www.mediafire.com Open in urlscan Pro
104.16.202.237 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www19.todhamilton.pro/pushredirect/?network=1&site=adfly&ppi=2959576&pci=6629534317&t=1617637226&dest=https://aporasal...
Effective URL:
https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
Submission: On April 05 via manual (April 5th 2021, 3:44:19 pm UTC) from US

Summary HTTP 121 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 22 IPs in 3 countries across 15 domains to perform 121 HTTP transactions. The main IP is 104.16.202.237, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.mediafire.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 11th 2019. Valid for: 2 years.

This is the only time www.mediafire.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 25	172.67.178.34 172.67.178.34	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	13.226.156.80 13.226.156.80	16509 (AMAZON-02) (AMAZON-02)
8	54.144.3.29 54.144.3.29	14618 (AMAZON-AES) (AMAZON-AES)
1	172.64.100.8 172.64.100.8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 36	104.16.202.237 104.16.202.237	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
5	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c1b::9c	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
121	22

25 172.67.178.34 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www19.todhamilton.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www44.todhamilton.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www4.todhamilton.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www49.todhamilton.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www96.todhamilton.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www94.todhamilton.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www5.todhamilton.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www75.todhamilton.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www85.todhamilton.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 13.226.156.80 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-156-80.dus51.r.cloudfront.net

dc5k8fg5ioc8s.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 54.144.3.29 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-144-3-29.compute-1.amazonaws.com

aphycolourses.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.100.8 (United States)

ASN13335 (CLOUDFLARENET, US)

aporasal.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 104.16.202.237 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.mediafire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.mediafire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f01c:8012:face:b00c:0:3 (United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8183:face:b00c:0:25de (United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

translate.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1b::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

translate.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
36	mediafire.com 1 redirects www.mediafire.com static.mediafire.com	392 KB
25	todhamilton.pro 1 redirects www19.todhamilton.pro www44.todhamilton.pro www4.todhamilton.pro www49.todhamilton.pro www96.todhamilton.pro www94.todhamilton.pro www5.todhamilton.pro www75.todhamilton.pro www85.todhamilton.pro	377 KB
11	google.com www.google.com fundingchoicesmessages.google.com translate.google.com	93 KB
8	gstatic.com www.gstatic.com fonts.gstatic.com	479 KB
8	aphycolourses.info aphycolourses.info	376 KB
8	cloudfront.net dc5k8fg5ioc8s.cloudfront.net	358 KB
7	googleapis.com fonts.googleapis.com ajax.googleapis.com translate.googleapis.com	294 KB
5	google-analytics.com www.google-analytics.com	57 KB
4	facebook.net connect.facebook.net	156 KB
3	facebook.com www.facebook.com	320 B
2	googletagmanager.com www.googletagmanager.com	89 KB
1	googleusercontent.com lh3.googleusercontent.com	7 KB
1	google.de www.google.de	107 B
1	doubleclick.net stats.g.doubleclick.net	89 B
1	aporasal.net aporasal.net	1 KB
121	15

	Domain	Requested by
20	static.mediafire.com	www.mediafire.com static.mediafire.com
16	www.mediafire.com	1 redirects aporasal.net www.mediafire.com ajax.googleapis.com
8	fundingchoicesmessages.google.com	www.mediafire.com
8	aphycolourses.info	www19.todhamilton.pro www44.todhamilton.pro www4.todhamilton.pro www49.todhamilton.pro www96.todhamilton.pro www94.todhamilton.pro www5.todhamilton.pro www75.todhamilton.pro
8	dc5k8fg5ioc8s.cloudfront.net	www19.todhamilton.pro www44.todhamilton.pro www4.todhamilton.pro www49.todhamilton.pro www96.todhamilton.pro www94.todhamilton.pro www5.todhamilton.pro www75.todhamilton.pro
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
4	translate.googleapis.com	translate.google.com translate.googleapis.com srcdoc
4	fonts.gstatic.com	fonts.googleapis.com
4	connect.facebook.net	www.mediafire.com connect.facebook.net static.mediafire.com
4	www.gstatic.com	www.google.com www.mediafire.com translate.googleapis.com
3	www.facebook.com	www.mediafire.com connect.facebook.net
3	www75.todhamilton.pro	aphycolourses.info www75.todhamilton.pro
3	www5.todhamilton.pro	aphycolourses.info www5.todhamilton.pro
3	www94.todhamilton.pro	aphycolourses.info www94.todhamilton.pro
3	www96.todhamilton.pro	aphycolourses.info www96.todhamilton.pro
3	www49.todhamilton.pro	aphycolourses.info www49.todhamilton.pro
3	www4.todhamilton.pro	aphycolourses.info www4.todhamilton.pro
3	www44.todhamilton.pro	aphycolourses.info www44.todhamilton.pro
3	www19.todhamilton.pro	www19.todhamilton.pro
2	www.googletagmanager.com	www.mediafire.com
2	www.google.com	www.mediafire.com
2	fonts.googleapis.com	www.mediafire.com
1	lh3.googleusercontent.com	www.mediafire.com
1	www.google.de	www.mediafire.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	translate.google.com	www.mediafire.com
1	ajax.googleapis.com	www.mediafire.com
1	aporasal.net	aphycolourses.info
1	www85.todhamilton.pro	1 redirects
121	29

This site contains links to these domains. Also see Links.

Domain
blog.mediafire.com
mediafire.zendesk.com
translate.google.com
vividengine.com
www.vpnreports.com
www.facebook.com
twitter.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-23` - `2021-08-23`	a year	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2021-02-22` - `2022-02-21`	a year	crt.sh
aphycolourses.info R3	`2021-02-28` - `2021-05-29`	3 months	crt.sh
*.mediafire.com Sectigo RSA Domain Validation Secure Server CA	`2019-10-11` - `2021-11-07`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-02-10` - `2021-05-10`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
www.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
www.google.de GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.googleusercontent.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh

This page contains 10 frames:

Primary Page: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
Frame ID: 3DFC0A714D6590A7F2135B50C9A92FD8
Requests: 113 HTTP requests in this frame

Frame: https://www.mediafire.com/blank.html
Frame ID: 23B01DB7D9E2087694B66F87181CCCBF
Requests: 1 HTTP requests in this frame

Frame: https://www.mediafire.com/blank.html
Frame ID: 05834043294742F42C4E1E580784739C
Requests: 1 HTTP requests in this frame

Frame: https://www.mediafire.com/blank.html
Frame ID: C5158DC96459ED7A5F8A5F1C975F2516
Requests: 1 HTTP requests in this frame

Frame: https://www.mediafire.com/blank.html
Frame ID: E5D25236310A1963CCBE281F8686176D
Requests: 1 HTTP requests in this frame

Frame: https://www.mediafire.com/blank.html
Frame ID: 5C80B763BAECE578D186EE28C22D939F
Requests: 1 HTTP requests in this frame

Frame: https://www.mediafire.com/blank.html
Frame ID: BE40861AA5CC4A77BD23311C2A7A1FE8
Requests: 1 HTTP requests in this frame

Frame: https://www.mediafire.com/blank.html
Frame ID: BE68A0BB1ACEC92576D95F80C9DDCDF6
Requests: 1 HTTP requests in this frame

Frame: https://www.mediafire.com/blank.html
Frame ID: C866074899F45E7A5A05269D23BAE7FB
Requests: 1 HTTP requests in this frame

Frame: https://translate.googleapis.com/translate_a/l?client=te&alpha=true&hl=en&cb=callback
Frame ID: 48A0F6EB6BD3961F6792C122BEB05D71
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www19.todhamilton.pro/pushredirect/?network=1&site=adfly&ppi=2959576&pci=6629534317&t=1617637226&d... Page URL
https://www44.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=1&ppi=2959576&pci=662953431... Page URL
https://www4.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=2&ppi=2959576&pci=662953431... Page URL
https://www49.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=3&ppi=2959576&pci=662953431... Page URL
https://www96.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=4&ppi=2959576&pci=662953431... Page URL
https://www94.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=5&ppi=2959576&pci=662953431... Page URL
https://www5.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=6&ppi=2959576&pci=662953431... Page URL
https://www75.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=7&ppi=2959576&pci=662953431... Page URL
https://www85.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=8&ppi=2959576&pci=662953431... HTTP 302
https://aporasal.net/redirecting/aHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NM... Page URL
http://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7 HTTP 301
https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7 Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
script /google-analytics\.com\/plugins\/ua\/(?:ec|ecommerce)\.js/i

Google Analytics Enhanced eCommerce (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/plugins\/ua\/(?:ec|ecommerce)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html //i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

script /\/recaptcha\/api\.js/i

Page Statistics

121
Requests

98 %
HTTPS

76 %
IPv6

15
Domains

29
Subdomains

22
IPs

3
Countries

2678 kB
Transfer

6811 kB
Size

2
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: http://blog.mediafire.com/
Title: Company Blog

Search URL Search Domain Scan URL

URL: https://mediafire.zendesk.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://translate.google.com/
Title: Translate

Search URL Search Domain Scan URL

URL: https://vividengine.com/
Title: On-Demand Video Encoding

Search URL Search Domain Scan URL

URL: https://www.vpnreports.com/
Title: Best VPNs

Search URL Search Domain Scan URL

URL: http://www.facebook.com/mediafire
Title:

Search URL Search Domain Scan URL

URL: http://twitter.com/#!/mediafire
Title:

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www19.todhamilton.pro/pushredirect/?network=1&site=adfly&ppi=2959576&pci=6629534317&t=1617637226&dest=https://aporasal.net/redirecting/aHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D/6079218161effd1fd8c56db2f4a90253 Page URL
https://www44.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=1&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253 Page URL
https://www4.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=2&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253 Page URL
https://www49.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=3&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253 Page URL
https://www96.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=4&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253 Page URL
https://www94.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=5&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253 Page URL
https://www5.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=6&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253 Page URL
https://www75.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=7&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253 Page URL
https://www85.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=8&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253 HTTP 302
https://aporasal.net/redirecting/aHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw==/6079218161effd1fd8c56db2f4a90253 Page URL
http://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7 HTTP 301
https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 40

https://www85.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=8&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253 HTTP 302
https://aporasal.net/redirecting/aHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw==/6079218161effd1fd8c56db2f4a90253

121 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
www19.todhamilton.pro/pushredirect/ 5 KB
3 KB 464ms
316ms Document
text/html 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www19.todhamilton.pro/pushredirect/?network=1&site=adfly&ppi=2959576&pci=6629534317&t=1617637226&dest=https://aporasal.net/redirecting/aHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D/6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.3.27
Resource Hash: f9aa2f5b856b3a445e8caa228da13bb8b5ef9c1157737c960771b4d49ea8055d

Request headers

:method: GET
:authority: www19.todhamilton.pro
:scheme: https
:path: /pushredirect/?network=1&site=adfly&ppi=2959576&pci=6629534317&t=1617637226&dest=https://aporasal.net/redirecting/aHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D/6079218161effd1fd8c56db2f4a90253
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:43:52 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d2eb1df0507fd27054c15dca1dce948b51617637432; expires=Wed, 05-May-21 15:43:52 GMT; path=/; domain=.todhamilton.pro; HttpOnly; SameSite=Lax lastUrlPushTmp=www19.todhamilton.pro; secure
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
cf-request-id: 09444d742d0000fa1c67163000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Ea%2B8TllZ7y1mrie5UDn857mIZU0sGrzcO62dTdv%2F9re9PX%2FMdUkVd2MNGElx%2F5%2FpHZwGZ%2FkYw1vuTJ5037%2Fbr%2FTB8UBmL0P6O6VVRfOuZR%2FBOQOPSJM%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 63b3e5004c39fa1c-AMS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 / Show response
dc5k8fg5ioc8s.cloudfront.net/ 144 KB
45 KB 366ms
229ms Script
text/plain 13.226.156.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Requested by: Host: www19.todhamilton.pro
URL: https://www19.todhamilton.pro/pushredirect/?network=1&site=adfly&ppi=2959576&pci=6629534317&t=1617637226&dest=https://aporasal.net/redirecting/aHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D/6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.156.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-156-80.dus51.r.cloudfront.net
Software: /
Resource Hash: 3f66ff09af02daad7b81f896c4609fec36b51b86966204c4f22c8df03f9b12dc

Request headers

Referer: https://www19.todhamilton.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Apr 2021 15:43:52 GMT
content-encoding: gzip
x-amz-cf-pop: DUS51-C1
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-length: 45412
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
x-amz-cf-id: _IINIu5VbqQc03hJbPDihB2NRqCmkoCdkN05iV2jS7e7YFaE0edMvA==

GET
H2 200 logo.png
www19.todhamilton.pro/static/image/ 10 KB
11 KB 82ms
82ms Image
image/png 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www19.todhamilton.pro/static/image/logo.png
Requested by: Host: www19.todhamilton.pro
URL: https://www19.todhamilton.pro/pushredirect/?network=1&site=adfly&ppi=2959576&pci=6629534317&t=1617637226&dest=https://aporasal.net/redirecting/aHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D/6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a

Request headers

Referer: https://www19.todhamilton.pro/pushredirect/?network=1&site=adfly&ppi=2959576&pci=6629534317&t=1617637226&dest=https://aporasal.net/redirecting/aHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D/6079218161effd1fd8c56db2f4a90253
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:43:52 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2445
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10726
cf-request-id: 09444d75730000fa1c7c1b2000000001
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
server: cloudflare
etag: "29e6-5faa60e6-f392dafc4c855335;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=juTgy2L6VrM1jTDQcUEVsc6fhnHi1LMccxCQr5rIGLUeAiXFPu12luAqOxxFALxU1vuoAn%2FCeXJGDGzf5UrFUw96MYjSVkEcV9r83E7jag0IfSROiNQ%3D"}]}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 63b3e5024949fa1c-AMS
expires: Mon, 12 Apr 2021 15:03:07 GMT

GET
H2 200 am-push.796884.js Show response
www19.todhamilton.pro/ 93 KB
34 KB 331ms
331ms Script
application/x-javascript 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www19.todhamilton.pro/am-push.796884.js?puid=2959576&allb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253&ob=https%3A%2F%2Fwww44.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&clb=https%3A%2F%2Fwww44.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&asb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Requested by: Host: www19.todhamilton.pro
URL: https://www19.todhamilton.pro/pushredirect/?network=1&site=adfly&ppi=2959576&pci=6629534317&t=1617637226&dest=https://aporasal.net/redirecting/aHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D/6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b9191f2cd7c6a9cca2907f04717014b91b655c4345169882578bfeffa4bc185

Request headers

Referer: https://www19.todhamilton.pro/pushredirect/?network=1&site=adfly&ppi=2959576&pci=6629534317&t=1617637226&dest=https://aporasal.net/redirecting/aHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D/6079218161effd1fd8c56db2f4a90253
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:43:52 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09444d75790000fa1c4923d000000001
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
server: cloudflare
etag: W/"175a3-5faa60e6-7dbcd373cc8a4404;gz"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1pizAoXiiQ1B9b%2FKJ%2Bty%2F7lZAN1DN%2FRz10I1KalQkqYADYeO7I%2FmRA3sIRWnHd3wtYUG1O6qx%2BgalEofWY%2BcdRPXD7qJe%2BL347dsvkiW3Z3SZZ2%2BD6E%3D"}]}
content-type: application/x-javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 63b3e5025977fa1c-AMS
expires: Mon, 12 Apr 2021 15:43:52 GMT

GET
H2 200 bG1PQTAXTzw2bxkfI2MKTgU7NUAfV2BuRxsafngeGAIrKVEBBCM1XwJDPzNfQwwibEAZHidvB1Vbd3kEQgc8fkAZBCt8AlVYdnQHWksuLVwOUCc1RBweanJxSV8JZAIqDD8uQg0eLi0eAgg7ZAIqHyolWR4ILDVZAgpqc3YNJR1xUygCOQ0DCF4rOAUYNxgTQDU6F... Show response
aphycolourses.info/ 118 KB
47 KB 426ms
149ms Script
application/javascript 54.144.3.29
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://aphycolourses.info/bG1PQTAXTzw2bxkfI2MKTgU7NUAfV2BuRxsafngeGAIrKVEBBCM1XwJDPzNfQwwibEAZHidvB1Vbd3kEQgc8fkAZBCt8AlVYdnQHWksuLVwOUCc1RBweanJxSV8JZAIqDD8uQg0eLi0eAgg7ZAIqHyolWR4ILDVZAgpqc3YNJR1xUygCOQ0DCF4rOAUYNxgTQDU6FTFTATg6GAJVGQNzahoPCBNcDwR2K31fAXsjWjpYFhl1WAgIGAQgXAEMYQc7Gg9HSV4LZAMoSH0HBlxadnMBVFx5cFUKCytwVghVLHQGCA99JwQNVH9zBV9LICMNBBk7MUNJXg5kAipIfQdHGxp7dR4YAispUQEEIzVfAkM%2FM19JXwkxRR8FPSRUBR8qIkRJXwlkAyoZIjEVXyl%2BZAJaAyo1RwMfJGQDKFxqcwYFAjxkAyhdanMGHwQ7JBVfKS4lVgAUanMGD0h8BQFJX3kxQAVIfAUCVVh2dAdaSH13QA8EanJ0Wlt9eAVfWXxwB0lfeTUVXyl%2BdwFbW3x2Al5banMGCAg8NRVfKSc1RBweanMFXyxqcwVeK2pzBV4rLjFfHgw8IFxCAyo1FV5YfQdCCQkmM1UPGSYvV0lfenN2DSUdcVMoAjkNAwheKzgFGDcYE0A1OhUxUwE4OhgCVRkDc2oaDwgTXA8Edit9XwF7I1o6WBYZdVgICBgEIFwBDGEHOxoPR0lfenJ0SV96cnRJX3pzdlpdeHgCXVV%2BdwEJCyklAQoJdyIFWgktc1ZYDHZxAlleaSJcDlAnNUQcHmpycUlfCWQCKho4NgRYQzsuVAQMIihcGAIhb0AeAmpzdhwYPClCCQkmM1UPGWpzdkleCTVdHEh8BQJJX3kvVRgaIDNbSV4LcBVeWyYuQ0leC3EVXls8KEQJSHwFUQgLIzgVXlssZAMoXGpzBhwdJmQDKF92dAlZWnlkAlodLCgVXyl5dwJVWHx1A11aanMGGEh8BQFaXHh3A1tffXcVXlsrJEMYSHwFWBgZPzIVXlh8ABVeWH0HFV5YfQdRHAI9IEMNAWEvVRhIfXQCKh8qJVkeCCw1WQIKanMFXisuCWJcDgsuRiBeK3JUFVg7G2c%2BHRYWahwOIhRFNV92NXxeNzkjdz4BLCgJBiB8LQQOBxl0aTQoeyR3NVkDcH4hPCQXZSIaanMFXylqcwVfKWpzBV4reXEHVV9%2BeQFaXConVghcKSUID1h5JVJeC3sgCVxfenIWDR4tfFgYGT8yFV8sanN2SV8JIEADHy4yUQBDISRESV8JM1UIBD0kUxgEISYVXisuCWJcDgsuRiBeK3JUFVg7G2c%2BHRYWahwOIhRFNV92NXxeNzkjdz4BLCgJBiB8LQQOBxl0aTQoeyR3NVkDcH4hPCQXZSIaanJ0SV4LZAIqW392CV5cd3AGXQgpJ1RdCyt5U1lbKyMCClkueABeWHxjHE4eIicSVlxjY0QNChAoVE5XbXYJWlV3dRJATzw0UjMEK3ASVk99eAVVWHh3EkBPPDRSMwQrcxJWTy5yAwhadiIAQQguJFZBWXdzBEFVLHgEQQ4rcwEPDHZ4Vg8Pd2McTgwjLVJOV20pRBgdPHsfQww%2FLkINHi4tHgIIO25CCQkmM1UPGSYvV0MMBxMADykgN3xfCXwlSVkZFRZiHDQYG0APABo0aV5UOw0CNhstBmIADiZ4WiFeI3VSBjt6GGgpWSoGaVghfg99PQYZFH4bUHJuBlxadnMBVFx5cFUKCytwVghVLHQGCA99JwQNVH9zBV9PY2NfDk91Y1gYGT8yCkNCODZHWFlhNV8IBS4sWQAZIC8eHB8gbkAZHiczVQgEPSRTGEJwNV0cUH5nXgkZOC5CB1B%2BZ1kDHnJxFh8EOyQNDQkpLUlKDnJwFhwdJnwCVVh2dAdaSz8iWVFbeXMJWV57cgFbSzt8AVpceHcDW199dxYICDw1DQQZOzFDSV4OZAIqSH0HURwCPSBDDQFhL1UYSH0HQgkJJjNVDxkmL1dJXwkgeD5dLAVfGiF8JQMIFHo1ajs%2FPxhnNh0sLGUZNH14RCBfFTdSKz8jIllVBwJyXFgPJRcFNTUKdVUrNHsNASIgHipmOSM4ZAMoSHwFFV4reXEHVV9%2BeQFaXConVghcKSUID1h5JVJeC3sgCVxfenISQE8sLVJOV20pRBgdPHsfQxo4NgRYQzsuVAQMIihcGAIhb0AeAmAxRR8FPSRUBR8qIkRDUjssQFFfaS9VGBogM1tRXGkoXx9Qf2dDBRkqfFEICyM4Fg9QfmdAHARycwlZVHp2BkodLCgNWlt9eAVfWXxwB0oZcnAGXVp5cgdeX3lnVAkeO3xYGBk%2FMhVfLGpzdklfCSBAAx8uMlEAQyEkRElfCTNVCAQ9JFMYBCEmFV4rLgliXA4LLkYgXityVBVYOxtnPh0WFmocDiIURTVfdjV8Xjc5I3c%2BASwoCQYgfC0EDgcZdGk0KHskdzVZA3B%2BITwkF2UiGmpydEleC2QCKlt%2FdgleXHdwBl0IKSdUXQsreVNZWysjAgpZLngAXlh8YxxODDwjElZPJzVEHB51bh8NHSAzUR8MI29eCRlgM1UIBD0kUxgEISYfDSUdcVMoAjkNAwheKzgFGDcYE0A1OhUxUwE4OhgCVRkDc2oaDwgTXA8Edit9XwF7I1o6WBYZdVgICBgEIFwBDGEHOxoPR1FQYHcAW1R9cAhdW34kVgoJfidUVA56d1QOXyl1UVVdfXQDThA
Requested by: Host: www19.todhamilton.pro
URL: https://www19.todhamilton.pro/am-push.796884.js?puid=2959576&allb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253&ob=https%3A%2F%2Fwww44.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&clb=https%3A%2F%2Fwww44.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&asb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 54.144.3.29 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-144-3-29.compute-1.amazonaws.com
Software: / Express
Resource Hash: 059fcf4044e5c1d6190f93fab6704bd741e6ab74a08b65b6270b1e1980cc2249

Request headers

Referer: https://www19.todhamilton.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-encoding: gzip
etag: W/"1d99d-ZqIWiatbEQXK/pMxrMgf0RHoVNc"
x-powered-by: Express
vary: Accept-Encoding
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With,content-type

GET
H2 200 / Show response
www44.todhamilton.pro/pushredirect/ 5 KB
2 KB 327ms
315ms Document
text/html 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www44.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=1&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Requested by: Host: aphycolourses.info
URL: https://aphycolourses.info/bG1PQTAXTzw2bxkfI2MKTgU7NUAfV2BuRxsafngeGAIrKVEBBCM1XwJDPzNfQwwibEAZHidvB1Vbd3kEQgc8fkAZBCt8AlVYdnQHWksuLVwOUCc1RBweanJxSV8JZAIqDD8uQg0eLi0eAgg7ZAIqHyolWR4ILDVZAgpqc3YNJR1xUygCOQ0DCF4rOAUYNxgTQDU6FTFTATg6GAJVGQNzahoPCBNcDwR2K31fAXsjWjpYFhl1WAgIGAQgXAEMYQc7Gg9HSV4LZAMoSH0HBlxadnMBVFx5cFUKCytwVghVLHQGCA99JwQNVH9zBV9LICMNBBk7MUNJXg5kAipIfQdHGxp7dR4YAispUQEEIzVfAkM%2FM19JXwkxRR8FPSRUBR8qIkRJXwlkAyoZIjEVXyl%2BZAJaAyo1RwMfJGQDKFxqcwYFAjxkAyhdanMGHwQ7JBVfKS4lVgAUanMGD0h8BQFJX3kxQAVIfAUCVVh2dAdaSH13QA8EanJ0Wlt9eAVfWXxwB0lfeTUVXyl%2BdwFbW3x2Al5banMGCAg8NRVfKSc1RBweanMFXyxqcwVeK2pzBV4rLjFfHgw8IFxCAyo1FV5YfQdCCQkmM1UPGSYvV0lfenN2DSUdcVMoAjkNAwheKzgFGDcYE0A1OhUxUwE4OhgCVRkDc2oaDwgTXA8Edit9XwF7I1o6WBYZdVgICBgEIFwBDGEHOxoPR0lfenJ0SV96cnRJX3pzdlpdeHgCXVV%2BdwEJCyklAQoJdyIFWgktc1ZYDHZxAlleaSJcDlAnNUQcHmpycUlfCWQCKho4NgRYQzsuVAQMIihcGAIhb0AeAmpzdhwYPClCCQkmM1UPGWpzdkleCTVdHEh8BQJJX3kvVRgaIDNbSV4LcBVeWyYuQ0leC3EVXls8KEQJSHwFUQgLIzgVXlssZAMoXGpzBhwdJmQDKF92dAlZWnlkAlodLCgVXyl5dwJVWHx1A11aanMGGEh8BQFaXHh3A1tffXcVXlsrJEMYSHwFWBgZPzIVXlh8ABVeWH0HFV5YfQdRHAI9IEMNAWEvVRhIfXQCKh8qJVkeCCw1WQIKanMFXisuCWJcDgsuRiBeK3JUFVg7G2c%2BHRYWahwOIhRFNV92NXxeNzkjdz4BLCgJBiB8LQQOBxl0aTQoeyR3NVkDcH4hPCQXZSIaanMFXylqcwVfKWpzBV4reXEHVV9%2BeQFaXConVghcKSUID1h5JVJeC3sgCVxfenIWDR4tfFgYGT8yFV8sanN2SV8JIEADHy4yUQBDISRESV8JM1UIBD0kUxgEISYVXisuCWJcDgsuRiBeK3JUFVg7G2c%2BHRYWahwOIhRFNV92NXxeNzkjdz4BLCgJBiB8LQQOBxl0aTQoeyR3NVkDcH4hPCQXZSIaanJ0SV4LZAIqW392CV5cd3AGXQgpJ1RdCyt5U1lbKyMCClkueABeWHxjHE4eIicSVlxjY0QNChAoVE5XbXYJWlV3dRJATzw0UjMEK3ASVk99eAVVWHh3EkBPPDRSMwQrcxJWTy5yAwhadiIAQQguJFZBWXdzBEFVLHgEQQ4rcwEPDHZ4Vg8Pd2McTgwjLVJOV20pRBgdPHsfQww%2FLkINHi4tHgIIO25CCQkmM1UPGSYvV0MMBxMADykgN3xfCXwlSVkZFRZiHDQYG0APABo0aV5UOw0CNhstBmIADiZ4WiFeI3VSBjt6GGgpWSoGaVghfg99PQYZFH4bUHJuBlxadnMBVFx5cFUKCytwVghVLHQGCA99JwQNVH9zBV9PY2NfDk91Y1gYGT8yCkNCODZHWFlhNV8IBS4sWQAZIC8eHB8gbkAZHiczVQgEPSRTGEJwNV0cUH5nXgkZOC5CB1B%2BZ1kDHnJxFh8EOyQNDQkpLUlKDnJwFhwdJnwCVVh2dAdaSz8iWVFbeXMJWV57cgFbSzt8AVpceHcDW199dxYICDw1DQQZOzFDSV4OZAIqSH0HURwCPSBDDQFhL1UYSH0HQgkJJjNVDxkmL1dJXwkgeD5dLAVfGiF8JQMIFHo1ajs%2FPxhnNh0sLGUZNH14RCBfFTdSKz8jIllVBwJyXFgPJRcFNTUKdVUrNHsNASIgHipmOSM4ZAMoSHwFFV4reXEHVV9%2BeQFaXConVghcKSUID1h5JVJeC3sgCVxfenISQE8sLVJOV20pRBgdPHsfQxo4NgRYQzsuVAQMIihcGAIhb0AeAmAxRR8FPSRUBR8qIkRDUjssQFFfaS9VGBogM1tRXGkoXx9Qf2dDBRkqfFEICyM4Fg9QfmdAHARycwlZVHp2BkodLCgNWlt9eAVfWXxwB0oZcnAGXVp5cgdeX3lnVAkeO3xYGBk%2FMhVfLGpzdklfCSBAAx8uMlEAQyEkRElfCTNVCAQ9JFMYBCEmFV4rLgliXA4LLkYgXityVBVYOxtnPh0WFmocDiIURTVfdjV8Xjc5I3c%2BASwoCQYgfC0EDgcZdGk0KHskdzVZA3B%2BITwkF2UiGmpydEleC2QCKlt%2FdgleXHdwBl0IKSdUXQsreVNZWysjAgpZLngAXlh8YxxODDwjElZPJzVEHB51bh8NHSAzUR8MI29eCRlgM1UIBD0kUxgEISYfDSUdcVMoAjkNAwheKzgFGDcYE0A1OhUxUwE4OhgCVRkDc2oaDwgTXA8Edit9XwF7I1o6WBYZdVgICBgEIFwBDGEHOxoPR1FQYHcAW1R9cAhdW34kVgoJfidUVA56d1QOXyl1UVVdfXQDThA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.3.27
Resource Hash: 255e0bccb80070e1d8c87ec8a70d16f7ee9d17611636a1c0f3d24a5bb88bc759

