www.mediafire.com Open in urlscan Pro
104.17.151.117 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file
Submission: On November 28 via manual (November 28th 2024, 11:49:42 am UTC) from LV — Scanned from US

Summary HTTP 74 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 35 IPs in 3 countries across 23 domains to perform 74 HTTP transactions. The main IP is 104.17.151.117, located in and belongs to CLOUDFLARENET, US. The main domain is www.mediafire.com. The Cisco Umbrella rank of the primary domain is 42384.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 30th 2024. Valid for: a year.

This is the only time www.mediafire.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 13	104.17.151.117 104.17.151.117	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.67.199.186 172.67.199.186	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2607:f8b0:400... 2607:f8b0:4006:816::2008	15169 (GOOGLE) (GOOGLE)
3	142.251.179.154 142.251.179.154	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5049	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	108.139.29.40 108.139.29.40	16509 (AMAZON-02) (AMAZON-02)
2	104.18.159.164 104.18.159.164	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	100.20.160.207 100.20.160.207	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4004:c09::64	15169 (GOOGLE) (GOOGLE)
1 4	98.83.224.108 98.83.224.108	14618 (AMAZON-AES) (AMAZON-AES)
2	2607:f8b0:400... 2607:f8b0:4004:c1d::8b	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c08::9a	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:816::2002	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4004:c1d::8a	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:824::200a	15169 (GOOGLE) (GOOGLE)
15	142.251.167.138 142.251.167.138	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c19::84	15169 (GOOGLE) (GOOGLE)
1	142.251.179.156 142.251.179.156	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6816:3556	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:200... 2a04:4e42:200::485	54113 (FASTLY) (FASTLY)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2620:100:a00b::4 2620:100:a00b::4	19750 (AS-CRITEO) (AS-CRITEO)
1	108.138.128.46 108.138.128.46	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:251... 2600:9000:2511:e200:a:e047:754:f4a1	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:400... 2607:f8b0:4004:c0b::84	15169 (GOOGLE) (GOOGLE)
1	162.19.138.83 162.19.138.83	16276 (OVH OVH SAS) (OVH OVH SAS)
1	35.190.39.111 35.190.39.111	15169 (GOOGLE) (GOOGLE)
1	142.250.31.94 142.250.31.94	15169 (GOOGLE) (GOOGLE)
1	64.233.180.154 64.233.180.154	15169 (GOOGLE) (GOOGLE)
1	2620:100:a00b... 2620:100:a00b::12	19750 (AS-CRITEO) (AS-CRITEO)
1	172.253.122.156 172.253.122.156	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c1d::84	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::3	() ()
74	35

13 104.17.151.117 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.mediafire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.mediafire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sandbox.mediafire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.199.186 (United States)

ASN13335 (CLOUDFLARENET, US)

the.gatekeeperconsent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
privacy.gatekeeperconsent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:816::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.179.154 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: pd-in-f154.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5049 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.139.29.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-29-40.jfk50.r.cloudfront.net

cdn.amplitude.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.159.164 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.otnolatrnup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
otnolatrnup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 100.20.160.207 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-100-20-160-207.us-west-2.compute.amazonaws.com

api.amplitude.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c09::64 (Washington, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 98.83.224.108 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-98-83-224-108.compute-1.amazonaws.com

ad.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c1d::8b (Washington, United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c08::9a (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:816::2002 (United States)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c1d::8a (Washington, United States)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:824::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 142.251.167.138 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: ww-in-f138.1e100.net

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c19::84 (Washington, United States)

ASN15169 (GOOGLE, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.179.156 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: pd-in-f156.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3556 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:100:a00b::4 (United States)

ASN19750 (AS-CRITEO, US)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.128.46 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-128-46.jfk50.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2511:e200:a:e047:754:f4a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c0b::84 (Washington, United States)

ASN15169 (GOOGLE, US)

8a0192c7d6dd2282cb8d7c787c74a932.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.83 (Frankfurt am Main, Germany)

ASN16276 (OVH OVH SAS, FR)
PTR: ns31532338.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.39.111 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 111.39.190.35.bc.googleusercontent.com

esp.rtbhouse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.31.94 (United States)

ASN15169 (GOOGLE, US)
PTR: bj-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.180.154 (United States)

ASN15169 (GOOGLE, US)
PTR: pe-in-f154.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:100:a00b::12 (United States)

ASN19750 (AS-CRITEO, US)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.122.156 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f156.1e100.net

ep1.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c1d::84 (Washington, United States)

ASN15169 (GOOGLE, US)

ep2.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::3 (None, )

ASN- ()

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	google.com analytics.google.com — Cisco Umbrella Rank: 142 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 695 www.google.com Failed	93 KB
13	mediafire.com 1 redirects www.mediafire.com — Cisco Umbrella Rank: 42384 static.mediafire.com — Cisco Umbrella Rank: 66050 sandbox.mediafire.com	96 KB
6	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 218 stats.g.doubleclick.net — Cisco Umbrella Rank: 135 td.doubleclick.net — Cisco Umbrella Rank: 182	186 KB
5	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1010 Failed ad.crwdcntrl.net — Cisco Umbrella Rank: 19155 bcp.crwdcntrl.net — Cisco Umbrella Rank: 1026	15 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	299 KB
2	adtrafficquality.google ep1.adtrafficquality.google — Cisco Umbrella Rank: 389 ep2.adtrafficquality.google — Cisco Umbrella Rank: 403	20 KB
2	gstatic.com fonts.gstatic.com csi.gstatic.com	48 KB
2	googlesyndication.com 8a0192c7d6dd2282cb8d7c787c74a932.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110	26 KB
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1004 id5-sync.com — Cisco Umbrella Rank: 533	29 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36	22 KB
2	otnolatrnup.com cdn.otnolatrnup.com — Cisco Umbrella Rank: 65058 otnolatrnup.com — Cisco Umbrella Rank: 56664	57 KB
2	amplitude.com cdn.amplitude.com — Cisco Umbrella Rank: 3096 api.amplitude.com — Cisco Umbrella Rank: 2614	22 KB
2	gatekeeperconsent.com the.gatekeeperconsent.com — Cisco Umbrella Rank: 14028 privacy.gatekeeperconsent.com — Cisco Umbrella Rank: 35054	3 KB
1	criteo.com gum.criteo.com — Cisco Umbrella Rank: 450
1	rtbhouse.com esp.rtbhouse.com — Cisco Umbrella Rank: 4214	486 B
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 4220	4 KB
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 793	13 KB
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 2700	1 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 2357	8 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 318	902 B
1	googleusercontent.com lh3.googleusercontent.com — Cisco Umbrella Rank: 45	11 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	6 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 617	7 KB
74	23

	Domain	Requested by
17	fundingchoicesmessages.google.com	securepubads.g.doubleclick.net
7	www.mediafire.com	1 redirects www.mediafire.com static.cloudflareinsights.com
5	static.mediafire.com	www.mediafire.com
4	securepubads.g.doubleclick.net	www.mediafire.com securepubads.g.doubleclick.net
4	www.googletagmanager.com	www.mediafire.com www.googletagmanager.com
3	bcp.crwdcntrl.net	1 redirects www.mediafire.com tags.crwdcntrl.net
2	analytics.google.com	www.googletagmanager.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	csi.gstatic.com	pagead2.googlesyndication.com
1	ep2.adtrafficquality.google	securepubads.g.doubleclick.net ep2.adtrafficquality.google
1	ep1.adtrafficquality.google	securepubads.g.doubleclick.net
1	gum.criteo.com	static.criteo.net
1	pagead2.googlesyndication.com
1	fonts.gstatic.com	fonts.googleapis.com
1	esp.rtbhouse.com	invstatic101.creativecdn.com
1	id5-sync.com	cdn.id5-sync.com
1	8a0192c7d6dd2282cb8d7c787c74a932.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	lh3.googleusercontent.com	www.mediafire.com
1	fonts.googleapis.com
1	td.doubleclick.net	www.googletagmanager.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	ad.crwdcntrl.net	cdn.otnolatrnup.com
1	tags.crwdcntrl.net	cdn.otnolatrnup.com securepubads.g.doubleclick.net
1	otnolatrnup.com	cdn.otnolatrnup.com
1	api.amplitude.com	cdn.amplitude.com
1	sandbox.mediafire.com	www.mediafire.com
1	cdn.otnolatrnup.com	www.mediafire.com
1	cdn.amplitude.com	www.mediafire.com
1	privacy.gatekeeperconsent.com	the.gatekeeperconsent.com
1	static.cloudflareinsights.com	www.mediafire.com
1	the.gatekeeperconsent.com	www.mediafire.com
0	www.google.com Failed	ep2.adtrafficquality.google
74	38

This site contains links to these domains. Also see Links.

Domain
download1326.mediafire.com
facebook.com
blog.mediafire.com
twitter.com
www.facebook.com

Subject Issuer	Validity	Valid
*.mediafire.com Sectigo RSA Domain Validation Secure Server CA	`2024-07-30` - `2025-08-30`	a year	crt.sh
gatekeeperconsent.com WE1	`2024-10-19` - `2025-01-17`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
cloudflareinsights.com WE1	`2024-11-01` - `2025-01-30`	3 months	crt.sh
cdn.amplitude.com Amazon RSA 2048 M03	`2024-11-14` - `2025-12-13`	a year	crt.sh
otnolatrnup.com WE1	`2024-11-27` - `2025-02-25`	3 months	crt.sh
*.amplitude.com COMODO RSA Domain Validation Secure Server CA	`2024-01-31` - `2025-03-02`	a year	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M02	`2024-09-07` - `2025-10-07`	a year	crt.sh
*.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.doubleclick.net WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.googleusercontent.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
id5-sync.com WE1	`2024-11-28` - `2025-02-26`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
oa.openxcdn.net WR3	`2024-11-13` - `2025-02-11`	3 months	crt.sh
invstatic101.creativecdn.com WR3	`2024-10-15` - `2025-01-13`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-09-24` - `2024-12-21`	3 months	crt.sh
cdn.prod.uidapi.com Amazon RSA 2048 M03	`2024-11-20` - `2025-12-20`	a year	crt.sh
esp.rtbhouse.com WR3	`2024-10-22` - `2025-01-20`	3 months	crt.sh
*.gstatic.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-09-24` - `2024-12-25`	3 months	crt.sh
adtrafficquality.google WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh

