04:03:44 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 542ms
57ms Script
text/javascript 142.250.66.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-829541-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.206 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s23-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 10 Sep 2023 07:07:25 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 928
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sun, 10 Sep 2023 09:07:25 GMT

GET
H2 200 like.php Show response
www.facebook.com/plugins/ Frame 4CE7 44 KB
16 KB 753ms
347ms Document
text/html 157.240.8.35
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?href=http://www.facebook.com/MediaFire&width=193&layout=button_count&action=like&show_faces=false&share=true&height=30&appId=124578887583575

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.8.35 Sydney, Australia, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-syd2.facebook.com

Software

Resource Hash

b989773eb85b515fb6dbdfb16b2530b2347f5cd52c580716c94a23d0a0d6b615

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Sun, 10 Sep 2023 07:22:53 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: wHOwkLQb4HJzEbgYzQG/qylIgEvw9LEPDiQYDNqXStSAm2YrnKdie+1J4MxlLTnAGSwfULWVRUTKE3P/gNxBDw==
x-xss-protection: 0

GET
H2 204 state Show response
api.btloader.com/mw/ 0
101 B 351ms
253ms Fetch 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/mw/state?bt_env=prod
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 10 Sep 2023 07:22:52 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

GET
H2 200 px.gif
ad-delivery.net/ 43 B
326 B 484ms
80ms Image
image/gif 104.26.3.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=2
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 96719
x-guploader-uploadid: ADPycdvzPCKJrfKdwcNHjCjC1JcY0tCh8GrfBygTd4o6aar_rdgiyBh7HT6gZu8l2lhCYrxdfU6B5-gWqpmRU8_fOvby
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rK341%2BlJy9yO%2FUBhki6V8AzlSzThNGHGRTR%2FPWVUu%2B7wKeSg5004U1Onrtzxlg55Ufnp7oZyU89XrLyL0xlgoVpArdkAdC5k0pjjfM1Ac6SumOPcyMH5WVG3Ats3BvphEA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 8045ec220fc3a888-SYD
expires: Sat, 09 Sep 2023 05:03:08 GMT

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
571 B 237ms
56ms Image
image/x-icon 142.250.204.6
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 01:34:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20931
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 11 Sep 2023 01:34:01 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
912 B 482ms
78ms Image
image/gif 104.26.3.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.6697453187340936
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 96719
x-guploader-uploadid: ADPycdvzPCKJrfKdwcNHjCjC1JcY0tCh8GrfBygTd4o6aar_rdgiyBh7HT6gZu8l2lhCYrxdfU6B5-gWqpmRU8_fOvby
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZaBNWOv20kgBZ112sqRvlPqkLr0OI6YuObgp2DpJTYnWqUNN%2Fvw8W9EemZ8IRwCFw8RLucsCop8F1NphSt0Q2cRETYNcEOp0KRImg%2BEcMFYM599Oj0o98w%2BFuQWOTDCVsw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 8045ec220fc4a888-SYD
expires: Sat, 09 Sep 2023 05:03:08 GMT

GET
H2 200 world.svg
static.mediafire.com/images/backgrounds/download/additional_content/ 143 KB
52 KB 86ms
86ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/additional_content/world.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4342feac38021c4fe3069eba0edf1c2e1b4345e2b548b0afb7ab21b7369b3bc8

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:52 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 6268
etag: W/"62deda56-23ce2"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 8045ec1fa95ea817-SYD

GET
H2 200 continent-eu.svg
static.mediafire.com/images/backgrounds/download/additional_content/ 23 KB
9 KB 66ms
65ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/additional_content/continent-eu.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cbb99c4149249b280f1d3d924d9bdd29a4a14cba1e71775fb3bdbdf13ebd5a48

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:52 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 1700
etag: W/"62deda56-5ca3"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 8045ec2029b0a817-SYD

GET
H2 200 nld.svg
static.mediafire.com/images/flags_svg/ 219 B
226 B 76ms
76ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/flags_svg/nld.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 494874a05c407cfb2315f6aa8fc056e62fb7d5b6d8cde0761bbbb4ad477c9fbb

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:52 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 13396
etag: W/"62deda56-db"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 8045ec206a1ca817-SYD

GET
H2 200 flag.svg
static.mediafire.com/images/backgrounds/download/additional_content/ 234 B
277 B 79ms
79ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/additional_content/flag.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f52a0c7d9fa7ae8e45916c491ae7193f9a1e289f128f05264122c53d8da970db

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:52 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 1737
etag: W/"62deda56-ea"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 8045ec20aa47a817-SYD

POST
H2 200 / Show response
api.amplitude.com/ 7 B
206 B 921ms
446ms XHR
text/html 52.39.211.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.amplitude.com/

Requested by

Host: cdn.amplitude.com
URL: https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.39.211.76 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-39-211-76.us-west-2.compute.amazonaws.com

Software

Resource Hash

aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sun, 10 Sep 2023 07:22:53 GMT
strict-transport-security: max-age=15768000
trace-id: Root=1-64fd6ecd-5d96bc3b10600292377f6c01
content-length: 7
access-control-allow-methods: GET, POST
content-type: text/html;charset=utf-8

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 231 KB
80 KB 141ms
141ms Script
application/javascript 142.250.76.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.104 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

7e40d1ef98726627461f1285aa4873557920a1f207a0cbd5fca6e64cb52ac2d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82302
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 10 Sep 2023 07:22:52 GMT

GET
H2

200

main.js Show response
www.mediafire.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/8827f912/ Frame 056C
Redirect Chain

https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/8827f912/main.js

7 KB
4 KB

63ms
63ms

Script
application/javascript

104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/8827f912/main.js

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Server

104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b4b5d832027f35386eacb48a2186cf6ce3c8fb12682cf46e1a312416fabfa8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 8045ec22cc0ca817-SYD

Redirect headers

date: Sun, 10 Sep 2023 07:22:53 GMT
content-encoding: gzip
server: cloudflare
vary: accept-encoding
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/8827f912/main.js
cache-control: max-age=300, public
cf-ray: 8045ec227bc4a817-SYD

GET
H2 200 Tag.engine Show response
otnolatrnup.com/ 2 KB
2 KB 419ms
363ms Script
application/json 104.19.214.37
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://otnolatrnup.com/Tag.engine?time=-480&id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=71337&ver=async&referrerUrl=&fingerPrint=123&abr=false&stdTime=480&fpe=1&bw=1600&bh=1200&res=1600x1200&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fqt2ibnzw5ynua07%2FS0FT_PW_2023.rar%2Ffile&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone
Requested by: Host: cdn.otnolatrnup.com
URL: https://cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.214.37 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49bdd7409d86870284150a6e5d4862c3d2c2bb4e161cda198ec1985b6bdee088

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:53 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
server: cloudflare
vary: Accept-Encoding
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
content-type: application/json; charset=utf-8
cache-control: private, no-transform
cf-ray: 8045ec22df88a979-SYD
alt-svc: h3=":443"; ma=86400

GET
H2 200 country Show response
api.btloader.com/ 16 B
141 B 225ms
224ms Fetch
application/json 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/country
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: fa1f876cb70f7a711191b9dab191d9cc1c037ae4f5f5ea032dfe742f51c07f65

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:53 GMT
via: 1.1 google
vary: Origin
content-type: application/json
access-control-allow-origin: *
cache-control: private, max-age=300, stale-while-revalidate=600, stale-if-error=600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16

GET
H2 204 pv Show response
api.btloader.com/ 0
66 B 225ms
224ms XHR
text/plain 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/pv?tid=54peaxE5&w=5115845767331840&o=5678961798414336&cv=2.1.17-2-g0b33bd3&r=false&vr=1600x1200&pageURL=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fqt2ibnzw5ynua07%2FS0FT_PW_2023.rar%2Ffile&sid=RMJfbWkU&upapi=true
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 10 Sep 2023 07:22:53 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

POST
H2 204 collect
analytics.google.com/g/ 0
255 B 649ms
154ms Ping
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je3960&_p=53280006&_gaz=1&cid=2089763394.1694330573&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1694330573&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fqt2ibnzw5ynua07%2FS0FT_PW_2023.rar%2Ffile&dt=S0FT%20PW%202023&en=page_view&_fv=1&_nsi=1&_ss=1&up.page_url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fqt2ibnzw5ynua07%2FS0FT_PW_2023.rar%2Ffile
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 826ms
249ms Ping
text/plain 74.125.24.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K68XP6D85D&cid=2089763394.1694330573&gtm=45je3960&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 74.125.24.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sf-in-f155.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com.au/ads/ 42 B
408 B 690ms
196ms Image
image/gif 142.250.76.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.au/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=2089763394.1694330573&gtm=45je3960&aip=1&z=2033031181

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.99 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
208 B 137ms
137ms XHR
text/plain 142.250.66.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=53280006&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fqt2ibnzw5ynua07%2FS0FT_PW_2023.rar%2Ffile&ul=en-us&de=UTF-8&dt=S0FT%20PW%202023&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1857039503&gjid=1696748155&cid=2089763394.1694330573&tid=UA-829541-1&_gid=1037107625.1694330573&_r=1&gtm=457e3960&cd1=unregistered&cd7=legacy&cd3=archive&cd4=51&cd5=rar&cd8=%2F100%2F&jsscut=1&z=719928755

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.206 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s23-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 8045ec15d9c2a817 Show response
www.mediafire.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 056C 0
252 B 79ms
78ms XHR
text/plain 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/jsd/r/8045ec15d9c2a817
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 10 Sep 2023 07:22:53 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 8045ec240d00a817-SYD
content-type: text/plain; charset=UTF-8

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 8 B
354 B 623ms
248ms XHR
text/plain 74.125.24.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-829541-1&cid=2089763394.1694330573&jid=1857039503&gjid=1696748155&_gid=1037107625.1694330573&_u=YADAAUAAAAAAACAAI~&z=1788821185

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f155.1e100.net

Software

Golfe2 /

Resource Hash

7817ee889e9c73351b96c97c740c9dd746ba87ebd6c6fcab3cd77cd021920ce7

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 10 Sep 2023 07:22:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 m=el_main_css
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/d=0/rs=AN8SPfp0QXhhaDDdjg_LgcSqoZiPEzC1tw/ 22 KB
5 KB 561ms
73ms Stylesheet
text/css 172.217.167.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/d=0/rs=AN8SPfp0QXhhaDDdjg_LgcSqoZiPEzC1tw/m=el_main_css

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_GB.i9ZNRm2Z950.O/d=1/rs=AN8SPfr0gAhi21i2OcJAFWwTWTk8rY_YDQ/m=el_conf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s06-in-f3.1e100.net

Software

sffe /

Resource Hash

71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:24:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61121
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4144
x-xss-protection: 0
last-modified: Sat, 15 Jul 2023 01:09:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="rosetta"
vary: Accept-Encoding
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 08 Sep 2024 14:24:12 GMT

GET
H2 200 m=el_main Show response
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_GB.i9ZNRm2Z950.O/d=1/exm=el_conf/ed=1/rs=AN8SPfr0gAhi21i2OcJAFWwTWTk8rY_YDQ/ 216 KB
76 KB 532ms
44ms Script
text/javascript 142.251.221.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_GB.i9ZNRm2Z950.O/d=1/exm=el_conf/ed=1/rs=AN8SPfr0gAhi21i2OcJAFWwTWTk8rY_YDQ/m=el_main

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_GB.i9ZNRm2Z950.O/d=1/rs=AN8SPfr0gAhi21i2OcJAFWwTWTk8rY_YDQ/m=el_conf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f10.1e100.net

Software

sffe /

Resource Hash

f057f2ea50996360cb788c5fc87da25674f5a3b48dc1d549440ae68817597415

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 19:58:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 213875
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77700
x-xss-protection: 0
last-modified: Wed, 06 Sep 2023 15:12:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="rosetta"
vary: Accept-Encoding
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 06 Sep 2024 19:58:18 GMT

GET
H2 200 12D0EXN41br.js Show response
static.xx.fbcdn.net/rsrc.php/v3i7244/y9/l/en_GB/ Frame 4CE7 520 KB
135 KB 471ms
61ms XHR
application/x-javascript 157.240.8.23
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3i7244/y9/l/en_GB/12D0EXN41br.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?href=http://www.facebook.com/MediaFire&width=193&layout=button_count&action=like&show_faces=false&share=true&height=30&appId=124578887583575

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.8.23 Sydney, Australia, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-syd2.fbcdn.net

Software

Resource Hash

fc9fc5ba79561082720a5632596a1e5cc2ef2251c80c6f2b0608070c9b3d4a21

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 4sL04KfyqT7C/DXGqdQimQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137242
x-fb-debug: EURc5K33ymQPdM5RgoFTt9vMYefySKrywhxoRFd2qC9mwFGqprocDn1mCA1xZvHTBtAQPiPO2UBB6zTMeDGEIA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sun, 01 Sep 2024 10:50:41 GMT

GET
H2 200 FEppCFCt76d.png
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ Frame 4CE7 299 B
871 B 458ms
50ms Image
image/png 157.240.8.23
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/FEppCFCt76d.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.8.23 Sydney, Australia, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-syd2.fbcdn.net

Software

Resource Hash

d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:53 GMT
x-content-type-options: nosniff
content-md5: OIlAxCmR79nrM/Ez4ygGlg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 299
x-fb-debug: oktvwPVAUpGk7CuIz2fv1SdYtotnJ4kbAA7jCuD1GGzz2y/zcwP0mOA+ukXxwQ1wmvjdIUW/Hd9QA45B7pY3Dg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Thu, 29 Aug 2024 16:20:11 GMT

POST
H2 200 saa.go Show response
g.ezoic.net/ 14 KB
5 KB 445ms
44ms XHR
text/javascript 3.24.63.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/saa.go
Requested by: Host: www.ezojs.com
URL: https://www.ezojs.com/ezoic/sa.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.24.63.190 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-24-63-190.ap-southeast-2.compute.amazonaws.com
Software: Apache/2.4.39 (Ubuntu) /
Resource Hash: bb4a3ac0e25e30954307dacab388535f8645e7174f90eadc30e9266f3cbdc045

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 10 Sep 2023 07:22:54 GMT
content-encoding: br
server: Apache/2.4.39 (Ubuntu)
access-control-max-age: 1728000
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: text/javascript
access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
access-control-allow-credentials: true
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-robots-tag: noindex
access-control-allow-headers: Content-Type
expires: Sat, 09 Sep 2023 07:22:54 GMT

GET
H2 200 boise.js Show response
go.ezodn.com/detroitchicago/ 673 B
897 B 1097ms
254ms Script
application/javascript 172.64.137.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/detroitchicago/boise.js?gcb=195-2&cb=2
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.137.23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6fa04d8b4b07ebd5ebb250e33b532615e80dd02d46afb5cc0654c3c128b1c427

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:55 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 18 Oct 2022 20:22:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 28206034
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9bY51EsrqUCb%2FxeZLWDvWL8JINCz1m78eaIYQUzpNwecqodlSjZ3RDZlenNcDByxPNPL1NyL%2BbBVRVO9%2F4s7zKANzGiEGpASO4RBdHLsq3iXcH3nBpb%2BxZlEOt3LT8c%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 8045ec2eafb3b430-HKG
alt-svc: h3=":443"; ma=86400

GET
H2 200 abilene.js Show response
go.ezodn.com/parsonsmaize/ 6 KB
3 KB 1099ms
257ms Script
application/javascript 172.64.137.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/parsonsmaize/abilene.js?gcb=195-2&cb=28
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.137.23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 76e711a9fa75d834548476e15f0e5086dc362eae1b8bf6e7becc70d234efed85

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:55 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 31 Aug 2023 01:29:05 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 885228
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MRWDvd9R3iF%2BXCLLAzU4Yz6ZMRdAXRbK92vA7dQCZ%2BCCBBcN5y2eIS9Dml%2Bvy1EVh7mvTZBu2JR9BkkMpJdw41bqOLleZj5xh8Tt3HkhjuVJCLCCFXhSGHch6ZRD4jQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 8045ec2eafb6b430-HKG
alt-svc: h3=":443"; ma=86400

GET
H2 200 et.js Show response
go.ezodn.com/porpoiseant/ 1 KB
868 B 1100ms
259ms Script
application/javascript 172.64.137.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/porpoiseant/et.js?gcb=195-2&cb=2
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.137.23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c34f09169d2a10e8f5863960e81575ab70f88b52f4bd3386ce5e41e73a94487

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:55 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 29 Aug 2023 18:02:07 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 998427
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aTsSwkBakZZlKBqLVZXlr3HM7jfo8YecH6VBsQTL9jnnOIYwD57V0jklKczLzqQJXcwpZCcWiG5ZssD6nxcDZlThK9L369M4qHItqPN6%2BIxpq6oTOdWf%2Bf%2FKqJIaJlY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 8045ec2eafb8b430-HKG
alt-svc: h3=":443"; ma=86400

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 666ms
179ms Image
image/gif 142.250.66.228
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-829541-1&cid=2089763394.1694330573&jid=1857039503&_u=YADAAUAAAAAAACAAI~&z=155233806

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.228 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s15-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com.au/ads/ 42 B
107 B 177ms
176ms Image
image/gif 142.250.76.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.au/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-829541-1&cid=2089763394.1694330573&jid=1857039503&_u=YADAAUAAAAAAACAAI~&z=155233806

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.99 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 prebid8.10.0.js Show response
www.mediafire.com/js/ 258 KB
85 KB 70ms
69ms Script
application/x-javascript 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mediafire.com/js/prebid8.10.0.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 864909edb64a3e6dd9d7fde79f064c6a23727f1a0cf6a10eee863a97bd3689c6

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:54 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 28 Aug 2023 14:59:05 GMT
cf-bgj: minify
server: cloudflare
age: 1414
etag: W/"64ecb639-40a99"
cf-polished: origSize=264857
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 8045ec29497ca817-SYD
expires: Tue, 10 Oct 2023 06:34:26 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 99 KB
29 KB 882ms
386ms Script
text/javascript 172.217.167.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s06-in-f2.1e100.net

Software

cafe /

Resource Hash

6a8bca6454315ff89ead4eb9ca362ddeb4fefda6cd2e8ceb3ed36a3b717110a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:55 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29284
x-xss-protection: 0
server: cafe
etag: 227 / 19610 / 31077683 / config-hash: 18345592501010170579
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 10 Sep 2023 07:22:55 GMT

GET
DATA 200
OK truncated Show response
/ Frame 7031 1 KB
1 KB Document
text/html

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 31f4e4abd5d8e145d6bd5505ae3ee469f66e6aba53fcc6cf04741d0a802ebc3d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Content-Type: text/html;charset=UTF-8

GET
H2 200 24px.svg
fonts.gstatic.com/s/i/productlogos/translate/v14/ 6 KB
4 KB 533ms
53ms Image
image/svg+xml 142.250.204.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f3.1e100.net

Software

sffe /

Resource Hash

ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Fri, 08 Sep 2023 21:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 123344
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3340
x-xss-protection: 0
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 07 Sep 2024 21:07:10 GMT

GET
H2 200 googlelogo_color_42x16dp.png
www.gstatic.com/images/branding/googlelogo/1x/ 910 B
1 KB 66ms
65ms Image
image/png 172.217.167.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s06-in-f3.1e100.net

Software

sffe /

Resource Hash

6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 11:27:46 GMT
x-content-type-options: nosniff
age: 71708
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 910
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 08 Sep 2024 11:27:46 GMT

GET
H2 200 translate_24dp.png
www.gstatic.com/images/branding/product/2x/ 2 KB
2 KB 80ms
80ms Image
image/png 172.217.167.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/2x/translate_24dp.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/d=0/rs=AN8SPfp0QXhhaDDdjg_LgcSqoZiPEzC1tw/m=el_main_css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s06-in-f3.1e100.net

Software

sffe /

Resource Hash

4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/d=0/rs=AN8SPfp0QXhhaDDdjg_LgcSqoZiPEzC1tw/m=el_main_css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Wed, 06 Sep 2023 19:06:58 GMT
x-content-type-options: nosniff
age: 303356
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1842
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 05 Sep 2024 19:06:58 GMT