Request headers

:method: GET
:authority: www44.todhamilton.pro
:scheme: https
:path: /pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=1&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://www19.todhamilton.pro/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=d2eb1df0507fd27054c15dca1dce948b51617637432
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www19.todhamilton.pro/

Response headers

date: Mon, 05 Apr 2021 15:43:54 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www44.todhamilton.pro; secure
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
cf-request-id: 09444d7a550000fa1c60ab3000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BjR6YtITGuNXS5MeVeHjDdlzUWjhVaAbz2%2BnnwWsre1xopKPpOBEISH26CSnSMc8JofLZnQX2cyhb89la8Ke44sZUHBLyOgmVamX3E%2BRIven%2F9gCBe8%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 63b3e50a2988fa1c-AMS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 / Show response
dc5k8fg5ioc8s.cloudfront.net/ 144 KB
45 KB 99ms
98ms Script
text/plain 13.226.156.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Requested by: Host: www44.todhamilton.pro
URL: https://www44.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=1&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.156.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-156-80.dus51.r.cloudfront.net
Software: /
Resource Hash: 3f66ff09af02daad7b81f896c4609fec36b51b86966204c4f22c8df03f9b12dc

Request headers

Referer: https://www44.todhamilton.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Apr 2021 15:43:52 GMT
content-encoding: gzip
age: 2
x-cache: Hit from cloudfront
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
x-amz-cf-pop: DUS51-C1
content-length: 45412
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
x-amz-cf-id: JILxq0DhZ3z4qfawUmPuuYLcuq6CMDjtFfq4_ev0u1zEcaQM_LyOoQ==

GET
H2 200 logo.png
www44.todhamilton.pro/static/image/ 10 KB
11 KB 86ms
86ms Image
image/png 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www44.todhamilton.pro/static/image/logo.png
Requested by: Host: www44.todhamilton.pro
URL: https://www44.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=1&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a

Request headers

Referer: https://www44.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=1&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:43:54 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 1766
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10726
cf-request-id: 09444d7b980000fa1c10bd3000000001
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
server: cloudflare
etag: "29e6-5faa60e6-f392dafc4c855335;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qa5FcUta3m%2FssGGFCtSKT6t5O4JkIhnvQZflZu7%2FPfqBYJXJ%2BuQi%2FICu4jN4OcAgBX09ETiUrvY49UD1SmaqR1wBQxemx1doen6QZrbpLef%2F4LO%2FU4c%3D"}]}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 63b3e50c2db3fa1c-AMS
expires: Mon, 12 Apr 2021 15:14:28 GMT

GET
H2 200 am-push.796884.js Show response
www44.todhamilton.pro/ 93 KB
34 KB 307ms
307ms Script
application/x-javascript 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www44.todhamilton.pro/am-push.796884.js?puid=2959576&allb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253&ob=https%3A%2F%2Fwww4.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D2%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&clb=https%3A%2F%2Fwww4.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D2%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&asb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Requested by: Host: www44.todhamilton.pro
URL: https://www44.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=1&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b9191f2cd7c6a9cca2907f04717014b91b655c4345169882578bfeffa4bc185

Request headers

Referer: https://www44.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=1&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:43:54 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09444d7b970000fa1c492cd000000001
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
server: cloudflare
etag: W/"175a3-5faa60e6-7dbcd373cc8a4404;gz"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PE07vPAtlNl4wAVUgI1B0Ev9S17w8sd7O7v2wJ4uaUxXxaItWiZCaOpiIATeAB52fTfLUXI%2BNejNfF9XFhl1GIbYlGFjrVn5SxvYlqDnLDEj8xAzY20%3D"}]}
content-type: application/x-javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 63b3e50c2db8fa1c-AMS
expires: Mon, 12 Apr 2021 15:43:54 GMT

GET
H2 200 NzdsdThMFR8CZ0JFAFcCFV8YAUhEDUNaT0BAWEEWQ1gIHVlaXgABV1kZHAdXGFYBWEhCRARbDw4BVE0MGV0fSkhCXghICg4CVUAPARENGVRVCgQBTEdESUZ5EgUqUApxVhwaSlZEDRkWWVIYUApxRQkRUUVSDwFRWVBJR35Wfz5FW3NYGjkLUwQIDA1DbTsnSG5gN... Show response
aphycolourses.info/ 118 KB
47 KB 141ms
140ms Script
application/javascript 54.144.3.29
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://aphycolourses.info/NzdsdThMFR8CZ0JFAFcCFV8YAUhEDUNaT0BAWEEWQ1gIHVlaXgABV1kZHAdXGFYBWEhCRARbDw4BVE0MGV0fSkhCXghICg4CVUAPARENGVRVCgQBTEdESUZ5EgUqUApxVhwaSlZEDRkWWVIYUApxRQkRUUVSDwFRWVBJR35Wfz5FW3NYGjkLUwQIDA1DbTsnSG5gNgVbWmIZLAoOQyBHYkFVKydUVF5VH3UEW1gXUmECNS19A1IrLAx7BiI4aVxhOTtPEgQoUAtzEl4zDgcAVUcJDwZaRF1RUQhEXlMPD0AOU1VeEwxWDlxHDQQRAxcFX0MYBUsSBC1QCnESXjNPQEBYW0xYUwQUVV5bGBpWGUceGh0FcRwAS19FCRFRRVIPAR0FcUlGfkNaHFALcwZJRw5ZUhgCV0VcSUZ8BhJeQ1FYRElGfAcSXkNLXkMJUAtzVggTVE4SXkNbEgQoRx0FARwFURIEKEcBAg5ZQg4SBVoFW14SXzEOAQVVQAsDBF1CHQUBGFALcwZaRA8BBFtHCgESXkNcUkQYUAtzXxgBSEQSXkALdhJeQApxEl5ACnFWHBpKVkQNGRZZUhhQCgIFKgddU14eEFtDXgISHQUCXjNZf2VcFnxYQSBGXARTFUBMbWA%2BBWFgbRwWVWJCNUcBQ3teL05VcD4ZW14OBjgLWwMOH24CbjQwDFJwNUF0BnkhJFNhYiICHQUCXzEdBQJfMR0FAl4zDgcAVUcJDwZaRF1RUQhEXlMPD0AOU1VeEwxWDlxHDQQRDxlaCl8YAUhEEl80HQVxSUd%2BQEAbQRZDWAgdWVpeAAFXWRkcB1cSBSoFTURfHhBcXkUJFkwSBSpQC3FDAQUdBHNeUAoBWQkBT1hFB1ALcwZJRw5eWB9QC3MHSUcORF4YEB0Ecw0RXltOSUcOVBJfMQoSBVoFSF4SXzEKDgJVQA8BEl5DSFReSUZ8AQFeTA0EA19EDxIFWgEdBHNdQwkAAV9CCgUBSUcOU1IfAR0EcwQBTEdESUcNBHZJRw0FcUlHDQVxDQVXRVYfFFQZWQkBHQUCXjNKUlMFB11UQwUbXxIFWUd%2BVn8%2BRVtzWBo5C1MECAwNQ207J0huYDYFW1piGSwKDkMgR2JBVSsnVFReVR91BFtYF1JhAjUtfQNSKywMewYiOGlcYTk7TxIFWUZ8EgVZRnwSBVlHfgEHW0wKBg9dQwlSUQoRCVFTVBYNAVMOR14DVlVFCgIEShRLVQoEAUxHRElGeRIFKlAKcVYcGkpWRA0ZFllSGFAKcUUJEVFFUg8BUVlQSUd%2BVn8%2BRVtzWBo5C1MECAwNQ207J0huYDYFW1piGSwKDkMgR2JBVSsnVFReVR91BFtYF1JhAjUtfQNSKywMewYiOGlcYTk7TxIEKFALcxJeMw4HAFVHCQ8GWkRdUVEIRF5TDw9ADlNVXhMMVg5cRw0EFUBXS1pRTk8JGxUYFF9oXghXAhUAVUMADwNOWRpEQg4qUVMGTk8aBQ5ZTA0AAU5ZGkRCDipRUwVOTxpWBF8RDw5UXFhdVlIKWAwPBVhYAFQOWFhbUwVdFlkODgoWWg8VQFdZW1sOVwIVXxgBSEQNQ1pZR1geFEtWW0IbXUMYHhBcXkUJFkxeWQtaWX9lXBZ8WEEgRlwEUxVATG1gPgVhYG0cFlViQjVHAUN7Xi9OVXA%2BGVteDgY4C1sDDh9uAm40MAxScDVBdAZ5ISRTYWIiAgUKGFpFDw4FXU0JAQYJE15TBgoRAFQCWhFaBVFYFAEHBVlGGhsVAxcaDRUEAUxHRFZaF0BAG0EWQ1gIHVlaXgABV1kZHAdXGEcZBlBFUggcSlJUGFoHQ1ocSAkRWQkBT1hFB0gJEV4DBgUHER8cTFIKDRFeW05KFgUFERwFUQoFVUABAgBaU0hUXlFDDgUOWUYMBAZbU0wKBlpEDwEEW0cKAREIEEtDCgQBTEdESUZ5EgUqUApxVhwaSlZEDRkWWVIYUApxRQkRUUVSDwFRWVBJR35Wfz5FW3NYGjkLUwQIDA1DbTsnSG5gNgVbWmIZLAoOQyBHYkFVKydUVF5VH3UEW1gXUmECNS19A1IrLAx7BiI4aVxhOTtPEgQoUAtzEl4zDgcAVUcJDwZaRF1RUQhEXlMPD0AOU1VeEwxWDlxHDQQVQFdbW1VOTxpfQxgFSw0YQwJPQANCAVdTXw0YUVtDAxsWR0UDWkhCRAQHXVNeHhBbQxhTAVVHCl5TVlJDGxpKXApdU1FYRFFFHkReGBAFVlMKGUERVFFHHkdHBUgKDgJVQA8BERwWUQoBWkcBAgRYRgkAERhICQEGW0MLAAVeQx5TUh8BBV9DGAVLEgQtUApxEl4zWUdYHhRLVltCG11DEl4zSlJTBQddVEMFG18SBSoUcGUHDzFXQXtfEQtTTlkBYmBlHCxvbUcPGG1Cbl5MTHsFNgNacGUAFlEOXSFGVANVBiMNbm8pQV1wblg5CXl6PR5uYnkbUAtzEl8xHQVxWkUPDgVdTQkBBgkTXlMGChEAVAJaEVoFUVgUAQcFWUYaGxUNBloVDU4dTENHH08XGFYcGkpWRA0ZFllSGFpKUlMFB11UQwUbXxhWJCcIVHMDA3QEU18RQQJDNiJqR247L0hUWjkAYQUOGDkKbUEOMmpbVAVMUnoEAEFaXWFZLGByAwkyYQN7XTt1Zlw6IHZAClFaDgcAVUcJDwZaRF1RUQhEXlMPD0AOU1VeEwxWDlxHDQQVEQ
Requested by: Host: www44.todhamilton.pro
URL: https://www44.todhamilton.pro/am-push.796884.js?puid=2959576&allb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253&ob=https%3A%2F%2Fwww4.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D2%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&clb=https%3A%2F%2Fwww4.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D2%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&asb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 54.144.3.29 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-144-3-29.compute-1.amazonaws.com
Software: / Express
Resource Hash: c9276e36cd8d47ddb41bc5fd98646d2af67b318cfa49b86db4a01e533066b416

Request headers

Referer: https://www44.todhamilton.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-encoding: gzip
etag: W/"1d998-EJH8mfeoNZVDKraoG+xl7ZjVYeA"
x-powered-by: Express
vary: Accept-Encoding
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With,content-type

GET
H2 200 / Show response
www4.todhamilton.pro/pushredirect/ 5 KB
3 KB 355ms
344ms Document
text/html 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www4.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=2&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Requested by: Host: aphycolourses.info
URL: https://aphycolourses.info/NzdsdThMFR8CZ0JFAFcCFV8YAUhEDUNaT0BAWEEWQ1gIHVlaXgABV1kZHAdXGFYBWEhCRARbDw4BVE0MGV0fSkhCXghICg4CVUAPARENGVRVCgQBTEdESUZ5EgUqUApxVhwaSlZEDRkWWVIYUApxRQkRUUVSDwFRWVBJR35Wfz5FW3NYGjkLUwQIDA1DbTsnSG5gNgVbWmIZLAoOQyBHYkFVKydUVF5VH3UEW1gXUmECNS19A1IrLAx7BiI4aVxhOTtPEgQoUAtzEl4zDgcAVUcJDwZaRF1RUQhEXlMPD0AOU1VeEwxWDlxHDQQRAxcFX0MYBUsSBC1QCnESXjNPQEBYW0xYUwQUVV5bGBpWGUceGh0FcRwAS19FCRFRRVIPAR0FcUlGfkNaHFALcwZJRw5ZUhgCV0VcSUZ8BhJeQ1FYRElGfAcSXkNLXkMJUAtzVggTVE4SXkNbEgQoRx0FARwFURIEKEcBAg5ZQg4SBVoFW14SXzEOAQVVQAsDBF1CHQUBGFALcwZaRA8BBFtHCgESXkNcUkQYUAtzXxgBSEQSXkALdhJeQApxEl5ACnFWHBpKVkQNGRZZUhhQCgIFKgddU14eEFtDXgISHQUCXjNZf2VcFnxYQSBGXARTFUBMbWA%2BBWFgbRwWVWJCNUcBQ3teL05VcD4ZW14OBjgLWwMOH24CbjQwDFJwNUF0BnkhJFNhYiICHQUCXzEdBQJfMR0FAl4zDgcAVUcJDwZaRF1RUQhEXlMPD0AOU1VeEwxWDlxHDQQRDxlaCl8YAUhEEl80HQVxSUd%2BQEAbQRZDWAgdWVpeAAFXWRkcB1cSBSoFTURfHhBcXkUJFkwSBSpQC3FDAQUdBHNeUAoBWQkBT1hFB1ALcwZJRw5eWB9QC3MHSUcORF4YEB0Ecw0RXltOSUcOVBJfMQoSBVoFSF4SXzEKDgJVQA8BEl5DSFReSUZ8AQFeTA0EA19EDxIFWgEdBHNdQwkAAV9CCgUBSUcOU1IfAR0EcwQBTEdESUcNBHZJRw0FcUlHDQVxDQVXRVYfFFQZWQkBHQUCXjNKUlMFB11UQwUbXxIFWUd%2BVn8%2BRVtzWBo5C1MECAwNQ207J0huYDYFW1piGSwKDkMgR2JBVSsnVFReVR91BFtYF1JhAjUtfQNSKywMewYiOGlcYTk7TxIFWUZ8EgVZRnwSBVlHfgEHW0wKBg9dQwlSUQoRCVFTVBYNAVMOR14DVlVFCgIEShRLVQoEAUxHRElGeRIFKlAKcVYcGkpWRA0ZFllSGFAKcUUJEVFFUg8BUVlQSUd%2BVn8%2BRVtzWBo5C1MECAwNQ207J0huYDYFW1piGSwKDkMgR2JBVSsnVFReVR91BFtYF1JhAjUtfQNSKywMewYiOGlcYTk7TxIEKFALcxJeMw4HAFVHCQ8GWkRdUVEIRF5TDw9ADlNVXhMMVg5cRw0EFUBXS1pRTk8JGxUYFF9oXghXAhUAVUMADwNOWRpEQg4qUVMGTk8aBQ5ZTA0AAU5ZGkRCDipRUwVOTxpWBF8RDw5UXFhdVlIKWAwPBVhYAFQOWFhbUwVdFlkODgoWWg8VQFdZW1sOVwIVXxgBSEQNQ1pZR1geFEtWW0IbXUMYHhBcXkUJFkxeWQtaWX9lXBZ8WEEgRlwEUxVATG1gPgVhYG0cFlViQjVHAUN7Xi9OVXA%2BGVteDgY4C1sDDh9uAm40MAxScDVBdAZ5ISRTYWIiAgUKGFpFDw4FXU0JAQYJE15TBgoRAFQCWhFaBVFYFAEHBVlGGhsVAxcaDRUEAUxHRFZaF0BAG0EWQ1gIHVlaXgABV1kZHAdXGEcZBlBFUggcSlJUGFoHQ1ocSAkRWQkBT1hFB0gJEV4DBgUHER8cTFIKDRFeW05KFgUFERwFUQoFVUABAgBaU0hUXlFDDgUOWUYMBAZbU0wKBlpEDwEEW0cKAREIEEtDCgQBTEdESUZ5EgUqUApxVhwaSlZEDRkWWVIYUApxRQkRUUVSDwFRWVBJR35Wfz5FW3NYGjkLUwQIDA1DbTsnSG5gNgVbWmIZLAoOQyBHYkFVKydUVF5VH3UEW1gXUmECNS19A1IrLAx7BiI4aVxhOTtPEgQoUAtzEl4zDgcAVUcJDwZaRF1RUQhEXlMPD0AOU1VeEwxWDlxHDQQVQFdbW1VOTxpfQxgFSw0YQwJPQANCAVdTXw0YUVtDAxsWR0UDWkhCRAQHXVNeHhBbQxhTAVVHCl5TVlJDGxpKXApdU1FYRFFFHkReGBAFVlMKGUERVFFHHkdHBUgKDgJVQA8BERwWUQoBWkcBAgRYRgkAERhICQEGW0MLAAVeQx5TUh8BBV9DGAVLEgQtUApxEl4zWUdYHhRLVltCG11DEl4zSlJTBQddVEMFG18SBSoUcGUHDzFXQXtfEQtTTlkBYmBlHCxvbUcPGG1Cbl5MTHsFNgNacGUAFlEOXSFGVANVBiMNbm8pQV1wblg5CXl6PR5uYnkbUAtzEl8xHQVxWkUPDgVdTQkBBgkTXlMGChEAVAJaEVoFUVgUAQcFWUYaGxUNBloVDU4dTENHH08XGFYcGkpWRA0ZFllSGFpKUlMFB11UQwUbXxhWJCcIVHMDA3QEU18RQQJDNiJqR247L0hUWjkAYQUOGDkKbUEOMmpbVAVMUnoEAEFaXWFZLGByAwkyYQN7XTt1Zlw6IHZAClFaDgcAVUcJDwZaRF1RUQhEXlMPD0AOU1VeEwxWDlxHDQQVEQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.3.27
Resource Hash: deda48e7551fea100f9dce74acceb543723ad1260e4aabe65918c567d657f156

Request headers

:method: GET
:authority: www4.todhamilton.pro
:scheme: https
:path: /pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=2&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://www44.todhamilton.pro/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=d2eb1df0507fd27054c15dca1dce948b51617637432
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www44.todhamilton.pro/

Response headers

date: Mon, 05 Apr 2021 15:43:55 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www4.todhamilton.pro; secure
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
cf-request-id: 09444d7ecf0000fa1c762c4000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=nijMMV3px8unuc73zF%2FZ0PSYAx%2FR3ufZUV1zbLNMMP1nFvozUNl4wW2lZ8uMZXLWTNpShLNb8aJk09l%2FPOPxTE7%2F9%2BtxT3NGSJOFcq4ATCexgrRr2A%3D%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 63b3e5114f08fa1c-AMS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 / Show response
dc5k8fg5ioc8s.cloudfront.net/ 144 KB
45 KB 69ms
69ms Script
text/plain 13.226.156.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Requested by: Host: www4.todhamilton.pro
URL: https://www4.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=2&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.156.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-156-80.dus51.r.cloudfront.net
Software: /
Resource Hash: 3f66ff09af02daad7b81f896c4609fec36b51b86966204c4f22c8df03f9b12dc

Request headers

Referer: https://www4.todhamilton.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Apr 2021 15:43:52 GMT
content-encoding: gzip
age: 3
x-cache: Hit from cloudfront
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
x-amz-cf-pop: DUS51-C1
content-length: 45412
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
x-amz-cf-id: ZvNv7yNEqeAKJnRVBeCRkJJoEGPfgWwrZc5xA1Vj4quxuKfW4S8iFw==

GET
H2 200 logo.png
www4.todhamilton.pro/static/image/ 10 KB
11 KB 81ms
81ms Image
image/png 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www4.todhamilton.pro/static/image/logo.png
Requested by: Host: www4.todhamilton.pro
URL: https://www4.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=2&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a

Request headers

Referer: https://www4.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=2&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:43:55 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2484
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10726
cf-request-id: 09444d80330000fa1c2f3a0000000001
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
server: cloudflare
etag: "29e6-5faa60e6-f392dafc4c855335;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=yQU5D5cPUAinWEygziPzPqc14Nk4C2TeEWjVfHWWFjQA%2B3%2FB0vcEsLPLL1e%2F6ZkXHGtcE6M8S%2BlUJTpnLzLrnEIL8RQG5IkAs%2Bs3E6bEwlk5p5ZurA%3D%3D"}]}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 63b3e5138bc3fa1c-AMS
expires: Mon, 12 Apr 2021 15:02:31 GMT

GET
H2 200 am-push.796884.js Show response
www4.todhamilton.pro/ 93 KB
34 KB 304ms
304ms Script
application/x-javascript 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www4.todhamilton.pro/am-push.796884.js?puid=2959576&allb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253&ob=https%3A%2F%2Fwww49.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D3%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&clb=https%3A%2F%2Fwww49.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D3%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&asb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Requested by: Host: www4.todhamilton.pro
URL: https://www4.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=2&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b9191f2cd7c6a9cca2907f04717014b91b655c4345169882578bfeffa4bc185

Request headers

Referer: https://www4.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=2&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:43:55 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09444d80330000fa1c60b26000000001
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
server: cloudflare
etag: W/"175a3-5faa60e6-7dbcd373cc8a4404;gz"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=V5Y%2Fgd3Zx1u9htdJnqZXTw6XJ67hUw10KPVtC4njh3OimFxLRRf99a%2BmSbOnT943%2BmErHbeYtS0%2BRx7H4Qf7XEbdXWcqMK5u1G43ITuwkBbYbgLqIA%3D%3D"}]}
content-type: application/x-javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 63b3e5138bc9fa1c-AMS
expires: Mon, 12 Apr 2021 15:43:55 GMT

GET
H2 200 M2hoOE5IShtPEUYaBBp0EQAcTD5AUkcXOUQfXBY6XAwAWSNaBBxXIB0YGldhUgVFSDtAAEYPdwVQUAxgWRtXSDtaDFUKdwZRXQ94FQkEVCwOABxMPkBNW3lrAS5NCghSGAdKL0AJBBYgVhxNCghBDQxRPFYLHFEgVE1afi97OlhbClweJAsqAAwRDTppPzpIF2QyG... Show response
aphycolourses.info/ 118 KB
47 KB 142ms
142ms Script
application/javascript 54.144.3.29
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://aphycolourses.info/M2hoOE5IShtPEUYaBBp0EQAcTD5AUkcXOUQfXBY6XAwAWSNaBBxXIB0YGldhUgVFSDtAAEYPdwVQUAxgWRtXSDtaDFUKdwZRXQ94FQkEVCwOABxMPkBNW3lrAS5NCghSGAdKL0AJBBYgVhxNCghBDQxRPFYLHFEgVE1afi97OlhbClweJAsqAAwRDTppPzpIF2QyGFsjZh0xCndHJFpiOFEvOlQtWlECdX1fXApSGAYxMH16Vi8xDAICJiVpJWU9Jk9rACxNCwoWWi4OfgRRWgl2Al5ZXShVDFleKgsLXQ4qUVoODC8KWFoNfRUHCgUmRxwYS2sAKU0KCBZaLk85RFxRFjpcDABZI1oEHFcgHRgaV2sBLhhNPVsaDVwnQQ0LTGsBLk0LCEcFGB19d1lNCnhdDRxPIUEDTQsKAk1aDidcG00LCgNNWg49WhwNHX13CQxeIkpNWg4tFlssC2sBXhhIJxZbLAp3BlFdD3gWWl5ILVpNW3x4BVpRDX0HW1kPawFeHB19d1leCXkFW18KfAVNWg4qVhscHX13ABxMPkBNWg19ck1aDXx1TVoNfHUJGFc8UhsJVGBdDRwdfAZaLkorVwEaXS1HAQZfawFdWn4vezpYWwpcHiQLKgAMEQ06aT86SBdkMhhbI2YdMQp3RyRaYjhRLzpULVpRAnV9X1wKUhgGMTB9elYvMQwCAiYlaSVlPSZPawFdW3xrAV1bfGsBXVp%2BeANfUQp%2FC1leCStVDgwJKFdQCw14VwpaXnpSUVgKewBOC1QsDgAcTD5ATVt5awEuTQoIRB8fDHcdHAdcJlIFAVQ6XAZGSDxcTVp%2BPkYbAEorVwEaXS1HTVp%2BawAuHFU%2BFlssCmsBXgZdOkQHGlNrACxZHXwFAQdLawAsWB18BRsBTCsWWyxZKlUEER18BQtNCwoATVoOPkMBTQsKAVFdAXsEXk0KeEMLAR19d15eCncGW1wLfwRNWg46FlssCXgCX14LeQFaXh18BQwNSzoWWyxQOkcYGx18BlspHXwGWi4dfAZaLlk%2BXBoJSy9fRgZdOhZaXQoIQQ0MUTxWCxxRIFRNWg18dQkgan5QLAdOAgAMW1w3BhwybxxDMT9iPlAFPU0XAVEcdHxpHgp%2FHF8LAQEkflsEDCxZPl1hFnZcDX8XByRZdgNiAz5tAERNWg19d01aDX13TVoNfHVeWA93AVlQCXgCDQ5eKgIODAAtBl4MWnxVXAkBfgFdWx4vQApVUDpHGBsdfXJNWn5rAS4JSCFBCRtZIh0GDUxrAS4aXSpaGg1bOloGDx18dQkgan5QLAdOAgAMW1w3BhwybxxDMT9iPlAFPU0XAVEcdHxpHgp%2FHF8LAQEkflsEDCxZPl1hFnZcDX8XByRZdgNiAz5tAERNW3xrACxNCggFWF8BfAJQWQ5%2FVg4OXH9VDFBbewUMCgooBwlRCHwGW0oUbEAFDhp0AkRKTC9UNwFcbAlKXwF4C1BcGmIRGx1aEVoMWRp0EVpRDXcGX14aYhEbHVoRWgxaGnQRCVsLKgRRCwhjVgkNXmMHUFoMYwsLUQxjUAxaCS1SUVFeLVFQShRsUgQEWmwJSgBMOkMbUhdhUhgHSi9ACQQWIFYcR0orVwEaXS1HAQZfYVIgOggtdwcedH1XWwxBe0cyP2o%2Baj8ySC1ePR1hfAocJAoURQovaiJQAVFSAwAEXFokZV0xYAsHDS9hen9ZJnUfWD49djkOVUcOfgRRWgl2Al5ZXShVDFleKgsLXQ4qUVoODC8KWFoNfRFESlcsEVJKUDpHGBsCYRwfH096CkYcVypbCQVRIkcHBhY%2BQQdHSDtAABpdKloaDVs6HFccVT4OWU5WK0cfB0olDllOUSFAVVgePVocDQUvVw4EQWhQVVsePkMBVQp3BlFdD3gVGAtRcwVeWgF7AFxbCXkVHFUJeAJfXgt5AVpeHipWGxwFJkccGEtrAClNCggWWi5ZPlwaCUsvX0YGXToWWi5KK1cBGl0tRwEGX2sBLglwHAMLLFc4f1sMCypKXRxiGWEYMW8UQwsFbTtqWlFMAgEyHloJYQQLUXdZJVtUelECPg0Xay1cXQlqXCQJAH45A24bfR9NCwoWWywdfHVeWA93AVlQCXgCDQ5eKgIODAAtBl4MWnxVXAkBfgFdWxpiEQsEWmwJSgBMOkMbUhdhRB8fDHcdHAdcJlIFAVQ6XAZGSDxcRxhNPVsaDVwnQQ0LTGEMHAVIcwFOBl06RAcaU3MCTgFXPQ5YTksnRw1VWSpVBBEeLQ5bTkg%2BWlVaAXsKXV8OaEMLAQV4BVpRDX0HW1kPaEdVWQ5%2FBF5bD3wBXk5cK0AcVVA6RxgbHX1yTVp%2BawEuCUghQQkbWSIdBg1MawEuGl0qWhoNWzpaBg8dfHUJIGp%2BUCwHTgIADFtcNwYcMm8cQzE%2FYj5QBT1NFwFRHHR8aR4KfxxfCwEBJH5bBAwsWT5dYRZ2XA1%2FFwckWXYDYgM%2BbQBETVt8awAsTQoIBVhfAXwCUFkOf1YODlx%2FVQxQW3sFDAoKKAcJUQh8BltKFGxSGwoadBEAHEw%2BQFJHFy9DBxpZPVIERlYrR0caXSpaGg1bOloGDxcvezpYWwpcHiQLKgAMEQ06aT86SBdkMhhbI2YdMQp3RyRaYjhRLzpULVpRAnV9X1wKUhgGMTB9elYvMQwCAiYlaSVlPSZPcw5HXgh5ClpZAH8FWQ1eKFdZDlx2UF1eXCwBDlxZdwNaXQtsTg
Requested by: Host: www4.todhamilton.pro
URL: https://www4.todhamilton.pro/am-push.796884.js?puid=2959576&allb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253&ob=https%3A%2F%2Fwww49.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D3%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&clb=https%3A%2F%2Fwww49.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D3%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&asb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 54.144.3.29 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-144-3-29.compute-1.amazonaws.com
Software: / Express
Resource Hash: db5e34025d3057c2184af84877bb36bad348bd5033b05c94731d985ebd60e12d