This page contains 8 frames:

Primary Page: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file
Frame ID: 5553FE569009FEE6A6DA516A874A62D2
Requests: 66 HTTP requests in this frame

Frame: https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/a6e12e96a2d5/main.js
Frame ID: 900647A324FB57582CE4EC7EE617717F
Requests: 2 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-K68XP6D85D&gacid=962857558.1732794576&gtm=45je4bk0v887485693z86304663za200zb6304663&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485&z=1864684616
Frame ID: 0F84E7B06ED2D1E9404DBC29B34BD8DE
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: B2E3766F276ED822AAF5526C057F392F
Requests: 1 HTTP requests in this frame

Frame: https://8a0192c7d6dd2282cb8d7c787c74a932.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 54CA76D7BF2CAD7D0F66B3964D04FE24
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=0&gdpr_consent=&gpp=DBABL~BVQqAAAAAg&gpp_sid=7
Frame ID: FF085B50BE93FF37472E03BD954F7E0C
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: 52A59AD49E730DCE179F60B6064B6E61
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D0F7F4A69C45F34CC6D3892B2F25ACD0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

da hood

Detected technologies

Amplitude (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.amplitude\.com

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

74
Requests

93 %
HTTPS

50 %
IPv6

23
Domains

38
Subdomains

35
IPs

3
Countries

967 kB
Transfer

2918 kB
Size

47
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://download1326.mediafire.com/frzfo2d82iqg7BoyDiHTTXf96UScfotb4G4TbVy5MV-rdWaVtJGYw3-bwcLkO1pQNWQ5x6MddEZcfdar4zOJcLQKxCB6IpCSZkqhd_XCJbiosUt0022tu0Lx4EbbKjtDibrpwvz4HK5SIvIRg745RTiV4k8_ZP92qRKBMDZH5Het2-zC/gcfnj5pum9dfj6s/da+hood.cfg
Title: Download (4.42KB)

Search URL Search Domain Scan URL

URL: https://facebook.com/share.php?u=https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file
Title: Post to Facebook

Search URL Search Domain Scan URL

URL: http://blog.mediafire.com/

Search URL Search Domain Scan URL

URL: https://twitter.com/#!/mediafire

Search URL Search Domain Scan URL

URL: https://www.facebook.com/mediafire

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15

https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/a6e12e96a2d5/main.js

Request Chain 25

https://bcp.crwdcntrl.net/map/c=3722/tp=ADSP/tpid=caac429a82f84154a2b81390bf96b21f HTTP 302
https://bcp.crwdcntrl.net/map/ct=y/c=3722/tp=ADSP/tpid=caac429a82f84154a2b81390bf96b21f

74 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request file Show response
www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/ 240 KB
70 KB 520ms
229ms Document
text/html 104.17.151.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.151.117 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

acbb9bf775bcb9338c2e3c95c8d3d63b2eaad792784ab2f4b661d6b3f6c3dd61

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-methods: OPTIONS, POST, GET
access-control-allow-origin: https://www.mediafire.com
alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 8e9a22acf8cefad2-SJC
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 28 Nov 2024 11:49:35 GMT
expires: 0
pragma: no-cache
priority: u=0,i
server: cloudflare
server-timing: cfCacheStatus;desc="DYNAMIC" cfExtPri
strict-transport-security: max-age=0
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-mf-env: liveApi
x-mf-fe: mf2
x-robots-tag: noindex, nofollow

GET
H3 200 cmp.min.js Show response
the.gatekeeperconsent.com/ 3 KB
2 KB 229ms
92ms Script
application/javascript 172.67.199.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the.gatekeeperconsent.com/cmp.min.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.199.186 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e35c37f1f90a38d6e2975108d3ea71e43c00e40f8662114b3ff6373e2bdd04d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

x-robots-tag: noindex
content-encoding: gzip
cf-cache-status: HIT
age: 147
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3hZ7p0JKd4dWTXakwdhJjdFywlNiRoIfs9UutDAywI4L7lTxwsPvFRitoeU977DAQzI4r0nYgVWXf4XaHrorHXf6MOdgcuAfVjWQq08Wc%2BGd6iALLjEM2fF%2FqKHyfackuR0FpGxoVj%2Ba4hhc"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=73904&min_rtt=73896&rtt_var=27726&sent=11&recv=7&lost=0&retrans=0&sent_bytes=4143&recv_bytes=4264&delivery_rate=44534&cwnd=12000&unsent_bytes=0&cid=2c74cb129eb7c12a&ts=140&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 28 Nov 2024 11:49:35 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 28 Nov 2024 11:47:08 GMT
priority: u=1,i=?0
cache-control: public, max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8e9a22afceaa2a9d-LAX
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 210 KB
76 KB 485ms
152ms Script
application/javascript 2607:f8b0:4006:816::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-829541-1

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ea0d216099b7a761ec78195f2c42877e4aaec4f7d76df2866d609dc8b214e85d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 28 Nov 2024 11:49:35 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:35 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 28 Nov 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 77281
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 108 KB
33 KB 482ms
155ms Script
text/javascript 142.251.179.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.179.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f154.1e100.net

Software

cafe /

Resource Hash

5c87b4d461ad3f07db4fe4e317eea70c3d39794c3bf02bb0b4d7df647b319466

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

content-encoding: br
etag: 686 / 20055 / m202411180101 / config-hash: 2173145291705866055
x-content-type-options: nosniff
expires: Thu, 28 Nov 2024 11:49:35 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Thu, 28 Nov 2024 11:49:35 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33728
x-xss-protection: 0
server: cafe

GET
H3 200 black_friday_banner.svg
static.mediafire.com/images/backgrounds/download/affiliate_fullpage/blackfriday/ 6 KB
3 KB 136ms
118ms Image
image/svg+xml 104.17.151.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/affiliate_fullpage/blackfriday/black_friday_banner.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.151.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5833cf584120257e4624950a017a1d944e052313ca7e6328cb5d7bc8ccb10ed3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"6747623e-17a2"
age: 757
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Thu, 28 Nov 2024 11:49:35 GMT
content-type: image/svg+xml
last-modified: Wed, 27 Nov 2024 18:17:34 GMT
vary: Accept-Encoding
priority: u=2,i
x-mf-fe: mf2
cf-ray: 8e9a22af1ae0fad2-SJC
access-control-allow-origin: *
server: cloudflare

GET
H2 200 vcd15cbe7772f49c399c6a5babf22c1241717689176015 Show response
static.cloudflareinsights.com/beacon.min.js/ 19 KB
7 KB 465ms
88ms Script
text/javascript 2606:4700::6810:5049
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.mediafire.com
Referer: https://www.mediafire.com/

Response headers

cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"2024.6.1"
cross-origin-resource-policy: cross-origin
cf-ray: 8e9a22b2c9bd2b86-LAX
access-control-allow-origin: *
date: Thu, 28 Nov 2024 11:49:35 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 consent_modules.json Show response
privacy.gatekeeperconsent.com/ 30 B
725 B 222ms
85ms XHR
application/json 172.67.199.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://privacy.gatekeeperconsent.com/consent_modules.json
Requested by: Host: the.gatekeeperconsent.com
URL: https://the.gatekeeperconsent.com/cmp.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.199.186 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 182bf11a786ed9f3b8590415e512883a3a30966e9edff7f1405c7d59dc815ef0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

cache-control: max-age=15780000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MxWonjUdS4LmIptKTnz65PCEfe21TZpgu0A7pcKZLWa58m2qkBFu4CuuJGo8lWSWxyCF5nl8sAEmgXtuzXeRepiDpAhKDAA7SqF4H%2Bi0Td3G9fFXY3dfUhHOM%2FKwjKU3jlW3XEmmC6oGJ8c9HCp8dQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e9a22b13c90f7a5-LAX
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 30
server-timing: cfL4;desc="?proto=QUIC&rtt=74127&min_rtt=74099&rtt_var=27807&sent=11&recv=7&lost=0&retrans=0&sent_bytes=4145&recv_bytes=4297&delivery_rate=45281&cwnd=12000&unsent_bytes=0&cid=e2f0592a89ec6c07&ts=132&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 28 Nov 2024 11:49:35 GMT
content-type: application/json;charset=UTF-8
vary: Accept-Encoding
server: cloudflare
priority: u=1,i

GET
H2 200 amplitude-8.5.0-min.gz.js Show response
cdn.amplitude.com/libs/ 68 KB
22 KB 542ms
152ms Script
application/javascript 108.139.29.40
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-29-40.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.mediafire.com
Referer: https://www.mediafire.com/

Response headers

access-control-max-age: 3000
content-encoding: gzip
etag: "660c3b546f2a131de50b69b91f26c636"
x-amz-version-id: NY8_7uBz3xoXYJBVsMSBAGHOz8ixMBS3
age: 92498
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: zkcYLqVoVJKem_Ya0WRXhOZLUrFxvLBlkhHRn72cDNvmsSS-gTOmjg==
date: Wed, 27 Nov 2024 10:07:58 GMT
content-type: application/javascript
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Fri, 13 Aug 2021 22:37:42 GMT
cache-control: max-age=31536000
via: 1.1 10a23502057a5449ee9e08eab6e9c0d4.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 22154
x-amz-cf-pop: JFK50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 278 KB
88 KB 288ms
190ms Script
application/javascript 2607:f8b0:4006:816::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

42d1e8088be4e5282949673dd43d093c4e14062d65489f5a8d2fb6eb9537ce65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Thu, 28 Nov 2024 11:49:35 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:35 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 28 Nov 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 89642
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 mf_logo_u1_reversed.svg
static.mediafire.com/images/backgrounds/header/ 4 KB
2 KB 118ms
117ms Image
image/svg+xml 104.17.151.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/header/mf_logo_u1_reversed.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.151.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79399054b44cdca9b15b0bc784b6acb4be9e94e60fcc8b0e68ee70f642253f08

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"62deda56-115c"
age: 11663
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Thu, 28 Nov 2024 11:49:35 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
vary: Accept-Encoding
priority: u=3,i
x-mf-fe: mf2
cf-ray: 8e9a22b09c0cfad2-SJC
access-control-allow-origin: *
server: cloudflare

GET
H3 200 file-doc-v3.png
static.mediafire.com/images/filetype/ 2 KB
2 KB 117ms
117ms Image
image/png 104.17.151.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/filetype/file-doc-v3.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.151.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5a40187872c582306ee70b3c504497afd2b57d0398269da5ff6950c948a867df