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
1 KB 472ms
380ms Fetch
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUO2689O
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid8.10.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 6bbc92717fe509af0802f8845d68fc13c4c4b299a7589f54f06a91e5f8075582

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:54 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.mediafire.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 243
alt-svc: clear
expires: Sun, 10 Sep 2023 07:22:54 GMT

POST
H2 200 v1 Show response
btlr.sharethrough.com/universal/ 464 B
685 B 819ms
481ms Fetch
application/json 54.255.66.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid8.10.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.255.66.128 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-255-66-128.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: 2678300f9981277542a10c63a45659cafd6d0fa1d7d27c706a5573417a74f365

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
content-type: text/plain

Response headers

date: Sun, 10 Sep 2023 07:22:55 GMT
content-encoding: gzip
x-openrtb-version: 2.5
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 316

POST
H2 200 v1 Show response
btlr.sharethrough.com/universal/ 460 B
659 B 605ms
267ms Fetch
application/json 54.255.66.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid8.10.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.255.66.128 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-255-66-128.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: 341d3214b60c99080346925a1835641940a019bdcb82dac3a9b1705d0a53268e

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
content-type: text/plain

Response headers

date: Sun, 10 Sep 2023 07:22:54 GMT
content-encoding: gzip
x-openrtb-version: 2.5
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 291

POST
H2 200 v1 Show response
btlr.sharethrough.com/universal/ 408 B
632 B 517ms
179ms Fetch
application/json 54.255.66.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid8.10.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.255.66.128 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-255-66-128.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: 41bcfeefa137f2e1ccc6e59d937290ffee018021f156fc1e44433057056ac230

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
content-type: text/plain

Response headers

date: Sun, 10 Sep 2023 07:22:54 GMT
content-encoding: gzip
x-openrtb-version: 2.5
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 263

POST
H2 200 v1 Show response
btlr.sharethrough.com/universal/ 508 B
698 B 523ms
186ms Fetch
application/json 54.255.66.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid8.10.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.255.66.128 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-255-66-128.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: fd0ee784123f8010b36fe0b9204fe2fb3faf76d8fa6a36a7644d32d9ac506270

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
content-type: text/plain

Response headers

date: Sun, 10 Sep 2023 07:22:54 GMT
content-encoding: gzip
x-openrtb-version: 2.5
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 329

POST
H2 200 v1 Show response
btlr.sharethrough.com/universal/ 425 B
656 B 515ms
177ms Fetch
application/json 54.255.66.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid8.10.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.255.66.128 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-255-66-128.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: 5b26df0a4a6eb62ec94095af6e51712560eb2df643e5cc22c863c3f2512d2bae

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
content-type: text/plain

Response headers

date: Sun, 10 Sep 2023 07:22:54 GMT
content-encoding: gzip
x-openrtb-version: 2.5
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 287

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
114 B 637ms
210ms Fetch 207.65.33.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid8.10.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.78 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://www.mediafire.com
date: Sun, 10 Sep 2023 07:22:54 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/ 404 KB
127 KB 39ms
38ms Script
text/javascript 172.217.167.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s06-in-f2.1e100.net

Software

cafe /

Resource Hash

84f17c357a114f92f5594d1254ef145103bd25fe28a365fc648d27678f91cdfc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 10:36:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74761
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129878
x-xss-protection: 0
server: cafe
etag: 7992010681825974757
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sun, 08 Sep 2024 10:36:54 GMT

GET
H2 200 183096492 Show response
fundingchoicesmessages.google.com/i/ 154 KB
51 KB 190ms
184ms Script
application/javascript 172.217.24.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/183096492?ers=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f14.1e100.net

Software

ESF /

Resource Hash

f696e436fe9448deae54446cad6869c2f64e9359a238f255a9d837602c0848e2

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-qW8nMPwfCpySuqyT8_ODxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:55 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-qW8nMPwfCpySuqyT8_ODxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 mulvane.js Show response
go.ezodn.com/parsonsmaize/ 1002 B
864 B 493ms
492ms Script
application/javascript 172.64.137.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/parsonsmaize/mulvane.js?gcb=195-2&cb=5
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.137.23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f2e858e11bbfe82d0150dd8fc768dfdb4577415c0ee84435e0d6c51a50e6cb64

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:55 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 05 Sep 2023 23:10:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 375162
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rQLLcvlUSaKHuK9IDW3nYe1Ycb7l3xBUDkm1I8JuKrkUGL5UcG7fI0kWdGCNhyl1bbsucnDe6AU0sWYoTRWlM%2FbzZdJ4WtsTxPBqlktLH2Sq4%2BcznhXabH67LDJl3NA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 8045ec31dd50b430-HKG
alt-svc: h3=":443"; ma=86400

GET
H2 200 raleigh.js Show response
go.ezodn.com/detroitchicago/ 1 KB
978 B 494ms
494ms Script
application/javascript 172.64.137.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/detroitchicago/raleigh.js?gcb=195-2&cb=6
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.137.23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30887d75ca7268ceabc93067bca019f8ffe07189630a759407b236736e1f15af

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:55 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 08 Aug 2022 19:02:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 13600958
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uK2JCQQqpfxFzmK5YYsOugmv25WfKeSVvStlN0hUMCzK57QMnYiSL3b9l2%2Bw9qKoKA3GN4IVgv3tzYn%2FaYcP5cNm%2Bc47FHsWDMCs%2BXdkvUsGs0mHtxXd9NDf1E42yUw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 8045ec31dd52b430-HKG
alt-svc: h3=":443"; ma=86400

GET
H2 200 vista.js Show response
go.ezodn.com/detroitchicago/ 821 B
722 B 516ms
515ms Script
application/javascript 172.64.137.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/detroitchicago/vista.js?gcb=195-2&cb=5
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.137.23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f511fa7924776077436e0e7c47d96a420282192ee4f9c5dc96def26cb856c709

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:55 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 29 Aug 2023 18:02:07 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 998427
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V1ILfA7R7cpXV3%2BcwxOUcFE9Vn%2FXov3LaMcrGc5Iojz9zaKNx3L1pQkVquUxb9Xv2bWVklff6h%2BZUG53AGDjBUvPP3TR0PcE3pQQtfhrBTqGylnWq5BpWEt6R%2FplPRY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 8045ec31dd55b430-HKG
alt-svc: h3=":443"; ma=86400

GET
H2 200 tampa.js Show response
go.ezodn.com/detroitchicago/ 723 B
707 B 514ms
513ms Script
application/javascript 172.64.137.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/detroitchicago/tampa.js?gcb=195-2&cb=5
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.137.23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e611f58b19c2ff6aba81588e7b0a148e523d8acbadc40092f8de5f50dca2f93c

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:55 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 02 Nov 2022 09:49:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 26947997
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nj%2FE5PTUSCB6lxu06CHJ0q1vrw9pI39keWHpbG11o1uzQxwdi%2FfNI0xfVl8XLC%2BaYL0IOCg2Vc3jIDtPliq1eSWfSahyVY78G2ggFcz3SU9Y%2B%2BX4OAqPl3M%2Fcd3Ilcc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 8045ec31dd56b430-HKG
alt-svc: h3=":443"; ma=86400

GET
H2 200 AGSKWxUySWSstVHrrEtodBdGdCAi4vyq6sdhG0DJvJkFA5isLdTAeOtAmFttR7zHVRTnSHCfM9oV-5YbZr1_TCMsbnV2cLqV9U9wGPM27hHyG9H7x2MCnQFF5fNUO9dLFYU2vxgYszh_Kg== Show response
fundingchoicesmessages.google.com/f/ 13 KB
7 KB 222ms
221ms Script
application/javascript 172.217.24.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUySWSstVHrrEtodBdGdCAi4vyq6sdhG0DJvJkFA5isLdTAeOtAmFttR7zHVRTnSHCfM9oV-5YbZr1_TCMsbnV2cLqV9U9wGPM27hHyG9H7x2MCnQFF5fNUO9dLFYU2vxgYszh_Kg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjk0MzMwNTc1LDY0MjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlL3F0Mmlibnp3NXludWEwNy9TMEZUX1BXXzIwMjMucmFyL2ZpbGUiLG51bGwsW1s4LCJ0LTFNVGVPcE14ZyJdLFs5LCJlbi1HQiJdLFsxOSwiMiJdXV0

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.t-1MTeOpMxg.es5.O/d=1/rs=AJlcJMzmD912FB1XCVhv-feZsnQED8cTLw/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f14.1e100.net

Software

ESF /

Resource Hash

7af0c16057b4415362e273cdb5c9900d1ec9b690c5b7cc6c1139141e0f242c5e

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-y8f3h-9EcocOKnU7eaUqcw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:55 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-y8f3h-9EcocOKnU7eaUqcw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
897 B 406ms
30ms Script
application/javascript 151.101.129.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sun, 10 Sep 2023 07:22:56 GMT
x-content-type-options: nosniff
content-encoding: br
age: 28760
x-jsd-version: master
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 439
x-served-by: cache-fra-eddf8230042-FRA, cache-bne12528-BNE
x-jsd-version-type: branch
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 139 KB
31 KB 484ms
65ms Script
text/javascript 104.22.52.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.22.52.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccebb3668d65d3268223556ecdbe14e98305dd0abeffe6308c75e7fb21188fc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 08 Sep 2023 09:30:49 GMT
server: cloudflare
x-amz-request-id: 3D5PFB19YMS1A6BW
age: 941
etag: W/"1a5f44cdb786ba83a7fa05963228f464"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 8045ec34dbc4aaf9-SYD
x-amz-id-2: 5E3YGppoaZToHpO1jcreLNyYD8ir2jTwCGodOF7V0WUHxeu3wyRndl7SkpAtOrV4GtImpAHZa1o=

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 185ms
72ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 22 Aug 2023 23:22:34 GMT
content-encoding: gzip
age: 1584021
x-guploader-uploadid: ADPycduruLX3CkRCvjM4D44BJwbJMdkXirVGl_ZIKT7D8F6JxxeJwBTkUWv34758RtnE9Wk3QelmsLsDnwrBMePD-zM0Cw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Wed, 21 Aug 2024 23:22:34 GMT

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 43 KB
14 KB 957ms
238ms Script
text/javascript 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

c746ca687b3e79023240e45eb684f036fd9a1312b454758a6018b3ece635dafb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:56 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 07 Sep 2023 09:22:37 GMT
server: nginx
etag: W/"64f9965d-ab99"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 11 Sep 2023 07:22:56 GMT

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 3 KB
3 KB 942ms
297ms Script
text/javascript 13.35.23.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.23.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-23-33.sin5.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-amz-version-id: tte_Zq9MCmRAYf9XeFwo9sUIgrBbXCUY
Date: Sun, 10 Sep 2023 03:41:05 GMT
Via: 1.1 101fe44f3abacff135b2a73264d75b1e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: SIN5-C1
Age: 13312
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
x-amz-replication-status: PENDING
Connection: keep-alive
Content-Length: 2776
Last-Modified: Wed, 06 Sep 2023 03:40:59 GMT
Server: AmazonS3
ETag: "a3a9a9ee8e72db69d54e805f0586c651"
Content-Type: text/javascript
Accept-Ranges: bytes
X-Amz-Cf-Id: u43RWtKGKzd_mF3cR1GrMUQ63tZ27Uy5IaeySSEKJZNZfsX-b9Of-Q==

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 39 KB
12 KB 194ms
75ms Script
text/javascript 13.35.147.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.147.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-147-121.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 16:15:12 GMT
content-encoding: gzip
via: 1.1 d84cce98b6433e191cc61635f56f5108.cloudfront.net (CloudFront)
last-modified: Wed, 06 Sep 2023 15:56:57 GMT
server: AmazonS3
x-amz-cf-pop: SYD1-C1
age: 54464
x-amz-server-side-encryption: AES256
etag: W/"e073e71ed7a44e6f9cdd72904fda5940"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: qIickgRHfRGgTUBSCOj8FpoPSxU-yqDPREsvbEYTd3sLEwJywd5Wgw==

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
1 KB 454ms
339ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:55 GMT
via: 1.1 google, 1.1 google
last-modified: Thu, 03 Aug 2023 03:28:51 GMT
server: Google Frontend
etag: fc4e6bfe266081c4873c6f08c8298e5c
content-type: text/javascript; charset=utf-8
x-cloud-trace-context: 985c7f278103300a93f607183f5bd0b0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1207

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 69 KB
15 KB 523ms
523ms XHR
text/plain 172.217.167.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2759536476983620&correlator=2061913621914211&eid=31076480%2C31077366%2C31077683%2C44780990&output=ldjh&gdfp_req=1&vrg=202309050101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&iu_parts=183096492%2CMediaFire-Zone1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=1&didk=2298854458&sfv=1-0-40&eri=5&sc=1&cookie_enabled=1&abxe=1&dt=1694330575672&adxs=552&adys=10&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=480&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fqt2ibnzw5ynua07%2FS0FT_PW_2023.rar%2Ffile&vis=1&psz=960x1500&msz=728x-1&fws=0&ohw=0&ga_vid=2089763394.1694330573&ga_sid=1694330576&ga_hid=53280006&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYtLbj76cxSABSAghkEhkKCnB1YmNpZC5vcmcYtLbj76cxSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGLS24--nMUgAUgIIZBIXCghydGJob3VzZRi0tuPvpzFIAFICCGQSFAoFb3BlbngYtLbj76cxSABSAghkEhkKCnVpZGFwaS5jb20YtLbj76cxSABSAghkEhsKDGlkNS1zeW5jLmNvbRi0tuPvpzFIAFICCGQ.&dlt=1694330571494&idt=3814&prev_scp=dkey_present%3Dfalse%26buildnumber%3D121915%26dladtemplate%3D51%26button_delay%3Ddisabled&adks=630197753&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s06-in-f2.1e100.net

Software

cafe /

Resource Hash

37d57f2675aa8c234b4966687c6f221a7c3b189fe555384afbb107760ac833c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:56 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14874
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 61 KB
14 KB 633ms
632ms XHR
text/plain 172.217.167.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2759536476983620&correlator=2682495575790000&eid=31076480%2C31077366%2C31077683%2C44780990&output=ldjh&gdfp_req=1&vrg=202309050101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&iu_parts=183096492%2CMediaFire-Zone2&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280%7C300x250&ifi=2&didk=2784911678&sfv=1-0-40&eri=5&sc=1&cookie_enabled=1&abxe=1&dt=1694330575680&adxs=320&adys=120&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=480&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fqt2ibnzw5ynua07%2FS0FT_PW_2023.rar%2Ffile&vis=1&psz=960x1500&msz=336x-1&fws=0&ohw=0&ga_vid=2089763394.1694330573&ga_sid=1694330576&ga_hid=53280006&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYtLbj76cxSABSAghkEhkKCnB1YmNpZC5vcmcYtLbj76cxSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGLS24--nMUgAUgIIZBIXCghydGJob3VzZRi0tuPvpzFIAFICCGQSFAoFb3BlbngYtLbj76cxSABSAghkEhkKCnVpZGFwaS5jb20YtLbj76cxSABSAghkEhsKDGlkNS1zeW5jLmNvbRi0tuPvpzFIAFICCGQ.&dlt=1694330571494&idt=3814&prev_scp=dkey_present%3Dfalse%26buildnumber%3D121915%26dladtemplate%3D51%26button_delay%3Ddisabled&adks=3841872593&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s06-in-f2.1e100.net

Software

cafe /

Resource Hash

193f100278223dd8f644da2f815935b191c0031675ff4e804f1f439ea0a9e8d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:56 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14019
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 60 KB
23 KB 708ms
707ms XHR
text/plain 172.217.167.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2759536476983620&correlator=366080374436719&eid=31076480%2C31077366%2C31077683%2C44780990&output=ldjh&gdfp_req=1&vrg=202309050101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&iu_parts=183096492%2CMediaFire-Zone3&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280%7C300x250&ifi=3&didk=3528871077&sfv=1-0-40&eri=5&sc=1&cookie_enabled=1&abxe=1&dt=1694330575682&adxs=320&adys=420&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=480&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fqt2ibnzw5ynua07%2FS0FT_PW_2023.rar%2Ffile&vis=1&psz=960x1500&msz=336x-1&fws=0&ohw=0&ga_vid=2089763394.1694330573&ga_sid=1694330576&ga_hid=53280006&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYtLbj76cxSABSAghkEhkKCnB1YmNpZC5vcmcYtLbj76cxSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGLS24--nMUgAUgIIZBIXCghydGJob3VzZRi0tuPvpzFIAFICCGQSFAoFb3BlbngYtLbj76cxSABSAghkEhkKCnVpZGFwaS5jb20YtLbj76cxSABSAghkEhsKDGlkNS1zeW5jLmNvbRi0tuPvpzFIAFICCGQ.&dlt=1694330571494&idt=3814&prev_scp=dkey_present%3Dfalse%26buildnumber%3D121915%26dladtemplate%3D51%26button_delay%3Ddisabled&adks=1870779098&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s06-in-f2.1e100.net

Software

cafe /

Resource Hash

48a6ee082f847e362b86196170538bc484500e9e2a04c63614e62f7d26977f49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:56 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23503
x-xss-protection: 0
google-lineitem-id: 5967615577
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138387047020
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
9d3dc99658da8f4872b21ae2a02a5eb7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4239 6 KB
3 KB 669ms
160ms Document
text/html 142.250.204.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9d3dc99658da8f4872b21ae2a02a5eb7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f1.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 10 Sep 2023 07:22:56 GMT
expires: Mon, 09 Sep 2024 07:22:56 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 60 KB
23 KB 467ms
466ms XHR
text/plain 172.217.167.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2759536476983620&correlator=3430356025620534&eid=31076480%2C31077366%2C31077683%2C44780990&output=ldjh&gdfp_req=1&vrg=202309050101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&iu_parts=183096492%2CMediaFire-Zone4&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=4&didk=2372303816&sfv=1-0-40&eri=5&sc=1&cookie_enabled=1&abxe=1&dt=1694330575693&adxs=430&adys=1095&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=480&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fqt2ibnzw5ynua07%2FS0FT_PW_2023.rar%2Ffile&vis=1&psz=960x1500&msz=728x90&fws=0&ohw=0&ga_vid=2089763394.1694330573&ga_sid=1694330576&ga_hid=53280006&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYtLbj76cxSABSAghkEhkKCnB1YmNpZC5vcmcYtLbj76cxSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGLS24--nMUgAUgIIZBIXCghydGJob3VzZRi0tuPvpzFIAFICCGQSFAoFb3BlbngYtLbj76cxSABSAghkEhkKCnVpZGFwaS5jb20YtLbj76cxSABSAghkEhsKDGlkNS1zeW5jLmNvbRi0tuPvpzFIAFICCGQ.&dlt=1694330571494&idt=3814&prev_scp=dkey_present%3Dfalse%26buildnumber%3D121915%26dladtemplate%3D51%26button_delay%3Ddisabled&adks=215913335&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s06-in-f2.1e100.net

Software

cafe /

Resource Hash

1a42d92125196e23e44aa36e0d6f8f793f84de4c8b2b21c8c4c3a637ac6f4d2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:56 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23513
x-xss-protection: 0
google-lineitem-id: 5967615577
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138387047710
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 olathe.js Show response
go.ezodn.com/parsonsmaize/ 2 KB
1 KB 261ms
258ms Script
application/javascript 172.64.137.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/parsonsmaize/olathe.js?gcb=195-2&cb=19
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.137.23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a5090d18c606c75443ec32e196e55cedbce9623bf6fccb54ec3f0da8beb4c331

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:55 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 31 Aug 2023 01:29:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 885227
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uvkW2J71NyXMunpyv2jIC%2Bfmcmg2da2%2BeaVZD%2BCWAWA4oSddfR%2BZPbvlf3JFGEivdVe9UtyfJb6mKM6voZGPdqXCGD66bjgTwPIqeDtLPe6n1xLX9UdTlhuZ080W0Ks%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 8045ec337fa6b430-HKG
alt-svc: h3=":443"; ma=86400