Request headers

Referer: https://www4.todhamilton.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-encoding: gzip
etag: W/"1d99c-gd6T3LpS33rROgbnHNgVrQnrOwY"
x-powered-by: Express
vary: Accept-Encoding
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With,content-type

GET
H2 200 / Show response
www49.todhamilton.pro/pushredirect/ 5 KB
2 KB 338ms
328ms Document
text/html 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www49.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=3&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Requested by: Host: aphycolourses.info
URL: https://aphycolourses.info/M2hoOE5IShtPEUYaBBp0EQAcTD5AUkcXOUQfXBY6XAwAWSNaBBxXIB0YGldhUgVFSDtAAEYPdwVQUAxgWRtXSDtaDFUKdwZRXQ94FQkEVCwOABxMPkBNW3lrAS5NCghSGAdKL0AJBBYgVhxNCghBDQxRPFYLHFEgVE1afi97OlhbClweJAsqAAwRDTppPzpIF2QyGFsjZh0xCndHJFpiOFEvOlQtWlECdX1fXApSGAYxMH16Vi8xDAICJiVpJWU9Jk9rACxNCwoWWi4OfgRRWgl2Al5ZXShVDFleKgsLXQ4qUVoODC8KWFoNfRUHCgUmRxwYS2sAKU0KCBZaLk85RFxRFjpcDABZI1oEHFcgHRgaV2sBLhhNPVsaDVwnQQ0LTGsBLk0LCEcFGB19d1lNCnhdDRxPIUEDTQsKAk1aDidcG00LCgNNWg49WhwNHX13CQxeIkpNWg4tFlssC2sBXhhIJxZbLAp3BlFdD3gWWl5ILVpNW3x4BVpRDX0HW1kPawFeHB19d1leCXkFW18KfAVNWg4qVhscHX13ABxMPkBNWg19ck1aDXx1TVoNfHUJGFc8UhsJVGBdDRwdfAZaLkorVwEaXS1HAQZfawFdWn4vezpYWwpcHiQLKgAMEQ06aT86SBdkMhhbI2YdMQp3RyRaYjhRLzpULVpRAnV9X1wKUhgGMTB9elYvMQwCAiYlaSVlPSZPawFdW3xrAV1bfGsBXVp%2BeANfUQp%2FC1leCStVDgwJKFdQCw14VwpaXnpSUVgKewBOC1QsDgAcTD5ATVt5awEuTQoIRB8fDHcdHAdcJlIFAVQ6XAZGSDxcTVp%2BPkYbAEorVwEaXS1HTVp%2BawAuHFU%2BFlssCmsBXgZdOkQHGlNrACxZHXwFAQdLawAsWB18BRsBTCsWWyxZKlUEER18BQtNCwoATVoOPkMBTQsKAVFdAXsEXk0KeEMLAR19d15eCncGW1wLfwRNWg46FlssCXgCX14LeQFaXh18BQwNSzoWWyxQOkcYGx18BlspHXwGWi4dfAZaLlk%2BXBoJSy9fRgZdOhZaXQoIQQ0MUTxWCxxRIFRNWg18dQkgan5QLAdOAgAMW1w3BhwybxxDMT9iPlAFPU0XAVEcdHxpHgp%2FHF8LAQEkflsEDCxZPl1hFnZcDX8XByRZdgNiAz5tAERNWg19d01aDX13TVoNfHVeWA93AVlQCXgCDQ5eKgIODAAtBl4MWnxVXAkBfgFdWx4vQApVUDpHGBsdfXJNWn5rAS4JSCFBCRtZIh0GDUxrAS4aXSpaGg1bOloGDx18dQkgan5QLAdOAgAMW1w3BhwybxxDMT9iPlAFPU0XAVEcdHxpHgp%2FHF8LAQEkflsEDCxZPl1hFnZcDX8XByRZdgNiAz5tAERNW3xrACxNCggFWF8BfAJQWQ5%2FVg4OXH9VDFBbewUMCgooBwlRCHwGW0oUbEAFDhp0AkRKTC9UNwFcbAlKXwF4C1BcGmIRGx1aEVoMWRp0EVpRDXcGX14aYhEbHVoRWgxaGnQRCVsLKgRRCwhjVgkNXmMHUFoMYwsLUQxjUAxaCS1SUVFeLVFQShRsUgQEWmwJSgBMOkMbUhdhUhgHSi9ACQQWIFYcR0orVwEaXS1HAQZfYVIgOggtdwcedH1XWwxBe0cyP2o%2Baj8ySC1ePR1hfAocJAoURQovaiJQAVFSAwAEXFokZV0xYAsHDS9hen9ZJnUfWD49djkOVUcOfgRRWgl2Al5ZXShVDFleKgsLXQ4qUVoODC8KWFoNfRFESlcsEVJKUDpHGBsCYRwfH096CkYcVypbCQVRIkcHBhY%2BQQdHSDtAABpdKloaDVs6HFccVT4OWU5WK0cfB0olDllOUSFAVVgePVocDQUvVw4EQWhQVVsePkMBVQp3BlFdD3gVGAtRcwVeWgF7AFxbCXkVHFUJeAJfXgt5AVpeHipWGxwFJkccGEtrAClNCggWWi5ZPlwaCUsvX0YGXToWWi5KK1cBGl0tRwEGX2sBLglwHAMLLFc4f1sMCypKXRxiGWEYMW8UQwsFbTtqWlFMAgEyHloJYQQLUXdZJVtUelECPg0Xay1cXQlqXCQJAH45A24bfR9NCwoWWywdfHVeWA93AVlQCXgCDQ5eKgIODAAtBl4MWnxVXAkBfgFdWxpiEQsEWmwJSgBMOkMbUhdhRB8fDHcdHAdcJlIFAVQ6XAZGSDxcRxhNPVsaDVwnQQ0LTGEMHAVIcwFOBl06RAcaU3MCTgFXPQ5YTksnRw1VWSpVBBEeLQ5bTkg%2BWlVaAXsKXV8OaEMLAQV4BVpRDX0HW1kPaEdVWQ5%2FBF5bD3wBXk5cK0AcVVA6RxgbHX1yTVp%2BawEuCUghQQkbWSIdBg1MawEuGl0qWhoNWzpaBg8dfHUJIGp%2BUCwHTgIADFtcNwYcMm8cQzE%2FYj5QBT1NFwFRHHR8aR4KfxxfCwEBJH5bBAwsWT5dYRZ2XA1%2FFwckWXYDYgM%2BbQBETVt8awAsTQoIBVhfAXwCUFkOf1YODlx%2FVQxQW3sFDAoKKAcJUQh8BltKFGxSGwoadBEAHEw%2BQFJHFy9DBxpZPVIERlYrR0caXSpaGg1bOloGDxcvezpYWwpcHiQLKgAMEQ06aT86SBdkMhhbI2YdMQp3RyRaYjhRLzpULVpRAnV9X1wKUhgGMTB9elYvMQwCAiYlaSVlPSZPcw5HXgh5ClpZAH8FWQ1eKFdZDlx2UF1eXCwBDlxZdwNaXQtsTg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.3.27
Resource Hash: 63eadbe47fa672ee37a399b381eead8420f4fdbccc2f2fbb2ea02b74607638cd

Request headers

:method: GET
:authority: www49.todhamilton.pro
:scheme: https
:path: /pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=3&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://www4.todhamilton.pro/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=d2eb1df0507fd27054c15dca1dce948b51617637432
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www4.todhamilton.pro/

Response headers

date: Mon, 05 Apr 2021 15:43:56 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www49.todhamilton.pro; secure
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
cf-request-id: 09444d837e0000fa1c8595f000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=eqHzYbhzF7ZG7emIM4Tp0nIkxt3QSY%2BmrIjNNqgRtyk4Mjxc7c%2F0LsqCBYgMJjxnyzD1cTiFxEE3%2FewUbPFJASu0rEbm93HVuxb4gvbj12%2FE30SpTmY%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 63b3e518cdc1fa1c-AMS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 / Show response
dc5k8fg5ioc8s.cloudfront.net/ 144 KB
45 KB 65ms
64ms Script
text/plain 13.226.156.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Requested by: Host: www49.todhamilton.pro
URL: https://www49.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=3&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.156.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-156-80.dus51.r.cloudfront.net
Software: /
Resource Hash: 3f66ff09af02daad7b81f896c4609fec36b51b86966204c4f22c8df03f9b12dc

Request headers

Referer: https://www49.todhamilton.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Apr 2021 15:43:52 GMT
content-encoding: gzip
age: 4
x-cache: Hit from cloudfront
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
x-amz-cf-pop: DUS51-C1
content-length: 45412
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
x-amz-cf-id: hoLq2PxPhGbQ5uDThN4HkXOJXDBtHxb0A-X58ulNGArx7NnhFGTlTA==

GET
H2 200 logo.png
www49.todhamilton.pro/static/image/ 10 KB
11 KB 78ms
77ms Image
image/png 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www49.todhamilton.pro/static/image/logo.png
Requested by: Host: www49.todhamilton.pro
URL: https://www49.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=3&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a

Request headers

Referer: https://www49.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=3&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:43:56 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2519
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10726
cf-request-id: 09444d84ce0000fa1c76348000000001
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
server: cloudflare
etag: "29e6-5faa60e6-f392dafc4c855335;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=kD6gHaYyiwv%2F8wutZNo8l0BVEHNHHg%2F1f3U71phXScktP3kQoZGgji4aHXOi55T%2BsMWamM3H8hSRHlL%2BSZ9g1CHMxLRawLeUMwrrdZwjMqtIZfiPbVs%3D"}]}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 63b3e51aea42fa1c-AMS
expires: Mon, 12 Apr 2021 15:01:57 GMT

GET
H2 200 am-push.796884.js Show response
www49.todhamilton.pro/ 93 KB
34 KB 321ms
320ms Script
application/x-javascript 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www49.todhamilton.pro/am-push.796884.js?puid=2959576&allb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253&ob=https%3A%2F%2Fwww96.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&clb=https%3A%2F%2Fwww96.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&asb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Requested by: Host: www49.todhamilton.pro
URL: https://www49.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=3&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b9191f2cd7c6a9cca2907f04717014b91b655c4345169882578bfeffa4bc185

Request headers

Referer: https://www49.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=3&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:43:56 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09444d84cf0000fa1c6eaa5000000001
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
server: cloudflare
etag: W/"175a3-5faa60e6-7dbcd373cc8a4404;gz"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=SjYyQnM%2BZVWtYaCIen2VNyOLi38aqWUgD5juHlZZDYs5qTuk%2BF4nNPRxTQORJoPWc7zpMip1kYQl%2FUoNMk7eqDU4OdE%2BaSRzPesn7KzZvjTthztYulo%3D"}]}
content-type: application/x-javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 63b3e51aea48fa1c-AMS
expires: Mon, 12 Apr 2021 15:43:56 GMT

GET
H2 200 RlRldUY9dhYCGTMmCVd8ZDwRATY1bkpaMTEjUUxoMjsBHScrPQkBKSh6FQcpaTUIWDYzJw1bcX9iXU1yaD4WSjYzPQFIdH9hXEBxcHIEGSokaQ0BMjYnQEYHY2YjUHQANRUaNCcnBBloKDERUHQAJgARLzQxBgEvKDNARwAnHDdFJQI7Ezl1ImcBDHMyDjInNh8DP... Show response
aphycolourses.info/ 118 KB
47 KB 148ms
148ms Script
application/javascript 54.144.3.29
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://aphycolourses.info/RlRldUY9dhYCGTMmCVd8ZDwRATY1bkpaMTEjUUxoMjsBHScrPQkBKSh6FQcpaTUIWDYzJw1bcX9iXU1yaD4WSjYzPQFIdH9hXEBxcHIEGSokaQ0BMjYnQEYHY2YjUHQANRUaNCcnBBloKDERUHQAJgARLzQxBgEvKDNARwAnHDdFJQI7Ezl1ImcBDHMyDjInNh8DPwUlKwEQLHR%2FIClHHDA2IicqJT1cHwt1OFEXLBBhPC0DcjEiLHIKZSs4Fy0CMDsxY2chUHUCcVczcHZjXEd3fmVTRCMgMgFEICJsBkBwIjZXE3InbVVHc3VyChd7LiARBTVjZyRQdABxVzMxMSNcQ2gyOwEdJys9CQEpKHoVByljZiMFMzU8FxAiLyYAFjJjZiNQdQAgCAVjdRBUUHRwOgABMSkmDlB1AmVAR3AvOxZQdQJkQEdwNT0REGN1EAQRICotQEdwJXFWMXJjZlMFNi9xVjF0f2FcQHFwcVdDNiU9QEYCcGJXTHN1YFZEcWNmUwFjdRBUQ3dxYlZCdHRiQEdwIjEWAWN1EA0BMjYnQEdzdRVAR3N0EkBHc3QSBAUpNDUWFCpoOgABY3RhVzM0IzAMByMlIAwbIWNmUEcAJxw3RSUCOxM5dSJnAQxzMg4yJzYfAz8FJSsBECx0fyApRxwwNiInKiU9XB8LdThRFywQYTwtA3IxIixyCmUrOBctAjA7MWNmUEYCY2ZQRgJjZlBHAHBkUkx0d2xUQ3cjMgMRdyAwXRZzcDAHRyByNVxFdHNnQxYqJGkNATI2J0BGB2NmI1B0ACMSAn9wehEaIi41CBwqMjsLWzY0O0BHADYhFh00IzAMByMlIEBHAGNnIwErNnFWMXRjZlMbIzIjCgctY2chRGN0YgwaNWNnIUVjdGIWHDIjcVYxJyIyCQxjdGIGUHUCYEBHcDYkDFB1AmZcQH9zY1NQdHAkBhxjdRBTQ3R%2FYVZBdXdjQEdwMnFWMXdwZVJDdXFmV0NjdGIBEDUycVYxLjIgFQZjdGFWNGN0YVczY3RhVzMnNjsXFDUnOEsbIzJxV0B0ACYAES80MQYBLygzQEdzdBIEPRR2NyEaMApnAUYiP2ERLxEUJDwiHDY3CCAzH2ZcAQp0DhMXARQ4Bhx%2FLBlWGXIkPjNAHx4RURABH2ApRAgLBQ4jEwgjQEdzdRBAR3N1EEBHc3QSU0Vxf2ZUTXdwZQATICJlAxF%2BJWFTESR0MlEUf3ZmUEZgJycHSC4yIBUGY3UVQEcAY2YjFDYpJgQGJyp6CxAyY2YjByMiPRcQJTI9CxJjdBIEPRR2NyEaMApnAUYiP2ERLxEUJDwiHDY3CCAzH2ZcAQp0DhMXARQ4Bhx%2FLBlWGXIkPjNAHx4RURABH2ApRAgLBQ4jEwgjQEYCY2chUHQAYlVCf3RlXURwdzEDEyJ3MgFNJXNiARd0IGAETHZ0YVZXamQnCBNkfGVJVzInMzocImRuR0J%2FcGxdQWRqdhYAJBk9AURkfHZXTHN%2FYVJDZGp2FgAkGT0BR2R8dgRGdSJjXBZ2azEEECBrYF1HcmtsBkxyazcBR3clNVxMICU2XVdqZDUJGSRkbkcdMjIkFk9paTUVGjQnJwQZaCgxEVo0IzAMByMlIAwbIWk1LSd2JRAKAwp1MFYRP3MgPyIUNg0yLzYlOTAAH3RtETl0HCIHMhQqNwxMLAtnCUEkLAJQLB4DYAAyH3IYVDsLFz8zIAgxaVhacHZjXEd3fmVTRCMgMgFEICJsBkBwIjZXE3InbVVHc3V2SVcpJHZfVy4yIBUGfGl7EgIxf2JLASkiPAQYLyogChtoNiYKWjYzJw0HIyI9FxAlMntaASs2aVRTKCMgEho0LWlUUy8pJ1hFYDU9ERB7JzADGT9gN1hBYDYkDEh0f2FcQHFwchUWL3tiU0d%2Fc2dRRndxchFId3BlUkN1cWZXQ2AiMRYBey4gEQU1Y2ckUHQAcVczJzY7FxQ1JzhLGyMycVczNCMwDAcjJSAMGyFjZiMUDhRkBjEpMBhWEXUiLVABHBEGFSwRHCQGGBMzDVdMMgpmPwMkAQYJFi9%2FPihGKnI2DyNzHwwgQSMBDVE5dwgZNB4QExoSUHUCcVYxY3QSU0Vxf2ZUTXdwZQATICJlAxF%2BJWFTESR0MlEUf3ZmUEZkanYGGSRkbkcdMjIkFk9paSMSAn9wehEaIi41CBwqMjsLWzY0O0oFMzU8FxAiLyYAFjJpaxEYNntmQxsjMiMKBy17ZUMcKTVpVVM1LyAASCciMgkMYCVpUVM2Nj1YR39zbVBCcGAkBhx7cGJXTHN1YFZEcWAgWERwd2NTRnF0ZlNTIiMnEUguMiAVBmN1FUBHAGNmIxQ2KSYEBicqegsQMmNmIwcjIj0XECUyPQsSY3QSBD0UdjchGjAKZwFGIj9hES8RFCQ8Ihw2NwggMx9mXAEKdA4TFwEUOAYcfywZVhlyJD4zQB8eEVEQAR9gKUQICwUOIxMII0BGAmNnIVB0AGJVQn90ZV1EcHcxAxMidzIBTSVzYgEXdCBgBEx2dGFWV2pkNRYXZHx2DQEyNidfWmknJAoHJzU1CVsoIyBKByMiPRcQJTI9CxJpJxw3RSUCOxM5dSJnAQxzMg4yJzYfAz8FJSsBECx0fyApRxwwNiInKiU9XB8LdThRFywQYTwtA3IxIixyCmUrOBctAjA7MXtpSkN2cW1XRH53YlQQICAwVBMifjdQQyIkZgNBJ39kV0B1ZCk
Requested by: Host: www49.todhamilton.pro
URL: https://www49.todhamilton.pro/am-push.796884.js?puid=2959576&allb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253&ob=https%3A%2F%2Fwww96.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&clb=https%3A%2F%2Fwww96.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&asb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 54.144.3.29 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-144-3-29.compute-1.amazonaws.com
Software: / Express
Resource Hash: 42bf9a441f091c48d957d8ba2cd8692801927a1f8cf7831d99ed48c70a6366f3

Request headers

Referer: https://www49.todhamilton.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-encoding: gzip
etag: W/"1d99d-LcJmW6dtK//29lAMoWe7Y7z4AA4"
x-powered-by: Express
vary: Accept-Encoding
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With,content-type

GET
H2 200 / Show response
www96.todhamilton.pro/pushredirect/ 5 KB
3 KB 329ms
321ms Document
text/html 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www96.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=4&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Requested by: Host: aphycolourses.info
URL: https://aphycolourses.info/RlRldUY9dhYCGTMmCVd8ZDwRATY1bkpaMTEjUUxoMjsBHScrPQkBKSh6FQcpaTUIWDYzJw1bcX9iXU1yaD4WSjYzPQFIdH9hXEBxcHIEGSokaQ0BMjYnQEYHY2YjUHQANRUaNCcnBBloKDERUHQAJgARLzQxBgEvKDNARwAnHDdFJQI7Ezl1ImcBDHMyDjInNh8DPwUlKwEQLHR%2FIClHHDA2IicqJT1cHwt1OFEXLBBhPC0DcjEiLHIKZSs4Fy0CMDsxY2chUHUCcVczcHZjXEd3fmVTRCMgMgFEICJsBkBwIjZXE3InbVVHc3VyChd7LiARBTVjZyRQdABxVzMxMSNcQ2gyOwEdJys9CQEpKHoVByljZiMFMzU8FxAiLyYAFjJjZiNQdQAgCAVjdRBUUHRwOgABMSkmDlB1AmVAR3AvOxZQdQJkQEdwNT0REGN1EAQRICotQEdwJXFWMXJjZlMFNi9xVjF0f2FcQHFwcVdDNiU9QEYCcGJXTHN1YFZEcWNmUwFjdRBUQ3dxYlZCdHRiQEdwIjEWAWN1EA0BMjYnQEdzdRVAR3N0EkBHc3QSBAUpNDUWFCpoOgABY3RhVzM0IzAMByMlIAwbIWNmUEcAJxw3RSUCOxM5dSJnAQxzMg4yJzYfAz8FJSsBECx0fyApRxwwNiInKiU9XB8LdThRFywQYTwtA3IxIixyCmUrOBctAjA7MWNmUEYCY2ZQRgJjZlBHAHBkUkx0d2xUQ3cjMgMRdyAwXRZzcDAHRyByNVxFdHNnQxYqJGkNATI2J0BGB2NmI1B0ACMSAn9wehEaIi41CBwqMjsLWzY0O0BHADYhFh00IzAMByMlIEBHAGNnIwErNnFWMXRjZlMbIzIjCgctY2chRGN0YgwaNWNnIUVjdGIWHDIjcVYxJyIyCQxjdGIGUHUCYEBHcDYkDFB1AmZcQH9zY1NQdHAkBhxjdRBTQ3R%2FYVZBdXdjQEdwMnFWMXdwZVJDdXFmV0NjdGIBEDUycVYxLjIgFQZjdGFWNGN0YVczY3RhVzMnNjsXFDUnOEsbIzJxV0B0ACYAES80MQYBLygzQEdzdBIEPRR2NyEaMApnAUYiP2ERLxEUJDwiHDY3CCAzH2ZcAQp0DhMXARQ4Bhx%2FLBlWGXIkPjNAHx4RURABH2ApRAgLBQ4jEwgjQEdzdRBAR3N1EEBHc3QSU0Vxf2ZUTXdwZQATICJlAxF%2BJWFTESR0MlEUf3ZmUEZgJycHSC4yIBUGY3UVQEcAY2YjFDYpJgQGJyp6CxAyY2YjByMiPRcQJTI9CxJjdBIEPRR2NyEaMApnAUYiP2ERLxEUJDwiHDY3CCAzH2ZcAQp0DhMXARQ4Bhx%2FLBlWGXIkPjNAHx4RURABH2ApRAgLBQ4jEwgjQEYCY2chUHQAYlVCf3RlXURwdzEDEyJ3MgFNJXNiARd0IGAETHZ0YVZXamQnCBNkfGVJVzInMzocImRuR0J%2FcGxdQWRqdhYAJBk9AURkfHZXTHN%2FYVJDZGp2FgAkGT0BR2R8dgRGdSJjXBZ2azEEECBrYF1HcmtsBkxyazcBR3clNVxMICU2XVdqZDUJGSRkbkcdMjIkFk9paTUVGjQnJwQZaCgxEVo0IzAMByMlIAwbIWk1LSd2JRAKAwp1MFYRP3MgPyIUNg0yLzYlOTAAH3RtETl0HCIHMhQqNwxMLAtnCUEkLAJQLB4DYAAyH3IYVDsLFz8zIAgxaVhacHZjXEd3fmVTRCMgMgFEICJsBkBwIjZXE3InbVVHc3V2SVcpJHZfVy4yIBUGfGl7EgIxf2JLASkiPAQYLyogChtoNiYKWjYzJw0HIyI9FxAlMntaASs2aVRTKCMgEho0LWlUUy8pJ1hFYDU9ERB7JzADGT9gN1hBYDYkDEh0f2FcQHFwchUWL3tiU0d%2Fc2dRRndxchFId3BlUkN1cWZXQ2AiMRYBey4gEQU1Y2ckUHQAcVczJzY7FxQ1JzhLGyMycVczNCMwDAcjJSAMGyFjZiMUDhRkBjEpMBhWEXUiLVABHBEGFSwRHCQGGBMzDVdMMgpmPwMkAQYJFi9%2FPihGKnI2DyNzHwwgQSMBDVE5dwgZNB4QExoSUHUCcVYxY3QSU0Vxf2ZUTXdwZQATICJlAxF%2BJWFTESR0MlEUf3ZmUEZkanYGGSRkbkcdMjIkFk9paSMSAn9wehEaIi41CBwqMjsLWzY0O0oFMzU8FxAiLyYAFjJpaxEYNntmQxsjMiMKBy17ZUMcKTVpVVM1LyAASCciMgkMYCVpUVM2Nj1YR39zbVBCcGAkBhx7cGJXTHN1YFZEcWAgWERwd2NTRnF0ZlNTIiMnEUguMiAVBmN1FUBHAGNmIxQ2KSYEBicqegsQMmNmIwcjIj0XECUyPQsSY3QSBD0UdjchGjAKZwFGIj9hES8RFCQ8Ihw2NwggMx9mXAEKdA4TFwEUOAYcfywZVhlyJD4zQB8eEVEQAR9gKUQICwUOIxMII0BGAmNnIVB0AGJVQn90ZV1EcHcxAxMidzIBTSVzYgEXdCBgBEx2dGFWV2pkNRYXZHx2DQEyNidfWmknJAoHJzU1CVsoIyBKByMiPRcQJTI9CxJpJxw3RSUCOxM5dSJnAQxzMg4yJzYfAz8FJSsBECx0fyApRxwwNiInKiU9XB8LdThRFywQYTwtA3IxIixyCmUrOBctAjA7MXtpSkN2cW1XRH53YlQQICAwVBMifjdQQyIkZgNBJ39kV0B1ZCk
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.3.27
Resource Hash: 3aa8c15bbaeb3aaa090b3c0419ecd2051d33f5186a2d7eaf30cba4b92b811a30

Request headers

:method: GET
:authority: www96.todhamilton.pro
:scheme: https
:path: /pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=4&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://www49.todhamilton.pro/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=d2eb1df0507fd27054c15dca1dce948b51617637432
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www49.todhamilton.pro/