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

cf-cache-status: HIT
etag: "62deda56-6af"
age: 13205
access-control-allow-methods: OPTIONS, POST, GET
expires: Sat, 28 Dec 2024 05:01:27 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Thu, 28 Nov 2024 11:49:35 GMT
content-type: image/png
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: max-age=2592000
x-mf-fe: mf2
cf-ray: 8e9a22b09c11fad2-SJC
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1711
server: cloudflare

GET
H3 200 icons_sprite.svg
www.mediafire.com/images/icons/svg_dark/ 36 KB
8 KB 139ms
138ms Image
image/svg+xml 104.17.151.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mediafire.com/images/icons/svg_dark/icons_sprite.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.151.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1fdd0b259b84f4ec7478d7fadabf0514dc8952ae2cf24dfa9520cd6475b91a7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"62deda56-90ab"
age: 3944
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Thu, 28 Nov 2024 11:49:35 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
vary: Accept-Encoding
priority: u=3,i
cf-ray: 8e9a22b09c13fad2-SJC
x-mf-fe: mf1
access-control-allow-origin: *
server: cloudflare

GET
H3 200 infinity.js.aspx Show response
cdn.otnolatrnup.com/Scripts/ 179 KB
55 KB 433ms
96ms Script
application/x-javascript 104.18.159.164
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.159.164 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8f19fd251e636aea5aa525de739d0cf1fb8350741ac6955843b29ba773bee33

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

cache-control: public, no-transform, max-age=900
content-encoding: gzip
cf-cache-status: HIT
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
age: 35
cf-ray: 8e9a22b2df0ded3c-SJC
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
p3p: CP="CAO PSA OUR IND"
date: Thu, 28 Nov 2024 11:49:35 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
server: cloudflare
last-modified: Thu, 28 Nov 2024 11:48:33 GMT

GET
H3 200 mf_logo_u1_full_color_reversed.svg
sandbox.mediafire.com/images/backgrounds/header/ 4 KB
2 KB 275ms
263ms Image
image/svg+xml 104.17.151.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sandbox.mediafire.com/images/backgrounds/header/mf_logo_u1_full_color_reversed.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.151.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a0ec73a3ca7f354865d6b95401c50627fdf5a9b0da763a6f75fa818fd775b55

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"62deda56-11ca"
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApiSandbox
date: Thu, 28 Nov 2024 11:49:35 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
vary: Accept-Encoding
priority: u=3,i
cf-ray: 8e9a22b0dc5afad2-SJC
x-mf-fe: mfsbx1
access-control-allow-origin: *
server: cloudflare

GET
H3 200 gold_check_mark.svg
static.mediafire.com/images/backgrounds/download/affiliate_fullpage/blackfriday/ 170 B
407 B 106ms
105ms Image
image/svg+xml 104.17.151.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/affiliate_fullpage/blackfriday/gold_check_mark.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.151.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: da1244fa877854255c15561559a0cd7ead0f1d935ef4302ff9a763c220d9f58c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"67476264-aa"
age: 758
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Thu, 28 Nov 2024 11:49:35 GMT
content-type: image/svg+xml
last-modified: Wed, 27 Nov 2024 18:18:12 GMT
vary: Accept-Encoding
priority: u=3,i
x-mf-fe: mf2
cf-ray: 8e9a22b0cc4bfad2-SJC
access-control-allow-origin: *
server: cloudflare

GET
H3 200 footerIcons.png
static.mediafire.com/images/backgrounds/footer/social/ 583 B
856 B 105ms
104ms Image
image/png 104.17.151.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/footer/social/footerIcons.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.151.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f917a9105c311331b1d40f4d2bdbf11233c1c465616c1a9c46232f451463b061

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

cf-cache-status: HIT
etag: "62deda56-247"
age: 4298
access-control-allow-methods: OPTIONS, POST, GET
expires: Sat, 28 Dec 2024 07:30:45 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Thu, 28 Nov 2024 11:49:35 GMT
content-type: image/png
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: max-age=2592000
x-mf-fe: mf2
cf-ray: 8e9a22b0cc4ffad2-SJC
accept-ranges: bytes
access-control-allow-origin: *
content-length: 583
server: cloudflare

GET
H3

200

main.js Show response
www.mediafire.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/a6e12e96a2d5/ Frame 9006
Redirect Chain

https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/a6e12e96a2d5/main.js?

9 KB
4 KB

100ms
95ms

Script
application/javascript

104.17.151.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/a6e12e96a2d5/main.js?

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file

Protocol

Server

104.17.151.117 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65798d048bc41c72b0af98de541b4953ef67ead2093ee0758bd81adb00c6366a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
content-encoding: gzip
x-content-type-options: nosniff
cf-ray: 8e9a22b43fa9fad2-SJC
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 28 Nov 2024 11:49:36 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
priority: u=3,i=?0

Redirect headers

cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/a6e12e96a2d5/main.js?
cf-ray: 8e9a22b36efefad2-SJC
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 0
server-timing: cfExtPri
date: Thu, 28 Nov 2024 11:49:35 GMT
vary: Accept-Encoding
server: cloudflare
priority: u=3,i=?0

POST
H2 200 / Show response
api.amplitude.com/ 7 B
138 B 342ms
116ms XHR
text/html 100.20.160.207
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.amplitude.com/

Requested by

Host: cdn.amplitude.com
URL: https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

100.20.160.207 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-100-20-160-207.us-west-2.compute.amazonaws.com

Software

Resource Hash

aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://www.mediafire.com/

Response headers

strict-transport-security: max-age=15768000
access-control-allow-origin: *
content-length: 7
date: Thu, 28 Nov 2024 11:49:36 GMT
content-type: text/html;charset=utf-8

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/ 492 KB
152 KB 137ms
136ms Script
text/javascript 142.251.179.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.179.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f154.1e100.net

Software

cafe /

Resource Hash

b95fe6fcb4925330bf629fda90a1362a336b4a8b87bf9573d87927d78c186062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

content-encoding: br
etag: 1421939719645060458
age: 5780
x-content-type-options: nosniff
expires: Fri, 28 Nov 2025 10:13:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Thu, 28 Nov 2024 10:13:16 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 155913
x-xss-protection: 0
server: cafe

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 423ms
137ms Script
text/javascript 2607:f8b0:4004:c09::64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-829541-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::64 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

content-encoding: gzip
age: 6054
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Thu, 28 Nov 2024 12:08:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 10:08:42 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H2 204 td
www.googletagmanager.com/ 0
342 B 152ms
150ms Image
text/plain 2607:f8b0:4006:816::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.googletagmanager.com/td?id=UA-829541-1&v=3&t=t&pid=287993331&dl=www.mediafire.com%2Ffile%2Fgcfnj5pum9dfj6s%2Fda_hood.cfg%2Ffile&tdp=UA-829541-1;;0;0;0&frm=0&z=0
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:816::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgtc:59:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgtc:59:0
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
date: Thu, 28 Nov 2024 11:49:36 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 425 KB
135 KB 157ms
156ms Script
application/javascript 2607:f8b0:4006:816::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c&gtm=45He4bk0v6304663za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c97b1dd9897484d1cf4f75d0eaec154e55bde40725c13c76ea6192a876965e19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 28 Nov 2024 11:49:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:36 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 137637
x-xss-protection: 0
server: Google Tag Manager

POST
H3 200 8e9a22acf8cefad2 Show response
www.mediafire.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 9006 0
699 B 121ms
96ms XHR
text/plain 104.17.151.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/jsd/r/8e9a22acf8cefad2
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.151.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

cf-ray: 8e9a22b5e920fad2-SJC
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
content-length: 0
date: Thu, 28 Nov 2024 11:49:36 GMT
content-type: text/plain; charset=UTF-8
server: cloudflare
priority: u=1,i

GET
H3 200 Tag.engine Show response
otnolatrnup.com/ 2 KB
3 KB 132ms
117ms Script
application/json 104.18.159.164
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://otnolatrnup.com/Tag.engine?time=600&id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=1699&ver=async&referrerUrl=&fingerPrint=123&abr=false&stdTime=-600&fpe=1&bw=1600&bh=1200&res=1600x1200&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fgcfnj5pum9dfj6s%2Fda_hood.cfg%2Ffile&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone
Requested by: Host: cdn.otnolatrnup.com
URL: https://cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.159.164 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ebb0bfac217c130a869132ced47ade5353df6b94b5d22b60e5b184133ced2853

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

cache-control: private, no-transform
content-encoding: gzip
cf-cache-status: DYNAMIC
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
cf-ray: 8e9a22b62cdaed3c-SJC
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
p3p: CP="CAO PSA OUR IND"
date: Thu, 28 Nov 2024 11:49:36 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: cloudflare

GET cc_af.js
tags.crwdcntrl.net/c/4545/ 0
0

GET
H2 200 callback=g367CB268B1094004A3689751E7AC568F.Lotame.CallExtractionAPICallback Show response
ad.crwdcntrl.net/5/c=3722/pe=y/ 131 B
368 B 422ms
134ms Script
application/javascript 98.83.224.108
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.crwdcntrl.net/5/c=3722/pe=y/callback=g367CB268B1094004A3689751E7AC568F.Lotame.CallExtractionAPICallback?59609380
Requested by: Host: cdn.otnolatrnup.com
URL: https://cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 98.83.224.108 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-98-83-224-108.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 3d41b5eccb6d46de2253c6c225a6aef2009f266fc4180385b9d1ad17c19e7329

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

cache-control: no-cache
pragma: no-cache
expires: 0
access-control-allow-origin: *
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length: 131
date: Thu, 28 Nov 2024 11:49:36 GMT
content-type: application/javascript;charset=utf-8
x-server: 10.40.57.30
server: Jetty(9.4.38.v20210224)

GET
H2

200

tpid=caac429a82f84154a2b81390bf96b21f
bcp.crwdcntrl.net/map/ct=y/c=3722/tp=ADSP/
Redirect Chain

https://bcp.crwdcntrl.net/map/c=3722/tp=ADSP/tpid=caac429a82f84154a2b81390bf96b21f
https://bcp.crwdcntrl.net/map/ct=y/c=3722/tp=ADSP/tpid=caac429a82f84154a2b81390bf96b21f