GET
H2 200 chanute.js Show response
go.ezodn.com/parsonsmaize/ 21 KB
6 KB 262ms
260ms Script
application/javascript 172.64.137.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/parsonsmaize/chanute.js?a=a&cb=4&dcb=195-2&shcb=34
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.137.23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bbb126b9e8714be02d4544356d79477cf8ff397bf1cc527ac6c353d4c9084dff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:55 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 09 Sep 2023 00:13:07 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 112187
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i8jBjs7GeOW853JaAdY2uJ%2BYWQwXVkBYey5C2yXgHIq7j6W8ru49X1%2BxfPr4cJx2l68HoALdyUp9Vk0WXIu66X0iuWhMop8J4IFGN2pmBnm8q0%2Brr95kRSPHhvTPmFc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 8045ec337fa9b430-HKG
alt-svc: h3=":443"; ma=86400

GET
H2 200 vitals.js Show response
go.ezodn.com/tardisrocinante/ 5 KB
2 KB 254ms
252ms Script
application/javascript 172.64.137.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/tardisrocinante/vitals.js?gcb=195-2&cb=3
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.137.23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d839b193eba1dd4578cc90dfe2fe6edea552e807f65af9e79780a58d0ad9b1bb

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:55 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 08:24:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3847687
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y4W1sQ5GOXc7eR2QcJSRjgXiOaRBFPtG1jXALy2RGZCviRQ470d6WNIyr1yqHF4rFvg0cSkzRXZxjtLIXGvuyeLJRNRCafk7CMV68d%2Bt5f16TDepNgEGC3MbxZdd684%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 8045ec337facb430-HKG
alt-svc: h3=":443"; ma=86400

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fqt2ibnzw5ynua07%2FS0FT_PW_2023.rar%2Ffile&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fqt2ibnzw5ynua07%2FS0FT_PW_2023.rar%2Ffile&rid=esp&cc=1

85 B
203 B

216ms
216ms

Fetch
application/json

34.120.135.53
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fqt2ibnzw5ynua07%2FS0FT_PW_2023.rar%2Ffile&rid=esp&cc=1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Server: 34.120.135.53 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 53.135.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: 752ce8fe478f93339039031bce441ef1583cbc1c1558f54a8118c93165faceee

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:56 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-WbI1xMFgec+nyVDFHqK0OU/zZlE"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Sun, 10 Sep 2023 07:22:56 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://www.mediafire.com
location: /esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fqt2ibnzw5ynua07%2FS0FT_PW_2023.rar%2Ffile&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 235 B
695 B 547ms
194ms XHR
application/json 54.179.248.176
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.179.248.176 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-179-248-176.ap-southeast-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 57fb39cbd3365cba2be7fffc83be48a81d09a6f3901bb34dd643aa886fe485dc

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:56 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache
x-server: 10.42.25.84
access-control-allow-credentials: true
content-length: 235
expires: 0

POST
H2 200 imp.gif
g.ezoic.net/detroitchicago/ 43 B
196 B 73ms
54ms Ping
image/gif 3.24.63.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/detroitchicago/imp.gif?ez_orig=1
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/parsonsmaize/abilene.js?gcb=195-2&cb=28
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.24.63.190 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-24-63-190.ap-southeast-2.compute.amazonaws.com
Software: /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 10 Sep 2023 07:22:56 GMT
content-encoding: br
access-control-max-age: 1728000
access-control-allow-methods: HEAD, PUT, POST, GET, OPTIONS
content-type: image/gif
access-control-allow-origin: https://www.mediafire.com
x-middleton-display: imp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
vary: Accept-Encoding
access-control-allow-headers: Content-Type
content-length: 47
expires: Sat, 09 Sep 2023 07:22:56 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6CD4 0
0 179ms
178ms Fetch
image/gif 172.217.167.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssV8L6Zr_Le9kFi0BHiwHpzxxPc4_5t_OAj3l1vxMxRbbqxtLDViAgs1kYzm6N5B0_owQRyDWL4Homg9b4TeqfR1rG0nIIhUWlZwhadoUiCsDXrkIoTmjJnAzqswWJx2U8gi9EQSn4lL9EfQUsdzjR4OhYPE-ZBeF-7qaFSCNPFXZdUNkU-mjvqpamjTRoOpz6tL5UMyteTdT4QpoBm8XDajuIz436zj0lsVYtWDgPA3TMEP6o8ueqiabMi5ZGbK850FJbuJS-LoBQ0OkBqS0XFzCmM5qFeqbr8sxDjunJuyMYsIDoioAa4ZuFbDH0CfOPBClww4JQMb9Q&sai=AMfl-YQ0tH6fKrQe3HYlBm9H6p3lk4P9RlzgrswGQRZkBCeA40ntZeHmRziSgZIlt5i7xdtlYPG2k2TEeRoSVD-ki0s14K7NYH4oix9Xn7O6GY37tdP1niQszhFe4kRxrFDkoHnfd9qSzx8Ywwn-Hqru&sig=Cg0ArKJSzMBhNLnz3MsSEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:56 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 10 Sep 2023 07:22:56 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230906/r20110914/ Frame 6CD4 23 KB
9 KB 624ms
124ms Script
text/javascript 142.251.221.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230906/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f1.1e100.net

Software

cafe /

Resource Hash

9941d25da2d400e2cbc1c979d7ecae4a9b418158d3825d03e09650e0799dcefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:08:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62048
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9135
x-xss-protection: 0
server: cafe
etag: 9583221549990841032
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Sep 2023 14:08:48 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230906/r20110914/client/ Frame 6CD4 3 KB
1 KB 629ms
129ms Script
text/javascript 142.251.221.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230906/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:09:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62034
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Sep 2023 14:09:02 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6CD4 181 KB
57 KB 1032ms
532ms Script
text/javascript 142.250.67.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.67.2 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s16-in-f2.1e100.net

Software

sffe /

Resource Hash

3c620084286d4e8ac0ebd4811a782920ac935265c8cdbf0010ea7243bd81a6e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57841
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1694001950986259"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 10 Sep 2023 07:22:57 GMT

GET
H2 200 17494115938463050724
tpc.googlesyndication.com/simgad/ Frame 6CD4 57 KB
58 KB 569ms
70ms Image
image/png 142.251.221.65
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17494115938463050724

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f1.1e100.net

Software

sffe /

Resource Hash

cee9fd8e304615d5ace755818a222fb75754484b38923463745dfed56bf4e3fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Fri, 08 Sep 2023 14:15:37 GMT
x-content-type-options: nosniff
age: 148039
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58527
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 12:57:01 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 07 Sep 2024 14:15:37 GMT

GET
DATA 200
OK truncated
/ Frame 6CD4 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e1dac12531c20fec866c938be23a0a76e8fc4a561f74af5224470eb9b7a06471

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012307272333000/ Frame 0F6F 222 KB
62 KB 615ms
93ms Script
text/javascript 142.250.76.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.97 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f1.1e100.net

Software

sffe /

Resource Hash

ca0b13088e4cc740b37d30f2a5dd83dba46709641f40678950fc0a8f41c9c14c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 04 Sep 2023 17:11:03 GMT
age: 483113
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62092
x-xss-protection: 0
server: sffe
etag: "72571316e23440c4"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 03 Sep 2024 17:11:03 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame 0F6F 15 KB
5 KB 679ms
156ms Script
text/javascript 142.250.76.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.97 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f1.1e100.net

Software

sffe /

Resource Hash

3fdd9957f328674a49573806215c9fe67a6f827515607cf8d7db980fc94b771c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 04 Sep 2023 17:11:03 GMT
age: 483113
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5267
x-xss-protection: 0
server: sffe
etag: "85c6144a0af9a6d8"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 03 Sep 2024 17:11:03 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame 0F6F 94 KB
28 KB 681ms
159ms Script
text/javascript 142.250.76.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.97 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f1.1e100.net

Software

sffe /

Resource Hash

a68a7aaf623132b6e47f6d9753c49336cc812251cc91a1b82280aca86144b29a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 04 Sep 2023 17:11:03 GMT
age: 483113
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29055
x-xss-protection: 0
server: sffe
etag: "34be4077024c0aa5"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 03 Sep 2024 17:11:03 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame 0F6F 5 KB
2 KB 701ms
179ms Script
text/javascript 142.250.76.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.97 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f1.1e100.net

Software

sffe /

Resource Hash

b70f0a80bac892e1e492a9ee5cee527ea2a9a2ff162614ff7a3acc78b2e83db0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 04 Sep 2023 17:11:03 GMT
age: 483113
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1908
x-xss-protection: 0
server: sffe
etag: "a56399b21b8bf15b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 03 Sep 2024 17:11:03 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame 0F6F 40 KB
13 KB 696ms
174ms Script
text/javascript 142.250.76.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.97 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f1.1e100.net

Software

sffe /

Resource Hash

485567ada85d2d82f3c23210e6082009fcd03700751bf61a07a56a256b1e8918

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 04 Sep 2023 17:11:03 GMT
age: 483113
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13018
x-xss-protection: 0
server: sffe
etag: "62ea6ad255afcfa9"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 03 Sep 2024 17:11:03 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 0F6F 14 KB
1 KB 724ms
203ms Stylesheet
text/css 142.250.204.10
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.10 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f10.1e100.net

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 10 Sep 2023 07:22:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 10 Sep 2023 06:08:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 10 Sep 2023 07:22:56 GMT

GET
H2 200 en_bl.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 0F6F 3 KB
3 KB 571ms
89ms Image
image/png 142.251.221.65
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/en_bl.png

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f1.1e100.net

Software

cafe /

Resource Hash

7f1343ca74e009a2949392688b30d4a9a8f7f642ae4b593c9fdc76284531b049

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:08:44 GMT
x-content-type-options: nosniff
server: cafe
age: 62052
etag: 3004170791804808702
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2980
x-xss-protection: 0
expires: Sun, 10 Sep 2023 14:08:44 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 0F6F 344 B
713 B 549ms
67ms Image
image/png 142.251.221.65
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f1.1e100.net

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:00:24 GMT
x-content-type-options: nosniff
server: cafe
age: 1352
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Mon, 11 Sep 2023 07:00:24 GMT

GET
H/1.1 204 increment Show response
id5-sync.com/api/esp/ 0
326 B 1063ms
353ms XHR
text/plain 162.19.138.120
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.120 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533571.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.mediafire.com
date: Sun, 10 Sep 2023 07:22:57 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
DATA 200
OK truncated
/ Frame 0F6F 161 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 29e4c24a2fa1b6c2218b217e252a8d838cb65819a3b959a73c1a3565067ec0d9

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 0F6F 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 75a50d50f8b6dfe1f263180093d5519c6970ffb7134cb9c6fe1aba03c1db5547

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012307272333000/ Frame D2D1 222 KB
61 KB 553ms
114ms Script
text/javascript 142.250.76.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.97 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f1.1e100.net

Software

sffe /

Resource Hash

ca0b13088e4cc740b37d30f2a5dd83dba46709641f40678950fc0a8f41c9c14c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 04 Sep 2023 17:11:03 GMT
age: 483113
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62092
x-xss-protection: 0
server: sffe
etag: "72571316e23440c4"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 03 Sep 2024 17:11:03 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame D2D1 15 KB
5 KB 146ms
141ms Script
text/javascript 142.250.76.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.97 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f1.1e100.net

Software

sffe /

Resource Hash

3fdd9957f328674a49573806215c9fe67a6f827515607cf8d7db980fc94b771c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 04 Sep 2023 17:11:03 GMT
age: 483113
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5267
x-xss-protection: 0
server: sffe
etag: "85c6144a0af9a6d8"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 03 Sep 2024 17:11:03 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame D2D1 94 KB
28 KB 148ms
144ms Script
text/javascript 142.250.76.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.97 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f1.1e100.net

Software

sffe /

Resource Hash

a68a7aaf623132b6e47f6d9753c49336cc812251cc91a1b82280aca86144b29a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 04 Sep 2023 17:11:03 GMT
age: 483113
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29055
x-xss-protection: 0
server: sffe
etag: "34be4077024c0aa5"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 03 Sep 2024 17:11:03 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame D2D1 5 KB
2 KB 162ms
158ms Script
text/javascript 142.250.76.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.97 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f1.1e100.net

Software

sffe /

Resource Hash

b70f0a80bac892e1e492a9ee5cee527ea2a9a2ff162614ff7a3acc78b2e83db0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 04 Sep 2023 17:11:03 GMT
age: 483113
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1908
x-xss-protection: 0
server: sffe
etag: "a56399b21b8bf15b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 03 Sep 2024 17:11:03 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012307272333000/v0/ Frame D2D1 40 KB
13 KB 163ms
159ms Script
text/javascript 142.250.76.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012307272333000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.97 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f1.1e100.net

Software

sffe /

Resource Hash

485567ada85d2d82f3c23210e6082009fcd03700751bf61a07a56a256b1e8918

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 04 Sep 2023 17:11:03 GMT
age: 483113
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13018
x-xss-protection: 0
server: sffe
etag: "62ea6ad255afcfa9"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 03 Sep 2024 17:11:03 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame D2D1 14 KB
2 KB 640ms
202ms Stylesheet
text/css 142.250.204.10
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.10 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f10.1e100.net

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 10 Sep 2023 07:22:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 10 Sep 2023 06:14:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 10 Sep 2023 07:22:56 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame D2D1 344 B
402 B 469ms
68ms Image
image/png 142.251.221.65
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f1.1e100.net

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:00:24 GMT
x-content-type-options: nosniff
server: cafe
age: 1352
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Mon, 11 Sep 2023 07:00:24 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/abg/ Frame D2D1 3 KB
3 KB 488ms
98ms Image
image/png 142.251.221.65
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/en.png

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f1.1e100.net

Software

cafe /

Resource Hash

85a64faec356c3a72f249a98a037317adc730ec6d38e47653cd53be5485d80a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 19:04:53 GMT
x-content-type-options: nosniff
server: cafe
age: 44283
etag: 15880770647744369592
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2982
x-xss-protection: 0
expires: Sun, 10 Sep 2023 19:04:53 GMT

GET
DATA 200
OK truncated
/ Frame D2D1 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2c376bd4be2e0b91182dd6d3403921d2aee56a8dcd485b3fa6d8acfefd30eda9

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 64EE 0
0 187ms
187ms Fetch
image/gif 172.217.167.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvVSZS_IL_y2prlh05ZpRyNyDMPBOrHYdIUb5ZKZNawsnbYzYeod-S1jANpqdnDw7kdJOYFbHr0XDm-FmSXZrda8YNXv0DgKkK7x3d_SeQzxQmFKK2JDuR88BnQ40s6qf0XYsx5CIlktfNyUcGLfl6RAt_Mf4iHNcA8uh5sReOjX8OZOTCXiQObSQLNj6uY0xZQytnWPRlgPP7yBH9OW0CsRBDeJLA-sdLFMhmlabo4KTCw5g5x_3MxydzY1vFRcj_u8emgiLsjXgtidkzT5TRcp4P-JxyHHq84MywIXZxFwb6ZFv0CQ5pB5w959GllOVrghZO-FvkNER8&sai=AMfl-YTvWhBAuis1Qm-1l1SmaJnH7mHe7E9gTBvoCuvjyNeNeZkGsmA_bmOnlAn611uCws2IMK7PqYsf7e2mGg3iyTFCbo0yyhDZjEs8KMUPOm9dyvb8iU4ErRDiFtyq-jdFTWPrU0VXXm06GP3-LfJH&sig=Cg0ArKJSzNvm1jnvjNp1EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:56 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230906/r20110914/ Frame 64EE 23 KB
9 KB 73ms
69ms Script
text/javascript 142.251.221.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230906/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f1.1e100.net

Software

cafe /

Resource Hash

9941d25da2d400e2cbc1c979d7ecae4a9b418158d3825d03e09650e0799dcefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:08:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62048
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9135
x-xss-protection: 0
server: cafe
etag: 9583221549990841032
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Sep 2023 14:08:48 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230906/r20110914/client/ Frame 64EE 3 KB
1 KB 77ms
73ms Script
text/javascript 142.251.221.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230906/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 14:09:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62034
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 23 Sep 2023 14:09:02 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 64EE 181 KB
57 KB 857ms
538ms Script
text/javascript 142.250.67.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.67.2 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s16-in-f2.1e100.net

Software

sffe /

Resource Hash

3c620084286d4e8ac0ebd4811a782920ac935265c8cdbf0010ea7243bd81a6e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57841
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1694001950986259"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 10 Sep 2023 07:22:57 GMT

GET
H2 200 5295709221109236883
tpc.googlesyndication.com/simgad/ Frame 64EE 60 KB
61 KB 401ms
91ms Image
image/png 142.251.221.65
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5295709221109236883

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f1.1e100.net

Software

sffe /

Resource Hash

83b4150f43fc1362f85f40b1053a6b77ba9029d44cb696e227834fd8eafe7811

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 19:26:03 GMT
x-content-type-options: nosniff
age: 215813
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61940
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 12:56:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 06 Sep 2024 19:26:03 GMT

GET
DATA 200
OK truncated
/ Frame 64EE 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aca4f3968ed3bffde23f0e31ef2662e6b3415d2a4ed959657a3d626461d18865

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 573D 484 B
736 B 257ms
159ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 77ff3691ac63856fb464752f57652073c97e32048da08edcd16903c8a8f4e35a

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 309
content-type: text/html
date: Sun, 10 Sep 2023 07:22:56 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 573D
Redirect Chain

https://match.adsrvr.org/track/cmf/openx?oxid=95132eea-615a-711f-f691-3268ed61404c&gdpr=0
https://match.adsrvr.org/track/cmb/openx?oxid=95132eea-615a-711f-f691-3268ed61404c&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072971&val=988e0bd3-5671-4d98-a871-0938c887be13&ttd_puid=95132eea-615a-711f-f691-3268ed61404c&gdpr=0&gdpr_consent=

43 B
324 B

137ms
136ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072971&val=988e0bd3-5671-4d98-a871-0938c887be13&ttd_puid=95132eea-615a-711f-f691-3268ed61404c&gdpr=0&gdpr_consent=
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:57 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:57 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072971&val=988e0bd3-5671-4d98-a871-0938c887be13&ttd_puid=95132eea-615a-711f-f691-3268ed61404c&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 335

GET
H2

200

sd
jp-u.openx.net/w/1.0/ Frame 573D
Redirect Chain

https://tg.socdm.com/rtb/sync_before?proto=openx
https://jp-u.openx.net/w/1.0/sd?id=537072335&val=ZP1u0cCo8YQAABT0qK4AAAAA

43 B
106 B

140ms
139ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jp-u.openx.net/w/1.0/sd?id=537072335&val=ZP1u0cCo8YQAABT0qK4AAAAA
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:59 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

X-SO-Cluster-ID: 0
Date: Sun, 10 Sep 2023 07:22:59 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/rtb\/sync_before?proto=openx","cluster_id":0,"gdpr":false,"ipv4":"110.20.184.53","key":"ZP1u0cCo8YQAABT0qK4AAAAA","privacy_sensitive":false,"uid":"","upstream_id":"m-ad94"}
X-SO-Key: ZP1u0cCo8YQAABT0qK4AAAAA
Server: nginx
X-SO-Upstream-ID: m-ad94
P3P: CP="See also http://www.scaleout.jp/privacy/"
Location: https://jp-u.openx.net/w/1.0/sd?id=537072335&val=ZP1u0cCo8YQAABT0qK4AAAAA
Cache-Control: private
X-SO-HostName: m-ad94.dc4p.scaleout.jp
Connection: keep-alive
X-SO-Ads-Time: 1678
Content-Length: 0
X-SO-LB-Hostname: m-tgng32.dc4p.scaleout.jp
X-SO-IP: 110.20.184.53

GET
H2

200

sd
jp-u.openx.net/w/1.0/ Frame 573D
Redirect Chain

https://cr-p3.ladsp.com/cookiesender/3
https://cr-p3.ladsp.com/cookiesender/3?cr=true
https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AQGoZhle_3_Pks8AD7P3udv-JM8AAAGKffjhRA