Response headers

date: Mon, 05 Apr 2021 15:43:57 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www96.todhamilton.pro; secure
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
cf-request-id: 09444d88760000fa1c3a0b8000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gMKV2oYzY%2BQ%2BywCC%2FbeyM%2Fgc833rCSs0JOSP%2Fx1VdzekMXMyd26M0vFScnbqJlFSmCNfRuFZlgfgslT1iXzHg7IhtTreWlw0sr7sjwXEvvaf7M2l61U%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 63b3e520bd6efa1c-AMS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 / Show response
dc5k8fg5ioc8s.cloudfront.net/ 144 KB
45 KB 65ms
64ms Script
text/plain 13.226.156.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Requested by: Host: www96.todhamilton.pro
URL: https://www96.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=4&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.156.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-156-80.dus51.r.cloudfront.net
Software: /
Resource Hash: 3f66ff09af02daad7b81f896c4609fec36b51b86966204c4f22c8df03f9b12dc

Request headers

Referer: https://www96.todhamilton.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Apr 2021 15:43:52 GMT
content-encoding: gzip
age: 5
x-cache: Hit from cloudfront
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
x-amz-cf-pop: DUS51-C1
content-length: 45412
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
x-amz-cf-id: xTQCWedJV-mqL8JQJeA_YQ0cu9cy0surgipTIVloUFUDCP4UB75i4Q==

GET
H2 200 logo.png
www96.todhamilton.pro/static/image/ 10 KB
11 KB 79ms
79ms Image
image/png 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www96.todhamilton.pro/static/image/logo.png
Requested by: Host: www96.todhamilton.pro
URL: https://www96.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=4&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a

Request headers

Referer: https://www96.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=4&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:43:57 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2320
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10726
cf-request-id: 09444d89bb0000fa1c7c35b000000001
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
server: cloudflare
etag: "29e6-5faa60e6-f392dafc4c855335;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AQVpl1iCd4fdRXrWJaizZ2GamHvm4ivRqWgOQQdqwtBlc1SXxzjZmI%2Bf9nQTXtPy%2B2tWNnwpoSDMTh4qxovQApxj4i7ldc8tS%2BC8RfVyg04E8vmjo1w%3D"}]}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 63b3e522ca1cfa1c-AMS
expires: Mon, 12 Apr 2021 15:05:17 GMT

GET
H2 200 am-push.796884.js Show response
www96.todhamilton.pro/ 93 KB
34 KB 303ms
303ms Script
application/x-javascript 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www96.todhamilton.pro/am-push.796884.js?puid=2959576&allb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253&ob=https%3A%2F%2Fwww94.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D5%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&clb=https%3A%2F%2Fwww94.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D5%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&asb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Requested by: Host: www96.todhamilton.pro
URL: https://www96.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=4&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b9191f2cd7c6a9cca2907f04717014b91b655c4345169882578bfeffa4bc185

Request headers

Referer: https://www96.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=4&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:43:58 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09444d89bb0000fa1c6fa2c000000001
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
server: cloudflare
etag: W/"175a3-5faa60e6-7dbcd373cc8a4404;gz"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RvMr3z%2B9UeQ0tVBFYmNGGKS9nf1GTKD5DhVpVVuVOOdsmMRSa2gj5b3YV2rS0JJuFdTMhL2sQpLYTUsChr6sXdKe%2Bnwd%2F8oXaa7K2q05oV4x6DMcy8w%3D"}]}
content-type: application/x-javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 63b3e522ca20fa1c-AMS
expires: Mon, 12 Apr 2021 15:43:58 GMT

GET
H2 200 VG8xMngvTUJFJyEdXRBCdgdFRggnVR4dDyMYCARWIABVWhk5Bl1GFzpBQUAXew5cHwghHFkcT21ZCQpMegVCDQghBlUPSm1aCAdPYklQXhQ2UllGDCQcFAE5cV13F0oSDkFdCjUcUF5WOgpFF0oSHVRWESYKUkYROggUAD41J2MCGxAAR35LMFxVS00gNWZgCA04a... Show response
aphycolourses.info/ 118 KB
47 KB 143ms
143ms Script
application/javascript 54.144.3.29
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://aphycolourses.info/VG8xMngvTUJFJyEdXRBCdgdFRggnVR4dDyMYCARWIABVWhk5Bl1GFzpBQUAXew5cHwghHFkcT21ZCQpMegVCDQghBlUPSm1aCAdPYklQXhQ2UllGDCQcFAE5cV13F0oSDkFdCjUcUF5WOgpFF0oSHVRWESYKUkYROggUAD41J2MCGxAAR35LMFxVS00gNWZgCA04a0IbOTpEa0ptG30AIiINdmAUNwYIWDVnAwVQEgJaaGo9YAp2a0wYXn9%2FKT85ZHwPcVx1F0sQSgN0TmRYCABJbF4HAx0yCVUDHjBXUgdOMA0DVEw1VgEATWdJXlBFPBtFQgtxXHAXShJKA3QPIxgIBlYgAFVaGTkGXUYXOkFBQBdxXXdCDScHQ1ccPR1UUQxxXXcXSxIbXEJdZysAF0piAVRGDzsdWhdLEF4UAE49AEIXSxBfFABOJwZFV11nK1BWHjgWFABON0oCdk1xXQdCCD1KAnZKbVoIB09iSgMECDcGFAE8YlkDC01nWwIDT3FdB0ZdZysABEljWQIFSmZZFABOMApCRl1nK1lGDCQcFABNZy4UAE1mKRQATWYpUEIXJg5CUxR6AVRGXWZaA3QKMQtYQB03G1hcH3FdBAA%2BNSdjAhsQAEd%2BSzBcVUtNIDVmYAgNOGtCGzk6RGtKbRt9ACIiDXZgFDcGCFg1ZwMFUBICWmhqPWAKdmtMGF5%2Ffyk%2FOWR8D3FdBAE8cV0EATxxXQQAPmJfBgtKZVcABEkxCVdWSTILCVFNYgtTAB5gDggCSmFcF1EUNlJZRgwkHBQBOXFddxdKEhhGRUFgQUVdHDwOXFsUIABfHAgmABQAPiQaQloKMQtYQB03GxQAPnFcd0YVJEoCdkpxXQdcHSAYXkATcVx1A11mWVhdC3FcdQJdZllCWwwxSgJ2GTAJXUtdZllSF0sQWhQATiQfWBdLEF0IB0FhWAcXSmIfUltdZysHBEptWgIGS2VYFABOIEoCdkliXgYES2NdAwRdZllVVwsgSgJ2ECAbQUFdZloCc11mWgN0XWZaA3QZJABDUws1Ax9cHSBKAwdKEh1UVhEmClJGEToIFABNZilQeipkDHVdDhhcVQEcLVpFaC8GH2hlIiQMXGcNDV0IRjRmNUdQPwYDUltBPiICXkw2BWcHIQwqBVc%2FDVt9AzYZPlpkLRoYFABNZysUAE1nKxQATWYpBwJPbV0ACkliXlRUHjBeV1ZAN1oHVhpmCQVTQWRdBAFeNRxTDxAgG0FBXWcuFAA%2BcV13Uwg7HVBBGThBX1cMcV13QB0wBkNXGyAGX1VdZilQeipkDHVdDhhcVQEcLVpFaC8GH2hlIiQMXGcNDV0IRjRmNUdQPwYDUltBPiICXkw2BWcHIQwqBVc%2FDVt9AzYZPlpkLRoYFAE8cVx1F0oSWQEFQWZeCQNOZQpXVBxlCVUKG2FZVVBKMltQC0hmWgIQVHYcXFRabl4dEAw1CG5bHHZVEwVBYlcJBlp4TUJHGgsGVQNabk0DC01tWgYEWnhNQkcaCwZVAFpuTVABSzBYCFFIeQpQVx55WwkATHlXUgtMeQxVAEk3DggLHjcNCRBUdg5dXhp2VRNaDCAfQghXew5BXQo1HFBeVjoKRR0KMQtYQB03G1hcH3sOeWBINyteRDRnCwJWAWEba2UqJDZmaAg3AmRHIWZWRX5KDhlTdSo4DFgLEhlcXQYaPjkEayARW1R1IWAjAHw1BQRnZzYjUgwdTmRYCABJbF4HAx0yCVUDHjBXUgdOMA0DVEw1VgEATWdNHRAXNk0LEBAgG0FBQntARkUPbVsfRhcwB1BfETgbXlxWJB1eHQghHFlAHTAGQ1cbIEAORhUkUgAUFjEbRl0KP1IAFBE7HAwCXicGRVdFNQtXXgFyDAwHXiQfWA9KbVoIB09iSUFREWlZBwBBYVwFAUljSUUPSWJeBgRLY10DBF4wCkJGRTwbRUILcVxwF0oSSgN0GSQAQ1MLNQMfXB0gSgN0CjELWEAdNxtYXB9xXXdTMAZfUnYXIiMCVkswFgRGIgM9QWsvDh9SXy0hNgMLDBhda0QaEz1dURFtBXwBFGANW2RNDTd0Bh0TNgV%2BSRoiYFkuASFGF0sQSgJ2XWYpBwJPbV0ACkliXlRUHjBeV1ZAN1oHVhpmCQVTQWRdBAFaeE1SXhp2VRNaDCAfQghXexhGRUFgQUVdHDwOXFsUIABfHAgmAB5CDScHQ1ccPR1UUQx7UEVfCGldF1wdIBheQBNpXhdbFydSARQLPRtUDxkwCV1LXjdSBBQIJAYMAEFhVgQFTnIfUltFYlkDC01nWwIDT3IbDANOZVgHAU9mXQcUHDEcRQ8QIBtBQV1nLhQAPnFdd1MIOx1QQRk4QV9XDHFdd0AdMAZDVxsgBl9VXWYpUHoqZAx1XQ4YXFUBHC1aRWgvBh9oZSIkDFxnDQ1dCEY0ZjVHUD8GA1JbQT4iAl5MNgVnByEMKgVXPw1bfQM2GT5aZC0aGBQBPHFcdRdKElkBBUFmXgkDTmUKV1QcZQlVChthWVVQSjJbUAtIZloCEFR2DkJQWm5NWUYMJBwLHVc1H15AGScOXRwWMRseQB0wBkNXGyAGX1VXNSdjAhsQAEd%2BSzBcVUtNIDVmYAgNOGtCGzk6RGtKbRt9ACIiDXZgFDcGCFg1ZwMFUBICWmhqPWAKdmtMGF5%2Ffyk%2FOWR8D2lSHgRIY1YDA0BlWQBXHjILAFQcbAwEBBw2XVcGGW1fAwdLdhI
Requested by: Host: www96.todhamilton.pro
URL: https://www96.todhamilton.pro/am-push.796884.js?puid=2959576&allb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253&ob=https%3A%2F%2Fwww94.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D5%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&clb=https%3A%2F%2Fwww94.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D5%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&asb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 54.144.3.29 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-144-3-29.compute-1.amazonaws.com
Software: / Express
Resource Hash: d0c5c6c551529451e87d5bf71fe2b88ed07d2e4451732fac7495a802d9d2cab5

Request headers

Referer: https://www96.todhamilton.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-encoding: gzip
etag: W/"1d99d-5lHzDgkZ2KfFDEoKdWxsJwJjlak"
x-powered-by: Express
vary: Accept-Encoding
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With,content-type

GET
H2 200 / Show response
www94.todhamilton.pro/pushredirect/ 5 KB
2 KB 325ms
317ms Document
text/html 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www94.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=5&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Requested by: Host: aphycolourses.info
URL: https://aphycolourses.info/VG8xMngvTUJFJyEdXRBCdgdFRggnVR4dDyMYCARWIABVWhk5Bl1GFzpBQUAXew5cHwghHFkcT21ZCQpMegVCDQghBlUPSm1aCAdPYklQXhQ2UllGDCQcFAE5cV13F0oSDkFdCjUcUF5WOgpFF0oSHVRWESYKUkYROggUAD41J2MCGxAAR35LMFxVS00gNWZgCA04a0IbOTpEa0ptG30AIiINdmAUNwYIWDVnAwVQEgJaaGo9YAp2a0wYXn9%2FKT85ZHwPcVx1F0sQSgN0TmRYCABJbF4HAx0yCVUDHjBXUgdOMA0DVEw1VgEATWdJXlBFPBtFQgtxXHAXShJKA3QPIxgIBlYgAFVaGTkGXUYXOkFBQBdxXXdCDScHQ1ccPR1UUQxxXXcXSxIbXEJdZysAF0piAVRGDzsdWhdLEF4UAE49AEIXSxBfFABOJwZFV11nK1BWHjgWFABON0oCdk1xXQdCCD1KAnZKbVoIB09iSgMECDcGFAE8YlkDC01nWwIDT3FdB0ZdZysABEljWQIFSmZZFABOMApCRl1nK1lGDCQcFABNZy4UAE1mKRQATWYpUEIXJg5CUxR6AVRGXWZaA3QKMQtYQB03G1hcH3FdBAA%2BNSdjAhsQAEd%2BSzBcVUtNIDVmYAgNOGtCGzk6RGtKbRt9ACIiDXZgFDcGCFg1ZwMFUBICWmhqPWAKdmtMGF5%2Ffyk%2FOWR8D3FdBAE8cV0EATxxXQQAPmJfBgtKZVcABEkxCVdWSTILCVFNYgtTAB5gDggCSmFcF1EUNlJZRgwkHBQBOXFddxdKEhhGRUFgQUVdHDwOXFsUIABfHAgmABQAPiQaQloKMQtYQB03GxQAPnFcd0YVJEoCdkpxXQdcHSAYXkATcVx1A11mWVhdC3FcdQJdZllCWwwxSgJ2GTAJXUtdZllSF0sQWhQATiQfWBdLEF0IB0FhWAcXSmIfUltdZysHBEptWgIGS2VYFABOIEoCdkliXgYES2NdAwRdZllVVwsgSgJ2ECAbQUFdZloCc11mWgN0XWZaA3QZJABDUws1Ax9cHSBKAwdKEh1UVhEmClJGEToIFABNZilQeipkDHVdDhhcVQEcLVpFaC8GH2hlIiQMXGcNDV0IRjRmNUdQPwYDUltBPiICXkw2BWcHIQwqBVc%2FDVt9AzYZPlpkLRoYFABNZysUAE1nKxQATWYpBwJPbV0ACkliXlRUHjBeV1ZAN1oHVhpmCQVTQWRdBAFeNRxTDxAgG0FBXWcuFAA%2BcV13Uwg7HVBBGThBX1cMcV13QB0wBkNXGyAGX1VdZilQeipkDHVdDhhcVQEcLVpFaC8GH2hlIiQMXGcNDV0IRjRmNUdQPwYDUltBPiICXkw2BWcHIQwqBVc%2FDVt9AzYZPlpkLRoYFAE8cVx1F0oSWQEFQWZeCQNOZQpXVBxlCVUKG2FZVVBKMltQC0hmWgIQVHYcXFRabl4dEAw1CG5bHHZVEwVBYlcJBlp4TUJHGgsGVQNabk0DC01tWgYEWnhNQkcaCwZVAFpuTVABSzBYCFFIeQpQVx55WwkATHlXUgtMeQxVAEk3DggLHjcNCRBUdg5dXhp2VRNaDCAfQghXew5BXQo1HFBeVjoKRR0KMQtYQB03G1hcH3sOeWBINyteRDRnCwJWAWEba2UqJDZmaAg3AmRHIWZWRX5KDhlTdSo4DFgLEhlcXQYaPjkEayARW1R1IWAjAHw1BQRnZzYjUgwdTmRYCABJbF4HAx0yCVUDHjBXUgdOMA0DVEw1VgEATWdNHRAXNk0LEBAgG0FBQntARkUPbVsfRhcwB1BfETgbXlxWJB1eHQghHFlAHTAGQ1cbIEAORhUkUgAUFjEbRl0KP1IAFBE7HAwCXicGRVdFNQtXXgFyDAwHXiQfWA9KbVoIB09iSUFREWlZBwBBYVwFAUljSUUPSWJeBgRLY10DBF4wCkJGRTwbRUILcVxwF0oSSgN0GSQAQ1MLNQMfXB0gSgN0CjELWEAdNxtYXB9xXXdTMAZfUnYXIiMCVkswFgRGIgM9QWsvDh9SXy0hNgMLDBhda0QaEz1dURFtBXwBFGANW2RNDTd0Bh0TNgV%2BSRoiYFkuASFGF0sQSgJ2XWYpBwJPbV0ACkliXlRUHjBeV1ZAN1oHVhpmCQVTQWRdBAFaeE1SXhp2VRNaDCAfQghXexhGRUFgQUVdHDwOXFsUIABfHAgmAB5CDScHQ1ccPR1UUQx7UEVfCGldF1wdIBheQBNpXhdbFydSARQLPRtUDxkwCV1LXjdSBBQIJAYMAEFhVgQFTnIfUltFYlkDC01nWwIDT3IbDANOZVgHAU9mXQcUHDEcRQ8QIBtBQV1nLhQAPnFdd1MIOx1QQRk4QV9XDHFdd0AdMAZDVxsgBl9VXWYpUHoqZAx1XQ4YXFUBHC1aRWgvBh9oZSIkDFxnDQ1dCEY0ZjVHUD8GA1JbQT4iAl5MNgVnByEMKgVXPw1bfQM2GT5aZC0aGBQBPHFcdRdKElkBBUFmXgkDTmUKV1QcZQlVChthWVVQSjJbUAtIZloCEFR2DkJQWm5NWUYMJBwLHVc1H15AGScOXRwWMRseQB0wBkNXGyAGX1VXNSdjAhsQAEd%2BSzBcVUtNIDVmYAgNOGtCGzk6RGtKbRt9ACIiDXZgFDcGCFg1ZwMFUBICWmhqPWAKdmtMGF5%2Ffyk%2FOWR8D2lSHgRIY1YDA0BlWQBXHjILAFQcbAwEBBw2XVcGGW1fAwdLdhI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.3.27
Resource Hash: d95a93b633d87a4808fae8d3b386ca28c9978eadb6c3d4d0d5ea1f08dbb84b10

Request headers

:method: GET
:authority: www94.todhamilton.pro
:scheme: https
:path: /pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=5&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://www96.todhamilton.pro/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=d2eb1df0507fd27054c15dca1dce948b51617637432
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www96.todhamilton.pro/

Response headers

date: Mon, 05 Apr 2021 15:43:59 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www94.todhamilton.pro; secure
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
cf-request-id: 09444d8d560000fa1c48198000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=le%2FZ4roI7r%2BXOCRngjBLI%2FnJRfD1TKY1hrTRlHpMoEOaJStUt1CnAggW2OdExTQyNfanu4prUI2rI6u8sBlKT5AyilQD2jrq1XyO3d7ZSRmRd5DZONQ%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 63b3e5288dfefa1c-AMS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 / Show response
dc5k8fg5ioc8s.cloudfront.net/ 144 KB
45 KB 65ms
63ms Script
text/plain 13.226.156.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Requested by: Host: www94.todhamilton.pro
URL: https://www94.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=5&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.156.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-156-80.dus51.r.cloudfront.net
Software: /
Resource Hash: 3f66ff09af02daad7b81f896c4609fec36b51b86966204c4f22c8df03f9b12dc

Request headers

Referer: https://www94.todhamilton.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Apr 2021 15:43:52 GMT
content-encoding: gzip
age: 7
x-cache: Hit from cloudfront
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
x-amz-cf-pop: DUS51-C1
content-length: 45412
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
x-amz-cf-id: fEinXLN6V4l2dMFNPfQiKehcHtJMiNamp2i5WxMAuRbrfGyU14ARhQ==

GET
H2 200 logo.png
www94.todhamilton.pro/static/image/ 10 KB
11 KB 84ms
82ms Image
image/png 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www94.todhamilton.pro/static/image/logo.png
Requested by: Host: www94.todhamilton.pro
URL: https://www94.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=5&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a

Request headers

Referer: https://www94.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=5&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:43:59 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2069
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10726
cf-request-id: 09444d8eaf0000fa1c45923000000001
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
server: cloudflare
etag: "29e6-5faa60e6-f392dafc4c855335;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OgAei7VNUcb764wPUze6gp%2FSFxjxeDdsGgtzeMmeS3ndSDISQJRPNoqC8hUgDEAPkYhm%2FOoOZZMftkZiXClA7F%2FmAH1E4d3TiDa4GTSdK%2Br9VkGlc5g%3D"}]}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 63b3e52abb4efa1c-AMS
expires: Mon, 12 Apr 2021 15:09:30 GMT

GET
H2 200 am-push.796884.js Show response
www94.todhamilton.pro/ 93 KB
34 KB 300ms
299ms Script
application/x-javascript 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www94.todhamilton.pro/am-push.796884.js?puid=2959576&allb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253&ob=https%3A%2F%2Fwww5.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D6%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&clb=https%3A%2F%2Fwww5.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D6%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&asb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Requested by: Host: www94.todhamilton.pro
URL: https://www94.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=5&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b9191f2cd7c6a9cca2907f04717014b91b655c4345169882578bfeffa4bc185

Request headers

Referer: https://www94.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=5&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:43:59 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09444d8eb00000fa1c5d0cf000000001
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
server: cloudflare
etag: W/"175a3-5faa60e6-7dbcd373cc8a4404;gz"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=eQGe3Z3Pgk7ryBxX7Gks2Z5gFhhInM76WHHEu5ETryWDRSanAiyESQbgNokjioe0dFx%2F25YA%2F%2FoRVWW47n7BfY2ht4Vm%2F4hQpoQVagSqF8xq%2BGnGzzo%3D"}]}
content-type: application/x-javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 63b3e52abb56fa1c-AMS
expires: Mon, 12 Apr 2021 15:43:59 GMT

GET
H2 200 MlA2SVBJckU%2BD0ciWmtqEDhCPSBBahlmJ0UnD31%2BRj9SITFfOVo9P1x%2BRjs%2FHTFbZCBHI15nZwtmDnFkHDpFdiBHOVJ0YgtlD3xnBHZXJTxQbV49JEIjE3oRF2JwbGJ0MUYmIlMjVyV%2BXDVCbGJ0IlMtOUA1VT05XDcTexZTGGR5M3Y%2FQAVjVmNSM... Show response
aphycolourses.info/ 118 KB
47 KB 144ms
143ms Script
application/javascript 54.144.3.29
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://aphycolourses.info/MlA2SVBJckU%2BD0ciWmtqEDhCPSBBahlmJ0UnD31%2BRj9SITFfOVo9P1x%2BRjs%2FHTFbZCBHI15nZwtmDnFkHDpFdiBHOVJ0YgtlD3xnBHZXJTxQbV49JEIjE3oRF2JwbGJ0MUYmIlMjVyV%2BXDVCbGJ0IlMtOUA1VT05XDcTexZTGGR5M3Y%2FQAVjVmNSMGVGCmEbIGsHbDkzXwVDEGILJHp7CkQycRs8UTkPIx0BPAIrOmRlbxEVBjVxEGR%2BYXgEAVkGYwcnF2NybGN2dQQPZgJnD3thCmEAeDVUNlJ4NlZoVXxmVjIEL2RTaQZ7ZQF2WSttWiRCOSMXY3dsYnR1BA8nRScDZyRdNF4oPVs8QiY%2BHCBEJnUAFkY8I1oiUy05QDVVPXUAFhN6FkY9RmxjdmETe2ZcNUI%2BP0A7E3oUA3UEfzldIxN6FAJ1BH8jWyRTbGN2MVIvPEt1BH8zF2Nyf3UAZkY5ORdjcntpB2kDfmYXYgA5M1t1BQ1mBGIPfGMGYwd%2BdQBmQmxjdmEAeGcEYwF7YgR1BH80VyNCbGN2OEI9IEF1BHxjc3UEfGJ0dQR8YnQxRiYiUyNXJX5cNUJsYgdicDs1VjlELDNGOVgudQBlBA8xegIGKhRdJnp6NAE0T3wkaAdkOQllCkYqPWclb3tpRhwEEyZQF2QlM1tpXARjXmRUIwYHCW4MZFcXb30cAx57GDtkBXg%2BdQBlBQ11AGUFDXUAZQQPZgJnD3thCmEAeDVUNlJ4NlZoVXxmVjIEL2RTaQZ7ZQF2VSUyDzhCPSBBdQUIdQAWE3sWRSdBfH5GP1IhMV85Wj0%2FXH5GOz8XYnA5JUE4RCw0WyJTKiQXYnBsY3QkWzl1ARQEbGIEPlM9J10iXWxjdmETe2ZbP0VsY3ZgE3tmQTlCLHUBFFctNl4pE3tmUXUFDWYXYgA5IFt1BQ1iC2UPfGcEdQR%2FIFE5E3oUBGYEcGUBZAV4ZxdiAD11ARQHf2EFZgV%2BYgBmE3tmVjVFPXUBFF49JEIjE3tlARETe2UAFhN7ZQAWVzk%2FQDFFKDwcPlM9dQBlBA8iVzRfOzVRJF8nNxdiA3sWUxhkeTN2P0AFY1ZjUjBlRgphGyBrB2w5M18FQxBiCyR6ewpEMnEbPFE5DyMdATwCKzpkZW8RFQY1cRBkfmF4BAFZBmMHJxdiA3oUF2IDehQXYgN7FgRgAXBiA2gHf2FXNlAtYVQ0DiplBDRUezYGMQ95YgdjECgjUG1ePSRCIxN6ERdicGxidDFGJiJTI1clflw1QmxidCJTLTlANVU9OVw3E3sWUxhkeTN2P0AFY1ZjUjBlRgphGyBrB2w5M18FQxBiCyR6ewpEMnEbPFE5DyMdATwCKzpkZW8RFQY1cRBkfmF4BAFZBmMHJxdjcmxjdnUED2YCZw97YQphAHg1VDZSeDZWaFV8ZlYyBC9kU2kGe2UBchprI182FHNhHnJCKDdtOVJrahBnD39oCmQUZXJBJVQWOVZhFHNyAGkDcGUFZhRlckElVBY5VmIUc3JTYwUtZwszBmQ1UzVQZGQKYgJkaFFpAmQzVmIHKjELaVAqMgpyGmsxXjxUa2oQOEI9IEFqGWYxQj9EKCNTPBgnNUZ%2FRCw0WyJTKiRbPlFmMXoCBioUXSZ6ejQBNE98JGgHZDkJZQpGKj1nJW97aUYcBBMmUBdkJTNbaVwEY15kVCMGBwluDGRXF299HAMeexg7ZAV4Pm0PfwB5ZwtiB3FhBGFTLzZWYVAtaFFlAC0yADYCKGkCYgN6ch5yWStyCHJePSRCIwxmf0UnQXx%2BRj9SITFfOVo9P1x%2BRjs%2FHSBDOjhANVIgIlczQmZvRj1GdGEUPlM9J10iXXRhFDlZOm0CdkUgJFdtVy02XikQKm0EdkY5OQ9iD3xpB2cAbyBROQt%2FZgBpA3pkAWEBbyQPYQB4ZwRjAXtiBHZSLCNGbV49JEIjE3oRF2JwbGJ0MUYmIlMjVyV%2BXDVCbGJ0IlMtOUA1VT05XDcTexZTGGR5M3Y%2FQAVjVmNSMGVGCmEbIGsHbDkzXwVDEGILJHp7CkQycRs8UTkPIx0BPAIrOmRlbxEVBjVxEGR%2BYXgEAVkGYwcnF2NybGN2dQQPZgJnD3thCmEAeDVUNlJ4NlZoVXxmVjIEL2RTaQZ7ZQFyGmszXjIUc3JaJEI5Iwh%2FGT4nRWUYPT9WOFckOV4kWSd%2BQiJZZiBHI147NVY5RCwzRn8JPT1CbQRvPlckQSYiWW0HbzldIwt5dkE5QixtUzRQJSkUMwt%2FdkIgX3RiC2UPfGcEdkYqOQ9mAHtpB2MCemEFdkJ0YQRhAX9jBWIEf3ZWNUU9bVokQjkjF2N3bGJ0dQQPMUI%2FRCgjUzwYJzVGdQQPIlc0Xzs1USRfJzcXYnAoGGBgVQ0%2FRBwFLWNWKQM9CmUCRhAHaCBVJAVHCQRwJH5ibD8ydQJaKjkLOnt6PAYyXB9lawhzfTV1CQIFYXwdZyIGZx5BbGN2dQUNdQAWAHlnC2IHcWEEYVMvNlZhUC1oUWUALTIANgIoaQJiA3pyHnJXOjIQahQhJEYgRXN%2FHTFGJiJTI1clflw1QmYiVzRfOzVRJF8nNx0xfhtgURRZPxwBNAUtKQckbB4CQglhEyBRPWM8CQBpQgViaCZUDgJeM19wOn9jWn0yWAYDEAh3ZFMOCQYcBwcdYztgHB5FbQtmZgJnD3thCmEAeDVUNlJ4NlZoVXxmVjIEL2RTaQZ7ZQFySw
Requested by: Host: www94.todhamilton.pro
URL: https://www94.todhamilton.pro/am-push.796884.js?puid=2959576&allb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253&ob=https%3A%2F%2Fwww5.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D6%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&clb=https%3A%2F%2Fwww5.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D6%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&asb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 54.144.3.29 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-144-3-29.compute-1.amazonaws.com
Software: / Express
Resource Hash: 3bf4a27d60db92d1b793ca62cf8e40ee7e377b1b62198787ba2a1b16f68c2889