49 B
737 B

154ms
152ms

Image
image/gif

98.83.224.108
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/map/ct=y/c=3722/tp=ADSP/tpid=caac429a82f84154a2b81390bf96b21f
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file
Protocol: H2
Server: 98.83.224.108 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-98-83-224-108.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

cache-control: no-cache
pragma: no-cache
expires: 0
access-control-allow-origin: *
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length: 49
date: Thu, 28 Nov 2024 11:49:36 GMT
content-type: image/gif
x-server: 10.40.0.86
server: Jetty(9.4.38.v20210224)

Redirect headers

cache-control: no-cache
location: https://bcp.crwdcntrl.net/map/ct=y/c=3722/tp=ADSP/tpid=caac429a82f84154a2b81390bf96b21f
pragma: no-cache
expires: 0
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length: 0
date: Thu, 28 Nov 2024 11:49:36 GMT
x-server: 10.40.8.149
server: Jetty(9.4.38.v20210224)

POST
H2 204 collect
analytics.google.com/g/ 0
0 984ms
686ms Fetch
text/plain 2607:f8b0:4004:c1d::8b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je4bk0v887485693z86304663za200zb6304663&_p=1732794575388&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=962857558.1732794576&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1732794576&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fgcfnj5pum9dfj6s%2Fda_hood.cfg%2Ffile&dt=da%20hood&en=page_view&_fv=1&_nsi=1&_ss=1&up.page_url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fgcfnj5pum9dfj6s%2Fda_hood.cfg%2Ffile&tfd=1984
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c&gtm=45He4bk0v6304663za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c1d::8b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.mediafire.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:36 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
556 B 455ms
157ms Ping
text/plain 2607:f8b0:4004:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K68XP6D85D&cid=962857558.1732794576&gtm=45je4bk0v887485693z86304663za200zb6304663&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c&gtm=45He4bk0v6304663za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c08::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.mediafire.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:36 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame 0F84 0
0 651ms
159ms Document
text/html 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-K68XP6D85D&gacid=962857558.1732794576&gtm=45je4bk0v887485693z86304663za200zb6304663&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485&z=1864684616

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c&gtm=45He4bk0v6304663za200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Nov 2024 11:49:37 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 183096492 Show response
fundingchoicesmessages.google.com/i/ 196 KB
65 KB 612ms
176ms Script
application/javascript 2607:f8b0:4004:c1d::8a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/183096492?ers=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::8a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1c4e891f7fe0be30563a5e55ca7c581ed74bce9ef81c8defc5a26f57ff808810

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-ZhEUdbrAj6tT_QBtod7HTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:37 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjStDikmLw0JBikPj6kkkLiJ3SZ7CGAHHrzXOs04E46d951hIgNlS4xOoMxI5Fl1g9gVi15xKrORDfX3eJ9TkQzzh_mXUBEBdJXGFtAWKGr1dYOYBYiJvj4saFu9gEXjzZF6ekkZRfGJ-cn1dSlJlUWpJflJacllqcWlSWWhRvZGBkYmhoaKlnYBhfYAAAt-Y9lQ"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-ZhEUdbrAj6tT_QBtod7HTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
421 B 142ms
140ms XHR
text/plain 2607:f8b0:4004:c09::64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=130424546&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fgcfnj5pum9dfj6s%2Fda_hood.cfg%2Ffile&ul=en-us&de=UTF-8&dt=da%20hood&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=307073401&gjid=1083848106&cid=962857558.1732794576&tid=UA-829541-1&_gid=590147266.1732794577&_r=1&gtm=457e4bk0za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&cd1=unregistered&cd7=legacy&cd3=document&cd4=61&cd5=cfg&cd8=%2F100%2F&jsscut=1&z=2147444732

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::64 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.mediafire.com/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:36 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://www.mediafire.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 1
server: Golfe2

GET
H2 200 AGSKWxWLo1LpHw5xWFNu_9xYzPFVcyE537Ju-Dy0yFd4f_WM1TG11eTSpFHxZ314RKXK6Q-_yMu6VJhbu2PUwrmW9STjcHpXXWavHDOr1tDFHmNxdtyWt7W6rJCVzziTY2NbScX8ILbgbg== Show response
fundingchoicesmessages.google.com/f/ 65 KB
20 KB 175ms
168ms Script
application/javascript 2607:f8b0:4004:c1d::8a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWLo1LpHw5xWFNu_9xYzPFVcyE537Ju-Dy0yFd4f_WM1TG11eTSpFHxZ314RKXK6Q-_yMu6VJhbu2PUwrmW9STjcHpXXWavHDOr1tDFHmNxdtyWt7W6rJCVzziTY2NbScX8ILbgbg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMyNzk0NTc3LDU5NjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlL2djZm5qNXB1bTlkZmo2cy9kYV9ob29kLmNmZy9maWxlIixudWxsLFtbOCwiOXo1a2RkdEtmVW8iXSxbOSwiZW4tVVMiXSxbMjAsIltudWxsLG51bGwsWzMxMDg4MjQ4XSxudWxsLDRdIl0sWzE5LCIyIl1dXQ

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.9z5kddtKfUo.es5.O/am=DgY/d=1/rs=AJlcJMy4sqygLRfBfCmmtDRdEVslECkuZQ/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::8a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c0a6d7113f3e15429e075e3da748b8ae797e2f0213d09e6cc89eed42e81b860f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ugc2z57YVOfzzEzLZrV-ZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:37 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjStDikmJw0ZBikPj6kkkLiJ3SZ7CGAHHrzXOs04E46d951hIgNlS4xOoMxI5Fl1g9gVi15xKrORDfX3eJ9TkQzzh_mXUBEBdJXGFtAWKGr1dYOYBYiIfj4saFu9gEGvZ8OM2kpJGUXxifnJ9XUpSZVFqSX5SWnJZanFpUlloUb2RgZGJoaGipZ2AYX2AAAOakPaM"
content-security-policy: script-src 'report-sample' 'nonce-ugc2z57YVOfzzEzLZrV-ZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H2 200 css
fonts.googleapis.com/ 114 KB
6 KB 466ms
166ms Stylesheet
text/css 2607:f8b0:4006:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.9z5kddtKfUo.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMwlEc_sVMli9kpRqcR6cJANtpBcPQ/m=web_iab_us_states_wall_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

41fd5a9efea51b6c6345afd1c34a99c4ad7f2f0407171bdf4de08e10a050355f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 28 Nov 2024 11:49:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:38 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 28 Nov 2024 11:49:38 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

POST
H3 204 AGSKWxViHfqXVFEvNXrcVG_2XsQtv70vvB5QddVREWhCLawgS7sQFyRlvUfY4WjJbdVcx5uV-Jhcz75Pypxc6NnLWL90SpW9mvyH0ZDsjZQ1YfKQcX6lDrr4QOpt4uxG94CXUVkgGjOI-Q== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 414ms
149ms XHR
text/html 142.251.167.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxViHfqXVFEvNXrcVG_2XsQtv70vvB5QddVREWhCLawgS7sQFyRlvUfY4WjJbdVcx5uV-Jhcz75Pypxc6NnLWL90SpW9mvyH0ZDsjZQ1YfKQcX6lDrr4QOpt4uxG94CXUVkgGjOI-Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.138 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f138.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-lUAfc4iFEnbx4IRrig_KAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.mediafire.com/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:38 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmII1JBicEqfwRoCxAxfr7ByALEQD8eljQt3sQnMaF3dyajkkpRfGJ-cn1eSmleim5hSrAtiF2UmlZbkF6GwU8tAKnLy09Mz89LjjQyMTAwNDS31DEzjCwwA_Wwl0Q"
content-security-policy: script-src 'report-sample' 'nonce-lUAfc4iFEnbx4IRrig_KAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://www.mediafire.com
content-length: 0
x-xss-protection: 0
server: ESF

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxViHfqXVFEvNXrcVG_2XsQtv70vvB5QddVREWhCLawgS7sQFyRlvUfY4WjJbdVcx5uV-Jhcz75Pypxc6NnLWL90SpW9mvyH0ZDsjZQ1YfKQcX6lDrr4QOpt4uxG94CXUVkgGjOI-Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.138 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f138.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-zEsxCrnA58UK9VOFL5GysA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.mediafire.com/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:38 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmJw1ZBicEqfwRoCxAxfr7ByALEQD8eljQt3sQlcePe4k1HJJSm_MD45P68kNa9ENzGlWBfELspMKi3JL0Jhp5aBVOTkp6dn5qXHGxkYmRgaGlrqGZjGFxgAADdVJp4"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-zEsxCrnA58UK9VOFL5GysA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://www.mediafire.com
content-length: 0
x-xss-protection: 0
server: ESF

GET
H2 200 npGXpUc0N4CK7SHFux57ayiqLI4mxZzRMFqfdJskHl3whc8U3XuWXwCuTdKHaylDfQnu79iXhSexFH9VwIxP51W91Xj_nfY678xwxK_OKY86afD6YxnBnQ=h60
lh3.googleusercontent.com/ 11 KB
11 KB 413ms
134ms Image
image/png 2607:f8b0:4004:c19::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/npGXpUc0N4CK7SHFux57ayiqLI4mxZzRMFqfdJskHl3whc8U3XuWXwCuTdKHaylDfQnu79iXhSexFH9VwIxP51W91Xj_nfY678xwxK_OKY86afD6YxnBnQ=h60

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c19::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

746ff3a7d4fdc2fb88363b4a2d5487e6a4f8ae7f399659607478d79f21b12b82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

access-control-expose-headers: Content-Length
etag: "v1"
age: 1711
x-content-type-options: nosniff
expires: Fri, 29 Nov 2024 11:21:07 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:21:07 GMT
content-disposition: inline;filename="unnamed.png"
content-type: image/png
vary: Origin
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
access-control-allow-origin: *
content-length: 10890
x-xss-protection: 0
server: fife

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxViHfqXVFEvNXrcVG_2XsQtv70vvB5QddVREWhCLawgS7sQFyRlvUfY4WjJbdVcx5uV-Jhcz75Pypxc6NnLWL90SpW9mvyH0ZDsjZQ1YfKQcX6lDrr4QOpt4uxG94CXUVkgGjOI-Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.138 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f138.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-3x7ekorfRXSz3UyQkuOmiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.mediafire.com/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:38 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmJw0JBicEqfwRoCxAxfr7ByALEQD8eljQt3sQlc2PS9k1HJJSm_MD45P68kNa9ENzGlWBfELspMKi3JL0Jhp5aBVOTkp6dn5qXHGxkYmRgaGlrqGZjGFxgAACmpJnE"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-3x7ekorfRXSz3UyQkuOmiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://www.mediafire.com
content-length: 0
x-xss-protection: 0
server: ESF