43 B
106 B

147ms
140ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AQGoZhle_3_Pks8AD7P3udv-JM8AAAGKffjhRA
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:57 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:57 GMT
via: 1.1 6defb821ef88eaf5ac6c82035b5646e2.cloudfront.net (CloudFront)
server: Logicad
x-amz-cf-pop: SYD1-C1
x-cache: Miss from cloudfront
p3p: CP="NOI DEVo TAIo PSAo PSDo OUR IND UNI NAV", policyref="http://cd.ladsp.com/xml/w3c/p3p.xml"
location: https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AQGoZhle_3_Pks8AD7P3udv-JM8AAAGKffjhRA
cache-control: no-cache
content-length: 0
x-amz-cf-id: 7qvn-4wb3CvwFCWeSgfz0-8ckHYXuSymIBf2rPU_FwHykEVQFEP7WQ==
expires: -1

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 573D 170 B
409 B 418ms
153ms Image
image/png 142.250.66.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Yjk3Y2ZkMjAtYTgyZC0yZmJiLWUzNzEtNjhkMTI3ODM4ZTJj

Requested by

Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.194 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 573D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEG8_wdjtrHpEUGrQMbXCt1I&google_cver=1

43 B
106 B

144ms
144ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEG8_wdjtrHpEUGrQMbXCt1I&google_cver=1
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:57 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEG8_wdjtrHpEUGrQMbXCt1I&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
517 B 164ms
164ms Image
image/gif 172.217.24.46
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=1&rn=2.481787606057792

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f14.1e100.net

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-QDyKb3DRbr_W4ydasnsuKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:56 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-QDyKb3DRbr_W4ydasnsuKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
253 B 386ms
386ms Image
image/gif 172.217.24.46
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=2&rn=0.5423743429419152

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f14.1e100.net

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-sIVfAm2bA9oO2X4SGB17KQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:57 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-sIVfAm2bA9oO2X4SGB17KQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 0F6F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

206ms
205ms

Image
text/html

142.250.66.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Server: 142.250.66.194 Old Bridge, United States, ASN15169 (GOOGLE, US),
Reverse DNS: syd09s23-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Redirect headers

date: Sun, 10 Sep 2023 07:22:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame D2D1
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

187ms
187ms

Image
text/html

142.250.66.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Server: 142.250.66.194 Old Bridge, United States, ASN15169 (GOOGLE, US),
Reverse DNS: syd09s23-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Redirect headers

date: Sun, 10 Sep 2023 07:22:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 0F6F 33 KB
34 KB 834ms
55ms Font
font/woff2 142.250.204.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f3.1e100.net

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mediafire.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 01:39:19 GMT
x-content-type-options: nosniff
age: 279818
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Sep 2024 01:39:19 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame D2D1 33 KB
33 KB 850ms
74ms Font
font/woff2 142.250.204.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f3.1e100.net

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mediafire.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 01:39:19 GMT
x-content-type-options: nosniff
age: 279818
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Sep 2024 01:39:19 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0F6F 0
0 185ms
184ms Image
text/html 172.217.167.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CJx9Kz279ZIj7L8aTmsMP9bG6qA6NhvPUZ6qLifPBEMCNtwEQASDkgu0oYKWAgICYAaABp6Cm0QLIAQHgAgCoAwHIAwqqBLsCT9AernhXsVnzWc2WUcp2KDHSyDkNr6PE1mLnRQaRQ4Q0BROcKvsc8fJhjuiHYqQsCJlKjYkWWZ6J5gedgj9t5SL00iF3-a74nmLH96qviK1JIsOY8wgGGnO-FVu-xbB2D-8BYK4oqooLMw2ikDkp8M_NtDvA1lfYLicvTmOw4mRiSbNiEXW-V76I8zB4aLfuVd_s0-MTWkMyhaYGa_8Teum3ztCmexTVAKm9ZRxi3bYo81LYLtc0KNskTwDoHkbIyPGyra93_5I9asm60pJHKL5QBpAjoolEUc4-Gghy4F0u49LPxaAcA8iTtiujzM-km56cCpcraFy5_OwF7NEM8HAIAEZl8uQY7aRwtcpQ39xCivy6wkYhn9jCDhQt3iiBzqt-tbpOsfGWLtwkziCJLd7gXzFx2fxCuJ6FwASA7YKqwALgBAGIBdDaxvMYkgUECAQYAZIFBAgFGASgBmaAB8Hf2a4BqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQsLJI0ggUCIBhEAEYHTICigI6AoBASL39wTqaCa4BaHR0cHM6Ly93d3cuZmlsZXMuY29tLz91dG1fY2FtcGFpZ249ODU5ODc0NzMwMjQmdXRtX3Rlcm09LWZpbGVzLmNvbSZ1dG1fc291cmNlPWFkd29yZHMmdXRtX21lZGl1bT1wcGMmdXRtX2NvbnRlbnQ9NjExMTAyMDY1ODEwJmdjbGlkPXtnY2xpZH0mcmFuZG9tPTcxNDE3OTYyMjkzMDgwMzg3MSZ2dF9wb3M9gAoDyAsB2gwQCgoQwPPnsqCSwLxzEgIBA9gTFYgUAdAVAYAXAbIXHgocCAASFHB1Yi03ODEzODM1Nzc4NTQzMDgxGOy5EQ&sigh=bOGSu2w2aNw&uach_m=[]&ase=2&cid=CAQSSwBpAlJWMiD01d59l1thFiWsmlblLz5cREqLD3HTdUcC1-LwXgTc3fFnmTPpYCD2L5W5X0hhHHWMpL8Xfp4wfwMUFiBwXUgAxrjygRgB&cbvp=2
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.167.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: syd15s06-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D2D1 0
0 193ms
193ms Image
text/html 172.217.167.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C6Py-z279ZP_rL6-VmsMPo9CXkA-NhvPUZ6qLifPBEMCNtwEQASDkgu0oYKWAgICYAaABp6Cm0QLIAQHgAgCoAwHIAwqqBMICT9BHulLk6JNa87QiOJ-GCnSbC4FAh192nTHAWrMLPPlBd0v4YZ2qqjdcLF0JhiRYVQEo-BkZxlL0HMtfJUskxiSDLOijzMU4dMBtZLz12Xw_UZIy_aiQ4IuHkTUvtKwUJHWkW1GoRaZsA4eTBQo_eW0WeW6EqMaufG0dEwxBpBYtoOYfFzdjjKrPMDiP8mLs7KhCe5Hc3ge0Ey1MDCXo_ZLmZH4-yJVSAw7X7UEKo1tK2L5gMIrERmW2snZqp2UvOJXw4-1dxthQZEhCI4rLbwB8MpsSSPFdXJIWVRQ-4M_6LNTZdM4jn_gEp6Udd1vU0e2kPKhjKScrlQi_WditS0eaF_DfcIfOulzV3lDJHfFVP8k361UhjnoSLOlMApcg8bJP94jpH7tBwmF3Bhqs3F98Y-A5TtwiK26agorj9ZhK3sAEgO2CqsAC4AQBiAXQ2sbzGJIFBAgEGAGSBQQIBRgEoAZmgAfB39muAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEKiMPdIIFAiAYRABGB0yAooCOgKAQEi9_cE6mgmwAWh0dHBzOi8vd3d3LmZpbGVzLmNvbS8_dXRtX2NhbXBhaWduPTg1OTg3NDczMDI0JnV0bV90ZXJtPS1maWxlcy5jb20mdXRtX3NvdXJjZT1hZHdvcmRzJnV0bV9tZWRpdW09cHBjJnV0bV9jb250ZW50PTYxMTEwMjA2NTgxMCZnY2xpZD17Z2NsaWR9JnJhbmRvbT0xNzI3OTcxNTYwMTU5NjY1MDUzOSZ2dF9wb3M9gAoDyAsB2gwQCgoQ0OP11-jM9bE7EgIBA9gTFYgUAdAVAYAXAbIXHgocCAASFHB1Yi03ODEzODM1Nzc4NTQzMDgxGOy5EQ&sigh=VPAJpUk2jyE&uach_m=[]&ase=2&cid=CAQSSwBpAlJWG5z89G4B_N3vglbWDayxOnjWSORdI6OwJUuEKd91P1YnQ-XZo0oU2rVixnTM_h72DNl8vjwL_G3W1pYe3ENnBrhUEeRD0hgB&cbvp=2
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.167.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: syd15s06-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

POST
H2 204 AGSKWxVYe3K_Zf1IgS8J0tKcfj7cqO1MJ063BlF5KXZt2zQlziXXyavOAGd4TShiG9NQQj8fzEAi4jdpqzl2p5CxZ7S9cKIUdyXv11uuGwe-Q9AmX86ih1vB8Vvh-SXzL94mOYNZ8JBpkw== Show response
fundingchoicesmessages.google.com/el/ 0
1 KB 962ms
161ms XHR
text/html 172.217.24.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVYe3K_Zf1IgS8J0tKcfj7cqO1MJ063BlF5KXZt2zQlziXXyavOAGd4TShiG9NQQj8fzEAi4jdpqzl2p5CxZ7S9cKIUdyXv11uuGwe-Q9AmX86ih1vB8Vvh-SXzL94mOYNZ8JBpkw==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-xLhHQ4Gx5SciQYp3HYzvRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 10 Sep 2023 07:22:58 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-xLhHQ4Gx5SciQYp3HYzvRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 64EE 0
0 989ms
198ms Fetch
image/gif 172.217.167.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuIoJWvlhKzN0MH57Bz1np_vMN1Ru43-FHOqBUYMXe4wwzKoFHiZO_51mSnpTADbhCASuTynNIKHRR8eABbsQq_XM3sccKe1fDuy7TOnU3083RiQ0PL4_6jwUbMk9FRzEkxL9SmfxJW0qkyzGbQ9nHARStbp75B9cvQd1nNDIOcGoaiUq-Lm7ApuZ7_SK36mR8ByABxg6uGUFOFTC9nf6URQf_WusWOMJygn2yUuQzksdM3RsDW4978_Isy5vouCgcqCXRDj2_PpreYYdRvzUSzi4R1FhzA3BwL8hrtgb2KhbOPk8S5D0fA7x72Qr_DmH-ea7n4sij_qJ9jsA&sai=AMfl-YTa_yCOID5g-ZDKsLTi9SHsneDVn2XpcKIl2jQrnUxJ1tTFA1rFdcf0LpEUsAlH7Cb5Q5ZlMoK5z2WWcetG7gMWyfDysZE9KXPbvaoT_RLDSe_G8mo1RKnvfv21-iByy-OecBeBEQT0VAIW778H&sig=Cg0ArKJSzIeXrYlMDC40EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 10 Sep 2023 07:22:58 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6CD4 0
0 969ms
199ms Fetch
image/gif 172.217.167.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssOQ129au-7jCco6jh_dJWyC7y1TZsCvbB4l_6l0CAMiQgg6sAZqP5xTYSSG8IdI5HqG918ypvLAJjHa76BUtrPQ9iiGsrUCesIcrQBTSOPYdAOZpK8JL3S1cWmGd1E8hktGJERMe4SLGM1sSM4-zSwlXHsRnZS4Ghjc4OqRppBn03Sy9nCf0shljRomNalxAoqR0UGE5dMgdzipnx_3q2CN2wS6rGfrvUGnI2aLawn7m2UDjPlbzOg3UiQjRLa4B4L4KnPWBdsWyI9o26o3Z_kmg6TQ8XUyFwzNeYXfMX-IPElPb0M6_Ogh0TqB_-bkIuNOee-_MxRxL7WCQ&sai=AMfl-YR0zEAT5vpheW6gbQOeZYeMem6b-SDMwAw10j3wfDdZJPm-KhX58AN2buw07JWxh1DRPU13ueToM5toNODhui7RMAyME9JFFkKdbGfJlmgriT-w2Tw1Y5tyoDFgJkm9n3te9s8xoEBhWfTa5z6S&sig=Cg0ArKJSzDPs_nqdRiBkEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 10 Sep 2023 07:22:58 GMT

GET
H2 200 adlargefooter. Show response
fundingchoicesmessages.google.com/f/AGSKWxVN2o_4u1-LCIh8-374uMTUU_qt9FC-VybGyMFpe3gBb_Eg1OgcTOGZQmf2G1HkGSTa6mVzQp4Y9fGk4VY5vtNyMZ3vLfn5FtMFzV1MOEZzxQr5IC65Vs8-Cu__8r5YVWYt3TcMFIQHFTLCAvUA1j52tFQLo... 54 B
298 B 149ms
146ms Script
application/javascript 172.217.24.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVN2o_4u1-LCIh8-374uMTUU_qt9FC-VybGyMFpe3gBb_Eg1OgcTOGZQmf2G1HkGSTa6mVzQp4Y9fGk4VY5vtNyMZ3vLfn5FtMFzV1MOEZzxQr5IC65Vs8-Cu__8r5YVWYt3TcMFIQHFTLCAvUA1j52tFQLoIY_W07gtJdY7HHNaZIfE55F54Q2hnnd/_/staticadslot._ad_run./bannerads-_AdvertsImgs//adlargefooter.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.t-1MTeOpMxg.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMzmD912FB1XCVhv-feZsnQED8cTLw/m=ad_blocking_detection_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f14.1e100.net

Software

ESF /

Resource Hash

4f9a2b126c8afd123bac8ee84f77d51b271eb4b3d62f4b2071dc9a5e9d49c6d9

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-R-uaOTz7giorztbyBpVMRQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:57 GMT
content-security-policy: script-src 'report-sample' 'nonce-R-uaOTz7giorztbyBpVMRQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 lidar.js Show response
pagead2.googlesyndication.com/pagead/js/ 83 KB
30 KB 530ms
41ms Script
text/javascript 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/lidar.js?fcd=true

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.t-1MTeOpMxg.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMzmD912FB1XCVhv-feZsnQED8cTLw/m=ad_blocking_detection_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

df908529a36e11760e0d9c2acc7cc512ed263c2875d6726c139ad10823836284

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 06:25:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3458
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30162
x-xss-protection: 0
server: cafe
etag: 9663321844472963671
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Sun, 10 Sep 2023 07:25:20 GMT

POST
H2 204 AGSKWxVYe3K_Zf1IgS8J0tKcfj7cqO1MJ063BlF5KXZt2zQlziXXyavOAGd4TShiG9NQQj8fzEAi4jdpqzl2p5CxZ7S9cKIUdyXv11uuGwe-Q9AmX86ih1vB8Vvh-SXzL94mOYNZ8JBpkw== Show response
fundingchoicesmessages.google.com/el/ 0
200 B 448ms
146ms XHR
text/html 172.217.24.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVYe3K_Zf1IgS8J0tKcfj7cqO1MJ063BlF5KXZt2zQlziXXyavOAGd4TShiG9NQQj8fzEAi4jdpqzl2p5CxZ7S9cKIUdyXv11uuGwe-Q9AmX86ih1vB8Vvh-SXzL94mOYNZ8JBpkw==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-hz2iQHg_wUr8zc6gmE_BFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 10 Sep 2023 07:22:58 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-hz2iQHg_wUr8zc6gmE_BFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 0F6F 42 B
108 B 536ms
179ms Image
image/gif 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuCsu2HOxsU-fMp-UVB8M8vXCoPd124sGaFQh9LGkv6XWT4aWTNNSaL-rYTwBaEjKX2gS3sCdIPuwldDHaDOjTXji8KGUC34VwhMjCkj0LBrRtxlfK-JfVKe8DwQO9yoorLH3S8rq6K5Q&sai=AMfl-YTPXNQZz1zWw5zATKkoTM7XHdZilVfuATl0DUsNfr1EPesTv_R2crM6k6_cNsLGKKCx6XD6tPAb6XIeK23Ro55M2Afq_Zt1uojwwX5yCJ8r1ROeHVdcemAQI-QVEJudUgGjRp9fjuhq6vOD&sig=Cg0ArKJSzDHTl0RAK2dhEAE&cid=CAQSSwBpAlJWMiD01d59l1thFiWsmlblLz5cREqLD3HTdUcC1-LwXgTc3fFnmTPpYCD2L5W5X0hhHHWMpL8Xfp4wfwMUFiBwXUgAxrjygRgB&id=ampim&o=552,10&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=770&tls=1771&g=100&h=100&tt=1771&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame D2D1 42 B
176 B 521ms
178ms Image
image/gif 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstX-s4h9BnT7SJkVYUCbxfCsXG7_YHDk7-DiFEkKa2D2r_0Qez-n8sTGBij9-I8p0MzM9VugS3pwt4S-JUGsWk0GTfj5rwpxU_txDKvRQ7GFN_VBf7jJ6BflghNbEYTNSmGXvA7CFmGXA&sai=AMfl-YRY9518fHQlZRzo3kImydgPkoxnNq59dRl-H2qOq4P0hwTJN43VBlVhBt-7amj7n01YkQkEMHG2CDd318GUH_isuv-x8Bil_wioF2zQSvnGwvzmzNTvvdFaZ9IA0KYBI6XWild3-1__M5Cs&sig=Cg0ArKJSzFJjGfxHvqRBEAE&cid=CAQSSwBpAlJWG5z89G4B_N3vglbWDayxOnjWSORdI6OwJUuEKd91P1YnQ-XZo0oU2rVixnTM_h72DNl8vjwL_G3W1pYe3ENnBrhUEeRD0hgB&id=ampim&o=320,120&d=336,280&ss=1600,1200&bs=1600,1200&mcvt=1002&mtos=0,0,1002,1002,1002&tos=0,0,1002,0,0&tfs=700&tls=1702&g=100&h=100&tt=1703&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVYe3K_Zf1IgS8J0tKcfj7cqO1MJ063BlF5KXZt2zQlziXXyavOAGd4TShiG9NQQj8fzEAi4jdpqzl2p5CxZ7S9cKIUdyXv11uuGwe-Q9AmX86ih1vB8Vvh-SXzL94mOYNZ8JBpkw==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Ppe7D6THp1pikn-Dko29Mg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 10 Sep 2023 07:22:58 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Ppe7D6THp1pikn-Dko29Mg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 1C0C 15 KB
6 KB 148ms
42ms Document
text/html 104.74.54.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid8.10.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.74.54.193 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-74-54-193.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=129408
content-encoding: gzip
content-length: 5606
content-type: text/html
date: Sun, 10 Sep 2023 07:22:58 GMT
expires: Mon, 11 Sep 2023 19:19:46 GMT
last-modified: Fri, 01 Sep 2023 11:18:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 1847 35 KB
12 KB 906ms
543ms Document
text/html 23.219.60.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C55%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid8.10.0.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.219.60.21 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-219-60-21.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c98cd9616f628271552ca2c8930463c2a100c7109e9021eb43d084c2b8de3cf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 11783
content-type: text/html; charset=UTF-8
date: Sun, 10 Sep 2023 07:22:59 GMT
expires: Tue, 12 Sep 2023 07:22:59 GMT
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ 0
0 2036ms
546ms Image
text/html 23.106.127.39
LEASEWEB-APAC-SIN...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=47&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.106.127.39 , Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

GET
H2

200

v1
match.sharethrough.com/sync/
Redirect Chain

https://bttrack.com/pixel/cookiesync?source=d0afdff5-c51e-4a8d-b07b-b52a29015170&secure=1
https://match.sharethrough.com/sync/v1?source_id=FGhqNjC2WnFmmvNpTL32LMME&source_user_id=faf08ca0-3075-4958-8afa-4d68a76fb5e1&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}

68 B
604 B

653ms
305ms

Image
image/png

54.169.111.87
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=FGhqNjC2WnFmmvNpTL32LMME&source_user_id=faf08ca0-3075-4958-8afa-4d68a76fb5e1&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Server: 54.169.111.87 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-169-111-87.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:59 GMT
cache-control: no-cache
content-length: 68
content-type: image/png