Request headers

Referer: https://www94.todhamilton.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-encoding: gzip
etag: W/"1d998-CPvsNFToEX4Kk0hWBfl52WgMaW8"
x-powered-by: Express
vary: Accept-Encoding
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With,content-type

GET
H2 200 / Show response
www5.todhamilton.pro/pushredirect/ 5 KB
3 KB 331ms
320ms Document
text/html 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www5.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=6&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Requested by: Host: aphycolourses.info
URL: https://aphycolourses.info/MlA2SVBJckU%2BD0ciWmtqEDhCPSBBahlmJ0UnD31%2BRj9SITFfOVo9P1x%2BRjs%2FHTFbZCBHI15nZwtmDnFkHDpFdiBHOVJ0YgtlD3xnBHZXJTxQbV49JEIjE3oRF2JwbGJ0MUYmIlMjVyV%2BXDVCbGJ0IlMtOUA1VT05XDcTexZTGGR5M3Y%2FQAVjVmNSMGVGCmEbIGsHbDkzXwVDEGILJHp7CkQycRs8UTkPIx0BPAIrOmRlbxEVBjVxEGR%2BYXgEAVkGYwcnF2NybGN2dQQPZgJnD3thCmEAeDVUNlJ4NlZoVXxmVjIEL2RTaQZ7ZQF2WSttWiRCOSMXY3dsYnR1BA8nRScDZyRdNF4oPVs8QiY%2BHCBEJnUAFkY8I1oiUy05QDVVPXUAFhN6FkY9RmxjdmETe2ZcNUI%2BP0A7E3oUA3UEfzldIxN6FAJ1BH8jWyRTbGN2MVIvPEt1BH8zF2Nyf3UAZkY5ORdjcntpB2kDfmYXYgA5M1t1BQ1mBGIPfGMGYwd%2BdQBmQmxjdmEAeGcEYwF7YgR1BH80VyNCbGN2OEI9IEF1BHxjc3UEfGJ0dQR8YnQxRiYiUyNXJX5cNUJsYgdicDs1VjlELDNGOVgudQBlBA8xegIGKhRdJnp6NAE0T3wkaAdkOQllCkYqPWclb3tpRhwEEyZQF2QlM1tpXARjXmRUIwYHCW4MZFcXb30cAx57GDtkBXg%2BdQBlBQ11AGUFDXUAZQQPZgJnD3thCmEAeDVUNlJ4NlZoVXxmVjIEL2RTaQZ7ZQF2VSUyDzhCPSBBdQUIdQAWE3sWRSdBfH5GP1IhMV85Wj0%2FXH5GOz8XYnA5JUE4RCw0WyJTKiQXYnBsY3QkWzl1ARQEbGIEPlM9J10iXWxjdmETe2ZbP0VsY3ZgE3tmQTlCLHUBFFctNl4pE3tmUXUFDWYXYgA5IFt1BQ1iC2UPfGcEdQR%2FIFE5E3oUBGYEcGUBZAV4ZxdiAD11ARQHf2EFZgV%2BYgBmE3tmVjVFPXUBFF49JEIjE3tlARETe2UAFhN7ZQAWVzk%2FQDFFKDwcPlM9dQBlBA8iVzRfOzVRJF8nNxdiA3sWUxhkeTN2P0AFY1ZjUjBlRgphGyBrB2w5M18FQxBiCyR6ewpEMnEbPFE5DyMdATwCKzpkZW8RFQY1cRBkfmF4BAFZBmMHJxdiA3oUF2IDehQXYgN7FgRgAXBiA2gHf2FXNlAtYVQ0DiplBDRUezYGMQ95YgdjECgjUG1ePSRCIxN6ERdicGxidDFGJiJTI1clflw1QmxidCJTLTlANVU9OVw3E3sWUxhkeTN2P0AFY1ZjUjBlRgphGyBrB2w5M18FQxBiCyR6ewpEMnEbPFE5DyMdATwCKzpkZW8RFQY1cRBkfmF4BAFZBmMHJxdjcmxjdnUED2YCZw97YQphAHg1VDZSeDZWaFV8ZlYyBC9kU2kGe2UBchprI182FHNhHnJCKDdtOVJrahBnD39oCmQUZXJBJVQWOVZhFHNyAGkDcGUFZhRlckElVBY5VmIUc3JTYwUtZwszBmQ1UzVQZGQKYgJkaFFpAmQzVmIHKjELaVAqMgpyGmsxXjxUa2oQOEI9IEFqGWYxQj9EKCNTPBgnNUZ%2FRCw0WyJTKiRbPlFmMXoCBioUXSZ6ejQBNE98JGgHZDkJZQpGKj1nJW97aUYcBBMmUBdkJTNbaVwEY15kVCMGBwluDGRXF299HAMeexg7ZAV4Pm0PfwB5ZwtiB3FhBGFTLzZWYVAtaFFlAC0yADYCKGkCYgN6ch5yWStyCHJePSRCIwxmf0UnQXx%2BRj9SITFfOVo9P1x%2BRjs%2FHSBDOjhANVIgIlczQmZvRj1GdGEUPlM9J10iXXRhFDlZOm0CdkUgJFdtVy02XikQKm0EdkY5OQ9iD3xpB2cAbyBROQt%2FZgBpA3pkAWEBbyQPYQB4ZwRjAXtiBHZSLCNGbV49JEIjE3oRF2JwbGJ0MUYmIlMjVyV%2BXDVCbGJ0IlMtOUA1VT05XDcTexZTGGR5M3Y%2FQAVjVmNSMGVGCmEbIGsHbDkzXwVDEGILJHp7CkQycRs8UTkPIx0BPAIrOmRlbxEVBjVxEGR%2BYXgEAVkGYwcnF2NybGN2dQQPZgJnD3thCmEAeDVUNlJ4NlZoVXxmVjIEL2RTaQZ7ZQFyGmszXjIUc3JaJEI5Iwh%2FGT4nRWUYPT9WOFckOV4kWSd%2BQiJZZiBHI147NVY5RCwzRn8JPT1CbQRvPlckQSYiWW0HbzldIwt5dkE5QixtUzRQJSkUMwt%2FdkIgX3RiC2UPfGcEdkYqOQ9mAHtpB2MCemEFdkJ0YQRhAX9jBWIEf3ZWNUU9bVokQjkjF2N3bGJ0dQQPMUI%2FRCgjUzwYJzVGdQQPIlc0Xzs1USRfJzcXYnAoGGBgVQ0%2FRBwFLWNWKQM9CmUCRhAHaCBVJAVHCQRwJH5ibD8ydQJaKjkLOnt6PAYyXB9lawhzfTV1CQIFYXwdZyIGZx5BbGN2dQUNdQAWAHlnC2IHcWEEYVMvNlZhUC1oUWUALTIANgIoaQJiA3pyHnJXOjIQahQhJEYgRXN%2FHTFGJiJTI1clflw1QmYiVzRfOzVRJF8nNx0xfhtgURRZPxwBNAUtKQckbB4CQglhEyBRPWM8CQBpQgViaCZUDgJeM19wOn9jWn0yWAYDEAh3ZFMOCQYcBwcdYztgHB5FbQtmZgJnD3thCmEAeDVUNlJ4NlZoVXxmVjIEL2RTaQZ7ZQFySw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.3.27
Resource Hash: cc99ad98e29747639278d7d1646a7fe1e2a6669f9b205008465d94d977595c6a

Request headers

:method: GET
:authority: www5.todhamilton.pro
:scheme: https
:path: /pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=6&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://www94.todhamilton.pro/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=d2eb1df0507fd27054c15dca1dce948b51617637432
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www94.todhamilton.pro/

Response headers

date: Mon, 05 Apr 2021 15:44:00 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www5.todhamilton.pro; secure
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
cf-request-id: 09444d92780000fa1c2b96a000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2pS6kbvZYIr4fgiFTI9H5cHzUiIHqFpVb6%2F9QYsFQ2Ax8uBOfMbmXsp%2BU3IoA%2BHeRQHLASP7%2Fr4RI7xCL5TteEavIrEd5VoKXVv6OOn1cZnZHX3qlQ%3D%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 63b3e530c8f4fa1c-AMS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 / Show response
dc5k8fg5ioc8s.cloudfront.net/ 144 KB
45 KB 72ms
72ms Script
text/plain 13.226.156.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Requested by: Host: www5.todhamilton.pro
URL: https://www5.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=6&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.156.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-156-80.dus51.r.cloudfront.net
Software: /
Resource Hash: 3f66ff09af02daad7b81f896c4609fec36b51b86966204c4f22c8df03f9b12dc

Request headers

Referer: https://www5.todhamilton.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Apr 2021 15:43:52 GMT
content-encoding: gzip
age: 8
x-cache: Hit from cloudfront
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
x-amz-cf-pop: DUS51-C1
content-length: 45412
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
x-amz-cf-id: dXdbGP9B1d8X-MxDABmyz2SbfYbdr9bBzd92op7bmc-YI_YswDt4gQ==

GET
H2 200 logo.png
www5.todhamilton.pro/static/image/ 10 KB
11 KB 83ms
82ms Image
image/png 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www5.todhamilton.pro/static/image/logo.png
Requested by: Host: www5.todhamilton.pro
URL: https://www5.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=6&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a

Request headers

Referer: https://www5.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=6&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:00 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2530
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10726
cf-request-id: 09444d93c00000fa1c1e810000000001
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
server: cloudflare
etag: "29e6-5faa60e6-f392dafc4c855335;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cJP1uXi8d%2B7MJZzGB99FD6hfS8%2FAejXiq2Z7YxI588WzpX2coEKvm2QMV%2Blx8WPPYyAsufZ8%2Fnsd1%2FDcpfVyCw9I%2FVkabUMUA4T8pMThXxzcIDC%2FOw%3D%3D"}]}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 63b3e532cd70fa1c-AMS
expires: Mon, 12 Apr 2021 15:01:50 GMT

GET
H2 200 am-push.796884.js Show response
www5.todhamilton.pro/ 93 KB
34 KB 318ms
318ms Script
application/x-javascript 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www5.todhamilton.pro/am-push.796884.js?puid=2959576&allb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253&ob=https%3A%2F%2Fwww75.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D7%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&clb=https%3A%2F%2Fwww75.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D7%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&asb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Requested by: Host: www5.todhamilton.pro
URL: https://www5.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=6&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b9191f2cd7c6a9cca2907f04717014b91b655c4345169882578bfeffa4bc185

Request headers

Referer: https://www5.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=6&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:00 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09444d93c00000fa1c3aacf000000001
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
server: cloudflare
etag: W/"175a3-5faa60e6-7dbcd373cc8a4404;gz"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2B%2B%2FXq9esvNjsjqzVzmKx2fzcPef8bujmZNkrN3a4%2B%2FBkQRRekYkLMU%2BFbyxD8sV8T4cqE4paamAwEBy29P%2F6yjDhK54ZBf8GXt3bbZU5%2Fy4OwcBEEA%3D%3D"}]}
content-type: application/x-javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 63b3e532cd71fa1c-AMS
expires: Mon, 12 Apr 2021 15:44:00 GMT

GET
H2 200 UjIwTGgpEEM7NydAXG5ScFpEOBghCB9jHyVFBWIcPVZYLQU7XkQjBnxCQiNHM18dPB0hWh57UWQKCHhGOEEPPB07Vg1%2BUWcLBXtedFNcIApvWkQ4GCEXAw1NYHQVfi4zQl8%2BCSFTXGIGN0YVfi4gV1QlGjdRRCUGNRcCCgkaYAAvLD1EfH8MYVZJeRwIZWI8M... Show response
aphycolourses.info/ 118 KB
47 KB 148ms
148ms Script
application/javascript 54.144.3.29
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://aphycolourses.info/UjIwTGgpEEM7NydAXG5ScFpEOBghCB9jHyVFBWIcPVZYLQU7XkQjBnxCQiNHM18dPB0hWh57UWQKCHhGOEEPPB07Vg1%2BUWcLBXtedFNcIApvWkQ4GCEXAw1NYHQVfi4zQl8%2BCSFTXGIGN0YVfi4gV1QlGjdRRCUGNRcCCgkaYAAvLD1EfH8MYVZJeRwIZWI8MQVoQC8FB0dpflEmfgIWHjB1YiALOwtaAVs%2BBlImPmdraAlcN3VpeCRjfH0dAwRnfjtNYXYVfyx3AHZ6WGULAn1QYwQBKQ40VgEqDGpRBXoMMABWeAlrAgJ5W3RdUnEAJkZAP01hcxV%2BLncAdjsfJQUFYhw9VlgtBTteRCMGfEJCI01gdEA5GzpAVSgBIFdTOE1gdBV%2FLiZfQGlbFgMVfl48V0Q7ByBZFX8sYxcCegE9QRV%2FLGIXAnobO0ZVaVsWU1QqBCsXAnoLdwF0e01gBEA8AXcBdH5RZwsFe153AAY8CzsXAwheZAAJeVtmAQF7TWAERGlbFgMGfV9kAQd%2BWmQXAnoMN0FEaVsWWkQ4GCEXAnlbExcCeVoUFwJ5WhRTQCMaM0FRIEY8V0RpWmcAdj4NNltCKQsmW14rTWAHAgoJGmAALyw9RHx%2FDGFWSXkcCGViPDEFaEAvBQdHaX5RJn4CFh4wdWIgCzsLWgFbPgZSJj5na2gJXDd1aXgkY3x9HQMEZ347TWAHAwhNYAcDCE1gBwIKXmIFCX5ZagMGfQ00VFR9DjYKU3leNlACKlwzCwB%2BXWEUUyAKb1pEOBghFwMNTWB0FX4uJUVHe118Rl8oADNfWSAcPVwePBo9FwIKGCdBWD4NNltCKQsmFwIKTWF0RCEYdwF0fk1gBF4pHCVdQidNYXYBaVpkW18%2FTWF2AGlaZEFZOA13AXQtDDReSWlaZFEVfyxlFwJ6GCJbFX8sYAsFdV1lBBV%2BXiJRWWlbFgQGflFnAQR%2FWWUXAnocdwF0fV5jBQZ%2FX2AABmlaZFZVPxx3AXQkHCZCQ2laZwFxaVpnAHZpWmcAdi0YPUBRPwk%2BHF4pHHcABX4uIFdUJRo3UUQlBjUXAnlaFFN4Hlgxdl86JGFWAygRZ0ZqGzoia2cWGDFfZTkxYAtEAFoIRFILOj5RWXUCHwFceAo4ZAUVMBcGVQsxZn4BAiUDWWYZJiUXAnlbFhcCeVsWFwJ5WhQEAHtRYAMIfV5jV1YqDGNUVHQLZwRULlo0BlF1WGAHA2oJIVANJBwmQkNpWxMXAgpNYHRRPAcgU0MtBHxcVThNYHRCKQw7QFUvHDtcV2laFFN4Hlgxdl86JGFWAygRZ0ZqGzoia2cWGDFfZTkxYAtEAFoIRFILOj5RWXUCHwFceAo4ZAUVMBcGVQsxZn4BAiUDWWYZJiUXAwhNYXYVfi5kAgd1WmMKAXpZN1RWKFk0VggvXWRWUn4OZlMJfFpnARJgSiFfVm5SYx4SOAk1bVkoSmgQB3VeagoEbkRwQUUuNztWAW5ScAAJeVFnBQZuRHBBRS43O1YCblJwUwN%2FDGULU3xFN1NVKkVmCgJ4RWpRCXhFMVYCfQszCwkqCzAKEmBKM15cLkpoEFg4HCJBCmNHM0JfPgkhU1xiBjdGHz4NNltCKQsmW14rRzN6YnwLFl1GAFs2AVQ1XSZoZx4YC2VqPAs%2FZ0UVWmtGfH4yJFB3HgQxWwkmJWFeBC4CBAdpFC1mV3cVXB4DfgE5OWRlAh9vDx96WGULAn1QYwQBKQ40VgEqDGpRBXoMMABWeAlrAgJ5W3AeEiMKcAgSJBwmQkN2R31FRztfZxxEIww6U10lBCZdXmIYIF0fPB0hWkIpDDtAVS8cfQ1EIRhvAxYiDSZFXz4DbwMWJQchDwBqGztGVXEJNlRcNU4xDwdqGCJbDX5RZwsFe150QlMlVWQEAnVdYQYDfV90Rg19XmMFBn9fYAAGagw3QURxACZGQD9NYXMVfi53AHYtGD1AUT8JPhxeKRx3AHY%2BDTZbQikLJlteK01gdFEEOmJRdCMeHgFUfwwrB0QWPwBCaRsyIlFdGR0LAAk4JGBoRi4vAF5TJVE4fwMgXDBYZnkxCncEKS8LBnx9Jh9jWxo9HEUVfyx3AXRpWhQEAHtRYAMIfV5jV1YqDGNUVHQLZwRULlo0BlF1WGAHA25EcFFcLkpoEFg4HCJBCmNHJUVHe118Rl8oADNfWSAcPVwePBo9HUA5GzpAVSgBIFdTOEdtRl08VWAUXikcJV1CJ1VjFFkjG28CFj8BJlcNLQw0XklqC28FFjwYOw8CdV1rBwd6TiJRWXFeZAAJeVtmAQF7TiYPAXpZZQQDe1pgBBYoDSFGDSQcJkJDaVsTFwIKTWB0UTwHIFNDLQR8XFU4TWB0QikMO0BVLxw7XFdpWhRTeB5YMXZfOiRhVgMoEWdGahs6ImtnFhgxX2U5MWALRABaCERSCzo%2BUVl1Ah8BXHgKOGQFFTAXBlULMWZ%2BAQIlA1lmGSYlFwMITWF2FX4uZAIHdVpjCgF6WTdUVihZNFYIL11kVlJ%2BDmZTCXxaZwESYEozQVJuUnBaRDgYIQgfYwkiXUItGzNeHiINJh1CKQw7QFUvHDtcV2MJGmAALyw9RHx%2FDGFWSXkcCGViPDEFaEAvBQdHaX5RJn4CFh4wdWIgCzsLWgFbPgZSJj5na2gJXDd1aXgkY3x9HQMEZ347VW8dBnxfawABdFlkA1UqDjYDVihQMQcGKApgVAQtUWIABX9KLw
Requested by: Host: www5.todhamilton.pro
URL: https://www5.todhamilton.pro/am-push.796884.js?puid=2959576&allb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253&ob=https%3A%2F%2Fwww75.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D7%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&clb=https%3A%2F%2Fwww75.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D7%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&asb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 54.144.3.29 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-144-3-29.compute-1.amazonaws.com
Software: / Express
Resource Hash: 87f6685e09727fcd112cfa45878a97a4d6bf8d801003238c15494f980f0f6ac7

Request headers

Referer: https://www5.todhamilton.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-encoding: gzip
etag: W/"1d99c-tTdDBZUkjq6ruHy8bpsfbIsKlVw"
x-powered-by: Express
vary: Accept-Encoding
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With,content-type

GET
H2 200 / Show response
www75.todhamilton.pro/pushredirect/ 5 KB
2 KB 423ms
409ms Document
text/html 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www75.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=7&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Requested by: Host: aphycolourses.info
URL: https://aphycolourses.info/UjIwTGgpEEM7NydAXG5ScFpEOBghCB9jHyVFBWIcPVZYLQU7XkQjBnxCQiNHM18dPB0hWh57UWQKCHhGOEEPPB07Vg1%2BUWcLBXtedFNcIApvWkQ4GCEXAw1NYHQVfi4zQl8%2BCSFTXGIGN0YVfi4gV1QlGjdRRCUGNRcCCgkaYAAvLD1EfH8MYVZJeRwIZWI8MQVoQC8FB0dpflEmfgIWHjB1YiALOwtaAVs%2BBlImPmdraAlcN3VpeCRjfH0dAwRnfjtNYXYVfyx3AHZ6WGULAn1QYwQBKQ40VgEqDGpRBXoMMABWeAlrAgJ5W3RdUnEAJkZAP01hcxV%2BLncAdjsfJQUFYhw9VlgtBTteRCMGfEJCI01gdEA5GzpAVSgBIFdTOE1gdBV%2FLiZfQGlbFgMVfl48V0Q7ByBZFX8sYxcCegE9QRV%2FLGIXAnobO0ZVaVsWU1QqBCsXAnoLdwF0e01gBEA8AXcBdH5RZwsFe153AAY8CzsXAwheZAAJeVtmAQF7TWAERGlbFgMGfV9kAQd%2BWmQXAnoMN0FEaVsWWkQ4GCEXAnlbExcCeVoUFwJ5WhRTQCMaM0FRIEY8V0RpWmcAdj4NNltCKQsmW14rTWAHAgoJGmAALyw9RHx%2FDGFWSXkcCGViPDEFaEAvBQdHaX5RJn4CFh4wdWIgCzsLWgFbPgZSJj5na2gJXDd1aXgkY3x9HQMEZ347TWAHAwhNYAcDCE1gBwIKXmIFCX5ZagMGfQ00VFR9DjYKU3leNlACKlwzCwB%2BXWEUUyAKb1pEOBghFwMNTWB0FX4uJUVHe118Rl8oADNfWSAcPVwePBo9FwIKGCdBWD4NNltCKQsmFwIKTWF0RCEYdwF0fk1gBF4pHCVdQidNYXYBaVpkW18%2FTWF2AGlaZEFZOA13AXQtDDReSWlaZFEVfyxlFwJ6GCJbFX8sYAsFdV1lBBV%2BXiJRWWlbFgQGflFnAQR%2FWWUXAnocdwF0fV5jBQZ%2FX2AABmlaZFZVPxx3AXQkHCZCQ2laZwFxaVpnAHZpWmcAdi0YPUBRPwk%2BHF4pHHcABX4uIFdUJRo3UUQlBjUXAnlaFFN4Hlgxdl86JGFWAygRZ0ZqGzoia2cWGDFfZTkxYAtEAFoIRFILOj5RWXUCHwFceAo4ZAUVMBcGVQsxZn4BAiUDWWYZJiUXAnlbFhcCeVsWFwJ5WhQEAHtRYAMIfV5jV1YqDGNUVHQLZwRULlo0BlF1WGAHA2oJIVANJBwmQkNpWxMXAgpNYHRRPAcgU0MtBHxcVThNYHRCKQw7QFUvHDtcV2laFFN4Hlgxdl86JGFWAygRZ0ZqGzoia2cWGDFfZTkxYAtEAFoIRFILOj5RWXUCHwFceAo4ZAUVMBcGVQsxZn4BAiUDWWYZJiUXAwhNYXYVfi5kAgd1WmMKAXpZN1RWKFk0VggvXWRWUn4OZlMJfFpnARJgSiFfVm5SYx4SOAk1bVkoSmgQB3VeagoEbkRwQUUuNztWAW5ScAAJeVFnBQZuRHBBRS43O1YCblJwUwN%2FDGULU3xFN1NVKkVmCgJ4RWpRCXhFMVYCfQszCwkqCzAKEmBKM15cLkpoEFg4HCJBCmNHM0JfPgkhU1xiBjdGHz4NNltCKQsmW14rRzN6YnwLFl1GAFs2AVQ1XSZoZx4YC2VqPAs%2FZ0UVWmtGfH4yJFB3HgQxWwkmJWFeBC4CBAdpFC1mV3cVXB4DfgE5OWRlAh9vDx96WGULAn1QYwQBKQ40VgEqDGpRBXoMMABWeAlrAgJ5W3AeEiMKcAgSJBwmQkN2R31FRztfZxxEIww6U10lBCZdXmIYIF0fPB0hWkIpDDtAVS8cfQ1EIRhvAxYiDSZFXz4DbwMWJQchDwBqGztGVXEJNlRcNU4xDwdqGCJbDX5RZwsFe150QlMlVWQEAnVdYQYDfV90Rg19XmMFBn9fYAAGagw3QURxACZGQD9NYXMVfi53AHYtGD1AUT8JPhxeKRx3AHY%2BDTZbQikLJlteK01gdFEEOmJRdCMeHgFUfwwrB0QWPwBCaRsyIlFdGR0LAAk4JGBoRi4vAF5TJVE4fwMgXDBYZnkxCncEKS8LBnx9Jh9jWxo9HEUVfyx3AXRpWhQEAHtRYAMIfV5jV1YqDGNUVHQLZwRULlo0BlF1WGAHA25EcFFcLkpoEFg4HCJBCmNHJUVHe118Rl8oADNfWSAcPVwePBo9HUA5GzpAVSgBIFdTOEdtRl08VWAUXikcJV1CJ1VjFFkjG28CFj8BJlcNLQw0XklqC28FFjwYOw8CdV1rBwd6TiJRWXFeZAAJeVtmAQF7TiYPAXpZZQQDe1pgBBYoDSFGDSQcJkJDaVsTFwIKTWB0UTwHIFNDLQR8XFU4TWB0QikMO0BVLxw7XFdpWhRTeB5YMXZfOiRhVgMoEWdGahs6ImtnFhgxX2U5MWALRABaCERSCzo%2BUVl1Ah8BXHgKOGQFFTAXBlULMWZ%2BAQIlA1lmGSYlFwMITWF2FX4uZAIHdVpjCgF6WTdUVihZNFYIL11kVlJ%2BDmZTCXxaZwESYEozQVJuUnBaRDgYIQgfYwkiXUItGzNeHiINJh1CKQw7QFUvHDtcV2MJGmAALyw9RHx%2FDGFWSXkcCGViPDEFaEAvBQdHaX5RJn4CFh4wdWIgCzsLWgFbPgZSJj5na2gJXDd1aXgkY3x9HQMEZ347VW8dBnxfawABdFlkA1UqDjYDVihQMQcGKApgVAQtUWIABX9KLw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.3.27
Resource Hash: 2782c8dcb1e774e331413fa360d191b7317836272ec358d8ee1a043aba7b98da

Request headers

:method: GET
:authority: www75.todhamilton.pro
:scheme: https
:path: /pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=7&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://www5.todhamilton.pro/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=d293f103710aa5628e97e65829b96a02b1617637440
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www5.todhamilton.pro/

Response headers

date: Mon, 05 Apr 2021 15:44:01 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www75.todhamilton.pro; secure
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
cf-request-id: 09444d97670000fa1c7933a000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BTIokpcV7yp%2B%2FDmZhFZaToroLSzhVFnjLFXCgglpopd27EGAaXoATcC0Y%2FO4jhQ2P%2Flx7HB7qz%2Bs2lDUhv6Y3FFDE5ST7jaT2oMdBGF2SkZOxKFn9LU%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 63b3e538aa26fa1c-AMS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 / Show response
dc5k8fg5ioc8s.cloudfront.net/ 144 KB
45 KB 69ms
69ms Script
text/plain 13.226.156.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Requested by: Host: www75.todhamilton.pro
URL: https://www75.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=7&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.156.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-156-80.dus51.r.cloudfront.net
Software: /
Resource Hash: 3f66ff09af02daad7b81f896c4609fec36b51b86966204c4f22c8df03f9b12dc

Request headers

Referer: https://www75.todhamilton.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Apr 2021 15:43:52 GMT
content-encoding: gzip
age: 9
x-cache: Hit from cloudfront
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
x-amz-cf-pop: DUS51-C1
content-length: 45412
via: 1.1 bfd667b9fb826986b85315f856bf5885.cloudfront.net (CloudFront)
x-amz-cf-id: fL_dZHGVoG6hVtSdS9AlI4dPTxa4WkgLoQPjXatGbfsd0Q4_pt1M9g==