GET
H3 200 AGSKWxXwaxheJNyaTyxuVg4ldKXwLVmcxTlHciiI09VG0oT-vY42KhPOBUwWqG245-pJ4gsA92MXuI5Tf9RiKntzAGWd-avllt7vAa-jrn83V7LcozSdXgP2Pr2pURRm3GwnY4W4TAOr_Q== Show response
fundingchoicesmessages.google.com/f/ 10 KB
5 KB 167ms
167ms Script
application/javascript 142.251.167.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXwaxheJNyaTyxuVg4ldKXwLVmcxTlHciiI09VG0oT-vY42KhPOBUwWqG245-pJ4gsA92MXuI5Tf9RiKntzAGWd-avllt7vAa-jrn83V7LcozSdXgP2Pr2pURRm3GwnY4W4TAOr_Q==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMyNzk0NTc3LDk2MDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsMTFdXSwiaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlL2djZm5qNXB1bTlkZmo2cy9kYV9ob29kLmNmZy9maWxlIixudWxsLFtbOCwiOXo1a2RkdEtmVW8iXSxbOSwiZW4tVVMiXSxbMjAsIltudWxsLG51bGwsWzMxMDg4MjQ4XSxudWxsLDRdIl0sWzE5LCIyIl0sWzEzLCJbXCJEQkFCTH5CVlFxQUFBQUFnXCIsW1s3LFsxNzMyNzk0NTc3LDY4MTk1OTAwMF1dXV0iXV1d

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.138 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f138.1e100.net

Software

ESF /

Resource Hash

84ade454f5a9f2787b54f4628f54226c85bf99d58861ef0984dd4007395a5407

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-43Xc3dGOyyASOqtvQXgeqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:38 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjStDikmLw1pBikPj6kkkLiJ3SZ7CGAHHrzXOs04E46d951hIgNlS4xOoMxI5Fl1g9gVi15xKrORDfX3eJ9TkQzzh_mXUBEBdJXGFtAWKGr1dYOYBYiJvj0saFu9gEGm4elFDSSMovjE_OzyspykwqLckvSktOSy1OLSpLLYo3MjAyMTQ0tNQzMIwvMAAAmfY84w"
content-security-policy: script-src 'report-sample' 'nonce-43Xc3dGOyyASOqtvQXgeqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 200 topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame B2E3 0
0 409ms
135ms Document
text/html 142.251.179.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/static/topics/topics_frame.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.179.156 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f156.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 2547
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000, stale-while-revalidate=3600
content-encoding: br
content-length: 28994
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 28 Nov 2024 11:07:11 GMT
expires: Thu, 28 Nov 2024 11:57:11 GMT
last-modified: Mon, 18 Nov 2024 20:43:40 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 101 KB
29 KB 257ms
89ms Script
text/javascript 2606:4700:10::6816:3556
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59855ab21479dde905cf48ff3e82c9c15fcf97c96f99276952e263ede1f58916

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

x-amz-id-2: ApATeSQETaYNcMByDfizlH9P07SxmXW/Yp058w0/bY8bInFpvlt9qskqi4+ZJ6Vrii2KVG7xl1I=
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=3600
content-encoding: br
cf-cache-status: HIT
etag: W/"a7da20199e9cb2cd9232f608481d0778"
age: 757
x-amz-request-id: PJW14KS18HT2J8M2
cf-ray: 8e9a22c1af6c7d8f-LAX
date: Thu, 28 Nov 2024 11:49:38 GMT
content-type: text/javascript;charset=utf-8
last-modified: Wed, 13 Nov 2024 11:06:09 GMT
vary: Accept-Encoding
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
902 B 229ms
72ms Script
application/javascript 2a04:4e42:200::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
age: 955
x-content-type-options: nosniff
x-jsd-version-type: branch
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Thu, 28 Nov 2024 11:49:38 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-eddf8230042-FRA, cache-lax-kwhp1940136-LAX
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 439
x-jsd-version: master

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 235ms
72ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

x-goog-metageneration: 1
content-encoding: gzip
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
etag: "df5542b88bc0e368c6999754a5b9e2ba"
age: 256232
x-goog-stored-content-encoding: gzip
expires: Tue, 25 Nov 2025 12:39:06 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 7927
date: Mon, 25 Nov 2024 12:39:06 GMT
last-modified: Thu, 27 May 2021 18:30:51 GMT
content-type: application/javascript
x-guploader-uploadid: AFiumC7VZp9IJ7Vq7DdMMjpHBgkJaemSG2uQ7lqLPRk-olfF2Zht3T4dzGz_014a4cvtvpvly3w
cache-control: no-transform
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
x-goog-generation: 1622140251693895
content-length: 7927
server: UploadServer

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
1 KB 410ms
242ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 839e11d5ea35fe60fd65d0da091762640d7b98144b58f553a8742d863bc60795

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

etag: 96161c00fc10ad819c09e1314f0ae5b4
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1213
date: Thu, 28 Nov 2024 11:49:38 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 14 Nov 2024 17:54:21 GMT
server: Google Frontend
x-cloud-trace-context: dd1745948a0c2ce5decc023ac2a6e777

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
13 KB 539ms
266ms Script
text/javascript 2620:100:a00b::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a00b::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

1635d2075d3343c86490d2229c1fb868ad59d92958ef65e04cb65767c703e9f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"670e3454-a69c"
cross-origin-resource-policy: cross-origin
expires: Fri, 29 Nov 2024 11:49:38 GMT
access-control-allow-origin: *
date: Thu, 28 Nov 2024 11:49:38 GMT
content-type: text/javascript
last-modified: Tue, 15 Oct 2024 09:22:28 GMT
server: nginx

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 43 KB
13 KB 159ms
157ms Script
text/javascript 108.138.128.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-46.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 30b32e97f2e3e06deb742bf2e19daeb4f4657a956e836c2a25a7df2bc72f7500

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

vary: Accept-Encoding
cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"7db46e1255a018ecf02f47b2c19c26c4"
age: 8713
via: 1.1 74e6dd86eff86d5443ebe1a2ced7df88.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: jy92bE2KKqq-bSsM4bgS5zXCp3asdVVTA-2-TGwJ1Vp0-qnDHzqGhQ==
date: Thu, 28 Nov 2024 09:24:26 GMT
content-type: text/javascript
last-modified: Tue, 20 Aug 2024 18:47:40 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P4
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 3 KB
4 KB 456ms
136ms Script
text/javascript 2600:9000:2511:e200:a:e047:754:f4a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2511:e200:a:e047:754:f4a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1764e898369c24be8d7d1cbcb82079c27f3898fbc1883f388a5c1008dd30c9e8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

x-amz-version-id: 0u1R0tyw.MUCZY63NwBE.7D35dRY5mh8
ETag: "0537d8d06dd9dfbe911ad6bf6504f4bf"
Age: 19487
Connection: keep-alive
Via: 1.1 b260b0d4d2162fe305bab4403f7e668c.cloudfront.net (CloudFront)
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Content-Length: 3181
X-Amz-Cf-Id: VGySpjekTsWBevyva0gKx4T3sLHN83przisiS-jAtncHsyAM79CNoA==
Date: Thu, 28 Nov 2024 06:24:52 GMT
Content-Type: text/javascript
Last-Modified: Wed, 31 Jul 2024 16:30:07 GMT
Server: AmazonS3
X-Amz-Cf-Pop: JFK50-P6
x-amz-server-side-encryption: AES256

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 906 B
488 B 174ms
173ms Fetch
text/plain 142.251.179.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=809932855852200&correlator=2475107800299813&eid=31088252&output=ldjh&gdfp_req=1&vrg=202411180101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&gpp=DBABL~BVQqAAAAAg&gpp_sid=7&iu_parts=21882844027%2CWallpaper-Template-Ad-Tracking&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=1&didk=469747749&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1732794577988&lmt=1732794577&adxs=-139986&adys=600&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fgcfnj5pum9dfj6s%2Fda_hood.cfg%2Ffile&vis=1&psz=1600x1200&msz=0x-1&fws=0&ohw=0&td=1&egid=443&tan=8bba4d7c-ab73-4c30-9c33-0cdc493fc12b&tdf=2&topics=9&tps=9&htps=10&a3p=EhkKCnB1YmNpZC5vcmcYuujrlLcySABSAghkEhwKDWNyd2RjbnRybC5uZXQYu-jrlLcySABSAghkEhkKCnVpZGFwaS5jb20Yu-jrlLcySABSAghkEhQKBW9wZW54GLvo65S3MkgAUgIIZBIbCgxpZDUtc3luYy5jb20YuujrlLcySABSAghkEh0KDmVzcC5jcml0ZW8uY29tGLvo65S3MkgAUgIIZBIXCghydGJob3VzZRi76OuUtzJIAFICCGQ.&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1732794575066&idt=1543&adks=3433575438&frm=20&eoidce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.179.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f154.1e100.net

Software

cafe /

Resource Hash

d758d12bc08403a4fda7127055e0aa87e63a39750fcfe0e1b74ad57dafbbc804

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

content-encoding: br
google-lineitem-id: -2
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Thu, 28 Nov 2024 11:49:38 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 457
x-xss-protection: 0
server: cafe

GET
H2 200 container.html
8a0192c7d6dd2282cb8d7c787c74a932.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 54CA 0
0 433ms
135ms Document
text/html 2607:f8b0:4004:c0b::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8a0192c7d6dd2282cb8d7c787c74a932.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 28 Nov 2024 11:49:38 GMT
expires: Thu, 28 Nov 2024 11:49:38 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 235 B
613 B 138ms
137ms XHR
application/json 98.83.224.108
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 98.83.224.108 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-98-83-224-108.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: bf70136f7c5b7108049cd232a09b2fcd9619da85598197ccb18dd54cca7cdf15

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.mediafire.com/

Response headers

cache-control: no-cache
pragma: no-cache
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://www.mediafire.com
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length: 235
date: Thu, 28 Nov 2024 11:49:38 GMT
content-type: application/json;charset=utf-8
x-server: 10.40.14.0
server: Jetty(9.4.38.v20210224)