Redirect headers

x-servername: track003-sjc
pragma: no-cache
date: Sun, 10 Sep 2023 07:22:30 GMT
strict-transport-security: max-age=31536000;
content-type: text/html; charset=utf-8
location: https://match.sharethrough.com/sync/v1?source_id=FGhqNjC2WnFmmvNpTL32LMME&source_user_id=faf08ca0-3075-4958-8afa-4d68a76fb5e1&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}
cache-control: private,no-cache
content-length: 296
expires: -1

GET
H2

200

v1
match.sharethrough.com/sync/
Redirect Chain

https://x.bidswitch.net/sync?ssp=sharethrough&user_id=1baa80a6-3234-4e20-b91a-e367cd0d3242&gdpr=0&gdpr_consent=&gdpr_pd=1&usprivacy=
https://x.bidswitch.net/ul_cb/sync?ssp=sharethrough&user_id=1baa80a6-3234-4e20-b91a-e367cd0d3242&gdpr=0&gdpr_consent=&gdpr_pd=1&usprivacy=
https://inv-nets.admixer.net/adxcm.aspx?ssp=D41B0D84-4DB7-4D9C-81CC-3A497DB5D0A6&gdpr=0&consent=&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D354%26user_id%3D%24%24visitor_cookie%24%24%26ssp%3Dshar...
https://x.bidswitch.net/sync?dsp_id=354&user_id=47fdb33b69fe4dd39e783e0a14cccfd8&ssp=sharethrough&bsw_param=f16e19db-fdf1-4a28-9d36-531202f9c1f5&gdpr=0&consent=&gdpr_pd=1&expires=7
https://match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=f16e19db-fdf1-4a28-9d36-531202f9c1f5&seat_user_id=&seat_key=&gdpr=0&gdpr_consent=&gdpr_pd=1&us_privacy=

68 B
611 B

180ms
179ms

Image
image/png

54.169.111.87
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=f16e19db-fdf1-4a28-9d36-531202f9c1f5&seat_user_id=&seat_key=&gdpr=0&gdpr_consent=&gdpr_pd=1&us_privacy=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Server: 54.169.111.87 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-169-111-87.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:23:00 GMT
cache-control: no-cache
content-length: 68
content-type: image/png

Redirect headers

Location: //match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=f16e19db-fdf1-4a28-9d36-531202f9c1f5&seat_user_id=&seat_key=&gdpr=0&gdpr_consent=&gdpr_pd=1&us_privacy=
Date: Sun, 10 Sep 2023 07:23:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK ecm3
s.amazon-adsystem.com/ 43 B
479 B 1110ms
272ms Image
image/gif 52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=sharethrough.com&id=1baa80a6-3234-4e20-b91a-e367cd0d3242

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 10 Sep 2023 07:22:59 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: TV7ZY5QM0ZWDSRSXKN22
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 64EE 42 B
404 B 677ms
196ms Fetch
image/gif 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstrPBtwxOdmwtR7P25ksPufDjcAZNrC138vmQq9QCOM8Qb0yh_XkOH7qBRynlNEnt7ELIZDvUJcIyMmbErY_mjX3G0B7-f8DrptCPICVdFmar_mwOAudBvunx_rqaB4&sig=Cg0ArKJSzGhT8SX6bm0HEAE&id=lidar2&mcvt=1000&p=420,320,670,620&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230906&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=1870779098&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1694330576408&rpt=958&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6CD4 42 B
108 B 644ms
197ms Fetch
image/gif 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsut0eLZJEQaQKeIH2lvqe6Leic6ixnFXIgVsnne8dbHn_4HT5Bv0uzw2e7-t15cOqcU1MZ37tWVNZZBMz8bl5SRAq-BQDKc4IRw_8vD561grKkmZO0248JBR8VkCzZF&sig=Cg0ArKJSzG8C3W_7LtCdEAE&id=lidar2&mcvt=1023&p=1095,430,1185,1158&mtos=1023,1023,1023,1023,1023&tos=1023,0,0,0,0&v=20230906&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=215913335&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1694330576218&rpt=1169&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 1C0C 2 KB
3 KB 821ms
387ms Script
text/html 207.65.33.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=36218066&p=158936&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 308e304a7e019c33374bffef1036526aa9658b72c94220fcf1fbde3cba2874a7

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Sun, 10 Sep 2023 07:22:59 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVYe3K_Zf1IgS8J0tKcfj7cqO1MJ063BlF5KXZt2zQlziXXyavOAGd4TShiG9NQQj8fzEAi4jdpqzl2p5CxZ7S9cKIUdyXv11uuGwe-Q9AmX86ih1vB8Vvh-SXzL94mOYNZ8JBpkw==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-S7o7p4Mkr6Azpbg9_MMt6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 10 Sep 2023 07:22:58 GMT
content-security-policy: script-src 'report-sample' 'nonce-S7o7p4Mkr6Azpbg9_MMt6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 AGSKWxVYe3K_Zf1IgS8J0tKcfj7cqO1MJ063BlF5KXZt2zQlziXXyavOAGd4TShiG9NQQj8fzEAi4jdpqzl2p5CxZ7S9cKIUdyXv11uuGwe-Q9AmX86ih1vB8Vvh-SXzL94mOYNZ8JBpkw== Show response
fundingchoicesmessages.google.com/el/ 0
200 B 243ms
243ms XHR
text/html 172.217.24.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVYe3K_Zf1IgS8J0tKcfj7cqO1MJ063BlF5KXZt2zQlziXXyavOAGd4TShiG9NQQj8fzEAi4jdpqzl2p5CxZ7S9cKIUdyXv11uuGwe-Q9AmX86ih1vB8Vvh-SXzL94mOYNZ8JBpkw==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-qhL8bvLDB26FjJvA0LGzqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 10 Sep 2023 07:22:58 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-qhL8bvLDB26FjJvA0LGzqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AGSKWxWjbkFQTlZ5PsKlTqGp-mXk-0ffAbG_qEwWhQvIuq-Ms7aK5SOcl-CbGkEfmijqVq22lomJ9lV10CgW0FVpxvYWL5aiT7l-GWxwarbiRMMjCdbEpWm71JwopffLYdjfCnStNwOuqg== Show response
fundingchoicesmessages.google.com/f/ 4 KB
2 KB 184ms
184ms Script
application/javascript 172.217.24.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWjbkFQTlZ5PsKlTqGp-mXk-0ffAbG_qEwWhQvIuq-Ms7aK5SOcl-CbGkEfmijqVq22lomJ9lV10CgW0FVpxvYWL5aiT7l-GWxwarbiRMMjCdbEpWm71JwopffLYdjfCnStNwOuqg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjk0MzMwNTc4LDQ1MDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vd3d3Lm1lZGlhZmlyZS5jb20vZmlsZS9xdDJpYm56dzV5bnVhMDcvUzBGVF9QV18yMDIzLnJhci9maWxlIixudWxsLFtbOCwidC0xTVRlT3BNeGciXSxbOSwiZW4tR0IiXSxbMTksIjIiXV1d

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f14.1e100.net

Software

ESF /

Resource Hash

cc53f8d03326fb944523cf9a5cb47786c46155fa4b4cf6a8acaa944217f962fb

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-WB1Grn6RinFvFT87ppWEtA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:58 GMT
content-security-policy: script-src 'report-sample' 'nonce-WB1Grn6RinFvFT87ppWEtA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AGSKWxUOxB1jPuFdMW0Wj_QHV8Jy323UZaccnYIOEB9Ao1uEdAuAjzUcG73N4lms5dbPhxSkorLOmHOhnOj0oCNOtEJ7qgg4XdP8tjG4NZoww-M04dqtopeW_yaAztZEr9Sy7Ch_6I_vog== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 170ms
169ms Script
application/javascript 172.217.24.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUOxB1jPuFdMW0Wj_QHV8Jy323UZaccnYIOEB9Ao1uEdAuAjzUcG73N4lms5dbPhxSkorLOmHOhnOj0oCNOtEJ7qgg4XdP8tjG4NZoww-M04dqtopeW_yaAztZEr9Sy7Ch_6I_vog==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjk0MzMwNTc4LDY1MDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNiwxMF0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vd3d3Lm1lZGlhZmlyZS5jb20vZmlsZS9xdDJpYm56dzV5bnVhMDcvUzBGVF9QV18yMDIzLnJhci9maWxlIixudWxsLFtbOCwidC0xTVRlT3BNeGciXSxbOSwiZW4tR0IiXSxbMTksIjIiXV1d

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f14.1e100.net

Software

ESF /

Resource Hash

17bbf36efc98e40771ab2ee5e19be12c26eb715d3453a08da126606ba85108da

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-0i3GT_gOwui9G6JdZWJmQg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:58 GMT
content-security-policy: script-src 'report-sample' 'nonce-0i3GT_gOwui9G6JdZWJmQg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AGSKWxXc8s2n5jDUuDCK15hofy3OnCUpur54kqtqVsW_0kzijbAVF2kkTPbuIBUx8lnZbXpY0c0wfZf4DzZpPzVyOZgEsyTzWNPK6uwz7JpwTHFAFi0OVNSpgFZ_LnqRupCjwLtHPI1_gA== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 180ms
179ms Script
application/javascript 172.217.24.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXc8s2n5jDUuDCK15hofy3OnCUpur54kqtqVsW_0kzijbAVF2kkTPbuIBUx8lnZbXpY0c0wfZf4DzZpPzVyOZgEsyTzWNPK6uwz7JpwTHFAFi0OVNSpgFZ_LnqRupCjwLtHPI1_gA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjk0MzMwNTc4LDkyMTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNiwxMCw5XSxudWxsLDIsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlL3F0Mmlibnp3NXludWEwNy9TMEZUX1BXXzIwMjMucmFyL2ZpbGUiLG51bGwsW1s4LCJ0LTFNVGVPcE14ZyJdLFs5LCJlbi1HQiJdLFsxOSwiMiJdXV0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f14.1e100.net

Software

ESF /

Resource Hash

d33d23776af50869d043ba734489a1c86b495b071de36b4a843c4d1f8203e8e6

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-lKiI7NDkN6-Tmgd3OZ2apw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:59 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-lKiI7NDkN6-Tmgd3OZ2apw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 AGSKWxVVBmaruwh92exGc-41eQaxTLDA6l04VEHIghukhabj4fvUHBTseRHmhH91oddGHwel8ceoZSwoH0Z4n_GVwf--34YB2CdRsFNLbd6VpFAL_3atgtVAt2LD7EAnAmZuVyU12gpQ-Q== Show response
fundingchoicesmessages.google.com/el/ 0
199 B 149ms
149ms XHR
text/html 172.217.24.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVVBmaruwh92exGc-41eQaxTLDA6l04VEHIghukhabj4fvUHBTseRHmhH91oddGHwel8ceoZSwoH0Z4n_GVwf--34YB2CdRsFNLbd6VpFAL_3atgtVAt2LD7EAnAmZuVyU12gpQ-Q==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-BWqjZa5tsO1a6ej4M-67jQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 10 Sep 2023 07:22:59 GMT
content-security-policy: script-src 'report-sample' 'nonce-BWqjZa5tsO1a6ej4M-67jQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sync Show response
gum.criteo.com/ Frame 1847 61 B
301 B 1055ms
363ms Script
text/javascript 182.161.73.136
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sync?r=2&c=321&gdpr=0&gdpr_pd=0&gdpr_consent=&us_privacy=&j=window.advBidxc.mnetRtusId

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C55%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.136 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

f77f47058428a1c21dad5a75ac13fbfdeb9858947218fee2112fded5972a0b5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:59 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=3600
server-processing-duration-in-ticks: 309295
expires: 60

GET
H2

200

cksync.html Show response
contextual.media.net/ Frame 7454
Redirect Chain

https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D3373321785163791000V10%26type%3Drkt%26refUrl%3D%26vid%3D433057918433733217851637910...
https://contextual.media.net/cksync.html?cs=8&vsid=3373321785163791000V10&type=rkt&refUrl=&vid=43305791843373321785163791000V10&ovsid=1975180293364342981

227 B
650 B

2978ms
2976ms

Document
text/html

23.219.60.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/cksync.html?cs=8&vsid=3373321785163791000V10&type=rkt&refUrl=&vid=43305791843373321785163791000V10&ovsid=1975180293364342981

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.219.60.21 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-219-60-21.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

f40a964762f9dda40267c948eb46f52a0932a9629b57abb0801841af15e0bb35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://contextual.media.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: max-age=0, no-cache, no-store
content-length: 227
content-type: text/html;charset=UTF-8
date: Sun, 10 Sep 2023 07:23:03 GMT
expires: Sun, 10 Sep 2023 07:23:03 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA" CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
pragma: no-cache
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

Redirect headers

Content-Length: 0
Date: Sun, 10 Sep 2023 07:23:00 GMT
Location: https://contextual.media.net/cksync.html?cs=8&vsid=3373321785163791000V10&type=rkt&refUrl=&vid=43305791843373321785163791000V10&ovsid=1975180293364342981
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.4.51.v20230217)

GET
H2

200

cksync.php
contextual.media.net/ Frame 1847
Redirect Chain

https://sync.go.sonobi.com/us?https://contextual.media.net/cksync.php?cs=8&vsid=3373321785163791000V10&type=son&refUrl=&vid=43305791843373321785163791000V10&ovsid=[UID]
https://contextual.media.net/cksync.php?cs=8&vsid=3373321785163791000V10&type=son&refUrl=&vid=43305791843373321785163791000V10&ovsid=885a4b55-5744-4965-92f7-9197c6badc19

53 B
464 B

2997ms
2997ms

Image
image/gif

23.219.60.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=8&vsid=3373321785163791000V10&type=son&refUrl=&vid=43305791843373321785163791000V10&ovsid=885a4b55-5744-4965-92f7-9197c6badc19

Requested by

Protocol

Server

23.219.60.21 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-219-60-21.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sun, 10 Sep 2023 07:23:03 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 53
x-mnet-hl2: E
expires: Sun, 10 Sep 2023 07:23:03 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 10 Sep 2023 07:22:59 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-lax-1-5-42
Content-Type: text/plain; charset=utf8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://contextual.media.net/cksync.php?cs=8&vsid=3373321785163791000V10&type=son&refUrl=&vid=43305791843373321785163791000V10&ovsid=885a4b55-5744-4965-92f7-9197c6badc19
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

cksync.html
contextual.media.net/ Frame 1847
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=78e2dffc-bb89-4bb2-ae92-f592d006518b&ph=6a16560a-f6c6-4851-b7b5-0b2c0190166a&r=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D3373321785163791...
https://contextual.media.net/cksync.html?cs=8&vsid=3373321785163791000V10&type=opx&refUrl=&vid=43305791843373321785163791000V10&ovsid=5d3f4775-ca5a-4bff-95de-4c065f8ed290

227 B
227 B

3398ms
3397ms

Image
text/html

23.219.60.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.html?cs=8&vsid=3373321785163791000V10&type=opx&refUrl=&vid=43305791843373321785163791000V10&ovsid=5d3f4775-ca5a-4bff-95de-4c065f8ed290

Requested by

Protocol

Server

23.219.60.21 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-219-60-21.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sun, 10 Sep 2023 07:23:02 GMT
server: Apache
vary: Accept-Encoding
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: text/html;charset=UTF-8
cache-control: max-age=0, no-cache, no-store
content-length: 227
x-mnet-hl2: E
expires: Sun, 10 Sep 2023 07:23:02 GMT

Redirect headers

date: Sun, 10 Sep 2023 07:22:59 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://contextual.media.net/cksync.html?cs=8&vsid=3373321785163791000V10&type=opx&refUrl=&vid=43305791843373321785163791000V10&ovsid=5d3f4775-ca5a-4bff-95de-4c065f8ed290
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1

200
OK

cksync
cs.media.net/ Frame 1847
Redirect Chain

https://cm.g.doubleclick.net/pixel?cs=8&google_nid=media&google_cm=1&google_hm=MzM3MzMyMTc4NTE2Mzc5MTAwMFYxMA%3D%3D&google_sc=1
https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEKX1fgV52v1UxwywUUcSXks&google_cver=1

53 B
618 B

557ms
107ms

Image
image/gif

23.221.21.71
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEKX1fgV52v1UxwywUUcSXks&google_cver=1
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C55%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Protocol: HTTP/1.1
Server: 23.221.21.71 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-221-21-71.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 10 Sep 2023 07:22:59 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 53
x-mnet-hl2: E
Expires: Sun, 10 Sep 2023 07:22:59 GMT

Redirect headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEKX1fgV52v1UxwywUUcSXks&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cksync.php
contextual.media.net/ Frame 1847
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3373321785163791000V10%26type%3Ddxu%26refUrl%3D%26vid%3D43305791843373321785163...
https://pm.w55c.net/ping_match.gif?scc=1&ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3373321785163791000V10%26type%3Ddxu%26refUrl%3D%26vid%3D43305791843373321...
https://contextual.media.net/cksync.php?cs=8&vsid=3373321785163791000V10&type=dxu&refUrl=&vid=43305791843373321785163791000V10&ovsid=PuRuohx81QFeMz5

53 B
450 B

3016ms
3015ms

Image
image/gif

23.219.60.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=8&vsid=3373321785163791000V10&type=dxu&refUrl=&vid=43305791843373321785163791000V10&ovsid=PuRuohx81QFeMz5

Requested by

Protocol

Server

23.219.60.21 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-219-60-21.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sun, 10 Sep 2023 07:23:03 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 53
x-mnet-hl2: E
expires: Sun, 10 Sep 2023 07:23:03 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 10 Sep 2023 07:22:58 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-788-g55788f4#dev-temp-decrease-retargeting-updates-batch i-0e212611649353800@ap-southeast-1a@dxedge-app-ap-southeast-1-prod-asg
Location: https://contextual.media.net/cksync.php?cs=8&vsid=3373321785163791000V10&type=dxu&refUrl=&vid=43305791843373321785163791000V10&ovsid=PuRuohx81QFeMz5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cksync.php
contextual.media.net/ Frame 1847
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=115&p=226&cp=medianet&cu=1&gdpr=0&gdpr_consent=&us_privacy=${USPrivacy}&coppa=${COPPA}&gpp=${GPP}&gpp_sid=&url=https%3A%2F%2Fcontextual.media.net%2Fcksync...
https://contextual.media.net/cksync.php?cs=1&type=crt%252&gdpr=0&gdpr_consent=&us_privacy=${USPrivacy}

52 B
290 B

3107ms
3106ms

Image
image/gif

23.219.60.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=1&type=crt%252&gdpr=0&gdpr_consent=&us_privacy=${USPrivacy}

Requested by

Protocol

Server

23.219.60.21 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-219-60-21.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

5f20338b9aab2f5f33562eb3b0b23d999896ce426cacd2231b4123510571df4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sun, 10 Sep 2023 07:23:03 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 52
x-mnet-hl2: E
expires: Sun, 10 Sep 2023 07:23:03 GMT

Redirect headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:59 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://contextual.media.net/cksync.php?cs=1&type=crt%252&gdpr=0&gdpr_consent=&us_privacy=${USPrivacy}
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 845172
content-length: 0
expires: Sun, 10 Sep 2023 00:00:00 GMT

GET
H/1.1

200
OK

sync
x.bidswitch.net/ Frame 1847
Redirect Chain

https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=medianet&bsw_param=f16e19db-fdf1-4a28-9d36-531202f9c1f5&google_hm=ZjE2ZTE5ZGItZmRmMS00YTI4LTlkMzYtNTMxMjAyZjljMWY1
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEO-G1-V4YEVd7seITMOlqg4&google_cver=1&ssp=medianet&bsw_param=f16e19db-fdf1-4a28-9d36-531202f9c1f5

43 B
235 B

212ms
173ms

Image
image/gif

35.213.12.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEO-G1-V4YEVd7seITMOlqg4&google_cver=1&ssp=medianet&bsw_param=f16e19db-fdf1-4a28-9d36-531202f9c1f5
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C55%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Protocol: HTTP/1.1
Server: 35.213.12.39 Tokyo, Japan, ASN15169 (GOOGLE, US),
Reverse DNS: 39.12.213.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Sun, 10 Sep 2023 07:22:59 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEO-G1-V4YEVd7seITMOlqg4&google_cver=1&ssp=medianet&bsw_param=f16e19db-fdf1-4a28-9d36-531202f9c1f5
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 361
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cksync.php
contextual.media.net/ Frame 1847
Redirect Chain

https://b1sync.zemanta.com/usersync/medianet/?puid=${VSID}&cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dzem%26ovsid%3D__ZUID__https%3A%2F%2Fcontextual.media.net%2Fcksync.php...
https://stags.bluekai.com/site/23178?id=sLMsNT2fcpHL7GIWWsWS&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TD...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2MJGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPLTJRGXGTSUGJTGG4CIJQ3UOSKXK5ZVO...
https://contextual.media.net/cksync.php?cs=1&ovsid=sLMsNT2fcpHL7GIWWsWShttps%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=433057918433733217851637...