GET
H2 200 logo.png
www75.todhamilton.pro/static/image/ 10 KB
11 KB 78ms
78ms Image
image/png 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www75.todhamilton.pro/static/image/logo.png
Requested by: Host: www75.todhamilton.pro
URL: https://www75.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=7&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a

Request headers

Referer: https://www75.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=7&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:01 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2478
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10726
cf-request-id: 09444d98f90000fa1c3a214000000001
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
server: cloudflare
etag: "29e6-5faa60e6-f392dafc4c855335;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=d52Z0nq1tLlr3%2Fhiakr04%2FRYNPwEEO%2FH%2FvTtnE7fVNieABG8u5EOoeh5GbWDjFFhPFHlLZ%2Fz5ytfxgsg%2FiPnPqkbSUqCbEZLVs2iDfG9NWnkr%2BZLr1Q%3D"}]}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 63b3e53b2e74fa1c-AMS
expires: Mon, 12 Apr 2021 15:02:43 GMT

GET
H2 200 am-push.796884.js Show response
www75.todhamilton.pro/ 93 KB
34 KB 319ms
319ms Script
application/x-javascript 172.67.178.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www75.todhamilton.pro/am-push.796884.js?puid=2959576&allb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253&ob=https%3A%2F%2Fwww85.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D8%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&clb=https%3A%2F%2Fwww85.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D8%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&asb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Requested by: Host: www75.todhamilton.pro
URL: https://www75.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=7&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b9191f2cd7c6a9cca2907f04717014b91b655c4345169882578bfeffa4bc185

Request headers

Referer: https://www75.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=7&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:02 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09444d98f90000fa1c60922000000001
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
server: cloudflare
etag: W/"175a3-5faa60e6-7dbcd373cc8a4404;gz"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BWrZePzbTp2El3qTNk1PGtmJDSw0U8eoYH7m3QTk%2B4lpUYsrZZS%2FhWpvnQmgGtbK2yVoCKDqoR6iPbO12YwJCfKB3z2Y65N5uScQ9TSptvzWBI9AgR8%3D"}]}
content-type: application/x-javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 63b3e53b2e77fa1c-AMS
expires: Mon, 12 Apr 2021 15:44:01 GMT

GET
H2 200 Uk5PMWkpbDxGNic8IxNTcCY7RRkhdGAeHiU5eARHJiErWQg%2FJyNFBjxgP0MGfS8iHBknPScfXmt4dwldfCQ8DhknJysMW2t7dgReZGguXQUwcydFHSI9agIod3wJFFsULz9eGzM9Ll1HPCs7FFsUPCpVACArLEUAPClqAy8zBh0BChYhOX1aNn0rSFwmFBhjGQs... Show response
aphycolourses.info/ 118 KB
47 KB 142ms
142ms Script
application/javascript 54.144.3.29
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://aphycolourses.info/Uk5PMWkpbDxGNic8IxNTcCY7RRkhdGAeHiU5eARHJiErWQg%2FJyNFBjxgP0MGfS8iHBknPScfXmt4dwldfCQ8DhknJysMW2t7dgReZGguXQUwcydFHSI9agIod3wJFFsULz9eGzM9Ll1HPCs7FFsUPCpVACArLEUAPClqAy8zBh0BChYhOX1aNn0rSFwmFBhjGQsZFUEKPxs6aFtrOgMDMyQsCGMFMSd2WyRhIntTAwR7FmksZisIaF0efwF8ODkYGn8ed30LFFoWa313X2J5dgNYan95AAw0KCsADzZ2LARfNix9V10zd38DXGFoIFNUOjo7QRp3fQ4UWxRrfXceJTl3BEcmIStZCD8nI0UGPGA%2FQwZ3fAlBHCEmPVQNOzwqUh13fAkUWhQ6IkFMYQp%2BFFtkICpFHj08JBRaFn9qA187ITwUWhZ%2BagNfISc7VExhCi5VDz43agNfMWt8dVF3fHlBGTtrfHVba3t2BF5ka30HGTEnagItZHh9CFxhenwAXnd8eUVMYQp%2BB1hleHwGW2B4agNfNis8RUxhCidFHSI9agNcYQ9qA1xgCGoDXGAILkEGIC88UAV8ICpFTGB7fXcbNyomQwwxOiZfDnd8egMvMwYdAQoWITl9WjZ9K0hcJhQYYxkLGRVBCj8bOmhbazoDAzMkLAhjBTEndlskYSJ7UwMEexZpLGYrCGhdHn8BfDg5GBp%2FHnd8egItd3x6Ai13fHoDL2R%2BeAhbY3Z%2BB1g3KClVWDQqd1JcZCotAw9mL3YBW2d9aVIFMHMnRR0iPWoCKHd8CRRbFDk4RlFnYDteDTovIlgFJiEhHxkgIWoDLyI7PFkbNyomQwwxOmoDL3d9CUUEImt8dVt3fHlfDCY5IEMCd30LAExgeCZeGnd9CwFMYHg8WB03a3x1CDYoI0hMYHgsFFoWdmoDXyI%2BJhRaFnx2BFBneXkUW2Q%2BLFhMYQp5B1tre3wFWmN5agNfJmt8dVhkf3gHWmV8fQdMYHgrVBoma3x1ASY6P0JMYHt8cExge313TGB7fXcIIiE9UBozImFfDCZrfQRbFDwqVQAgKyxFADwpagNcYAgueTtiLQteHx59KwINK3s7az4APhZmMyItImQcC3x2RSVgFDlTLgAiLFhQOAN8XV0wJBkEMAoLe1QuC3oDACcfHyRnPBw5agNcYQpqA1xhCmoDXGAIeQFea3x%2BCVhkfypXDzZ%2FKVVRMXt5VQtgKHtQUGJ8egJPMz0tDAEmOj9CTGEPagMvd3wJUBk9PC5CCD5gIVQdd3wJQww2Jz1UCiYnIVZMYAgueTtiLQteHx59KwINK3s7az4APhZmMyItImQcC3x2RSVgFDlTLgAiLFhQOAN8XV0wJBkEMAoLe1QuC3oDACcfHyRnPBw5agItd30LFFsUeH8GUGB%2FdwBfYyspVw1jKCsJCmd4K1NbNHouCFlge3wTRXA9IldLaH9jEx0zKRBYDXB0bQZQZHZ3BUt%2BbDxECw0nKwBLaGx9CFxre3gHS35sPEQLDScrA0tobC4CWjZ5dlJZfysuVA9%2FencDXX92LAhdfy0rA1gxL3YIDzEsdxNFcC8jXQtwdG1ZHSY%2BPAtGfS8%2FXhszPS5dRzwrOx4bNyomQwwxOiZfDn0vB2NZMQogRyVhKnxVEGc6FWY7IhcYaxkxIxpEMGB3O31bCDgtdjs%2BLSYIAx99IwULOBh6aDEXeip2MGYCfn8kAyUZZCclc3IeX2J5dgNYan95AAw0KCsADzZ2LARfNix9V10zd38DXGFsYxMGMGx1EwEmOj9CU31hOEYeanthRQY2Ji5cAD46IF9HIjwgHhknPSdDDDYnPVQKJmFwRQQic34XBzc6OF4bOXN%2BFwA9PXIBTyEnO1RUMyopXRB0LXIJTyI%2BJgxba3t2BF5kaD9SAG94eQNQZ317AlhlaDsMWGR%2FeAdaZXx9B082KzxFVDo6O0Ead30OFFsUa313CCIhPVAaMyJhXwwma313GzcqJkMMMTomXw53fAlQIQB%2BLHUGJAJ8VVo2N3pFMwUcP2g%2BCD4sXDwnF30IHR58FUcLFRwjUgBrJAICBWYsJWdcCxYKBQwVF3t9WBwDHlo%2FBwA4FFoWa3x1TGAIeQFea3x%2BCVhkfypXDzZ%2FKVVRMXt5VQtgKHtQUGJ8egJLfmwsXQtwdG1ZHSY%2BPAtGfTk4RlFnYDteDTovIlgFJiEhHxkgIWBBHCEmPVQNOzwqUh19cTtcGW98aV8MJjkgQwJvf2lYBiFzfxcaOzoqDAg2KCNITzFzdxcZIidyA1Bnd3oGX3Q%2BLFhUZHh9CFxhenwAXnQ6cgBfY3l5Al5gfHkXDTc9OwwBJjo%2FQkxhD2oDL3d8CVAZPTwuQgg%2BYCFUHXd8CUMMNic9VAomJyFWTGAILnk7Yi0LXh8efSsCDSt7O2s%2BAD4WZjMiLSJkHAt8dkUlYBQ5Uy4AIixYUDgDfF1dMCQZBDAKC3tULgt6AwAnHx8kZzwcOWoCLXd9CxRbFHh%2FBlBgf3cAX2MrKVcNYygrCQpneCtTWzR6LghZYHt8E0VwLzxTS2hsJ0UdIj11HkYzPiBDCCEvIx8HNzpgQww2Jz1UCiYnIVZGMwYdAQoWITl9WjZ9K0hcJhQYYxkLGRVBCj8bOmhbazoDAzMkLAhjBTEndlskYSJ7UwMEexZpLGYrCGhdHn8BfDg5GBp%2FHm9zYAdZZXd9AFFjeH5UDzQqflcNai16Bw0wfCkFCGt%2BfQRacDM
Requested by: Host: www75.todhamilton.pro
URL: https://www75.todhamilton.pro/am-push.796884.js?puid=2959576&allb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253&ob=https%3A%2F%2Fwww85.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D8%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&clb=https%3A%2F%2Fwww85.todhamilton.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D1%26ios%3D0%26site%3Dadfly%26c%3D8%26ppi%3D2959576%26pci%3D6629534317%26t%3D1617637226%26dest%3Dhttps%253A%252F%252Faporasal.net%252Fredirecting%252FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%253D%253D%252F6079218161effd1fd8c56db2f4a90253&asb=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 54.144.3.29 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-144-3-29.compute-1.amazonaws.com
Software: / Express
Resource Hash: a074822a305e798756ed684e05c027df930e48ffb5a2dfb42e4003f9aec36e4a

Request headers

Referer: https://www75.todhamilton.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-encoding: gzip
etag: W/"1d99d-dG79fGMDQLu50HieQFe77zQLavQ"
x-powered-by: Express
vary: Accept-Encoding
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With,content-type

GET
H2

200

6079218161effd1fd8c56db2f4a90253 Show response
aporasal.net/redirecting/aHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw==/
Redirect Chain

https://www85.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=8&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUu...
https://aporasal.net/redirecting/aHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw==/6079218161effd1fd8c56db2f4a90253

943 B
1 KB

363ms
207ms

Document
text/html

172.64.100.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aporasal.net/redirecting/aHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw==/6079218161effd1fd8c56db2f4a90253
Requested by: Host: aphycolourses.info
URL: https://aphycolourses.info/Uk5PMWkpbDxGNic8IxNTcCY7RRkhdGAeHiU5eARHJiErWQg%2FJyNFBjxgP0MGfS8iHBknPScfXmt4dwldfCQ8DhknJysMW2t7dgReZGguXQUwcydFHSI9agIod3wJFFsULz9eGzM9Ll1HPCs7FFsUPCpVACArLEUAPClqAy8zBh0BChYhOX1aNn0rSFwmFBhjGQsZFUEKPxs6aFtrOgMDMyQsCGMFMSd2WyRhIntTAwR7FmksZisIaF0efwF8ODkYGn8ed30LFFoWa313X2J5dgNYan95AAw0KCsADzZ2LARfNix9V10zd38DXGFoIFNUOjo7QRp3fQ4UWxRrfXceJTl3BEcmIStZCD8nI0UGPGA%2FQwZ3fAlBHCEmPVQNOzwqUh13fAkUWhQ6IkFMYQp%2BFFtkICpFHj08JBRaFn9qA187ITwUWhZ%2BagNfISc7VExhCi5VDz43agNfMWt8dVF3fHlBGTtrfHVba3t2BF5ka30HGTEnagItZHh9CFxhenwAXnd8eUVMYQp%2BB1hleHwGW2B4agNfNis8RUxhCidFHSI9agNcYQ9qA1xgCGoDXGAILkEGIC88UAV8ICpFTGB7fXcbNyomQwwxOiZfDnd8egMvMwYdAQoWITl9WjZ9K0hcJhQYYxkLGRVBCj8bOmhbazoDAzMkLAhjBTEndlskYSJ7UwMEexZpLGYrCGhdHn8BfDg5GBp%2FHnd8egItd3x6Ai13fHoDL2R%2BeAhbY3Z%2BB1g3KClVWDQqd1JcZCotAw9mL3YBW2d9aVIFMHMnRR0iPWoCKHd8CRRbFDk4RlFnYDteDTovIlgFJiEhHxkgIWoDLyI7PFkbNyomQwwxOmoDL3d9CUUEImt8dVt3fHlfDCY5IEMCd30LAExgeCZeGnd9CwFMYHg8WB03a3x1CDYoI0hMYHgsFFoWdmoDXyI%2BJhRaFnx2BFBneXkUW2Q%2BLFhMYQp5B1tre3wFWmN5agNfJmt8dVhkf3gHWmV8fQdMYHgrVBoma3x1ASY6P0JMYHt8cExge313TGB7fXcIIiE9UBozImFfDCZrfQRbFDwqVQAgKyxFADwpagNcYAgueTtiLQteHx59KwINK3s7az4APhZmMyItImQcC3x2RSVgFDlTLgAiLFhQOAN8XV0wJBkEMAoLe1QuC3oDACcfHyRnPBw5agNcYQpqA1xhCmoDXGAIeQFea3x%2BCVhkfypXDzZ%2FKVVRMXt5VQtgKHtQUGJ8egJPMz0tDAEmOj9CTGEPagMvd3wJUBk9PC5CCD5gIVQdd3wJQww2Jz1UCiYnIVZMYAgueTtiLQteHx59KwINK3s7az4APhZmMyItImQcC3x2RSVgFDlTLgAiLFhQOAN8XV0wJBkEMAoLe1QuC3oDACcfHyRnPBw5agItd30LFFsUeH8GUGB%2FdwBfYyspVw1jKCsJCmd4K1NbNHouCFlge3wTRXA9IldLaH9jEx0zKRBYDXB0bQZQZHZ3BUt%2BbDxECw0nKwBLaGx9CFxre3gHS35sPEQLDScrA0tobC4CWjZ5dlJZfysuVA9%2FencDXX92LAhdfy0rA1gxL3YIDzEsdxNFcC8jXQtwdG1ZHSY%2BPAtGfS8%2FXhszPS5dRzwrOx4bNyomQwwxOiZfDn0vB2NZMQogRyVhKnxVEGc6FWY7IhcYaxkxIxpEMGB3O31bCDgtdjs%2BLSYIAx99IwULOBh6aDEXeip2MGYCfn8kAyUZZCclc3IeX2J5dgNYan95AAw0KCsADzZ2LARfNix9V10zd38DXGFsYxMGMGx1EwEmOj9CU31hOEYeanthRQY2Ji5cAD46IF9HIjwgHhknPSdDDDYnPVQKJmFwRQQic34XBzc6OF4bOXN%2BFwA9PXIBTyEnO1RUMyopXRB0LXIJTyI%2BJgxba3t2BF5kaD9SAG94eQNQZ317AlhlaDsMWGR%2FeAdaZXx9B082KzxFVDo6O0Ead30OFFsUa313CCIhPVAaMyJhXwwma313GzcqJkMMMTomXw53fAlQIQB%2BLHUGJAJ8VVo2N3pFMwUcP2g%2BCD4sXDwnF30IHR58FUcLFRwjUgBrJAICBWYsJWdcCxYKBQwVF3t9WBwDHlo%2FBwA4FFoWa3x1TGAIeQFea3x%2BCVhkfypXDzZ%2FKVVRMXt5VQtgKHtQUGJ8egJLfmwsXQtwdG1ZHSY%2BPAtGfTk4RlFnYDteDTovIlgFJiEhHxkgIWBBHCEmPVQNOzwqUh19cTtcGW98aV8MJjkgQwJvf2lYBiFzfxcaOzoqDAg2KCNITzFzdxcZIidyA1Bnd3oGX3Q%2BLFhUZHh9CFxhenwAXnQ6cgBfY3l5Al5gfHkXDTc9OwwBJjo%2FQkxhD2oDL3d8CVAZPTwuQgg%2BYCFUHXd8CUMMNic9VAomJyFWTGAILnk7Yi0LXh8efSsCDSt7O2s%2BAD4WZjMiLSJkHAt8dkUlYBQ5Uy4AIixYUDgDfF1dMCQZBDAKC3tULgt6AwAnHx8kZzwcOWoCLXd9CxRbFHh%2FBlBgf3cAX2MrKVcNYygrCQpneCtTWzR6LghZYHt8E0VwLzxTS2hsJ0UdIj11HkYzPiBDCCEvIx8HNzpgQww2Jz1UCiYnIVZGMwYdAQoWITl9WjZ9K0hcJhQYYxkLGRVBCj8bOmhbazoDAzMkLAhjBTEndlskYSJ7UwMEexZpLGYrCGhdHn8BfDg5GBp%2FHm9zYAdZZXd9AFFjeH5UDzQqflcNai16Bw0wfCkFCGt%2BfQRacDM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.100.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.3.27
Resource Hash: 27c8585805b4c554e566e8ee3eea8bd01d749945dbdce3a0ecad54658a8bf90f

Request headers

:method: GET
:authority: aporasal.net
:scheme: https
:path: /redirecting/aHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw==/6079218161effd1fd8c56db2f4a90253
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://www75.todhamilton.pro/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www75.todhamilton.pro/pushredirect/?tmp=1&network=1&ios=0&site=adfly&c=7&ppi=2959576&pci=6629534317&t=1617637226&dest=https%3A%2F%2Faporasal.net%2Fredirecting%2FaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw%3D%3D%2F6079218161effd1fd8c56db2f4a90253

Response headers

date: Mon, 05 Apr 2021 15:44:03 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d44f4209413b70adefa1ffe1d77e94fac1617637443; expires=Wed, 05-May-21 15:44:03 GMT; path=/; domain=.aporasal.net; HttpOnly; SameSite=Lax FLYSESSID=0gkrkfk7iv7f83lfh3c8i4lihb; path=/; HttpOnly; SameSite=Lax; secure
x-powered-by: PHP/7.3.27
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
cf-request-id: 09444d9e9700000b4b7b0ce000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=S2uJUwxgFcur1tzNgPIQZdoVC5lNNxMR3038G24GXAVcTH35zztg5M70mA5wEaHV0iITAhz3C%2BS7UDYjQCpUTBRf%2BWVFETRPMmhk2JM%3D"}]}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 63b3e5442e000b4b-AMS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date: Mon, 05 Apr 2021 15:44:02 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.27
location: https://aporasal.net/redirecting/aHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw==/6079218161effd1fd8c56db2f4a90253
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
cf-request-id: 09444d9cc80000fa1c4915d000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TpA0bBMOtNG8iLVKKv8XtGZMqafJf62Tkv8PDkZifozlzX8kihd0kY2cfvL4ssEoKS4D9q4Wa%2FGWnMBGf%2BiWdVS0Sh0t4vouXRd1qTtz397ddv%2BJ7Tw%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 63b3e5414999fa1c-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2

200

Primary Request SLBET7 Show response
www.mediafire.com/folder/c3yxn5yaq8xf8/
Redirect Chain

http://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

159 KB
38 KB

443ms
287ms

Document
text/html

104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Requested by

Host: aporasal.net
URL: https://aporasal.net/redirecting/aHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw==/6079218161effd1fd8c56db2f4a90253

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a6ab7718d2d5f52dec09aef75481f7b88f9577834299e503e84e52391094fb2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *.mediafire.com
Strict-Transport-Security	max-age=0
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: www.mediafire.com
:scheme: https
:path: /folder/c3yxn5yaq8xf8/SLBET7
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=dfdc207e3a0ae443f4f5e8f7693101b3d1617637451; ukey=df7g9wwlbbg9w9yissl1aedte5c71dvi
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://aporasal.net/redirecting/aHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZvbGRlci9jM3l4bjV5YXE4eGY4L1NMQkVUNw==/6079218161effd1fd8c56db2f4a90253

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: ukey=df7g9wwlbbg9w9yissl1aedte5c71dvi; expires=Fri, 05-Apr-2041 15:44:11 GMT; Max-Age=631152000; path=/; domain=.mediafire.com; HttpOnly ab=1; expires=Mon, 19-Apr-2021 15:44:11 GMT; Max-Age=1209600; path=/
strict-transport-security: max-age=0
cache-control: no-cache, no-store, must-revalidate, max-age=0 post-check=0, pre-check=0
pragma: no-cache
expires: 0
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors *.mediafire.com
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: DYNAMIC
cf-request-id: 09444dc07000004c5600363000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 63b3e57a4c104c56-AMS

Redirect headers

Date: Mon, 05 Apr 2021 15:44:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dfdc207e3a0ae443f4f5e8f7693101b3d1617637451; expires=Wed, 05-May-21 15:44:11 GMT; path=/; domain=.mediafire.com; HttpOnly; SameSite=Lax ukey=df7g9wwlbbg9w9yissl1aedte5c71dvi; expires=Fri, 05-Apr-2041 15:44:11 GMT; Max-Age=631152000; path=/; domain=.mediafire.com; HttpOnly
Location: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
cf-request-id: 09444dbef60000c769661e5000000001
Server: cloudflare
CF-RAY: 63b3e577f879c769-AMS

GET
H2 200 mfv3_121783.php
static.mediafire.com/css/ 278 KB
46 KB 318ms
310ms Stylesheet
text/css 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.mediafire.com/css/mfv3_121783.php?ver=ssl
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 491a3eb3f15007596849d553c8d727ab4b327924a9c7ec73dfdecfb018476d5d

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 05 Apr 2021 15:44:12 GMT
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=
cf-ray: 63b3e57c39284c56-AMS
cf-request-id: 09444dc1aa00004c56e2b4d000000001
expires: Mon, 19 Apr 2021 15:44:12 GMT

GET
H2 200 mfv4_121783.php
static.mediafire.com/css/ 327 KB
58 KB 284ms
276ms Stylesheet
text/css 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.mediafire.com/css/mfv4_121783.php?ver=ssl&date=2021-04-05
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66da7ebe654714904ee46195faddb3773cb8bb50fa96aaa851b34dddc81ad1b0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 05 Apr 2021 15:44:12 GMT
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=
cf-ray: 63b3e57c392d4c56-AMS
cf-request-id: 09444dc1a100004c5637a06000000001
expires: Mon, 19 Apr 2021 15:44:12 GMT

GET
H2 200 myfiles.css_121783.php
static.mediafire.com/css/ 164 KB
27 KB 271ms
263ms Stylesheet
text/css 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.mediafire.com/css/myfiles.css_121783.php?ver=ssl
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75ffba9549b100f2a7f51bf535f29a179d155953ecfeb9f6c15c6796b71694e5

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 05 Apr 2021 15:44:12 GMT
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=
cf-ray: 63b3e57c392e4c56-AMS
cf-request-id: 09444dc1a200004c5664ae4000000001
expires: Mon, 19 Apr 2021 15:44:12 GMT

GET
H2 200 css
fonts.googleapis.com/ 8 KB
824 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:800,700,400,300

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

96d6ffbda24d8da0c6206aae81e00a45aa16632ff980b1a0473e8d03f0504086

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 15:02:15 GMT
server: ESF
date: Mon, 05 Apr 2021 15:44:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 05 Apr 2021 15:44:12 GMT

GET
H3-Q050 200 api.js Show response
www.google.com/recaptcha/ 850 B
744 B 15ms
14ms Script
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

2717dcc1ddd778f68223461ebd53610370e7617b6c74366bfc16a1e6e979cc58

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 555
x-xss-protection: 1; mode=block
expires: Mon, 05 Apr 2021 15:44:12 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.7.2/ 93 KB
33 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 02 Apr 2021 13:45:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 266322
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33845
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Apr 2022 13:45:30 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
38 KB 17ms
14ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-829541-1

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c96501e2a68228e720d6b603f955216c05e713fdd0d5e1d07c2ccf87823d3f06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39155
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 15:04:41 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 05 Apr 2021 15:44:12 GMT

GET
H2 200 mf_logo_u1_full_color_reversed.svg
static.mediafire.com/images/backgrounds/header/ 4 KB
2 KB 109ms
107ms Image
image/svg+xml 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/header/mf_logo_u1_full_color_reversed.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a0ec73a3ca7f354865d6b95401c50627fdf5a9b0da763a6f75fa818fd775b55

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 17 Jul 2018 20:30:14 GMT
server: cloudflare
age: 61
etag: W/"5b4e51d6-11ca"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 63b3e57e5f2e4c56-AMS
cf-request-id: 09444dc2fb00004c564a3b9000000001

GET
H2 200 mf_logo_u1_full_color.svg
static.mediafire.com/images/backgrounds/header/ 5 KB
2 KB 109ms
106ms Image
image/svg+xml 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/header/mf_logo_u1_full_color.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfcc5bc8242d357752657942690541bb3e4b907384af1c56586f6466d7116db2

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 17 Jul 2018 20:30:14 GMT
server: cloudflare
age: 174
etag: W/"5b4e51d6-121c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 63b3e57e5f314c56-AMS
cf-request-id: 09444dc2fb00004c56fe953000000001

GET
H2 200 default.png
www.mediafire.com/images/icons/myfiles/ 424 B
546 B 284ms
282ms Image
image/png 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mediafire.com/images/icons/myfiles/default.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: edf29a5069b0812d87c6724f54eb33953f23f81426e9d63afbeda73e8ab8e151

Request headers

Referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
cf-cache-status: DYNAMIC
last-modified: Fri, 11 Mar 2016 23:22:56 GMT
server: cloudflare
etag: "56e35350-1a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 63b3e57e6f324c56-AMS
content-length: 424
cf-request-id: 09444dc2fc00004c561d80b000000001
expires: Wed, 05 May 2021 15:44:12 GMT

GET
H2 200 master_121783.js Show response
static.mediafire.com/js/ 576 KB
151 KB 98ms
97ms Script
application/x-javascript 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.mediafire.com/js/master_121783.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 744aa9b7d473a0dd019fef240601fbf8c4f80f2dbd8ffa95e141b17bfd260830

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to": "mediafirenel", "max_age": 86400, "include_subdomains": true, "failure_fraction": 0.01}
age: 432677
cf-request-id: 09444dc2d700004c56e21c6000000001
last-modified: Tue, 30 Mar 2021 19:58:30 GMT
server: cloudflare
etag: W/"606382e6-9001b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group": "mediafirenel", "max_age": 86400, "include_subdomains": true, "endpoints": [{"url": "https://browser-reports.mediafire.dev/network-error"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 63b3e57e2eb14c56-AMS
expires: Fri, 30 Apr 2021 15:32:55 GMT

GET
H2 200 dragcloud.png
static.mediafire.com/images/icons/myfiles/ 3 KB
3 KB 109ms
106ms Image
image/png 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/icons/myfiles/dragcloud.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b54a2177ca8d8da3e3216510f110e57b8d2bfbe71446078af20e2e310789c29

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
cf-cache-status: HIT
nel: {"report_to": "mediafirenel", "max_age": 86400, "include_subdomains": true, "failure_fraction": 0.01}
age: 432661
content-length: 2758
cf-request-id: 09444dc2fc00004c564b0aa000000001
last-modified: Fri, 11 Mar 2016 23:22:56 GMT
server: cloudflare
etag: "56e35350-ac6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group": "mediafirenel", "max_age": 86400, "include_subdomains": true, "endpoints": [{"url": "https://browser-reports.mediafire.dev/network-error"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 63b3e57e6f354c56-AMS
expires: Fri, 30 Apr 2021 15:33:11 GMT

GET
H2 200 clear1x1.gif
static.mediafire.com/images/ 43 B
217 B 109ms
107ms Image
image/gif 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/clear1x1.gif
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
cf-cache-status: HIT
nel: {"report_to": "mediafirenel", "max_age": 86400, "include_subdomains": true, "failure_fraction": 0.01}
age: 432662
content-length: 43
cf-request-id: 09444dc2fd00004c564029f000000001
last-modified: Fri, 11 Mar 2016 23:22:56 GMT
server: cloudflare
etag: "56e35350-2b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group": "mediafirenel", "max_age": 86400, "include_subdomains": true, "endpoints": [{"url": "https://browser-reports.mediafire.dev/network-error"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 63b3e57e6f374c56-AMS
expires: Fri, 30 Apr 2021 15:33:10 GMT