GET
H2 204 increment Show response
id5-sync.com/api/esp/ 0
233 B 673ms
226ms XHR
text/plain 162.19.138.83
OVH OVH SAS

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.83 Frankfurt am Main, Germany, ASN16276 (OVH OVH SAS, FR),

Reverse DNS

ns31532338.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.mediafire.com/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.mediafire.com
date: Thu, 28 Nov 2024 11:49:38 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-credentials: true

POST
H2 200 encrypt Show response
esp.rtbhouse.com/ 221 B
486 B 405ms
236ms Fetch
application/json 35.190.39.111
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Requested by: Host: invstatic101.creativecdn.com
URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 2b2cc8d82e8740617e5eba8520613d38f1f7579ca2515958a446200d9f7bb971

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.mediafire.com/

Response headers

access-control-allow-credentials: true
access-control-allow-methods: POST
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 221
date: Thu, 28 Nov 2024 11:49:38 GMT
content-type: application/json
x-cloud-trace-context: 734e9931a3c0118deed9e51e47b29257
server: Google Frontend
access-control-allow-headers: X-Requested-With

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 47 KB
47 KB 273ms
133ms Font
font/woff2 142.250.31.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.31.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f94.1e100.net

Software

sffe /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.mediafire.com
Referer: https://fonts.googleapis.com/

Response headers

age: 232907
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Tue, 25 Nov 2025 19:07:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 25 Nov 2024 19:07:51 GMT
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 48236
x-xss-protection: 0
server: sffe

GET
H3 200 ad-tag-_fbadbookingsystem& Show response
fundingchoicesmessages.google.com/f/AGSKWxX-29FCvvDzLnB4o1sseEyhxlpMQEp3miAUllPYF7F9md7j7S024tKi-h_ZdmMYj73b5cBJyRsvrgoP-JGmpSI4NWTIa9CJG4qCRMP4Gq4k2oqVcXgLWMuyle1VTwIGKcEoPTDNPLlBUQxBFiKA-vgPd0y2Z... 54 B
109 B 155ms
153ms Script
application/javascript 142.251.167.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxX-29FCvvDzLnB4o1sseEyhxlpMQEp3miAUllPYF7F9md7j7S024tKi-h_ZdmMYj73b5cBJyRsvrgoP-JGmpSI4NWTIa9CJG4qCRMP4Gq4k2oqVcXgLWMuyle1VTwIGKcEoPTDNPLlBUQxBFiKA-vgPd0y2ZIC5pLXZQuvrrR0BZQsruyBociSxSMMn/_/splash_ads_/adsrot.-adscript./ad-tag-_fbadbookingsystem&

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.9z5kddtKfUo.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_us_states_wall_executable/ed=1/rs=AJlcJMwlEc_sVMli9kpRqcR6cJANtpBcPQ/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.138 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f138.1e100.net

Software

ESF /

Resource Hash

8976748bdbcd65b0937422c4ab87a74ff636b42d9f54217e6c6f55da1241b66c

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-X8pBn3s7MNohcKkiPb7M6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:38 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjStDikmII0JBikPj6kkkLiJ3SZ7CGAHHrzXOs04E46d951hIgNlS4xOoMxI5Fl1g9gVi15xKrORDfX3eJ9TkQzzh_mXUBEBdJXGFtAWKGr1dYOYBYiIfj0saFu9gEHky91sOspJGUXxifnJ9XUpSZVFqSX5SWnJZanFpUlloUb2RgZGJoaGipZ2AYX2AAAOksPZE"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-X8pBn3s7MNohcKkiPb7M6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 200 rum.js Show response
pagead2.googlesyndication.com/pagead/js/ 71 KB
26 KB 415ms
142ms Script
text/javascript 64.233.180.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/rum.js?fcd=true

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.9z5kddtKfUo.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_us_states_wall_executable/ed=1/rs=AJlcJMwlEc_sVMli9kpRqcR6cJANtpBcPQ/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.180.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pe-in-f154.1e100.net

Software

cafe /

Resource Hash

f0b745f08fdd0c8abd0610409973433e28c288cce88fdceeb9093808a5ee937c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

content-encoding: br
etag: 8757421547421411085
age: 592
x-content-type-options: nosniff
expires: Thu, 28 Nov 2024 12:39:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Thu, 28 Nov 2024 11:39:47 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 26318
x-xss-protection: 0
server: cafe

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxViHfqXVFEvNXrcVG_2XsQtv70vvB5QddVREWhCLawgS7sQFyRlvUfY4WjJbdVcx5uV-Jhcz75Pypxc6NnLWL90SpW9mvyH0ZDsjZQ1YfKQcX6lDrr4QOpt4uxG94CXUVkgGjOI-Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.138 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f138.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-kwheBzIzP61zkHawY8HRcA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.mediafire.com/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:38 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmJw15BicEqfwRoCxAxfr7ByALEQD8eljQt3sQk86NrQw6zkkpRfGJ-cn1eSmleim5hSrAtiF2UmlZbkF6GwU8tAKnLy09Mz89LjjQyMTAwNDS31DEzjCwwAEsgmHg"
content-security-policy: script-src 'report-sample' 'nonce-kwheBzIzP61zkHawY8HRcA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://www.mediafire.com
content-length: 0
x-xss-protection: 0
server: ESF

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxViHfqXVFEvNXrcVG_2XsQtv70vvB5QddVREWhCLawgS7sQFyRlvUfY4WjJbdVcx5uV-Jhcz75Pypxc6NnLWL90SpW9mvyH0ZDsjZQ1YfKQcX6lDrr4QOpt4uxG94CXUVkgGjOI-Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.138 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f138.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ZOTGlJI03czvXJIdc44ZTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.mediafire.com/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:38 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmJw0ZBicEqfwRoCxAxfr7ByALEQD8eljQt3sQk8mHbiGrOSS1J-YXxyfl5Jal6JbmJKsS6IXZSZVFqSX4TCTi0DqcjJT0_PzEuPNzIwMjE0NLTUMzCNLzAAADCwJok"
content-security-policy: script-src 'report-sample' 'nonce-ZOTGlJI03czvXJIdc44ZTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://www.mediafire.com
content-length: 0
x-xss-protection: 0
server: ESF

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxViHfqXVFEvNXrcVG_2XsQtv70vvB5QddVREWhCLawgS7sQFyRlvUfY4WjJbdVcx5uV-Jhcz75Pypxc6NnLWL90SpW9mvyH0ZDsjZQ1YfKQcX6lDrr4QOpt4uxG94CXUVkgGjOI-Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.138 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f138.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-L1NKiXWFed6ShUyYoI5bRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.mediafire.com/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:39 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmLw15BicEqfwRoCxAxfr7ByALEQD8fljQt3sQks2HNgDqOSS1J-YXxyfl5Jal6JbmJKsS6IXZSZVFqSX4TCTi0DqcjJT0_PzEuPNzIwMjE0NLTUMzCNLzAAABqPJjc"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-L1NKiXWFed6ShUyYoI5bRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://www.mediafire.com
content-length: 0
x-xss-protection: 0
server: ESF

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxViHfqXVFEvNXrcVG_2XsQtv70vvB5QddVREWhCLawgS7sQFyRlvUfY4WjJbdVcx5uV-Jhcz75Pypxc6NnLWL90SpW9mvyH0ZDsjZQ1YfKQcX6lDrr4QOpt4uxG94CXUVkgGjOI-Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.138 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f138.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-mgzIl7khPnDnx_-3V1puNQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.mediafire.com/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:39 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmLw0JBicEqfwRoCxAxfr7ByALEQD8fljQt3sQnMmPJ8LqOSS1J-YXxyfl5Jal6JbmJKsS6IXZSZVFqSX4TCTi0DqcjJT0_PzEuPNzIwMjE0NLTUMzCNLzAAABU2Jig"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-mgzIl7khPnDnx_-3V1puNQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://www.mediafire.com
content-length: 0
x-xss-protection: 0
server: ESF

GET
H3 200 AGSKWxXUAievXd7V8srfHis_tzywzfiHfMCBwyDuft051Zjc5Ik8gA3d8Dwm95PWKyK9xuVoif_qxdWcGQ68UHimQx2FMCF7i5bbkzHAE1dvfS1oJpMtr-L4F4ErvLh4fCWfTk8qMkSzKw== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 174ms
173ms Script
application/javascript 142.251.167.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXUAievXd7V8srfHis_tzywzfiHfMCBwyDuft051Zjc5Ik8gA3d8Dwm95PWKyK9xuVoif_qxdWcGQ68UHimQx2FMCF7i5bbkzHAE1dvfS1oJpMtr-L4F4ErvLh4fCWfTk8qMkSzKw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMyNzk0NTc5LDI0NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsMTEsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vd3d3Lm1lZGlhZmlyZS5jb20vZmlsZS9nY2ZuajVwdW05ZGZqNnMvZGFfaG9vZC5jZmcvZmlsZSIsbnVsbCxbWzgsIjl6NWtkZHRLZlVvIl0sWzksImVuLVVTIl0sWzIwLCJbbnVsbCxudWxsLFszMTA4ODI0OF0sbnVsbCw0XSJdLFsxOSwiMiJdLFsxMywiW1wiREJBQkx-QlZRcUFBQUFBZ1wiLFtbNyxbMTczMjc5NDU3Nyw2ODE5NTkwMDBdXV1dIl1dXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.138 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f138.1e100.net

Software

ESF /

Resource Hash

bbf4791b844957205583167e7350cb730a020c8c65c43378c7a6e324d7735cce

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-rAuTx6CJhZKUUsLzFrUDiA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:39 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmJw0pBiOHHrNtMFIJb4-pJJC4id0mewhgBx681zrNOBOOnfedYSIDZUuMTqDMSORZdYPYFYtecSqzkQ3193ifU5EM84f5l1ARAXSVxhbQFihq9XWDmAWIiH4_LGhbvYBBb8fL6EUUkjKb8wPjk_r6QoM6m0JL8oLTkttTi1qCy1KN7IwMjE0NDQUs_AML7AAADprULd"
content-security-policy: script-src 'report-sample' 'nonce-rAuTx6CJhZKUUsLzFrUDiA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