52 B
290 B

2887ms
2887ms

Image
image/gif

23.219.60.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=1&ovsid=sLMsNT2fcpHL7GIWWsWShttps%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=43305791843373321785163791000V10&vsid=3373321785163791000V10

Requested by

Protocol

Server

23.219.60.21 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-219-60-21.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

5f20338b9aab2f5f33562eb3b0b23d999896ce426cacd2231b4123510571df4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sun, 10 Sep 2023 07:23:03 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 52
x-mnet-hl2: E
expires: Sun, 10 Sep 2023 07:23:03 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 10 Sep 2023 07:23:00 GMT
Content-Type: text/html; charset=utf-8
Location: https://contextual.media.net/cksync.php?cs=1&ovsid=sLMsNT2fcpHL7GIWWsWShttps%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=43305791843373321785163791000V10&vsid=3373321785163791000V10
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 284
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2

200

cksync.php
contextual.media.net/ Frame 1847
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=3373321785163791000V10
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=medianet&ssp_user_id=3373321785163791000V10
https://contextual.media.net/cksync.php?type=mf&ovsid=90bf66eb-9261-4d21-b720-424807e0ee01&cs=1

53 B
463 B

3027ms
3027ms

Image
image/gif

23.219.60.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?type=mf&ovsid=90bf66eb-9261-4d21-b720-424807e0ee01&cs=1

Requested by

Protocol

Server

23.219.60.21 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-219-60-21.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sun, 10 Sep 2023 07:23:04 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 53
x-mnet-hl2: E
expires: Sun, 10 Sep 2023 07:23:04 GMT

Redirect headers

Location: //contextual.media.net/cksync.php?type=mf&ovsid=90bf66eb-9261-4d21-b720-424807e0ee01&cs=1
Date: Sun, 10 Sep 2023 07:23:01 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

cksync
cs.media.net/ Frame 1847
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1&gdpr=0&gdpr_consent=
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=988e0bd3-5671-4d98-a871-0938c887be13

53 B
629 B

616ms
101ms

Image
image/gif

23.221.21.71
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?cs=1&type=ttd&ovsid=988e0bd3-5671-4d98-a871-0938c887be13
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C55%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Protocol: HTTP/1.1
Server: 23.221.21.71 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-221-21-71.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 10 Sep 2023 07:22:59 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 53
x-mnet-hl2: E
Expires: Sun, 10 Sep 2023 07:22:59 GMT

Redirect headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:59 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cs.media.net/cksync?cs=1&type=ttd&ovsid=988e0bd3-5671-4d98-a871-0938c887be13
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 199

GET
H2

200

cksync.php
contextual.media.net/ Frame 1847
Redirect Chain

https://creativecdn.com/cm-notify?pi=medianet
https://creativecdn.com/cm-notify?pi=medianet&tc=1
https://contextual.media.net/cksync.php?cs=1&vsid=%7BMedia.net_User_id%7D&type=rbh&ovsid=9cA9PIRktQMcyA06e4Eu&pi=medianet&tc=1

53 B
455 B

3859ms
3859ms

Image
image/gif

23.219.60.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=1&vsid=%7BMedia.net_User_id%7D&type=rbh&ovsid=9cA9PIRktQMcyA06e4Eu&pi=medianet&tc=1

Requested by

Protocol

Server

23.219.60.21 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-219-60-21.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sun, 10 Sep 2023 07:23:04 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 53
x-mnet-hl2: E
expires: Sun, 10 Sep 2023 07:23:04 GMT

Redirect headers

location: https://contextual.media.net/cksync.php?cs=1&vsid=%7BMedia.net_User_id%7D&type=rbh&ovsid=9cA9PIRktQMcyA06e4Eu&pi=medianet&tc=1
pragma: no-cache
date: Sun, 10 Sep 2023 07:23:01 GMT, Sun, 10 Sep 2023 07:23:01 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame BDAC
Redirect Chain

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=szv9A7Nq_1Soa_9U5G62U7c8rwKoa64Dsz0FkD6s

42 B
412 B

243ms
242ms

Document
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=szv9A7Nq_1Soa_9U5G62U7c8rwKoa64Dsz0FkD6s
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 10 Sep 2023 06:17:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
date: Sun, 10 Sep 2023 07:22:59 GMT
expires: Fri, 04 Aug 1978 12:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=szv9A7Nq_1Soa_9U5G62U7c8rwKoa64Dsz0FkD6s
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma: no-cache
strict-transport-security: max-age=86400

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 5B0B
Redirect Chain

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5307833334708895609&gdpr=0&gdpr_consent=

42 B
218 B

214ms
213ms

Document
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5307833334708895609&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 10 Sep 2023 07:23:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
access-control-allow-origin: *
an-x-request-uuid: c8b0f0fa-6845-433e-852e-ee545a4ad42c
cache-control: no-store, no-cache, private
content-length: 0
content-type: text/html; charset=utf-8
date: Sun, 10 Sep 2023 07:23:00 GMT
expires: Sat, 15 Nov 2008 16:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5307833334708895609&gdpr=0&gdpr_consent=
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
pragma: no-cache
server: nginx/1.21.3
x-proxy-origin: 110.20.184.53; 110.20.184.53; 597.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
x-xss-protection: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 48EA
Redirect Chain

https://cm.ambientdsp.com/cm/send?vc=pmj
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=11iywa5d66mu

1 B
247 B

238ms
237ms

Document
text/html

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=11iywa5d66mu
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Sun, 10 Sep 2023 06:17:43 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-encoding: utf-8
cache-control: no-store
content-length: 0
date: Sun, 10 Sep 2023 07:22:59 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=11iywa5d66mu
lws: 127.0.0.1
strict-transport-security: max-age=31536000; includeSubDomains
time-ms: 1

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 1C0C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=taeu1BM7TIKkFGKAd70FEw%3D%3D&gdpr=0&gdpr_consent=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

15 KB
15 KB

42ms
41ms

Image
text/html

104.74.54.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Server: 104.74.54.193 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-74-54-193.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:59 GMT
content-encoding: gzip
last-modified: Fri, 01 Sep 2023 11:18:33 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=129407
accept-ranges: bytes
content-length: 5606
expires: Mon, 11 Sep 2023 19:19:46 GMT

Redirect headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

receive
pixel.tapad.com/idsync/ex/ Frame 1C0C
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=B5A7AED4-133B-4C82-A414-628077BD0513
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=B5A7AED4-133B-4C82-A414-628077BD0513
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=5562652a-610a-40a2-86c3-b149122b0862%252C%252C&gdpr=0&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=988e0bd3-5671-4d98-a871-0938c887be13&ttd_puid=5562652a-610a-40a2-86c3-b149122b0862%2C%2C

95 B
124 B

175ms
175ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=988e0bd3-5671-4d98-a871-0938c887be13&ttd_puid=5562652a-610a-40a2-86c3-b149122b0862%2C%2C

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:59 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

Redirect headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:59 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=988e0bd3-5671-4d98-a871-0938c887be13&ttd_puid=5562652a-610a-40a2-86c3-b149122b0862%2C%2C
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 359

GET
H2 200 qmap
sync.crwdcntrl.net/ Frame 1C0C 49 B
264 B 705ms
344ms Image
image/gif 13.228.47.177
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=B5A7AED4-133B-4C82-A414-628077BD0513&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.228.47.177 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-228-47-177.ap-southeast-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:59 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.42.7.26
content-length: 49
expires: 0

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame 1C0C
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=B5A7AED4-133B-4C82-A414-628077BD0513&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=B5A7AED4-133B-4C82-A414-628077BD0513&sInitiator=external&gdpr=0&gdpr_consent=

42 B
570 B

197ms
197ms

Image
image/gif

119.9.108.180
RACKSPACE-AP Rack...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=B5A7AED4-133B-4C82-A414-628077BD0513&sInitiator=external&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: HTTP/1.1
Server: 119.9.108.180 , Hong Kong, ASN45187 (RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider Hong Kong, HK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:59 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
content-type: image/gif
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 42
routing-server-id: 1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:59 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
location: /pubmatic/1/info2?sType=sync&sExtCookieId=B5A7AED4-133B-4C82-A414-628077BD0513&sInitiator=external&gdpr=0&gdpr_consent=
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
routing-server-id: 1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 1C0C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjVBN0FFRDQtMTMzQi00QzgyLUE0MTQtNjI4MDc3QkQwNTEz&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
245 B

793ms
369ms

Image
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sun, 10 Sep 2023 07:23:00 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 1C0C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMUyvX--9RHd2xALbkdvKdI&google_cver=1

42 B
348 B

798ms
370ms

Image
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMUyvX--9RHd2xALbkdvKdI&google_cver=1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sun, 10 Sep 2023 06:17:43 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMUyvX--9RHd2xALbkdvKdI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 1C0C 43 B
610 B 558ms
250ms Image
image/gif 34.124.209.251
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.124.209.251 , Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

251.209.124.34.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:22:59 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Sat, 09 Sep 2023 07:22:59 GMT

GET
H2 200 B5A7AED4-133B-4C82-A414-628077BD0513
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 1C0C 43 B
602 B 975ms
320ms Image
image/gif 54.169.195.178
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/B5A7AED4-133B-4C82-A414-628077BD0513?gdpr=0&gdpr_consent=

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.169.195.178 , Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-169-195-178.ap-southeast-1.compute.amazonaws.com

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:23:00 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 1C0C
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=988e0bd3-5671-4d98-a871-0938c887be13&gdpr=0&gdpr_consent=

42 B
508 B

787ms
374ms

Image
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=988e0bd3-5671-4d98-a871-0938c887be13&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sun, 10 Sep 2023 07:23:00 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:22:59 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=988e0bd3-5671-4d98-a871-0938c887be13&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 355

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 1C0C
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=B5A7AED4-133B-4C82-A414-628077BD0513&redir=true&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=B5A7AED4-133B-4C82-A414-628077BD0513&redir=true&gdpr=0&gdpr_consent=&verify=true
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-meNYAfJE2uWYLIIDeIR0Oam4GxZDxpc-~A&gdpr=0

0
260 B

613ms
202ms

Image
text/plain

67.199.150.85
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-meNYAfJE2uWYLIIDeIR0Oam4GxZDxpc-~A&gdpr=0
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Server: 67.199.150.85 , Singapore, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:23:00 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-meNYAfJE2uWYLIIDeIR0Oam4GxZDxpc-~A&gdpr=0
date: Sun, 10 Sep 2023 07:23:00 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

sync
x.bidswitch.net/ Frame 1C0C
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=f16e19db-fdf1-4a28-9d36-531202f9c1f5
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=f16e19db-fdf1-4a28-9d36-531202f9c1f5
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=27d027c4-1ee8-403c-bd0e-18d486146c75&user_group=1&ssp=pubmatic&bsw_param=f16e19db-fdf1-4a28-9d36-531202f9c1f5

43 B
235 B

188ms
188ms

Image
image/gif

35.213.12.39
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=27d027c4-1ee8-403c-bd0e-18d486146c75&user_group=1&ssp=pubmatic&bsw_param=f16e19db-fdf1-4a28-9d36-531202f9c1f5
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: HTTP/1.1
Server: 35.213.12.39 Tokyo, Japan, ASN15169 (GOOGLE, US),
Reverse DNS: 39.12.213.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Sun, 10 Sep 2023 07:23:01 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Location: //x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=27d027c4-1ee8-403c-bd0e-18d486146c75&user_group=1&ssp=pubmatic&bsw_param=f16e19db-fdf1-4a28-9d36-531202f9c1f5
Date: Sun, 10 Sep 2023 07:23:01 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 1C0C 0
128 B 194ms
193ms Script
text/plain 67.199.150.85
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=158936&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.85 , Singapore, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:23:01 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

POST
H2 204 collect
analytics.google.com/g/ 0
54 B 149ms
148ms Ping
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je3960&_p=53280006&cid=2089763394.1694330573&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEI&sid=1694330573&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fqt2ibnzw5ynua07%2FS0FT_PW_2023.rar%2Ffile&dt=S0FT%20PW%202023&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:23:01 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 1C0C 2 KB
2 KB 1059ms
1059ms Script
text/html 207.65.33.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=41680245&p=158936&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 295ee13d92baeaf336d6477c7d35150fc24048a4c3d95546991a90b7c53de7d7

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sun, 10 Sep 2023 07:23:01 GMT
content-length: 1997
content-type: text/html; charset=UTF-8

GET
H2

200

match Show response
c1.adform.net/serving/cookie/ Frame 1D36
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=B5A7AED4-133B-4C82-A414-628077BD0513&gdpr=0&gdpr_consent=
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=B5A7AED4-133B-4C82-A414-628077BD0513&gdpr=0&gdpr_consent=

35 B
591 B

730ms
729ms

Document
image/gif

185.84.60.29

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=B5A7AED4-133B-4C82-A414-628077BD0513&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.84.60.29 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: image/gif
date: Sun, 10 Sep 2023 07:23:04 GMT
expires: -1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
date: Sun, 10 Sep 2023 07:23:04 GMT
expires: -1
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=B5A7AED4-133B-4C82-A414-628077BD0513&gdpr=0&gdpr_consent=
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame D0F6
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCooki...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

42 B
95 B

199ms
198ms

Document
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 10 Sep 2023 07:23:02 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

cache-control: no-cache
content-length: 0
cross-origin-resource-policy: cross-origin
date: Sun, 10 Sep 2023 07:23:02 GMT
expires: Sun, 10 Sep 2023 00:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 1303821
strict-transport-security: max-age=31536000; preload;
x-errorlevel: 0

GET
H2

200

b9pj45k4 Show response
sync-tm.everesttech.net/ct/upi/pid/ Frame 1DF5
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_con...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_...

85 B
259 B

255ms
255ms

Document
image/png

151.101.194.49

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZP1u1gAAAtDNxgA4
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.49 -, , ASN (),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash: acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: no-cache
content-length: 85
content-type: image/png
date: Sun, 10 Sep 2023 07:23:03 GMT
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
pragma: no-cache
server: Jetty(9.4.35.v20201120)
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-bne12521-BNE
x-timer: S1694330583.947030,VS0,VE227

Redirect headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: no-cache
content-length: 0
date: Sun, 10 Sep 2023 07:23:02 GMT
location: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZP1u1gAAAtDNxgA4
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
pragma: no-cache
server: Jetty(9.4.35.v20201120)
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-bne12521-BNE
x-timer: S1694330583.683143,VS0,VE232

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame B520
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=PWfLQdVLUlhq3ZyA3__EX24UuDU&gdpr=0&gdpr_consent=

42 B
380 B

206ms
202ms

Document
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=PWfLQdVLUlhq3ZyA3__EX24UuDU&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 10 Sep 2023 07:23:03 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 188
Content-Type: text/html; charset=utf-8
Date: Sun, 10 Sep 2023 07:23:03 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=PWfLQdVLUlhq3ZyA3__EX24UuDU&gdpr=0&gdpr_consent=

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 59D3
Redirect Chain

https://cm-supply-web.gammaplatform.com/adx/usersyncsupply?pid=7&t=pixel
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1i4ifig6wa8k

42 B
308 B

198ms
197ms

Document
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1i4ifig6wa8k
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 10 Sep 2023 07:23:03 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-encoding: utf-8
cache-control: no-cache, no-store
content-length: 0
date: Sun, 10 Sep 2023 07:23:03 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1i4ifig6wa8k
lws: 42
strict-transport-security: max-age=31536000; includeSubDomains
time-ms: 0

GET
H2 200 cm Show response
ipac.ctnsnet.com/int/ Frame E57F 43 B
369 B 289ms
188ms Document
image/gif 35.186.193.173

General

Check archive.org

Show headers Download Go to

Full URL: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.193.173 -, , ASN (),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 43
content-type: image/gif
date: Sun, 10 Sep 2023 07:23:02 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: CP="NOI DSP COR NID CUR OUR NOR"
pragma: no-cache
server: Apache-Coyote/1.1
via: 1.1 google

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 2C00
Redirect Chain

https://ipac.ctnsnet.com/int/cm?exc=14&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA%3D%26piggybackCookie%3D%5Buser_id%5D
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=fd9e438020fc47b0acc067c8fccf1c78

42 B
382 B

262ms
261ms

Document
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=fd9e438020fc47b0acc067c8fccf1c78
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 10 Sep 2023 06:17:37 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html;charset=UTF-8
date: Sun, 10 Sep 2023 07:23:02 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=fd9e438020fc47b0acc067c8fccf1c78
p3p: CP="NOI DSP COR NID CUR OUR NOR"
pragma: no-cache
server: Apache-Coyote/1.1
status: 302
via: 1.1 google
x-xss-protection: 1; mode=block

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 2B03
Redirect Chain

https://gocm.c.appier.net/pubmatic
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=8-LD-u7uBcy8GVRV1279ZA

42 B
199 B

197ms
197ms

Document
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=8-LD-u7uBcy8GVRV1279ZA
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 10 Sep 2023 07:23:03 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
cache-control: no-store
content-length: 153
content-type: text/html; charset=utf-8
date: Sun, 10 Sep 2023 07:23:03 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=8-LD-u7uBcy8GVRV1279ZA
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: nginx

GET
H3

200

458249.gif
idsync.rlcdn.com/ Frame 1C0C
Redirect Chain

https://idsync.rlcdn.com/420486.gif?partner_uid=B5A7AED4-133B-4C82-A414-628077BD0513
https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJEI1QTdBRUQ0LTEzM0ItNEM4Mi1BNDE0LTYyODA3N0JEMDUxMxAAGg0I1t31pwYSBQjoBxAAQgBKAA
https://pippio.com/api/sync?pid=5324&it=1&iv=00dea0db7e4b34451d31183dad0a0045ae3dcee5d5ffb11f9314d26b7425bda1791426b5417dce21&_=2
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlAwMGRlYTBkYjdlNGIzNDQ1MWQzMTE4M2RhZDBhMDA0NWFlM2RjZWU1ZDVmZmIxMWY5MzE0ZDI2Yjc0MjViZGExNzkxNDI2YjU...
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlAwMGRlYTBkYjdlNGIzNDQ1MWQzMTE4M2RhZDBhMDA0NWFlM2RjZWU1ZDVmZmIxMWY5MzE0ZDI2Yjc0MjViZGExNzkxNDI2YjU0MTdkY2UyMRAAGgwI1931pwYSBAgCEABCAEoA&goog...
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=
https://idsync.rlcdn.com/458249.gif?partner_uid=bca04692-0bfa-421f-8c85-deb3917155cb

42 B
60 B

220ms
219ms

Image
image/gif

35.190.60.146

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/458249.gif?partner_uid=bca04692-0bfa-421f-8c85-deb3917155cb
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H3
Server: 35.190.60.146 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:23:04 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

location: https://idsync.rlcdn.com/458249.gif?partner_uid=bca04692-0bfa-421f-8c85-deb3917155cb
date: Sun, 10 Sep 2023 07:23:04 GMT
via: 1.1 google
x-samesite: secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111
content-type: text/html; charset=utf-8

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 1C0C
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=7292050200996499729

42 B
321 B

349ms
347ms

Image
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=7292050200996499729
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sun, 10 Sep 2023 03:58:11 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:23:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=7292050200996499729
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 1C0C
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3029490060608907307&gdpr=0&gdpr_consent=&us_privacy=

1 B
254 B

201ms
201ms

Image
text/html

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3029490060608907307&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Sun, 10 Sep 2023 07:23:04 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3029490060608907307&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Sun, 10 Sep 2023 07:23:03 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 1C0C
Redirect Chain

https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=B5A7AED4-133B-4C82-A414-628077BD0513&gdpr=0&gdpr_consent=
https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=216672e6d20924df&is_secure=true&networkId=17100&version=1&nuid=B5A7AED4-133B-4C82-A414-628077BD0513&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAANK40IqBvokgMmnW7hAAAAAAA&expiration=1694416984&nuid=B5A7AED4-133B-4C82-A414-628077BD0513&...