GET
H2 200 encoder_121783.js Show response
static.mediafire.com/js/ 10 KB
4 KB 98ms
98ms Script
application/x-javascript 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.mediafire.com/js/encoder_121783.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9e1d61df4646995a3a923572f6be396aee20694a7f0a846892a012dbe674ab1

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to": "mediafirenel", "max_age": 86400, "include_subdomains": true, "failure_fraction": 0.01}
age: 432677
cf-request-id: 09444dc2e800004c5627970000000001
last-modified: Fri, 11 Mar 2016 23:22:56 GMT
server: cloudflare
etag: W/"56e35350-29ec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group": "mediafirenel", "max_age": 86400, "include_subdomains": true, "endpoints": [{"url": "https://browser-reports.mediafire.dev/network-error"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 63b3e57e4ee94c56-AMS
expires: Fri, 30 Apr 2021 15:32:55 GMT

GET
H3-Q050 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/ 332 KB
332 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec361bce3349b6cbb5e414df65c58151bf4ad12078c6fc15ffd9dffcfbfa92d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.mediafire.com
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 12:21:37 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Mar 2021 04:06:11 GMT
server: sffe
age: 12155
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 340168
x-xss-protection: 0
expires: Tue, 05 Apr 2022 12:21:37 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 91 KB
23 KB 8ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

86cc35989be655e6cbe68540cf835dec34388862a948fbd05850100797c32319

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23784
x-fb-rlafr: 0
pragma: public
x-fb-debug: HHfSG0IbCmzvUFV+up/RmJ72tKUi+eNRYSBNlcK+/dmkCLyQA2x8QUmdMAdCB6ghxBDdA/s7ydnfK4+abPbptw==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Mon, 05 Apr 2021 15:44:12 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 150 KB
51 KB 17ms
15ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

519350a873ad96460e271b4ff07766191b645727374551bf0351beb0e853a403

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51668
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 15:04:41 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 05 Apr 2021 15:44:12 GMT

GET
H2 200 blank.html Show response
www.mediafire.com/ Frame 23B0 237 B
336 B 243ms
242ms Document
text/html 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/blank.html

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b89a66b5dadb6a47181b032655b1a6fc5a04cae3ca371b491ec78a86e55416b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *

Request headers

:method: GET
:authority: www.mediafire.com
:scheme: https
:path: /blank.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=dfdc207e3a0ae443f4f5e8f7693101b3d1617637451; ukey=df7g9wwlbbg9w9yissl1aedte5c71dvi; ab=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
content-type: text/html; charset=UTF-8
last-modified: Tue, 30 Mar 2021 19:57:56 GMT
vary: Accept-Encoding
etag: W/"606382c4-ed"
content-security-policy: frame-ancestors *
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: DYNAMIC
cf-request-id: 09444dc2fd00004c5605055000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 63b3e57e6f3a4c56-AMS

GET
H2 200 blank.html Show response
www.mediafire.com/ Frame 0583 237 B
239 B 252ms
251ms Document
text/html 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/blank.html

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b89a66b5dadb6a47181b032655b1a6fc5a04cae3ca371b491ec78a86e55416b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *

Request headers

:method: GET
:authority: www.mediafire.com
:scheme: https
:path: /blank.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=dfdc207e3a0ae443f4f5e8f7693101b3d1617637451; ukey=df7g9wwlbbg9w9yissl1aedte5c71dvi; ab=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
content-type: text/html; charset=UTF-8
last-modified: Tue, 30 Mar 2021 19:57:56 GMT
vary: Accept-Encoding
etag: W/"606382c4-ed"
content-security-policy: frame-ancestors *
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: DYNAMIC
cf-request-id: 09444dc2fd00004c563f8a0000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 63b3e57e6f3b4c56-AMS

GET
H2 200 sharemodeLogo.png
static.mediafire.com/images/backgrounds/header/ 2 KB
2 KB 112ms
112ms Image
image/png 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/header/sharemodeLogo.png
Requested by: Host: static.mediafire.com
URL: https://static.mediafire.com/css/mfv4_121783.php?ver=ssl&date=2021-04-05
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 08206401d5e061483e80d87b7973bb6ea9738e6d813d4726190520f9fba9aa0a

Request headers

Referer: https://static.mediafire.com/css/mfv4_121783.php?ver=ssl&date=2021-04-05
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
cf-cache-status: HIT
nel: {"report_to": "mediafirenel", "max_age": 86400, "include_subdomains": true, "failure_fraction": 0.01}
age: 432662
content-length: 2097
cf-request-id: 09444dc32300004c5609b98000000001
last-modified: Fri, 11 Mar 2016 23:22:56 GMT
server: cloudflare
etag: "56e35350-831"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group": "mediafirenel", "max_age": 86400, "include_subdomains": true, "endpoints": [{"url": "https://browser-reports.mediafire.dev/network-error"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 63b3e57e9fde4c56-AMS
expires: Fri, 30 Apr 2021 15:33:10 GMT

GET
H2 200 ico30_reversed-v9.png
static.mediafire.com/images/icons/ico30/ 10 KB
10 KB 106ms
106ms Image
image/png 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/icons/ico30/ico30_reversed-v9.png
Requested by: Host: static.mediafire.com
URL: https://static.mediafire.com/css/myfiles.css_121783.php?ver=ssl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b631408bea7aff541f7bd43245ad71f824c539efe5675ef0573299b61575694d

Request headers

Referer: https://static.mediafire.com/css/myfiles.css_121783.php?ver=ssl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
cf-cache-status: HIT
nel: {"report_to": "mediafirenel", "max_age": 86400, "include_subdomains": true, "failure_fraction": 0.01}
age: 432662
content-length: 9897
cf-request-id: 09444dc31a00004c560b34a000000001
last-modified: Fri, 11 Mar 2016 23:22:56 GMT
server: cloudflare
etag: "56e35350-26a9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group": "mediafirenel", "max_age": 86400, "include_subdomains": true, "endpoints": [{"url": "https://browser-reports.mediafire.dev/network-error"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 63b3e57e9fdd4c56-AMS
expires: Fri, 30 Apr 2021 15:33:10 GMT

GET
H3-Q050 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v18/ 14 KB
14 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:800,700,400,300

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.mediafire.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 02 Apr 2021 10:03:37 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:22 GMT
server: sffe
age: 279635
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14380
x-xss-protection: 0
expires: Sat, 02 Apr 2022 10:03:37 GMT

GET
H3-Q050 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:800,700,400,300

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.mediafire.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 02 Apr 2021 10:03:37 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:11:00 GMT
server: sffe
age: 279635
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15056
x-xss-protection: 0
expires: Sat, 02 Apr 2022 10:03:37 GMT

GET
H2 200 542578585845936 Show response
connect.facebook.net/signals/config/ 241 KB
70 KB 7ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/542578585845936?v=2.9.33&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e8f5aaa7bdc6fad034cf60baff78fc6bb703dd915b91d24bd4a292d715e8e583

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 70905
x-fb-rlafr: 0
pragma: public
x-fb-debug: EGiNSPDT9PrrZixbcJfvISdlGCh/vEF0hqDQFtTV4nZgsszfYfaXraEBWzl3RIGbmI4DixZqog1b5mG9TD3RQA==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Mon, 05 Apr 2021 15:44:12 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coop_report","max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"include_subdomains":true}, {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
cross-origin-opener-policy-report-only: same-origin-allow-popups;report-to="coop_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 8ms
5ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-829541-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Mar 2021 19:22:18 GMT
server: Golfe2
age: 5587
date: Mon, 05 Apr 2021 14:11:05 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19463
expires: Mon, 05 Apr 2021 16:11:05 GMT

GET
H3-Q050 200 ec.js Show response
www.google-analytics.com/plugins/ua/ 3 KB
1 KB 10ms
5ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 88
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1306
x-xss-protection: 0
expires: Mon, 05 Apr 2021 16:42:44 GMT

GET
H3-Q050 200 js Show response
www.google-analytics.com/gtm/ 96 KB
37 KB 23ms
23ms Script
application/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-KVQ87DS&t=gtag_UA_829541_1&cid=2135436365.1617637453

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

94446526664e79945d8dd168f79fc3b84c408646d628633c127fa928686d210b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37290
x-xss-protection: 0
expires: Mon, 05 Apr 2021 15:44:12 GMT

GET
H2 200 AGSKWxXrjtEH6OsIEa1eMxJNrJTV18lP5XKGKMJi5rI13IlsGpcs5yT-0hk0wJuzpkaKFvH14rtURv0da3wnJCfhkp8= Show response
fundingchoicesmessages.google.com/f/ 83 KB
31 KB 35ms
35ms Script
application/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXrjtEH6OsIEa1eMxJNrJTV18lP5XKGKMJi5rI13IlsGpcs5yT-0hk0wJuzpkaKFvH14rtURv0da3wnJCfhkp8=

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3b59efbfb74af421903adb42ca44d1f0d72c12be1bba30a855089d128b124487

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qWaFFvyKuLi8Ivv4i9rW5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-qWaFFvyKuLi8Ivv4i9rW5g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Apr 2021 15:44:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
origin-trial: AmWWqEiPtRKXiIreUsgUyNMptDcKdmLPlGI32DPZjDKK+yBAUi7+FT3r/9RpkTnzHyXYUWiPfirCGMg3Ogzc7gMAAAB3eyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjE0MTI0Nzk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'report-sample' 'nonce-qWaFFvyKuLi8Ivv4i9rW5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-qWaFFvyKuLi8Ivv4i9rW5g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 breadcrumbArrow.png
static.mediafire.com/images/backgrounds/newMyfiles/ 1 KB
1 KB 92ms
92ms Image
image/png 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/newMyfiles/breadcrumbArrow.png
Requested by: Host: static.mediafire.com
URL: https://static.mediafire.com/css/myfiles.css_121783.php?ver=ssl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d4d96f480e8246a7712c4bfa0eb8177f122f67c31f28f4ab133cbb1c2c05f747

Request headers

Referer: https://static.mediafire.com/css/myfiles.css_121783.php?ver=ssl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
cf-cache-status: HIT
nel: {"report_to": "mediafirenel", "max_age": 86400, "include_subdomains": true, "failure_fraction": 0.01}
age: 432662
content-length: 1226
cf-request-id: 09444dc39500004c560b358000000001
last-modified: Fri, 11 Mar 2016 23:22:56 GMT
server: cloudflare
etag: "56e35350-4ca"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group": "mediafirenel", "max_age": 86400, "include_subdomains": true, "endpoints": [{"url": "https://browser-reports.mediafire.dev/network-error"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 63b3e57f59bf4c56-AMS
expires: Fri, 30 Apr 2021 15:33:10 GMT

GET
H2 200 folder-sm.png
static.mediafire.com/images/icons/myfiles/ 1 KB
1 KB 103ms
102ms Image
image/png 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/icons/myfiles/folder-sm.png
Requested by: Host: static.mediafire.com
URL: https://static.mediafire.com/css/myfiles.css_121783.php?ver=ssl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6fae744c9b3ea5dea4f219caa312df7e1f74f5d43d723c17ecc72089133dbe3

Request headers

Referer: https://static.mediafire.com/css/myfiles.css_121783.php?ver=ssl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
cf-cache-status: HIT
nel: {"report_to": "mediafirenel", "max_age": 86400, "include_subdomains": true, "failure_fraction": 0.01}
age: 432661
content-length: 1115
cf-request-id: 09444dc39400004c56efad0000000001
last-modified: Fri, 11 Mar 2016 23:22:56 GMT
server: cloudflare
etag: "56e35350-45b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group": "mediafirenel", "max_age": 86400, "include_subdomains": true, "endpoints": [{"url": "https://browser-reports.mediafire.dev/network-error"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 63b3e57f59c14c56-AMS
expires: Fri, 30 Apr 2021 15:33:11 GMT

GET
H2 200 smArrow.png
static.mediafire.com/images/backgrounds/newMyfiles/ 1 KB
1 KB 89ms
89ms Image
image/png 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/newMyfiles/smArrow.png
Requested by: Host: static.mediafire.com
URL: https://static.mediafire.com/css/myfiles.css_121783.php?ver=ssl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9a75024e53f8a3e5ef92e12c87457fbfacc5508a5d7fbdde9126ee267e8b70b

Request headers

Referer: https://static.mediafire.com/css/myfiles.css_121783.php?ver=ssl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
cf-cache-status: HIT
nel: {"report_to": "mediafirenel", "max_age": 86400, "include_subdomains": true, "failure_fraction": 0.01}
age: 432661
content-length: 1265
cf-request-id: 09444dc39400004c564d975000000001
last-modified: Fri, 11 Mar 2016 23:22:56 GMT
server: cloudflare
etag: "56e35350-4f1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group": "mediafirenel", "max_age": 86400, "include_subdomains": true, "endpoints": [{"url": "https://browser-reports.mediafire.dev/network-error"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 63b3e57f59c24c56-AMS
expires: Fri, 30 Apr 2021 15:33:11 GMT

GET
H2 200 dark-loader-v2.gif
static.mediafire.com/images/backgrounds/myfiles/spinner/ 8 KB
8 KB 94ms
93ms Image
image/gif 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/myfiles/spinner/dark-loader-v2.gif
Requested by: Host: static.mediafire.com
URL: https://static.mediafire.com/css/myfiles.css_121783.php?ver=ssl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c73b822c3598e2c68f2a09a42f85de10adececb9bcf838279fc93f1c37012b1f

Request headers

Referer: https://static.mediafire.com/css/myfiles.css_121783.php?ver=ssl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
cf-cache-status: HIT
nel: {"report_to": "mediafirenel", "max_age": 86400, "include_subdomains": true, "failure_fraction": 0.01}
age: 432662
content-length: 7811
cf-request-id: 09444dc3ac00004c56e83a1000000001
last-modified: Fri, 11 Mar 2016 23:22:56 GMT
server: cloudflare
etag: "56e35350-1e83"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group": "mediafirenel", "max_age": 86400, "include_subdomains": true, "endpoints": [{"url": "https://browser-reports.mediafire.dev/network-error"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 63b3e57f7a374c56-AMS
expires: Fri, 30 Apr 2021 15:33:10 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: static.mediafire.com
URL: https://static.mediafire.com/js/master_121783.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5e13641628023a0b53a8b96b1e75f58ef7bdddc3e89ac27abec340f809f2654e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 4Zt9kpti48F8pKNoacfcaQ==
cross-origin-resource-policy: cross-origin
expires: Mon, 05 Apr 2021 15:52:39 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1779
x-fb-rlafr: 0
x-fb-debug: qEe+Y5U9S9hvvrzz7CutPjy0dfG6dfXIF0gDQB4cBFe5RlwHaJ9ZtDJnURP2+tuGS6J7lC5WKPhO94mYe3zCCA==
x-fb-trip-id: 686109401
x-fb-content-md5: 4c67abb5f9d3bef12e225e1f5b3c7b16
date: Mon, 05 Apr 2021 15:44:12 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "fe063b30404d050297617d8e8a72db30"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 get_info.php Show response
www.mediafire.com/api/1.4/system/ 75 KB
23 KB 629ms
629ms XHR
application/json 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mediafire.com/api/1.4/system/get_info.php?r=tzdq&response_format=json
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ad83e6677448ef9dc4e764c66d1884453a34a98c6ae5bc6249c5a7cbf9894d1c

Request headers

Accept: */*
Cache-Control: no-cache
X-Requested-With: XMLHttpRequest
Referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:13 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
api-response-time: 17ms
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cf-ray: 63b3e57faaaa4c56-AMS
cf-request-id: 09444dc3c700004c562433e000000001

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 blank.html Show response
www.mediafire.com/ Frame C515 237 B
262 B 236ms
235ms Document
text/html 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/blank.html

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b89a66b5dadb6a47181b032655b1a6fc5a04cae3ca371b491ec78a86e55416b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *

Request headers

:method: GET
:authority: www.mediafire.com
:scheme: https
:path: /blank.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=dfdc207e3a0ae443f4f5e8f7693101b3d1617637451; ukey=df7g9wwlbbg9w9yissl1aedte5c71dvi; ab=1; _ga=GA1.2.2135436365.1617637453; _gid=GA1.2.1386838760.1617637453
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
content-type: text/html; charset=UTF-8
last-modified: Tue, 30 Mar 2021 19:57:56 GMT
vary: Accept-Encoding
etag: W/"606382c4-ed"
content-security-policy: frame-ancestors *
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: DYNAMIC
cf-request-id: 09444dc3c800004c5628a19000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 63b3e57faaad4c56-AMS

GET
H2 200 blank.html Show response
www.mediafire.com/ Frame E5D2 237 B
251 B 307ms
306ms Document
text/html 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/blank.html

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b89a66b5dadb6a47181b032655b1a6fc5a04cae3ca371b491ec78a86e55416b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *

Request headers

:method: GET
:authority: www.mediafire.com
:scheme: https
:path: /blank.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=dfdc207e3a0ae443f4f5e8f7693101b3d1617637451; ukey=df7g9wwlbbg9w9yissl1aedte5c71dvi; ab=1; _ga=GA1.2.2135436365.1617637453; _gid=GA1.2.1386838760.1617637453
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
content-type: text/html; charset=UTF-8
last-modified: Tue, 30 Mar 2021 19:57:56 GMT
vary: Accept-Encoding
etag: W/"606382c4-ed"
content-security-policy: frame-ancestors *
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: DYNAMIC
cf-request-id: 09444dc3c900004c564b0c1000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 63b3e57faab74c56-AMS

GET
H2 200 blank.html Show response
www.mediafire.com/ Frame 5C80 237 B
336 B 593ms
593ms Document
text/html 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/blank.html

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b89a66b5dadb6a47181b032655b1a6fc5a04cae3ca371b491ec78a86e55416b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *

Request headers

:method: GET
:authority: www.mediafire.com
:scheme: https
:path: /blank.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=dfdc207e3a0ae443f4f5e8f7693101b3d1617637451; ukey=df7g9wwlbbg9w9yissl1aedte5c71dvi; ab=1; _ga=GA1.2.2135436365.1617637453; _gid=GA1.2.1386838760.1617637453
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Response headers

date: Mon, 05 Apr 2021 15:44:13 GMT
content-type: text/html; charset=UTF-8
last-modified: Tue, 30 Mar 2021 19:57:56 GMT
vary: Accept-Encoding
etag: W/"606382c4-ed"
content-security-policy: frame-ancestors *
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: DYNAMIC
cf-request-id: 09444dc3ca00004c56e185c000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 63b3e57faabb4c56-AMS

GET
H2 200 blank.html Show response
www.mediafire.com/ Frame BE40 237 B
239 B 241ms
241ms Document
text/html 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/blank.html

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b89a66b5dadb6a47181b032655b1a6fc5a04cae3ca371b491ec78a86e55416b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *

Request headers

:method: GET
:authority: www.mediafire.com
:scheme: https
:path: /blank.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=dfdc207e3a0ae443f4f5e8f7693101b3d1617637451; ukey=df7g9wwlbbg9w9yissl1aedte5c71dvi; ab=1; _ga=GA1.2.2135436365.1617637453; _gid=GA1.2.1386838760.1617637453
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
content-type: text/html; charset=UTF-8
last-modified: Tue, 30 Mar 2021 19:57:56 GMT
vary: Accept-Encoding
etag: W/"606382c4-ed"
content-security-policy: frame-ancestors *
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: DYNAMIC
cf-request-id: 09444dc3ca00004c563ca44000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 63b3e57faac14c56-AMS

GET
H2 200 /
www.facebook.com/tr/ 44 B
258 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=542578585845936&ev=PageView&dl=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fc3yxn5yaq8xf8%2FSLBET7&rl=&if=false&ts=1617637452731&sw=1600&sh=1200&v=2.9.33&r=stable&ec=0&o=30&fbp=fb.1.1617637452729.282367459&it=1617637452559&coo=false&rqm=GET

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Mon, 05 Apr 2021 15:44:12 GMT

GET
H2 200 ww_cache_folders_121783.js
www.mediafire.com/js/ 2 KB
827 B 592ms
590ms Other
application/x-javascript 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mediafire.com/js/ww_cache_folders_121783.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9209253f38a495f1267e783dc8a44b329779e377ea27ab40ebfc24f07432d6ad

Request headers

Referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:13 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Tue, 30 Mar 2021 19:57:58 GMT
server: cloudflare
etag: W/"606382c6-658"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 63b3e57fdb374c56-AMS
cf-request-id: 09444dc3e400004c56f48a3000000001
expires: Wed, 05 May 2021 15:44:13 GMT

GET
H2 200 element.js Show response
translate.google.com/translate_a/ 4 KB
2 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

c3b36b2ab6b414ab00278723905eb60e90b28cea027975df30a6891ccede7bba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Apr 2021 15:44:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: HTTP server (unknown)
content-language: en
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1874
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 blank.html Show response
www.mediafire.com/ Frame BE68 237 B
239 B 297ms
297ms Document
text/html 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/blank.html

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b89a66b5dadb6a47181b032655b1a6fc5a04cae3ca371b491ec78a86e55416b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *

Request headers

:method: GET
:authority: www.mediafire.com
:scheme: https
:path: /blank.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=dfdc207e3a0ae443f4f5e8f7693101b3d1617637451; ukey=df7g9wwlbbg9w9yissl1aedte5c71dvi; ab=1; _ga=GA1.2.2135436365.1617637453; _gid=GA1.2.1386838760.1617637453; _fbp=fb.1.1617637452729.282367459
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
content-type: text/html; charset=UTF-8
last-modified: Tue, 30 Mar 2021 19:57:56 GMT
vary: Accept-Encoding
etag: W/"606382c4-ed"
content-security-policy: frame-ancestors *
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: DYNAMIC
cf-request-id: 09444dc3e400004c565d805000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 63b3e57fdb384c56-AMS

GET
H2 200 blank.html Show response
www.mediafire.com/ Frame C866 237 B
342 B 555ms
553ms Document
text/html 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/blank.html

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b89a66b5dadb6a47181b032655b1a6fc5a04cae3ca371b491ec78a86e55416b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *

Request headers

:method: GET
:authority: www.mediafire.com
:scheme: https
:path: /blank.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=dfdc207e3a0ae443f4f5e8f7693101b3d1617637451; ukey=df7g9wwlbbg9w9yissl1aedte5c71dvi; ab=1; _ga=GA1.2.2135436365.1617637453; _gid=GA1.2.1386838760.1617637453; _fbp=fb.1.1617637452729.282367459
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Response headers

date: Mon, 05 Apr 2021 15:44:13 GMT
content-type: text/html; charset=UTF-8
last-modified: Tue, 30 Mar 2021 19:57:56 GMT
vary: Accept-Encoding
etag: W/"606382c4-ed"
content-security-policy: frame-ancestors *
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: DYNAMIC
cf-request-id: 09444dc3e700004c56318c2000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 63b3e57fdb444c56-AMS

GET
H2 200 twitter.svg
static.mediafire.com/images/icons/svg_light/ 949 B
653 B 99ms
98ms Image
image/svg+xml 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/icons/svg_light/twitter.svg
Requested by: Host: static.mediafire.com
URL: https://static.mediafire.com/css/mfv4_121783.php?ver=ssl&date=2021-04-05
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f15316721389b1b084e6fb85747089ea51ccf9d81fcfb1b33ace326898e2913f

Request headers

Referer: https://static.mediafire.com/css/mfv4_121783.php?ver=ssl&date=2021-04-05
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 17 Jul 2018 20:30:14 GMT
server: cloudflare
age: 341
etag: W/"5b4e51d6-3b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 63b3e57feb664c56-AMS
cf-request-id: 09444dc3f300004c56fb016000000001

GET
H2 200 facebook.svg
static.mediafire.com/images/icons/svg_light/ 401 B
433 B 98ms
97ms Image
image/svg+xml 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/icons/svg_light/facebook.svg
Requested by: Host: static.mediafire.com
URL: https://static.mediafire.com/css/mfv4_121783.php?ver=ssl&date=2021-04-05
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d98133ce0dc7033265505bffc7aebd92fad444a0cd0271832a877418ccc889c6

Request headers

Referer: https://static.mediafire.com/css/mfv4_121783.php?ver=ssl&date=2021-04-05
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 17 Jul 2018 20:30:14 GMT
server: cloudflare
age: 355
etag: W/"5b4e51d6-191"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 63b3e57feb6b4c56-AMS
cf-request-id: 09444dc3f400004c565a1b6000000001

POST
H2 200 get_info.php Show response
www.mediafire.com/api/1.4/folder/ 487 B
458 B 279ms
278ms XHR
application/json 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mediafire.com/api/1.4/folder/get_info.php?r=spux
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c99a788ae27767ab75096b0da02ae5b92f680a5d51c2d1c03ae9c145cba317a4

Request headers

Accept: */*
Cache-Control: no-cache
X-Requested-With: XMLHttpRequest
Referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
api-response-time: 12ms
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cf-ray: 63b3e57ffb8a4c56-AMS
cf-request-id: 09444dc3fb00004c56259cb000000001

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 199 KB
60 KB 17ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=6f06618777a7d64cacb2e3fd5ddb523a&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0e22480fedede5a65ac4ead538bef3ed4d90817d09d07f5ffde0512e6c336f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.mediafire.com
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 7Z/bAvB53isVKnAN8nm7UA==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 61294
x-fb-rlafr: 0
x-fb-debug: 5Cbus+2/xPl1ZmUZLJyEkgfKGaSo+a0oh3iLhlulkBFQMfBpcq7iWdqJqcug/NL+DOYuYBOHqEvvpuC71kMqVw==
x-fb-trip-id: 686109401
x-fb-content-md5: 2d1f687bfa65fb72edbe3b01dae4faaf
x-frame-options: DENY
date: Mon, 05 Apr 2021 15:44:12 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "b253bd140762bf5ddf1564d2bd961803"
timing-allow-origin: *
priority: u=3,i
expires: Tue, 05 Apr 2022 11:21:34 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
44 B 13ms
13ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j89&a=1471921652&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fc3yxn5yaq8xf8%2FSLBET7&ul=en-us&de=UTF-8&dt=My%20Files&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KGBAAUALQAAAAC~&jid=93818380&gjid=296095890&cid=2135436365.1617637453&tid=UA-829541-1&_gid=1386838760.1617637453&_r=1&gtm=2ou3o0&cd1=unregistered&cd7=legacy&cd8=%2F100%2F&z=87070988

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 05 Apr 2021 15:44:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 1 B
24 B 13ms
12ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j89&a=1471921652&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fc3yxn5yaq8xf8%2FSLBET7&ul=en-us&de=UTF-8&dt=My%20Files&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAUALQAAAAC~&jid=947468546&gjid=595895387&cid=2135436365.1617637453&tid=UA-86547571-4&_gid=1386838760.1617637453&_r=1&gtm=2wg3o053LP4T&z=1802553288

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 05 Apr 2021 15:44:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 204 AGSKWxXn0ReDdRVjW9w0ByzWLx1Lk9RhsaHK9u_vYvBNz3IVd-ApXOAg0dxw-K3-S7C4CR3ZK5PDebHMvC0t9sbq_PQ= Show response
fundingchoicesmessages.google.com/l/ 0
1 KB 54ms
21ms XHR
text/html 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/l/AGSKWxXn0ReDdRVjW9w0ByzWLx1Lk9RhsaHK9u_vYvBNz3IVd-ApXOAg0dxw-K3-S7C4CR3ZK5PDebHMvC0t9sbq_PQ=?pvid=F0173D88-134A-4A1B-BB6B-FDF464056011&anonid=D79C631D-3D13-43E4-808E-BBC499F1AC94