POST
H3 204 AGSKWxUOEE4_RZNHYWBITmVSPfWENXNersW3Q5Ju4tknzi_54ML3OwK_7sCWGa52Rse65XXAP57nktqkHh9uCcSkCE46ht48y_hAsgPaxlWz8hrJ2lIQtvOEeuqrf52MP2WU_u1bzBOQwA== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 153ms
151ms XHR
text/html 142.251.167.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUOEE4_RZNHYWBITmVSPfWENXNersW3Q5Ju4tknzi_54ML3OwK_7sCWGa52Rse65XXAP57nktqkHh9uCcSkCE46ht48y_hAsgPaxlWz8hrJ2lIQtvOEeuqrf52MP2WU_u1bzBOQwA==?dmid=1a7aac38284b88d2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.138 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f138.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-vYD3krLs8GOs2r_E_dS-Nw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.mediafire.com/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:39 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmLw0JBicEqfwRoCxAxfr7ByALEQD8fljQt3sQksuDThPaOSS1J-YXxyfl5Jal6JbmJKsS6IXZSZVFqSX4TCTi0DqcjJT0_PzEuPNzIwMjE0NLTUMzCNLzAAACe7Jmk"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-vYD3krLs8GOs2r_E_dS-Nw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://www.mediafire.com
content-length: 0
x-xss-protection: 0
server: ESF

GET
H3 200 AGSKWxWkoQs5ux-LziTrsfOUSMwRIgGGsCSvspbWJFWODZen51EdINbSTbIwuzIgQqL_-FoInnFaZrpLM_ECyciZorqha9uciWmv1NwuEXH6muur_G7sdONj6tPYt9EKUiw2Du43kQAh9A== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 167ms
167ms Script
application/javascript 142.251.167.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWkoQs5ux-LziTrsfOUSMwRIgGGsCSvspbWJFWODZen51EdINbSTbIwuzIgQqL_-FoInnFaZrpLM_ECyciZorqha9uciWmv1NwuEXH6muur_G7sdONj6tPYt9EKUiw2Du43kQAh9A==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMyNzk0NTc5LDQyMzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsMTEsNiw5XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlL2djZm5qNXB1bTlkZmo2cy9kYV9ob29kLmNmZy9maWxlIixudWxsLFtbOCwiOXo1a2RkdEtmVW8iXSxbOSwiZW4tVVMiXSxbMjAsIltudWxsLG51bGwsWzMxMDg4MjQ4XSxudWxsLDRdIl0sWzE5LCIyIl0sWzEzLCJbXCJEQkFCTH5CVlFxQUFBQUFnXCIsW1s3LFsxNzMyNzk0NTc3LDY4MTk1OTAwMF1dXV0iXV1d

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.138 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f138.1e100.net

Software

ESF /

Resource Hash

f7f151073a74485ac5fb1b3eabeee787eebdae283a1f7c1718cc1ebc46190181

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-J0hKUUgIvpwQl3YzOwmScA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:39 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjStDikmJw05BikPj6kkkLiJ3SZ7CGAHHrzXOs04E46d951hIgNlS4xOoMxI5Fl1g9gVi15xKrORDfX3eJ9TkQzzh_mXUBEBdJXGFtAWKGr1dYOYBYiIfj8saFu9gEHnxf9Z1RSSMpvzA-OT-vpCgzqbQkvygtOS21OLWoLLUo3sjAyMTQ0NBSz8AwvsAAAP-HPic"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-J0hKUUgIvpwQl3YzOwmScA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H2 200 syncframe
gum.criteo.com/ Frame FF08 0
0 401ms
139ms Document
text/html 2620:100:a00b::12
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=0&gdpr_consent=&gpp=DBABL~BVQqAAAAAg&gpp_sid=7

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a00b::12 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 28 Nov 2024 11:49:39 GMT
server: Kestrel
server-processing-duration-in-ticks: 463809
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
x-robots-tag: noindex

POST
H3 204 AGSKWxVBOmRuN5HkP9iE1zr_AYutI-MbhNgA0AWOXPQ3vN2ILYa27zcR9L-rS97s1Cmx6GpDhVu2N1FUQyELob5NPG5w8lffCgPZKo5dKxG8_ERI2RT_P5ZKxFnFa8kplISek28wqQq15A== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 153ms
151ms XHR
text/html 142.251.167.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVBOmRuN5HkP9iE1zr_AYutI-MbhNgA0AWOXPQ3vN2ILYa27zcR9L-rS97s1Cmx6GpDhVu2N1FUQyELob5NPG5w8lffCgPZKo5dKxG8_ERI2RT_P5ZKxFnFa8kplISek28wqQq15A==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.138 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f138.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-4SbWXkBd5OZ-MQpShNPT3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.mediafire.com/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:39 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmII1JBicEqfwRoCxAxfr7ByALEQD8fljQt3sQk0LJ90mEnJJSm_MD45P68kNa9ENzGlWBfELspMKi3JL0Jhp5aBVOTkp6dn5qXHGxkYmRgaGlrqGZjGFxgAAAoOJf4"
content-security-policy: script-src 'report-sample' 'nonce-4SbWXkBd5OZ-MQpShNPT3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://www.mediafire.com
content-length: 0
x-xss-protection: 0
server: ESF

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxViHfqXVFEvNXrcVG_2XsQtv70vvB5QddVREWhCLawgS7sQFyRlvUfY4WjJbdVcx5uV-Jhcz75Pypxc6NnLWL90SpW9mvyH0ZDsjZQ1YfKQcX6lDrr4QOpt4uxG94CXUVkgGjOI-Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.138 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f138.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-sit_JWLO3sTKdD1HhOlFmQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.mediafire.com/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:39 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmLw0pBicEqfwRoCxAxfr7ByALEQD8fljQt3sQl86LxxiEnJJSm_MD45P68kNa9ENzGlWBfELspMKi3JL0Jhp5aBVOTkp6dn5qXHGxkYmRgaGlrqGZjGFxgAADMIJo4"
content-security-policy: script-src 'report-sample' 'nonce-sit_JWLO3sTKdD1HhOlFmQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://www.mediafire.com
content-length: 0
x-xss-protection: 0
server: ESF

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxViHfqXVFEvNXrcVG_2XsQtv70vvB5QddVREWhCLawgS7sQFyRlvUfY4WjJbdVcx5uV-Jhcz75Pypxc6NnLWL90SpW9mvyH0ZDsjZQ1YfKQcX6lDrr4QOpt4uxG94CXUVkgGjOI-Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.138 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f138.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-dSQ7XJc5oD2LPKQ4-VZBSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.mediafire.com/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:39 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmLw0ZBicEqfwRoCxAxfr7ByALEQD8fljQt3sQksuNR9hEnJJSm_MD45P68kNa9ENzGlWBfELspMKi3JL0Jhp5aBVOTkp6dn5qXHGxkYmRgaGlrqGZjGFxgAABwdJj4"
content-security-policy: script-src 'report-sample' 'nonce-dSQ7XJc5oD2LPKQ4-VZBSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://www.mediafire.com
content-length: 0
x-xss-protection: 0
server: ESF

GET
H3 200 sodar Show response
ep1.adtrafficquality.google/getconfig/ 17 KB
13 KB 289ms
151ms XHR
application/json 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202411180101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

dd79e3657a13bd1ffce027716c665dfd9ff68b257c2500110b9da275e870dff8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 13353
date: Thu, 28 Nov 2024 11:49:40 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

POST
H3 204 rum Show response
www.mediafire.com/cdn-cgi/ 0
142 B 91ms
89ms XHR
text/plain 104.17.151.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.151.117 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type: application/json
Referer: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: POST,OPTIONS
x-content-type-options: nosniff
cf-ray: 8e9a22cd1c3efad2-SJC
access-control-allow-origin: https://www.mediafire.com
date: Thu, 28 Nov 2024 11:49:40 GMT
vary: Origin
server: cloudflare
x-frame-options: DENY

GET
H3 200 favicon.ico
www.mediafire.com/ 11 KB
2 KB 114ms
113ms Other
image/x-icon 104.17.151.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mediafire.com/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.151.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"62deda56-2a46"
age: 255848
access-control-allow-methods: OPTIONS, POST, GET
expires: Wed, 25 Dec 2024 10:17:12 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Thu, 28 Nov 2024 11:49:40 GMT
content-type: image/x-icon
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
vary: Accept-Encoding
priority: u=1,i
cache-control: max-age=2592000
cf-ray: 8e9a22cd1c45fad2-SJC
x-mf-fe: mf1
access-control-allow-origin: *
server: cloudflare

GET
H2 200 sodar2.js Show response
ep2.adtrafficquality.google/sodar/ 18 KB
7 KB 402ms
134ms Script
text/javascript 2607:f8b0:4004:c1d::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

content-encoding: gzip
etag: "1727224258380615"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Thu, 28 Nov 2024 11:49:40 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:40 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 6445
x-xss-protection: 0
server: sffe

GET runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame 52A5 0
0

GET aframe
www.google.com/recaptcha/api2/ Frame D0F7 0
0

POST
H2 204 csi
csi.gstatic.com/ 0
532 B 500ms
98ms Ping
image/gif 2001:4860:4802:32::3

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~m4195icp&ctx=0&met.9=1.14h~2.1lm&met.3=112.3mp_1
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/rum.js?fcd=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::3 -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgcc:41:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgcc:41:0
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:41 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
server: Golfe2

POST
H2 204 collect
analytics.google.com/g/ 0
0 143ms
142ms Fetch
text/plain 2607:f8b0:4004:c1d::8b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je4bk0v887485693za200zb6304663&_p=1732794575388&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=962857558.1732794576&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1732794576&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fgcfnj5pum9dfj6s%2Fda_hood.cfg%2Ffile&dt=da%20hood&en=scroll&epn.percent_scrolled=90&_et=60&tfd=7054
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c&gtm=45He4bk0v6304663za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c1d::8b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.mediafire.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 11:49:41 GMT
content-type: text/plain
server: Golfe2