42 B
295 B

938ms
937ms

Image
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAANK40IqBvokgMmnW7hAAAAAAA&expiration=1694416984&nuid=B5A7AED4-133B-4C82-A414-628077BD0513&is_secure=true&gdpr_consent=&gdpr=0
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
Protocol: H2
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sun, 10 Sep 2023 07:23:04 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sun, 10 Sep 2023 07:23:04 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAANK40IqBvokgMmnW7hAAAAAAA&expiration=1694416984&nuid=B5A7AED4-133B-4C82-A414-628077BD0513&is_secure=true&gdpr_consent=&gdpr=0
cache-control: no-cache, private, max-age=0, no-store
content-length: 0
expires: 0

POST
H2 200 log Show response
translate.googleapis.com/element/ 131 B
252 B 178ms
177ms XHR
text/plain 142.251.221.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_GB.i9ZNRm2Z950.O/d=1/rs=AN8SPfr0gAhi21i2OcJAFWwTWTk8rY_YDQ/m=el_conf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f10.1e100.net

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Content-Encoding: gzip
Referer: https://www.mediafire.com/
X-Goog-AuthUser: 0
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/binary

Response headers

date: Sun, 10 Sep 2023 07:23:05 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS
H2 200 log
translate.googleapis.com/element/ Frame 0
0 1168ms
194ms Preflight
text/plain 142.251.221.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f10.1e100.net

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-encoding,content-type,x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://www.mediafire.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,content-encoding,content-type,x-goog-authuser,origin
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Sun, 10 Sep 2023 07:23:05 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 1C0C 0
128 B 688ms
687ms Script
text/plain 67.199.150.85
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=158936&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.85 , Singapore, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:23:05 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
12 KB 179ms
177ms XHR
application/json 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202309050101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

3869d6bc0158ed083183b3becc6b2faeb7f29f789733c76bb8c4a942629ea037

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:23:05 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11701
x-xss-protection: 0

POST
H2 204 rum Show response
www.mediafire.com/cdn-cgi/ 0
183 B 87ms
85ms XHR
text/plain 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
content-type: application/json

Response headers

date: Sun, 10 Sep 2023 07:23:05 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.mediafire.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 8045ec6f9dc1a817-SYD

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 389ms
388ms Script
text/javascript 142.251.221.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309050101/pubads_impl.js?cb=31077683

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f1.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:23:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 10 Sep 2023 07:23:05 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame BEE0 13 KB
5 KB 50ms
46ms Document
text/html 142.251.221.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f1.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
age: 99901
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 09 Sep 2023 03:38:05 GMT
expires: Sun, 08 Sep 2024 03:38:05 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C371 829 B
994 B 137ms
136ms Document
text/html 142.250.66.228
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.228 Old Bridge, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s15-in-f4.1e100.net

Software

GSE /

Resource Hash

946d6a0baee015f27dd3902447fc74bc98ce4642dbdff32cc845e26f59062961

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-447a1uTQb1kdIKChlhmzBw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 537
content-security-policy: script-src 'report-sample' 'nonce-447a1uTQb1kdIKChlhmzBw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 10 Sep 2023 07:23:06 GMT
expires: Sun, 10 Sep 2023 07:23:06 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 81CWfJXVKlsu8MGYrMOugZJXbT_ZbGgEcWoW7e6PqgM.js Show response
pagead2.googlesyndication.com/bg/ Frame BEE0 37 KB
15 KB 40ms
39ms Script
text/javascript 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/81CWfJXVKlsu8MGYrMOugZJXbT_ZbGgEcWoW7e6PqgM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

sffe /

Resource Hash

f350967c95d52a5b2ef0c198acc3ae8192576d3fd96c6804716a16edee8faa03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Wed, 06 Sep 2023 05:30:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 352350
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14745
x-xss-protection: 0
last-modified: Mon, 04 Sep 2023 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 05 Sep 2024 05:30:36 GMT

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C371 0
0 169ms
169ms Image
text/html 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202309050101&jk=2759536476983620&rc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.204.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: syd09s25-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

GET
H2 204 generate_204
tpc.googlesyndication.com/ Frame BEE0 0
40 B 38ms
38ms Image
text/plain 142.251.221.65
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?vJPDXQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.221.65 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: syd09s31-in-f1.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 10 Sep 2023 07:23:06 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 200ms
200ms Image
text/html 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202309050101&jk=2759536476983620&bg=!Q0ClQA_NAAa6D61Rmg87ADQBe5WfOFOr9J0ajDczKcleR-DJfG2pZq0A9WuPFdeJY9jjQjO3NYkYzUvQn-IVXk-pfxx3AgAAAFRSAAAADWgBBwoAp4-bz_cV74KpPNLYftK_P6908amTa77BYRK08zw-NeXJCIUTKHtSfTqaRknoHc-YuLvzIA4D_DCHsQvUzUS_CmM1t2E9M5J0o7iEqvKnSWN48Te829ECUiH7ITdwHHpTKp-3j1FTYvifitd1Qhp9lFG7LmLb-nOjXyqjYOwI4M8wMA5BWCJ1gfBYZ1pRYrds7jAXdzZBv64ZWY5MnKzz4ECCzXa1UL_omQLI8u_tpyZkOMuYrw1T38Z4yXEyaTIpKkqKglB0FP7gq33nAHCG2fHSdlMzZQXBGRJeDhi3s9OfcK2zcMoa8ubY3rvwiI31rc3VO-rTvNMbwsRwsOyPokhwU8Y2mAPC6pqGsW6JYp7gCPqpJ3Y1BVO0raL16hSytOR-V0d1DO7cGFatOXvgacTryo29JVETl3wVScsATDPz0CMSdl1Xw51vTslLN418u1zZLhM6AjIxJHnVqGkUmb4JnG3H2qaVc8515sNcUsKxLC_SvgmylQcY7AIcSMPA2NVH1814e0kMny2bNDXF3YQVjOylJ6P2EvX0JVDglGU2Pm1E7ehjL3eVhgc6mW6LsVMBFWrLCSvCMH3TPl4CMvGtrb_vxQPb2mqNH8nEa5p-3rSOikgIhyV3hKWk8KueHoiai5EfIQCLaHMkjcDqOcHcVtxoPjikVoBDGMzF9HJBkkvwDiYRg40BS6v68iOGl64GJiPQ_Re8dvEREUGBDqxzh02NH56R9Slry0hshR5nsTd9ty9R0a0vdu9eYNWLdu8K1SXwiyzP9Xp7mY98zRF0Jf4ATvT4PszUKyKlYjhqjfuNbbuoNt_zwyv2FW6g3fIPzVEFJiSDMvPbrhRTSMI4pkiPflBoN7otAzel0Vc2Rpl4VB7TI2tFLZTKh886u_U1wLZLk6ORJfbgoZBTEcG-epwz6FAkIxDeZ-nK_9gLVpnu2wnKoExBQIN0x8fu_HJF9lPpu3JjNLzLfnyMEy_jmfG4c4XC_QCPKAbUjyCmxly2m5mzKgEjyRddFSimW-93RuE5zIG8bZZIJpXcOxNCl4KKYhnfFB73BvfrirI0dDXYes8-GiO9nTpycz1ka8gjeQneBA_FpAhCrxVsH8iNay3C5bMHfzym4DP5zj2k5ui3PKzafYxob1vsJTwcMkG5iyboH4gS_2edHSebduNcgw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.204.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: syd09s25-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

342 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

112 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar	1969-12-31 23:59:59	Name: g36FastPopSessionRequestNumber Value: 1
.mediafire.com/	1970-01-21 00:14:50	Name: ukey Value: 9k10mri6cb3m46f366tq5x69tvfnbqza
.mediafire.com/	1970-01-20 14:43:09	Name: qth7 Value: 1
.mediafire.com/	1970-01-20 14:38:52	Name: ad_count Value: 1
.mediafire.com/	1970-01-20 15:22:02	Name: conv_tracking_data-2 Value: %7B%22mf_source%22%3A%22regular_download-51%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FChrome%22%2C%22mf_campaign%22%3A%22qt2ibnzw5ynua07%22%2C%22mf_term%22%3A%22649da3ecc74d61336249c4ae1ae57146%22%7D
.mediafire.com/	1970-01-20 14:38:52	Name: __cf_bm Value: FEvtTOPx66OL8qKXnLNOw6HHq8N9TWbnG.6ENADViZg-1694330571-0-AbkQo0WTtalGNGLyf6ImufaCdZquqAsQD9nTR8yVQxBYs3jewLjn1kRpoamMh5VeUMOJ82gpdFS2o17UPQxKhAE=
.mediafire.com/	1970-01-20 23:24:26	Name: amp_28916b Value: AE_g2mgcIRipF4SRnsjySL...1h9uvhk1i.1h9uvhk1k.0.1.1
.mediafire.com/	1970-01-21 00:14:50	Name: _ga Value: GA1.2.2089763394.1694330573
.mediafire.com/	1970-01-20 14:40:16	Name: _gid Value: GA1.2.1037107625.1694330573
.mediafire.com/	1970-01-20 14:38:50	Name: _gat_gtag_UA_829541_1 Value: 1
.mediafire.com/	1970-01-20 23:24:26	Name: cf_clearance Value: mYyT2nxeqWf3z9D_RhrBO7qI20F5BW3gtttVwbH6rF4-1694330573-0-1-f8a0d974.f4e00c33.afa18694-0.2.1694330573
otnolatrnup.com/	1969-12-31 23:59:59	Name: IKSR Value: {}
otnolatrnup.com/	1969-12-31 23:59:59	Name: INF_DFL8 Value: false
otnolatrnup.com/	1970-01-21 00:14:50	Name: IUID Value: bc583e46-79ea-49d6-8f8a-d377d27491ec
otnolatrnup.com/	1969-12-31 23:59:59	Name: ISSH Value: 6DDD16
otnolatrnup.com/	1969-12-31 23:59:59	Name: VMI Value:
otnolatrnup.com/	1970-01-21 00:14:50	Name: CHN Value: #[]
otnolatrnup.com/	1970-01-21 00:14:50	Name: MSSH Value: #{}
otnolatrnup.com/	1970-01-21 00:14:50	Name: MSRH Value: #{}
otnolatrnup.com/	1970-01-21 00:14:50	Name: ILP Value: null
otnolatrnup.com/	1970-01-21 00:14:50	Name: ILPLU Value: #1/1/0001 12:00:00 AM
otnolatrnup.com/	1970-01-21 00:14:50	Name: ILEALC Value: #1/1/0001 12:00:00 AM
otnolatrnup.com/	1970-01-20 14:39:04	Name: ILMPF Value: #False
otnolatrnup.com/	1970-01-21 00:14:50	Name: IPMPLU Value: #
otnolatrnup.com/	1970-01-21 00:14:50	Name: IPMUID Value: #
otnolatrnup.com/	1970-01-21 00:14:50	Name: BSWUID Value: #
otnolatrnup.com/	1970-01-21 00:14:50	Name: IBL Value: #[]
otnolatrnup.com/	1970-01-21 00:14:50	Name: ISH Value: #{"101":[{"SId":"6DDD16","D":"23/9/10T0:22:53"}]}
otnolatrnup.com/	1970-01-21 00:14:50	Name: ISH_Q Value: #[101]
.mediafire.com/	1970-01-20 14:38:52	Name: ezoadgid_484470 Value: -1
.mediafire.com/	1970-01-20 14:38:57	Name: ezoref_484470 Value:
.mediafire.com/	1970-01-20 23:24:26	Name: ezosuibasgeneris-1 Value: aa8fb7c8-104e-4971-4efb-d4c31daaf6ea
.mediafire.com/	1970-01-20 14:38:57	Name: ezoab_484470 Value: mod66-c
.mediafire.com/	1970-01-20 14:38:52	Name: ezovid_484470 Value: 1586956688
.mediafire.com/	1970-01-20 14:38:52	Name: lp_484470 Value: https://www.mediafire.com/file/qt2ibnzw5ynua07/S0FT_PW_2023.rar/file
.mediafire.com/	1970-01-20 14:41:43	Name: ezovuuidtime_484470 Value: 1694330574
.mediafire.com/	1970-01-20 14:38:52	Name: ezovuuid_484470 Value: cbc9adf0-f94a-4dbb-6bd6-69b37ec46100
.mediafire.com/	1970-01-20 14:41:43	Name: active_template::484470 Value: orig_site.1694330574
.mediafire.com/	1970-01-20 14:38:52	Name: ezopvc_484470 Value: 1
.mediafire.com/	1970-01-20 14:40:16	Name: ezepvv Value: 0
www.mediafire.com/	1970-01-20 14:41:43	Name: ezstandaloneuser Value: false
.sharethrough.com/	1970-01-20 15:22:02	Name: stx_user_id Value: c7892c23-7561-4804-9307-4dc7418716f0
.openx.net/	1970-01-20 23:24:26	Name: i Value: 46bf11b3-c8dd-4ee8-ac47-fa80894673b1\|1694330576
.mediafire.com/	1970-01-21 00:00:26	Name: __gads Value: ID=d7ad8aac15376edf:T=1694330575:RT=1694330575:S=ALNI_Maw3v7KLgVddYdzq3wYKjowRukuJw
.mediafire.com/	1970-01-21 00:00:26	Name: __gpi Value: UID=00000c407ed1922d:T=1694330575:RT=1694330575:S=ALNI_Mb8_Nu_x_d2SCpISuGl-T6Wwf9blw
.doubleclick.net/	1970-01-21 00:14:50	Name: IDE Value: AHWqTUmJftn0kkNBaxMxi8fVGNb8EbVZwyq_aziRmVw_UK7pzpwaAfVg4V9tU7O9Dmw
.mediafire.com/	1970-01-21 00:14:50	Name: _ga_K68XP6D85D Value: GS1.1.1694330573.1.0.1694330576.57.0.0
.crwdcntrl.net/	1970-01-20 21:07:37	Name: _cc_dc Value: 2
.crwdcntrl.net/	1970-01-20 21:07:37	Name: _cc_id Value: f6cc4c23cd6fbf9349b92cc0bfabd77b
.mediafire.com/	1970-01-20 21:07:38	Name: _cc_id Value: f6cc4c23cd6fbf9349b92cc0bfabd77b
.mediafire.com/	1970-01-20 14:48:55	Name: panoramaId_expiry Value: 1694935376355
.mediafire.com/	1970-01-20 14:48:55	Name: panoramaId Value: cbf133afde53357aabea52361c634945a702d88f62361c295f4b770822b138ec
.mediafire.com/	1970-01-20 14:48:55	Name: panoramaIdType Value: panoIndiv
.openx.net/	1970-01-20 15:00:26	Name: pd Value: v2\|1694330576\|jElYiuvOhI
.adsrvr.org/	1970-01-20 23:25:52	Name: TDID Value: 988e0bd3-5671-4d98-a871-0938c887be13
.ladsp.com/	1970-01-20 14:38:54	Name: cr Value: 1
.openx.net/	1970-01-20 15:00:26	Name: univ_id Value: 537072971\|988e0bd3-5671-4d98-a871-0938c887be13\|1694330577156415
.ladsp.com/	1970-01-21 00:14:50	Name: smn_uid Value: HfKqrem7_hJzFo4jI6O2KA-z97nb_iQ
.ladsp.com/	1970-01-21 00:14:50	Name: lum Value: CMTC4--nMRIFCAMQ0AU
.doubleclick.net/	1970-01-20 14:38:54	Name: DSID Value: NO_DATA
.ads.pubmatic.com/	1970-01-20 14:40:16	Name: KCCH Value: YES
.bidswitch.net/	1970-01-20 23:24:26	Name: tuuid Value: f16e19db-fdf1-4a28-9d36-531202f9c1f5
.bidswitch.net/	1970-01-20 23:24:26	Name: c Value: 1694330578
.bttrack.com/	1970-01-20 16:48:26	Name: GLOBALID Value: 2uKlc8-sIBd987FnX3y6HWCGewoGJ1D7d3U4HQ4zILtyRURoCPPDLIbN52Sv4osvJGr2QB25PJQC4TM1
.mediafire.com/	1970-01-20 23:24:26	Name: FCNEC Value: %5B%5B%22AKsRol8DswDg8vRdoTCz-fIL6aev8anU4WtmFbZEUTcD2ACR0NUsKeoYu3NgdqR12yS6TNwR-kawtRvxTsmuyxqDgsz9YQnGcXxnHjIdrDa-p7GCulfqz3uvJOdu_YqZV7fFlDDqYFmE9lvKYs1LLfpehWsqpV0Lug%3D%3D%22%5D%2Cnull%2C%5B%5D%5D
.media.net/	1970-01-20 23:24:26	Name: visitor-id Value: 3373321785163791000V10
.bidswitch.net/	1970-01-20 23:24:26	Name: tuuid_lu Value: 1694330579
.socdm.com/	1970-01-21 00:14:50	Name: SOSYNC Value: anNvbjp7Im9wZW54IjoxNjk0MzMwNTc3fQ
.pubmatic.com/	1970-01-20 23:24:26	Name: KADUSERCOOKIE Value: B5A7AED4-133B-4C82-A414-628077BD0513
.pubmatic.com/	1970-01-20 16:48:26	Name: chkChromeAb67Sec Value: 1
.pubmatic.com/	1970-01-20 14:40:16	Name: pi Value: 158936:2
.pubmatic.com/	1970-01-20 16:48:26	Name: DPSync3 Value: 1695513600%3A245_226_201%7C1694390400%3A248
.pubmatic.com/	1970-01-20 16:48:26	Name: SyncRTB3 Value: 1695513600%3A13_8_247_220_21_71_54_3%7C1695168000%3A63%7C1694908800%3A223
.tapad.com/	1970-01-20 16:05:14	Name: TapAd_TS Value: 1694330579458
.tapad.com/	1970-01-20 16:05:14	Name: TapAd_DID Value: 5562652a-610a-40a2-86c3-b149122b0862
match.sharethrough.com/	1970-01-20 14:48:55	Name: AWSALBCORS Value: vqYAgdVHsBkpA629lg9X2qBtIyT4k2FNfHP6gfKo7Ucvd4ALpe57Wq48PDGLAZ5TylnCtNcKdOaSgS/i3fShfLbhH2YKOgxgeY6pLXFTjDZps+kbBG5MetBcDoJi
.adsrvr.org/	1970-01-20 23:25:52	Name: TDCPM Value: CAESFwoIcHVibWF0aWMSCwjauP2xmfaYPBAFEhQKBXRhcGFkEgsIsMmWtpn2mDwQBRgBIAEoAjILCLDBmeOv9pg8EAU4AVoFdGFwYWRgAg..
.simpli.fi/	1970-01-20 23:25:52	Name: suid Value: 89FD878EF9D94005AC555103E23816E4
.w55c.net/	1970-01-21 00:09:04	Name: wfivefivec Value: PuRuohx81QFeMz5
.media.net/	1970-01-20 14:59:00	Name: data-ttd Value: 988e0bd3-5671-4d98-a871-0938c887be13~~1
.media.net/	1970-01-20 14:59:00	Name: data-g Value: CAESEKX1fgV52v1UxwywUUcSXks~~8
.ambientdsp.com/	1970-01-20 14:40:16	Name: _aGeoIp Value: AU-Sydney
.ambientdsp.com/	1970-01-21 00:14:50	Name: _aUID Value: 11iywa5d66mu
.criteo.com/	1970-01-21 00:00:26	Name: uid Value: cd4d5951-b5bc-4c8e-b9f1-205951c12fe2
.tapad.com/	1970-01-20 16:05:14	Name: TapAd_3WAY_SYNCS Value: 1!6079
.quantserve.com/	1970-01-20 16:48:26	Name: d Value: EJwBCwH1KfijAA
.quantserve.com/	1970-01-21 00:09:04	Name: mc Value: 64fd6ed3-dd3aa-4234e-d5d62
.semasio.net/	1970-01-20 23:24:26	Name: SEUNCY Value: C8ED390A405D7607
.adnxs.com/	1970-01-20 16:48:26	Name: uuid2 Value: 5307833334708895609
.w55c.net/	1970-01-20 15:22:02	Name: matchmedianet Value: 5
.go.sonobi.com/	1970-01-20 15:22:02	Name: __uis Value: 885a4b55-5744-4965-92f7-9197c6badc19
.analytics.yahoo.com/	1970-01-20 23:24:26	Name: IDSYNC Value: 18z8~2du7
.pubmatic.com/	1970-01-20 16:48:26	Name: KRTBCOOKIE_377 Value: 6810-988e0bd3-5671-4d98-a871-0938c887be13&KRTB&22918-988e0bd3-5671-4d98-a871-0938c887be13&KRTB&23031-988e0bd3-5671-4d98-a871-0938c887be13
.pubmatic.com/	1970-01-20 15:22:02	Name: KRTBCOOKIE_1290 Value: 23368-11iywa5d66mu
.pubmatic.com/	1970-01-20 16:48:26	Name: KRTBCOOKIE_80 Value: 22987-CAESEMUyvX--9RHd2xALbkdvKdI&KRTB&23025-CAESEMUyvX--9RHd2xALbkdvKdI&KRTB&23386-CAESEMUyvX--9RHd2xALbkdvKdI
.pubmatic.com/	1970-01-20 16:48:26	Name: KRTBCOOKIE_153 Value: 1923-szv9A7Nq_1Soa_9U5G62U7c8rwKoa64Dsz0FkD6s&KRTB&19420-szv9A7Nq_1Soa_9U5G62U7c8rwKoa64Dsz0FkD6s&KRTB&22979-szv9A7Nq_1Soa_9U5G62U7c8rwKoa64Dsz0FkD6s&KRTB&23403-szv9A7Nq_1Soa_9U5G62U7c8rwKoa64Dsz0FkD6s
.yahoo.com/	1970-01-20 23:24:48	Name: A3 Value: d=AQABBNRu_WQCELezQCCiA3ox_ETSn__k7CgFEgEBAQHA_mQHZQAAAAAA_eMAAA&S=AQAAAr3yK_hikfQAUCZxshkPjeo
.smartadserver.com/	1970-01-21 00:09:04	Name: pid Value: 1210158236450175826
.zemanta.com/	1970-01-20 23:24:26	Name: zuid Value: sLMsNT2fcpHL7GIWWsWS
.admixer.net/	1970-01-20 16:48:26	Name: am-uid Value: 47fdb33b69fe4dd39e783e0a14cccfd8
.creativecdn.com/	1970-01-20 23:24:26	Name: u Value: 9cA9PIRktQMcyA06e4Eu
.creativecdn.com/	1970-01-20 23:24:26	Name: ts Value: 1694330580
.pubmatic.com/	1970-01-20 16:48:26	Name: KRTBCOOKIE_57 Value: 22776-5307833334708895609&KRTB&23339-5307833334708895609
.pubmatic.com/	1970-01-20 15:22:02	Name: PugT Value: 1694330580
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNrQ0NzW0MDCyNDY2MzE2MbK0MBTiM9QtKfSMNEzX9ajwyfYGAKsZ0IQlAAAA
.rfihub.com/	1970-01-21 00:00:26	Name: rud Value: H4sIAAAAAAAA_-MSNrQ0NzW0MDCyNDY2MzE2MbK0MBTiM9QtKfSMNEzX9ajwyfYGAKsZ0IQlAAAA
.bluekai.com/	1970-01-20 19:00:55	Name: bku Value: ikG99BHrdVHcWlGE
.bluekai.com/	1970-01-20 19:00:55	Name: bkpa Value: KJ0Wp6aFGpyxhFawyl+LNEaBlArNQCGses1cw1jTqi7JS3mZtu3ACIb7UNU34Ddwbuz2ddFN5eFKQlgRdFdM5cCSKNG+yXdkFKZlt1STHFd42UQTUj2IlVfFSbSvemG1boKc24m0lw68Fr6F+dl5XFL+QdoMwPfUpXrux4N0dMiIfAXjN1FI4cfjnb24E+VcEskqx+wZZo+t2orA5kR9rT6mqCoib+7u8BW7TbpTrKtP+kjZgNMUA7e/00NjRuYeBmV/GWLgcn+5dINbHh1XANnHtHeqUz2ZhO7jOpu1ZeIljkeOIVfrcZP0xqPrCvq/oDjqI/TXPAW3I+zFRlygRT08WirMplw5rL/pM3y54Vtjvok70oVCREB+jGOr3A/fyfRuyDfX8WpDReMLbGE5gQKSG35cnSf6eOrrqKYsGvIS9OoJOQ0vwjZWQpOSRuEHpNRuCLHW1M5PTGnvGDrJYXw4dRSHaYmJh6ghR1t/u5Q81tvH5esB/hjdOyYISJNW
.pubmatic.com/	1970-01-20 15:22:02	Name: SPugT Value: 1694330580
.mfadsrvr.com/	1970-01-21 00:14:50	Name: tuuid Value: 90bf66eb-9261-4d21-b720-424807e0ee01
.mfadsrvr.com/	1970-01-21 00:14:50	Name: c Value: 1694330580
.mfadsrvr.com/	1970-01-21 00:14:50	Name: tuuid_lu Value: 1694330580