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingLoaderClientJs.en_US.ocrcuUa-ve4.es5.O/d=1/ct=zgms/rs=AJlcJMxwU9cZ7PLThfNtNnUYnvGMw7uKDw/m=loader_js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fYX7D+2nY1af+dDkUtNPMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-fYX7D+2nY1af+dDkUtNPMg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
x-content-type-options: nosniff
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
origin-trial: AmWWqEiPtRKXiIreUsgUyNMptDcKdmLPlGI32DPZjDKK+yBAUi7+FT3r/9RpkTnzHyXYUWiPfirCGMg3Ogzc7gMAAAB3eyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjE0MTI0Nzk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
content-security-policy: script-src 'report-sample' 'nonce-fYX7D+2nY1af+dDkUtNPMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-fYX7D+2nY1af+dDkUtNPMg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 204 AGSKWxXn0ReDdRVjW9w0ByzWLx1Lk9RhsaHK9u_vYvBNz3IVd-ApXOAg0dxw-K3-S7C4CR3ZK5PDebHMvC0t9sbq_PQ= Show response
fundingchoicesmessages.google.com/l/ 0
338 B 62ms
29ms XHR
text/html 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-gZPc3KFkR0GyjaQGFvpcrQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-gZPc3KFkR0GyjaQGFvpcrQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
x-content-type-options: nosniff
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
origin-trial: AmWWqEiPtRKXiIreUsgUyNMptDcKdmLPlGI32DPZjDKK+yBAUi7+FT3r/9RpkTnzHyXYUWiPfirCGMg3Ogzc7gMAAAB3eyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjE0MTI0Nzk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
content-security-policy: script-src 'report-sample' 'nonce-gZPc3KFkR0GyjaQGFvpcrQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-gZPc3KFkR0GyjaQGFvpcrQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 204 AGSKWxXn0ReDdRVjW9w0ByzWLx1Lk9RhsaHK9u_vYvBNz3IVd-ApXOAg0dxw-K3-S7C4CR3ZK5PDebHMvC0t9sbq_PQ= Show response
fundingchoicesmessages.google.com/l/ 0
336 B 44ms
31ms XHR
text/html 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-tbA18hdqeXMFCGzskTI/2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-tbA18hdqeXMFCGzskTI/2Q' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
x-content-type-options: nosniff
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
origin-trial: AmWWqEiPtRKXiIreUsgUyNMptDcKdmLPlGI32DPZjDKK+yBAUi7+FT3r/9RpkTnzHyXYUWiPfirCGMg3Ogzc7gMAAAB3eyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjE0MTI0Nzk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
content-security-policy: script-src 'report-sample' 'nonce-tbA18hdqeXMFCGzskTI/2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-tbA18hdqeXMFCGzskTI/2Q' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AGSKWxW4vi8KZ8aC9DUaT99ysVUFdC-cRHcd_THX8SnwX0YfTYWnhf4TiqFvJrQJqzriG8ET6niw-BTuDKSvnv-F5mw= Show response
fundingchoicesmessages.google.com/f/ 187 KB
56 KB 41ms
41ms Script
application/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxW4vi8KZ8aC9DUaT99ysVUFdC-cRHcd_THX8SnwX0YfTYWnhf4TiqFvJrQJqzriG8ET6niw-BTuDKSvnv-F5mw=?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCwyLFsxNjE3NjM3NDUyLDgzOTAwMDAwMF0sIkYwMTczRDg4LTEzNEEtNEExQi1CQjZCLUZERjQ2NDA1NjAxMSIsIkQ3OUM2MzFELTNEMTMtNDNFNC04MDhFLUJCQzQ5OUYxQUM5NCIsbnVsbCxbbnVsbCxbN11dXQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a4d06b89d8272d57fa160b03ce7bb35bdc7953513b80337840248c4e650c004c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-uTcMCsiP5l80SIJA1XGPxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-uTcMCsiP5l80SIJA1XGPxQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Apr 2021 15:44:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
origin-trial: AmWWqEiPtRKXiIreUsgUyNMptDcKdmLPlGI32DPZjDKK+yBAUi7+FT3r/9RpkTnzHyXYUWiPfirCGMg3Ogzc7gMAAAB3eyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjE0MTI0Nzk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'report-sample' 'nonce-uTcMCsiP5l80SIJA1XGPxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-uTcMCsiP5l80SIJA1XGPxQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
89 B 13ms
13ms XHR
text/plain 2a00:1450:400c:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j89&tid=UA-829541-1&cid=2135436365.1617637453&jid=93818380&gjid=296095890&_gid=1386838760.1617637453&_u=KGBAAUAKQAAAAC~&z=252193590

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 05 Apr 2021 15:44:12 GMT
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 translateelement.css
translate.googleapis.com/translate_static/css/ 18 KB
3 KB 6ms
6ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_static/css/translateelement.css

Requested by

Host: translate.google.com
URL: https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:37:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 407
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3130
x-xss-protection: 0
last-modified: Wed, 24 Feb 2021 19:45:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 05 Apr 2021 16:37:25 GMT

GET
H2 200 main.js Show response
translate.googleapis.com/translate_static/js/element/ 4 KB
2 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_static/js/element/main.js

Requested by

Host: translate.google.com
URL: https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80f35659d030651ea3acc6d6e97475b42eaa60d5700e83f9623cf90904d42cec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:37:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 407
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1673
x-xss-protection: 0
last-modified: Thu, 25 Feb 2021 22:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 05 Apr 2021 16:37:25 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 30ms
29ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j89&tid=UA-829541-1&cid=2135436365.1617637453&jid=93818380&_u=KGBAAUAKQAAAAC~&z=908646993

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Apr 2021 15:44:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 31ms
31ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j89&tid=UA-829541-1&cid=2135436365.1617637453&jid=93818380&_u=KGBAAUAKQAAAAC~&z=908646993

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Apr 2021 15:44:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 40ms
40ms Fetch
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=124578887583575&input_token&origin=1&redirect_uri=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fc3yxn5yaq8xf8%2FSLBET7&sdk=joey&wants_cookie_data=true

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=6f06618777a7d64cacb2e3fd5ddb523a&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: 09fEFqAfnRnoFy/7i031NzZj/CjGzZdOUdnF1nxYPzVp6Hj/GETsOb28Ye2MI99lo5UNXEjtWxwq0CtucrN9/w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
fb-s: unknown
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 05 Apr 2021 15:44:12 GMT
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-Q050 200 element_main.js Show response
translate.googleapis.com/element/TE_20210224_00/e/js/element/ 250 KB
251 KB 34ms
20ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/element/TE_20210224_00/e/js/element/element_main.js

Requested by

Host: translate.googleapis.com
URL: https://translate.googleapis.com/translate_static/js/element/main.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca537b74a51c73d56a401ea7d361ad32f692558ab321b86a8fb0979f2927712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 14:37:25 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Feb 2021 18:08:41 GMT
server: sffe
age: 4007
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 256226
x-xss-protection: 0
expires: Tue, 05 Apr 2022 14:37:25 GMT

POST
H3-Q050 204 AGSKWxW-Zg-yvETZUJk79Y55a1Us7w0Q5m2TdwvuhySuc7NpSiE7nkW3ukzZL_LJPltbSVZleQqno0ZM9wqzw-QGD9BleCFLCm1gvMawb3Tsgmw_Qtf4ijXJdtbHp8XYD0abEnFwHKQ3Pninc1bzNK4lRGotF0na8g5WVTiT5T9C4ZJn6N22JCVRr2eLzdzi Show response
fundingchoicesmessages.google.com/l/ 0
514 B 19ms
19ms XHR
text/html 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/l/AGSKWxW-Zg-yvETZUJk79Y55a1Us7w0Q5m2TdwvuhySuc7NpSiE7nkW3ukzZL_LJPltbSVZleQqno0ZM9wqzw-QGD9BleCFLCm1gvMawb3Tsgmw_Qtf4ijXJdtbHp8XYD0abEnFwHKQ3Pninc1bzNK4lRGotF0na8g5WVTiT5T9C4ZJn6N22JCVRr2eLzdzi?dmid=8d3d38bf03b536d0

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorIabTcfV2ClientJs.en_US.ybYzBguAly8.es5.O/d=1/ct=zgms/rs=AJlcJMzYzD8z29yUlTrOyngC-w3jsvtosA/m=iabtcfv2wallscript

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-AhHBePs5JIEjco6nrcjqAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-AhHBePs5JIEjco6nrcjqAw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options: SAMEORIGIN
report-to: {"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
origin-trial: AmWWqEiPtRKXiIreUsgUyNMptDcKdmLPlGI32DPZjDKK+yBAUi7+FT3r/9RpkTnzHyXYUWiPfirCGMg3Ogzc7gMAAAB3eyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjE0MTI0Nzk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
content-security-policy: script-src 'report-sample' 'nonce-AhHBePs5JIEjco6nrcjqAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-AhHBePs5JIEjco6nrcjqAw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 204 AGSKWxW-Zg-yvETZUJk79Y55a1Us7w0Q5m2TdwvuhySuc7NpSiE7nkW3ukzZL_LJPltbSVZleQqno0ZM9wqzw-QGD9BleCFLCm1gvMawb3Tsgmw_Qtf4ijXJdtbHp8XYD0abEnFwHKQ3Pninc1bzNK4lRGotF0na8g5WVTiT5T9C4ZJn6N22JCVRr2eLzdzi Show response
fundingchoicesmessages.google.com/l/ 0
336 B 26ms
26ms XHR
text/html 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-2HL2Sya2zt3sGIg10txZzw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-2HL2Sya2zt3sGIg10txZzw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
x-content-type-options: nosniff
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
origin-trial: AmWWqEiPtRKXiIreUsgUyNMptDcKdmLPlGI32DPZjDKK+yBAUi7+FT3r/9RpkTnzHyXYUWiPfirCGMg3Ogzc7gMAAAB3eyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjE0MTI0Nzk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
content-security-policy: script-src 'report-sample' 'nonce-2HL2Sya2zt3sGIg10txZzw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-2HL2Sya2zt3sGIg10txZzw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 49 KB
3 KB 17ms
17ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bd5d89bcee7f3caf8ddb309e6d5eca7272823920964247a5bd0afe5046985537

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 15:44:12 GMT
server: ESF
date: Mon, 05 Apr 2021 15:44:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 05 Apr 2021 15:44:12 GMT

GET
H2 200 YxmihnhFt54cZYUpI8Vki3ux02R2TgdxT2JLItC4sk0NMsB8q5xXuZr3KKhXns_325CVgfI3IAWpwJrMtsUf1HdwXaWps_lxmzvqH8R5aBB2P50trKqeLQ=h42
lh3.googleusercontent.com/ 7 KB
7 KB 9ms
6ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/YxmihnhFt54cZYUpI8Vki3ux02R2TgdxT2JLItC4sk0NMsB8q5xXuZr3KKhXns_325CVgfI3IAWpwJrMtsUf1HdwXaWps_lxmzvqH8R5aBB2P50trKqeLQ=h42

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

cb5144249b64fd6e2dfeba71d8d5be2e9a68fb629d48bc96b84267aae63577d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 13:15:14 GMT
x-content-type-options: nosniff
age: 8938
content-disposition: inline;filename="unnamed.png"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6984
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 06 Apr 2021 13:15:14 GMT

POST
H3-Q050 204 AGSKWxW-Zg-yvETZUJk79Y55a1Us7w0Q5m2TdwvuhySuc7NpSiE7nkW3ukzZL_LJPltbSVZleQqno0ZM9wqzw-QGD9BleCFLCm1gvMawb3Tsgmw_Qtf4ijXJdtbHp8XYD0abEnFwHKQ3Pninc1bzNK4lRGotF0na8g5WVTiT5T9C4ZJn6N22JCVRr2eLzdzi Show response
fundingchoicesmessages.google.com/l/ 0
1008 B 22ms
22ms XHR
text/html 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1G8AZoGTFngN0UNaPftkrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-1G8AZoGTFngN0UNaPftkrA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 05 Apr 2021 15:44:12 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options: SAMEORIGIN
report-to: {"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
origin-trial: AmWWqEiPtRKXiIreUsgUyNMptDcKdmLPlGI32DPZjDKK+yBAUi7+FT3r/9RpkTnzHyXYUWiPfirCGMg3Ogzc7gMAAAB3eyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjE0MTI0Nzk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
content-security-policy: script-src 'report-sample' 'nonce-1G8AZoGTFngN0UNaPftkrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-1G8AZoGTFngN0UNaPftkrA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 translate_24dp.png
www.gstatic.com/images/branding/product/1x/ 825 B
970 B 6ms
6ms Image
image/png 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/1x/translate_24dp.png

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 06:13:51 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 34221
vary: Origin
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 825
x-xss-protection: 0
expires: Tue, 05 Apr 2022 06:13:51 GMT

GET
H2 200 googlelogo_color_42x16dp.png
www.gstatic.com/images/branding/googlelogo/1x/ 910 B
999 B 7ms
7ms Image
image/png 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 02 Apr 2021 18:28:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 249360
vary: Origin
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 910
x-xss-protection: 0
expires: Sat, 02 Apr 2022 18:28:12 GMT

GET
H2 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v83/ 100 KB
100 KB 10ms
10ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v83/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

772d0bb40223f70dc0c1caa7a571f3fa516d7863fd8721e4ebab33de77577f00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.mediafire.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 22:34:33 GMT
x-content-type-options: nosniff
last-modified: Thu, 01 Apr 2021 22:05:26 GMT
server: sffe
age: 320980
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102004
x-xss-protection: 0
expires: Fri, 01 Apr 2022 22:34:33 GMT

GET
H3-Q050 200 translate_24dp.png
www.gstatic.com/images/branding/product/2x/ 2 KB
2 KB 11ms
11ms Image
image/png 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/2x/translate_24dp.png

Requested by

Host: translate.googleapis.com
URL: https://translate.googleapis.com/translate_static/css/translateelement.css

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe03bfd95a2d4e640ed7d04dcb08ef991c327a5ab6f6fdb9eb06e1efc76af30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://translate.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 03 Apr 2021 23:19:50 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 145463
vary: Origin
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1847
x-xss-protection: 0
expires: Sun, 03 Apr 2022 23:19:50 GMT

GET
H2 200 mem5YaGs126MiZpBA-UNirkOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ 15 KB
15 KB 11ms
10ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhp.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.mediafire.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 02 Apr 2021 10:03:37 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:47 GMT
server: sffe
age: 279636
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14880
x-xss-protection: 0
expires: Sat, 02 Apr 2022 10:03:37 GMT

GET
H3-Q050 200 l Show response
translate.googleapis.com/translate_a/ Frame 48A0 3 KB
1 KB 18ms
17ms Script
application/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_a/l?client=te&alpha=true&hl=en&cb=callback

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

13b5eece5a7359f9c0de2b4b3c24eeed42fa547e5811238bc9434dcc975bb101

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-IQl1PvLOUsYVKItKhLgVjQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
content-security-policy: script-src 'report-sample' 'nonce-IQl1PvLOUsYVKItKhLgVjQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self'
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin
date: Mon, 05 Apr 2021 15:44:13 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
origin-trial: AmWWqEiPtRKXiIreUsgUyNMptDcKdmLPlGI32DPZjDKK+yBAUi7+FT3r/9RpkTnzHyXYUWiPfirCGMg3Ogzc7gMAAAB3eyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjE0MTI0Nzk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 get_content.php Show response
www.mediafire.com/api/1.4/folder/ 274 B
386 B 271ms
271ms XHR
application/json 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mediafire.com/api/1.4/folder/get_content.php?r=chnc&content_type=folders&filter=all&order_by=name&order_direction=asc&chunk=1&version=1.5&folder_key=c3yxn5yaq8xf8&response_format=json
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 859cac1f123c91feb802abf769d3733261ef9da3c4a7e21f1229882915904832

Request headers

Accept: */*
Cache-Control: no-cache
X-Requested-With: XMLHttpRequest
Referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:13 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
api-response-time: 16ms
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cf-ray: 63b3e581c8654c56-AMS
cf-request-id: 09444dc51900004c56efaeb000000001

POST
H2 200 /
www.facebook.com/tr/ 0
62 B 7ms
6ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarywEadnKi2CpdgIm13

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Mon, 05 Apr 2021 15:44:13 GMT
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 get_content.php
www.mediafire.com/api/1.4/folder/ 31 KB
6 KB 596ms
595ms XHR
application/json 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mediafire.com/api/1.4/folder/get_content.php?r=tzgt&content_type=files&filter=all&order_by=name&order_direction=asc&chunk=1&version=1.5&folder_key=c3yxn5yaq8xf8&response_format=json
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Cache-Control: no-cache
X-Requested-With: XMLHttpRequest
Referer: https://www.mediafire.com/folder/c3yxn5yaq8xf8/SLBET7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:13 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
api-response-time: 342ms
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cf-ray: 63b3e5838e784c56-AMS
cf-request-id: 09444dc63900004c5637a9e000000001

GET
H2 200 custom-checkbox-tick.png
static.mediafire.com/images/icons/ 121 B
616 B 98ms
98ms Image
image/png 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/icons/custom-checkbox-tick.png
Requested by: Host: static.mediafire.com
URL: https://static.mediafire.com/css/myfiles.css_121783.php?ver=ssl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://static.mediafire.com/css/myfiles.css_121783.php?ver=ssl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:13 GMT
cf-cache-status: HIT
nel: {"report_to": "mediafirenel", "max_age": 86400, "include_subdomains": true, "failure_fraction": 0.01}
age: 432660
content-length: 121
cf-request-id: 09444dc89800004c564a062000000001
last-modified: Fri, 11 Mar 2016 23:22:56 GMT
server: cloudflare
etag: "56e35350-79"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group": "mediafirenel", "max_age": 86400, "include_subdomains": true, "endpoints": [{"url": "https://browser-reports.mediafire.dev/network-error"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 63b3e58758844c56-AMS
expires: Fri, 30 Apr 2021 15:33:13 GMT

GET
H2 200 archive-v3.png
static.mediafire.com/images/icons/myfiles/filetype/ 64 KB
0 95ms
95ms Image
image/png 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/icons/myfiles/filetype/archive-v3.png
Requested by: Host: static.mediafire.com
URL: https://static.mediafire.com/css/myfiles.css_121783.php?ver=ssl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://static.mediafire.com/css/myfiles.css_121783.php?ver=ssl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:14 GMT
cf-cache-status: HIT
nel: {"report_to": "mediafirenel", "max_age": 86400, "include_subdomains": true, "failure_fraction": 0.01}
age: 432663
content-length: 98382
cf-request-id: 09444dc8c700004c560626b000000001
last-modified: Fri, 11 Mar 2016 23:22:56 GMT
server: cloudflare
etag: "56e35350-1804e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group": "mediafirenel", "max_age": 86400, "include_subdomains": true, "endpoints": [{"url": "https://browser-reports.mediafire.dev/network-error"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 63b3e587a9554c56-AMS
expires: Fri, 30 Apr 2021 15:33:11 GMT

GET
H2 200 filerow_status.png
static.mediafire.com/images/backgrounds/myfiles/filerow/ 1 KB
1 KB 103ms
103ms Image
image/png 104.16.202.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/myfiles/filerow/filerow_status.png
Requested by: Host: static.mediafire.com
URL: https://static.mediafire.com/css/myfiles.css_121783.php?ver=ssl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.202.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://static.mediafire.com/css/myfiles.css_121783.php?ver=ssl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:44:14 GMT
cf-cache-status: HIT
nel: {"report_to": "mediafirenel", "max_age": 86400, "include_subdomains": true, "failure_fraction": 0.01}
age: 432663
content-length: 1418
cf-request-id: 09444dc8c700004c563809a000000001
last-modified: Fri, 11 Mar 2016 23:22:56 GMT
server: cloudflare
etag: "56e35350-58a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group": "mediafirenel", "max_age": 86400, "include_subdomains": true, "endpoints": [{"url": "https://browser-reports.mediafire.dev/network-error"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 63b3e587a9574c56-AMS
expires: Fri, 30 Apr 2021 15:33:11 GMT

GET folder-sm.png
static.mediafire.com/images/icons/myfiles/ 0
0

GET 1x1_transparent.gif
www.mediafire.com/images/icons/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: static.mediafire.com
URL: https://static.mediafire.com/images/icons/myfiles/folder-sm.png

Domain: www.mediafire.com
URL: https://www.mediafire.com/images/icons/1x1_transparent.gif

Verdicts & Comments Add Verdict or Comment

1063 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.mediafire.com/	1970-01-19 18:03:49	Name: __cfduid Value: d2d24119bac0c8b68765e1c416a6b35ef1617637453
			.mediafire.com/	1970-01-19 19:30:13	Name: _fbp Value: fb.1.1617637453244.759220825

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
aphycolourses.info
aporasal.net
connect.facebook.net
dc5k8fg5ioc8s.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
lh3.googleusercontent.com
static.mediafire.com
stats.g.doubleclick.net
translate.google.com
translate.googleapis.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.mediafire.com
www19.todhamilton.pro
www4.todhamilton.pro
www44.todhamilton.pro
www49.todhamilton.pro
www5.todhamilton.pro
www75.todhamilton.pro
www85.todhamilton.pro
www94.todhamilton.pro
www96.todhamilton.pro
static.mediafire.com
www.mediafire.com
104.16.202.237
13.226.156.80
172.64.100.8
172.67.178.34
2a00:1450:4001:800::200e
2a00:1450:4001:801::2001
2a00:1450:4001:801::200a
2a00:1450:4001:808::2003
2a00:1450:4001:808::200a
2a00:1450:4001:809::2008
2a00:1450:4001:80e::200e
2a00:1450:4001:810::2003
2a00:1450:4001:810::200e
2a00:1450:4001:827::2003
2a00:1450:4001:82a::2004
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::200e
2a00:1450:400c:c1b::9c
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
54.144.3.29
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
059fcf4044e5c1d6190f93fab6704bd741e6ab74a08b65b6270b1e1980cc2249
08206401d5e061483e80d87b7973bb6ea9738e6d813d4726190520f9fba9aa0a
0b9191f2cd7c6a9cca2907f04717014b91b655c4345169882578bfeffa4bc185
0e22480fedede5a65ac4ead538bef3ed4d90817d09d07f5ffde0512e6c336f60
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
13b5eece5a7359f9c0de2b4b3c24eeed42fa547e5811238bc9434dcc975bb101
1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a
1a0ec73a3ca7f354865d6b95401c50627fdf5a9b0da763a6f75fa818fd775b55
1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213
255e0bccb80070e1d8c87ec8a70d16f7ee9d17611636a1c0f3d24a5bb88bc759
2717dcc1ddd778f68223461ebd53610370e7617b6c74366bfc16a1e6e979cc58
2782c8dcb1e774e331413fa360d191b7317836272ec358d8ee1a043aba7b98da
27c8585805b4c554e566e8ee3eea8bd01d749945dbdce3a0ecad54658a8bf90f
3aa8c15bbaeb3aaa090b3c0419ecd2051d33f5186a2d7eaf30cba4b92b811a30
3b59efbfb74af421903adb42ca44d1f0d72c12be1bba30a855089d128b124487
3bf4a27d60db92d1b793ca62cf8e40ee7e377b1b62198787ba2a1b16f68c2889
3f66ff09af02daad7b81f896c4609fec36b51b86966204c4f22c8df03f9b12dc
42bf9a441f091c48d957d8ba2cd8692801927a1f8cf7831d99ed48c70a6366f3
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
491a3eb3f15007596849d553c8d727ab4b327924a9c7ec73dfdecfb018476d5d
4b89a66b5dadb6a47181b032655b1a6fc5a04cae3ca371b491ec78a86e55416b
519350a873ad96460e271b4ff07766191b645727374551bf0351beb0e853a403
5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed
5e13641628023a0b53a8b96b1e75f58ef7bdddc3e89ac27abec340f809f2654e
5fe03bfd95a2d4e640ed7d04dcb08ef991c327a5ab6f6fdb9eb06e1efc76af30
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
63eadbe47fa672ee37a399b381eead8420f4fdbccc2f2fbb2ea02b74607638cd
66da7ebe654714904ee46195faddb3773cb8bb50fa96aaa851b34dddc81ad1b0
6a6ab7718d2d5f52dec09aef75481f7b88f9577834299e503e84e52391094fb2
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b
744aa9b7d473a0dd019fef240601fbf8c4f80f2dbd8ffa95e141b17bfd260830
75ffba9549b100f2a7f51bf535f29a179d155953ecfeb9f6c15c6796b71694e5
772d0bb40223f70dc0c1caa7a571f3fa516d7863fd8721e4ebab33de77577f00
7b54a2177ca8d8da3e3216510f110e57b8d2bfbe71446078af20e2e310789c29
80f35659d030651ea3acc6d6e97475b42eaa60d5700e83f9623cf90904d42cec
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
859cac1f123c91feb802abf769d3733261ef9da3c4a7e21f1229882915904832
86cc35989be655e6cbe68540cf835dec34388862a948fbd05850100797c32319
87f6685e09727fcd112cfa45878a97a4d6bf8d801003238c15494f980f0f6ac7
9209253f38a495f1267e783dc8a44b329779e377ea27ab40ebfc24f07432d6ad
94446526664e79945d8dd168f79fc3b84c408646d628633c127fa928686d210b
96d6ffbda24d8da0c6206aae81e00a45aa16632ff980b1a0473e8d03f0504086
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
a074822a305e798756ed684e05c027df930e48ffb5a2dfb42e4003f9aec36e4a
a4d06b89d8272d57fa160b03ce7bb35bdc7953513b80337840248c4e650c004c
ad83e6677448ef9dc4e764c66d1884453a34a98c6ae5bc6249c5a7cbf9894d1c
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b631408bea7aff541f7bd43245ad71f824c539efe5675ef0573299b61575694d
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd5d89bcee7f3caf8ddb309e6d5eca7272823920964247a5bd0afe5046985537
bfcc5bc8242d357752657942690541bb3e4b907384af1c56586f6466d7116db2
c3b36b2ab6b414ab00278723905eb60e90b28cea027975df30a6891ccede7bba
c6fae744c9b3ea5dea4f219caa312df7e1f74f5d43d723c17ecc72089133dbe3
c73b822c3598e2c68f2a09a42f85de10adececb9bcf838279fc93f1c37012b1f
c9276e36cd8d47ddb41bc5fd98646d2af67b318cfa49b86db4a01e533066b416
c96501e2a68228e720d6b603f955216c05e713fdd0d5e1d07c2ccf87823d3f06
c99a788ae27767ab75096b0da02ae5b92f680a5d51c2d1c03ae9c145cba317a4
ca537b74a51c73d56a401ea7d361ad32f692558ab321b86a8fb0979f2927712c
cb5144249b64fd6e2dfeba71d8d5be2e9a68fb629d48bc96b84267aae63577d3
cc99ad98e29747639278d7d1646a7fe1e2a6669f9b205008465d94d977595c6a
d0c5c6c551529451e87d5bf71fe2b88ed07d2e4451732fac7495a802d9d2cab5
d4d96f480e8246a7712c4bfa0eb8177f122f67c31f28f4ab133cbb1c2c05f747
d95a93b633d87a4808fae8d3b386ca28c9978eadb6c3d4d0d5ea1f08dbb84b10
d98133ce0dc7033265505bffc7aebd92fad444a0cd0271832a877418ccc889c6
d9e1d61df4646995a3a923572f6be396aee20694a7f0a846892a012dbe674ab1
db5e34025d3057c2184af84877bb36bad348bd5033b05c94731d985ebd60e12d
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
deda48e7551fea100f9dce74acceb543723ad1260e4aabe65918c567d657f156
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8f5aaa7bdc6fad034cf60baff78fc6bb703dd915b91d24bd4a292d715e8e583
ec361bce3349b6cbb5e414df65c58151bf4ad12078c6fc15ffd9dffcfbfa92d6
edf29a5069b0812d87c6724f54eb33953f23f81426e9d63afbeda73e8ab8e151
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f15316721389b1b084e6fb85747089ea51ccf9d81fcfb1b33ace326898e2913f
f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4
f9a75024e53f8a3e5ef92e12c87457fbfacc5508a5d7fbdde9126ee267e8b70b
f9aa2f5b856b3a445e8caa228da13bb8b5ef9c1157737c960771b4d49ea8055d

www.mediafire.com Open in urlscan Pro 104.16.202.237 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

121 Requests

98 %HTTPS

76 %IPv6

15 Domains

29 Subdomains

22 IPs

3 Countries

2678 kBTransfer

6811 kBSize

2 Cookies

7 Outgoing links

Page URL History

Redirected requests

121 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.mediafire.com Open in urlscan Pro
104.16.202.237 Public Scan

Screenshot
Live screenshot

Full Image

121
Requests

98 %
HTTPS

76 %
IPv6

15
Domains

29
Subdomains

22
IPs

3
Countries

2678 kB
Transfer

6811 kB
Size

2
Cookies

121 HTTP transactions
1 data transactions