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'bluetooth'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9d3dc99658da8f4872b21ae2a02a5eb7.safeframe.googlesyndication.com
ad-delivery.net
ad.doubleclick.net
ad.turn.com
ads.pubmatic.com
analytics.google.com
api.amplitude.com
api.btloader.com
b1sync.zemanta.com
bcp.crwdcntrl.net
btloader.com
btlr.sharethrough.com
bttrack.com
c1.adform.net
cdn.amplitude.com
cdn.ampproject.org
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.otnolatrnup.com
cdn.prod.uidapi.com
cm-supply-web.gammaplatform.com
cm.ambientdsp.com
cm.g.doubleclick.net
cms.quantserve.com
contextual.media.net
cr-p3.ladsp.com
creativecdn.com
cs.media.net
dis.criteo.com
easysofto.com
easysofty.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
g.ezoic.net
go.ezodn.com
gocm.c.appier.net
google-bidout-d.openx.net
googleads.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
ib.adnxs.com
id5-sync.com
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
inv-nets.admixer.net
invstatic101.creativecdn.com
ipac.ctnsnet.com
jp-u.openx.net
match.adsrvr.org
match.sharethrough.com
oa.openxcdn.net
oajs.openx.net
otnolatrnup.com
p.rfihub.com
pagead2.googlesyndication.com
pippio.com
pixel.tapad.com
pm.w55c.net
pool.admedo.com
pr-bh.ybp.yahoo.com
prebid.media.net
privacy.gatekeeperconsent.com
pubmatic-match.dotomi.com
rtb.mfadsrvr.com
s.amazon-adsystem.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
ssbsync.smartadserver.com
stags.bluekai.com
static.cloudflareinsights.com
static.criteo.net
static.mediafire.com
static.xx.fbcdn.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.crwdcntrl.net
sync.go.sonobi.com
sync.srv.stackadapt.com
tags.crwdcntrl.net
tags.rd.linksynergy.com
tg.socdm.com
the.gatekeeperconsent.com
tpc.googlesyndication.com
translate.google.com
translate.googleapis.com
uipglob.semasio.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
www.ezojs.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.com.au
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.mediafire.com
x.bidswitch.net
103.229.10.211
103.43.90.21
104.16.53.48
104.16.56.101
104.19.214.37
104.22.52.86
104.26.3.70
104.26.7.139
104.74.54.193
107.178.254.65
119.9.108.180
124.146.215.50
13.228.234.186
13.228.47.177
13.35.147.121
13.35.147.94
13.35.148.56
13.35.23.33
130.211.23.194
139.162.23.100
142.250.204.1
142.250.204.10
142.250.204.2
142.250.204.3
142.250.204.6
142.250.66.194
142.250.66.206
142.250.66.228
142.250.67.2
142.250.76.104
142.250.76.97
142.250.76.99
142.251.221.65
142.251.221.74
151.101.129.229
151.101.194.49
157.240.8.23
157.240.8.35
162.19.138.120
162.255.119.102
172.217.167.66
172.217.167.67
172.217.24.46
172.64.137.23
172.67.144.62
172.67.203.7
179.43.170.230
18.138.18.111
18.143.106.89
18.176.159.211
182.161.73.129
182.161.73.136
182.161.73.146
185.184.8.90
185.84.60.29
198.8.71.131
207.65.33.78
207.65.33.82
207.65.33.83
216.239.32.181
23.106.127.39
23.108.103.8
23.202.168.221
23.219.60.21
23.221.21.71
3.121.177.157
3.24.63.190
34.102.146.192
34.107.148.139
34.111.113.62
34.120.135.53
34.124.209.251
34.96.70.87
34.98.67.3
35.186.154.107
35.186.193.173
35.190.60.146
35.213.12.39
35.244.159.8
50.116.239.135
52.223.40.198
52.39.211.76
52.46.130.91
54.144.108.188
54.169.111.87
54.169.195.178
54.179.248.176
54.255.66.128
64.38.119.42
67.199.150.85
70.42.32.95
72.34.250.75
74.125.24.155
89.207.22.105
03c8d2dc7d985c3004ff2cd6d8148dd03560f37ed15efdf6c2d7f4d771d0e599
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
17bbf36efc98e40771ab2ee5e19be12c26eb715d3453a08da126606ba85108da
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
193f100278223dd8f644da2f815935b191c0031675ff4e804f1f439ea0a9e8d2
1a42d92125196e23e44aa36e0d6f8f793f84de4c8b2b21c8c4c3a637ac6f4d2a
1ed3af3fb4399f2afeb4d8d3974b3ddab6fbd631e276e3f0cbc22dee5ad0d224
2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4
2678300f9981277542a10c63a45659cafd6d0fa1d7d27c706a5573417a74f365
295ee13d92baeaf336d6477c7d35150fc24048a4c3d95546991a90b7c53de7d7
29e4c24a2fa1b6c2218b217e252a8d838cb65819a3b959a73c1a3565067ec0d9
2c34f09169d2a10e8f5863960e81575ab70f88b52f4bd3386ce5e41e73a94487
2c376bd4be2e0b91182dd6d3403921d2aee56a8dcd485b3fa6d8acfefd30eda9
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e8df1abc8ffaa2b043ca18940ffa094d16ae5d095ad9a8520949682c02923e1
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
30887d75ca7268ceabc93067bca019f8ffe07189630a759407b236736e1f15af
308e304a7e019c33374bffef1036526aa9658b72c94220fcf1fbde3cba2874a7
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31f4e4abd5d8e145d6bd5505ae3ee469f66e6aba53fcc6cf04741d0a802ebc3d
341d3214b60c99080346925a1835641940a019bdcb82dac3a9b1705d0a53268e
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
37d57f2675aa8c234b4966687c6f221a7c3b189fe555384afbb107760ac833c6
3869d6bc0158ed083183b3becc6b2faeb7f29f789733c76bb8c4a942629ea037
3c620084286d4e8ac0ebd4811a782920ac935265c8cdbf0010ea7243bd81a6e6
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdd9957f328674a49573806215c9fe67a6f827515607cf8d7db980fc94b771c
41bcfeefa137f2e1ccc6e59d937290ffee018021f156fc1e44433057056ac230
4342feac38021c4fe3069eba0edf1c2e1b4345e2b548b0afb7ab21b7369b3bc8
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4448e430d3c53bad548a5d135e1c7e2f9593e806ba47892640d430ea752e979e
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
485567ada85d2d82f3c23210e6082009fcd03700751bf61a07a56a256b1e8918
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48a6ee082f847e362b86196170538bc484500e9e2a04c63614e62f7d26977f49
494874a05c407cfb2315f6aa8fc056e62fb7d5b6d8cde0761bbbb4ad477c9fbb
49bdd7409d86870284150a6e5d4862c3d2c2bb4e161cda198ec1985b6bdee088
4a61cfe0cd5cf93f5389e16599493ccd7c97b673b03c83af5738ee1f4905d3f3
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f9a2b126c8afd123bac8ee84f77d51b271eb4b3d62f4b2071dc9a5e9d49c6d9
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57fb39cbd3365cba2be7fffc83be48a81d09a6f3901bb34dd643aa886fe485dc
5b26df0a4a6eb62ec94095af6e51712560eb2df643e5cc22c863c3f2512d2bae
5f20338b9aab2f5f33562eb3b0b23d999896ce426cacd2231b4123510571df4e
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
6a8bca6454315ff89ead4eb9ca362ddeb4fefda6cd2e8ceb3ed36a3b717110a4
6b4b5d832027f35386eacb48a2186cf6ce3c8fb12682cf46e1a312416fabfa8b
6bbc92717fe509af0802f8845d68fc13c4c4b299a7589f54f06a91e5f8075582
6fa04d8b4b07ebd5ebb250e33b532615e80dd02d46afb5cc0654c3c128b1c427
70a8392ab7a09662ea41f7d0bd4280008062775e6035e382737b45029ad942b9
71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3
720671166ac43aba99e3952b0b9341ab4e0fee1fd891db54e2a07f05db653142
72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc
7408f0f5efd6bc438c05d16fcf194b8a5bbeb885a87bea090a254307f6a90e8e
752ce8fe478f93339039031bce441ef1583cbc1c1558f54a8118c93165faceee
75a50d50f8b6dfe1f263180093d5519c6970ffb7134cb9c6fe1aba03c1db5547
76e711a9fa75d834548476e15f0e5086dc362eae1b8bf6e7becc70d234efed85
77ff3691ac63856fb464752f57652073c97e32048da08edcd16903c8a8f4e35a
7817ee889e9c73351b96c97c740c9dd746ba87ebd6c6fcab3cd77cd021920ce7
7af0c16057b4415362e273cdb5c9900d1ec9b690c5b7cc6c1139141e0f242c5e
7ba1bc2084def769e77a7dbf97cd91d68fe6c6d55b5d183a7d36630da8da2b02
7e40d1ef98726627461f1285aa4873557920a1f207a0cbd5fca6e64cb52ac2d9
7f1343ca74e009a2949392688b30d4a9a8f7f642ae4b593c9fdc76284531b049
82b94716473aa225e715e117802145c5d2d725aa1ba9d476d61a5d3da16a8c26
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83b4150f43fc1362f85f40b1053a6b77ba9029d44cb696e227834fd8eafe7811
84f17c357a114f92f5594d1254ef145103bd25fe28a365fc648d27678f91cdfc
8539c91ae0a82f8cab27d481ea38ac4e66d1e5b36701fe295bcba4399b9255bd
85a64faec356c3a72f249a98a037317adc730ec6d38e47653cd53be5485d80a1
864909edb64a3e6dd9d7fde79f064c6a23727f1a0cf6a10eee863a97bd3689c6
901f94aa7196041f7932db39a61624b5235761274dc864fa9166cc6ea14434b5
94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423
946d6a0baee015f27dd3902447fc74bc98ce4642dbdff32cc845e26f59062961
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9941d25da2d400e2cbc1c979d7ecae4a9b418158d3825d03e09650e0799dcefb
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470
a5090d18c606c75443ec32e196e55cedbce9623bf6fccb54ec3f0da8beb4c331
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a68a7aaf623132b6e47f6d9753c49336cc812251cc91a1b82280aca86144b29a
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09
aca4f3968ed3bffde23f0e31ef2662e6b3415d2a4ed959657a3d626461d18865
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154
b47bcc2d520acbc881bfb776d1f155bd38ef80c4b8db0fe2be452e7de536abde
b70f0a80bac892e1e492a9ee5cee527ea2a9a2ff162614ff7a3acc78b2e83db0
b989773eb85b515fb6dbdfb16b2530b2347f5cd52c580716c94a23d0a0d6b615
bb4a3ac0e25e30954307dacab388535f8645e7174f90eadc30e9266f3cbdc045
bbb126b9e8714be02d4544356d79477cf8ff397bf1cc527ac6c353d4c9084dff
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c235f21017bcc11fcaa31d7dfd9855aaebcbf5f6d7ee9bf9f2e98a910907c391
c746ca687b3e79023240e45eb684f036fd9a1312b454758a6018b3ece635dafb
c98cd9616f628271552ca2c8930463c2a100c7109e9021eb43d084c2b8de3cf2
ca0b13088e4cc740b37d30f2a5dd83dba46709641f40678950fc0a8f41c9c14c
cbb99c4149249b280f1d3d924d9bdd29a4a14cba1e71775fb3bdbdf13ebd5a48
cc53f8d03326fb944523cf9a5cb47786c46155fa4b4cf6a8acaa944217f962fb
ccebb3668d65d3268223556ecdbe14e98305dd0abeffe6308c75e7fb21188fc5
cd3a41d5961eeb487f3966231b50576166d0c6a2c7275fa16a0011c8ed9e8518
cee9fd8e304615d5ace755818a222fb75754484b38923463745dfed56bf4e3fe
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d33d23776af50869d043ba734489a1c86b495b071de36b4a843c4d1f8203e8e6
d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4
d839b193eba1dd4578cc90dfe2fe6edea552e807f65af9e79780a58d0ad9b1bb
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
dc54b817820f14ce6395ba2a037f37d4bb0af75d5b017336140793fbe2f7f738
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
df908529a36e11760e0d9c2acc7cc512ed263c2875d6726c139ad10823836284
e1dac12531c20fec866c938be23a0a76e8fc4a561f74af5224470eb9b7a06471
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e611f58b19c2ff6aba81588e7b0a148e523d8acbadc40092f8de5f50dca2f93c
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f057f2ea50996360cb788c5fc87da25674f5a3b48dc1d549440ae68817597415
f2e858e11bbfe82d0150dd8fc768dfdb4577415c0ee84435e0d6c51a50e6cb64
f350967c95d52a5b2ef0c198acc3ae8192576d3fd96c6804716a16edee8faa03
f40a964762f9dda40267c948eb46f52a0932a9629b57abb0801841af15e0bb35
f511fa7924776077436e0e7c47d96a420282192ee4f9c5dc96def26cb856c709
f52a0c7d9fa7ae8e45916c491ae7193f9a1e289f128f05264122c53d8da970db
f696e436fe9448deae54446cad6869c2f64e9359a238f255a9d837602c0848e2
f77f47058428a1c21dad5a75ac13fbfdeb9858947218fee2112fded5972a0b5d
f917a9105c311331b1d40f4d2bdbf11233c1c465616c1a9c46232f451463b061
fa1f876cb70f7a711191b9dab191d9cc1c037ae4f5f5ea032dfe742f51c07f65
fc9fc5ba79561082720a5632596a1e5cc2ef2251c80c6f2b0608070c9b3d4a21
fd0ee784123f8010b36fe0b9204fe2fb3faf76d8fa6a36a7644d32d9ac506270

www.mediafire.com Open in urlscan Pro 104.16.53.48 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

206 Requests

84 %HTTPS

0 %IPv6

69 Domains

103 Subdomains

69 IPs

9 Countries

1986 kBTransfer

5683 kBSize

112 Cookies

9 Outgoing links

Page URL History

Redirected requests

206 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.mediafire.com Open in urlscan Pro
104.16.53.48 Public Scan

Screenshot
Live screenshot

Full Image

206
Requests

84 %
HTTPS

0 %
IPv6

69
Domains

103
Subdomains

69
IPs

9
Countries

1986 kB
Transfer

5683 kB
Size

112
Cookies

206 HTTP transactions
6 data transactions