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/c/4545/cc_af.js

Domain: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html

Domain: www.google.com
URL: https://www.google.com/recaptcha/api2/aframe

Verdicts & Comments Add Verdict or Comment

242 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

47 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg	1969-12-31 23:59:59	Name: g36FastPopSessionRequestNumber Value: 1
.mediafire.com/	1970-01-21 10:55:54	Name: ukey Value: q92igkqbbigtq2d712uyunprh7d157wk
.mediafire.com/	1970-01-21 02:03:06	Name: conv_tracking_data-2 Value: %7B%22mf_source%22%3A%22regular_download-61%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22linux%5C%2FChrome%22%2C%22mf_campaign%22%3A%22gcfnj5pum9dfj6s%22%2C%22mf_term%22%3A%22a480e2f73ba105dea8661569f3afd853%22%7D
.mediafire.com/	1970-01-21 01:19:56	Name: __cf_bm Value: cQkqffZwTx9rkel7VutGkKMkVDQpZ6XgNoz2cg7Hg3U-1732794575-1.0.1.1-FoR9qhI5.qjF0qqsL1ooETXzOmMaZyHly7QMedFj1wkhg..MMHCaPPgRfvC_6Zttikzl0y04AxNjKTNvCHIAnA
.mediafire.com/	1970-01-21 10:05:30	Name: amp_28916b Value: N4bol2QjRaUWv8ZnsOnQfY...1idp9lr30.1idp9lr32.0.1.1
.mediafire.com/	1970-01-21 10:05:30	Name: cf_clearance Value: XTdFMhAic2AXeQ2K8b0V1Tm65Cirvv1zU.8RPdtHa5E-1732794576-1.2.1.1-5T4K5IFkS8BACvIdCvTJu8jh7ISPF3QfNaUxjtT6oVnGpOrYiNh5A.8nDHD9l0BChXZQaDzyX.LXfw0rmEPQv1Rk08Zgg5k1KBd46I2ZMWTaVdb.AN688b3ZJDoezuMGywJ72dXrKcPwlXf8QqDS9sx4EXx3SkmHx8lTiHIa_39XUP4N_Y0BS5MH_TTpH6wtj3iCkXlb.bssrACt4jPJwda38RqcGgO.1IjPayEtd37uMx2QsXcPQrTw87eUrrMpU8nY6O_oIdyncuPbDAPFr7T6KikOIfNU4Fs1JYziSJLecv4j6SbfMz16v.jJegRKy4f_1OpELSisHGZ4u9wJYxtqEf3_4s1yj2S2C99z4AqVGdvv6uova4pP2MunmBXj
otnolatrnup.com/	1969-12-31 23:59:59	Name: IKSR Value: {}
otnolatrnup.com/	1969-12-31 23:59:59	Name: INF_DFL8 Value: false
otnolatrnup.com/	1970-01-21 10:55:54	Name: IUID Value: caac429a-82f8-4154-a2b8-1390bf96b21f
otnolatrnup.com/	1969-12-31 23:59:59	Name: ISSH Value: 77A505
otnolatrnup.com/	1969-12-31 23:59:59	Name: VMI Value:
otnolatrnup.com/	1970-01-21 10:55:54	Name: CHN Value: #[]
otnolatrnup.com/	1970-01-21 10:55:54	Name: MSSH Value: #{}
otnolatrnup.com/	1970-01-21 10:55:54	Name: MSRH Value: #{}
otnolatrnup.com/	1970-01-21 10:55:54	Name: ILP Value: {"Profile":{"Audiences":{"Audience":[],"ThirdPartyAudience":[]}},"CreatedDate":"2024-11-28T11:49:36.3679388Z"}
otnolatrnup.com/	1970-01-21 10:55:54	Name: ILPLU Value: #11/28/2024 11:49:36 AM
otnolatrnup.com/	1970-01-21 10:55:54	Name: ILEALC Value: #11/28/2024 11:49:36 AM
otnolatrnup.com/	1970-01-21 01:20:08	Name: ILMPF Value: #True
otnolatrnup.com/	1970-01-21 10:55:54	Name: IPMPLU Value: #1/1/0001 12:00:00 AM
otnolatrnup.com/	1970-01-21 10:55:54	Name: IPMUID Value: #
otnolatrnup.com/	1970-01-21 10:55:54	Name: BSWUID Value: #
otnolatrnup.com/	1970-01-21 10:55:54	Name: IBL Value: #[]
otnolatrnup.com/	1970-01-21 10:55:54	Name: IOPT Value: #[]
otnolatrnup.com/	1970-01-21 10:55:54	Name: ISH Value: #{"101":[{"SId":"77A505","D":"24/11/28T3:49:36"}]}
otnolatrnup.com/	1970-01-21 10:55:54	Name: ISH_Q Value: #[101]
.mediafire.com/	1970-01-21 10:55:54	Name: _ga_K68XP6D85D Value: GS1.1.1732794576.1.0.1732794576.60.0.0
.mediafire.com/	1970-01-21 10:55:54	Name: _ga Value: GA1.2.962857558.1732794576
.mediafire.com/	1970-01-21 01:21:20	Name: _gid Value: GA1.2.590147266.1732794577
.mediafire.com/	1970-01-21 01:19:54	Name: _gat_gtag_UA_829541_1 Value: 1
.crwdcntrl.net/	1970-01-21 07:48:40	Name: _cc_dc Value: 0
.crwdcntrl.net/	1970-01-21 07:48:40	Name: _cc_id Value: d96a8b83d87bfa60beb70544076ce6f1
.crwdcntrl.net/	1970-01-21 07:48:42	Name: _cc_cc Value: "ACZ4nGNQSLE0S7RIsjBOsTBPSks0M0hKTTI3MDUxMTA3S041SzNkAIJ0j4gLDAgAAGCrCvI%3D"
.crwdcntrl.net/	1970-01-21 07:48:42	Name: _cc_aud Value: "ABR4nGNgYGBI94i4wAAHABZsAdg%3D"
.doubleclick.net/	1970-01-21 10:55:54	Name: IDE Value: AHWqTUn80giLA1S7O0lmIawZKldUzn2Ld7_KNOh0e_wnHxCOGDlWJ_KEShaieQdh5Xo
.mediafire.com/	1970-01-21 10:41:30	Name: __gads Value: ID=00684685185a8da2:T=1732794578:RT=1732794578:S=ALNI_MZ1wcX9vZSGHc62EngT14jOI3vchQ
.mediafire.com/	1970-01-21 10:41:30	Name: __gpi Value: UID=00000fa1a461638e:T=1732794578:RT=1732794578:S=ALNI_MYGCW4i2sLokc2qWr7cENf5mRWKWg
.mediafire.com/	1970-01-21 05:39:06	Name: __eoi Value: ID=59faced651628ed3:T=1732794578:RT=1732794578:S=AA-AfjaQnUEhfRfxg8KvEkrfPsAu
.mediafire.com/	1970-01-21 01:19:54	Name: lotame_domain_check Value: mediafire.com
.mediafire.com/	1970-01-21 07:48:42	Name: _cc_id Value: d96a8b83d87bfa60beb70544076ce6f1
.mediafire.com/	1970-01-21 01:21:20	Name: panoramaId_expiry Value: 1732880978220
.mediafire.com/	1970-01-21 01:21:20	Name: panoramaId Value: 5ce97f694e6669e57a7ad1e56792a9fb927a3c5df53f92083f5de516caa42c54
.mediafire.com/	1970-01-21 01:21:20	Name: panoramaIdType Value: panoDevice
.mediafire.com/	1970-01-21 10:41:30	Name: FCCDCF Value: %5Bnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2C%5B%5B13%2C%22%5B%5C%22DBABL~BVQqAAAAAg%5C%22%2C%5B%5B7%2C%5B1732794577%2C681959000%5D%5D%5D%5D%22%5D%5D%5D
.mediafire.com/	1970-01-21 10:05:30	Name: FCNEC Value: %5B%5B%22AKsRol-W8YSV51HLugmOY-RilxEVaTXPWt14XNIWkf8O-pmyuSDJRpj5uG74jv5JDuvyTLMP7w1mIJXWeDDzj50oCTrpnKXKglGeXI_BSJ5vNV8urLQFNdnw4yTx6Xkd0b-VHoCXNu89OsPaNg16K6wlLvOYcXlPmw%3D%3D%22%5D%5D
.criteo.com/	1970-01-21 10:41:30	Name: uid Value: 43a8e75e-68c8-415b-bb0f-cd68d69fb9aa
.criteo.com/	1970-01-21 10:41:30	Name: receive-cookie-deprecation Value: 1
.mediafire.com/	1970-01-21 10:41:30	Name: cto_bundle Value: xSFv019qcklIdkFNTEtpTSUyQkZoUW9JSnhCcXRLcWIxNjhueGhSeEQzVkI5Rkt0dzc1RWlkYXdlVlA1OEV4a0lmJTJGJTJGUGRVTyUyQjRPbjluN1c0N1pIdiUyRmJqaEdUdmh1TTNmZzJ4dm9leXFPNTIlMkYzeTB4M1NzNDlHMkNlJTJGdENmSSUyQlJaRjRJNWh6MUN5RDZGTUklMkJzYUR5YUFqMnFqeDZ4VWl6cjFQT2NtS2h6V0hFUHYlMkJRayUzRA

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://www.mediafire.com/file/gcfnj5pum9dfj6s/da_hood.cfg/file(Line 1191) Message: document.domain mutation is ignored because the surrounding agent cluster is origin-keyed.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8a0192c7d6dd2282cb8d7c787c74a932.safeframe.googlesyndication.com
ad.crwdcntrl.net
analytics.google.com
api.amplitude.com
bcp.crwdcntrl.net
cdn.amplitude.com
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.otnolatrnup.com
cdn.prod.uidapi.com
csi.gstatic.com
ep1.adtrafficquality.google
ep2.adtrafficquality.google
esp.rtbhouse.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
gum.criteo.com
id5-sync.com
invstatic101.creativecdn.com
lh3.googleusercontent.com
oa.openxcdn.net
otnolatrnup.com
pagead2.googlesyndication.com
privacy.gatekeeperconsent.com
sandbox.mediafire.com
securepubads.g.doubleclick.net
static.cloudflareinsights.com
static.criteo.net
static.mediafire.com
stats.g.doubleclick.net
tags.crwdcntrl.net
td.doubleclick.net
the.gatekeeperconsent.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.mediafire.com
ep2.adtrafficquality.google
tags.crwdcntrl.net
www.google.com
100.20.160.207
104.17.151.117
104.18.159.164
108.138.128.46
108.139.29.40
142.250.31.94
142.251.167.138
142.251.179.154
142.251.179.156
162.19.138.83
172.253.122.156
172.67.199.186
2001:4860:4802:32::3
2600:9000:2511:e200:a:e047:754:f4a1
2606:4700:10::6816:3556
2606:4700::6810:5049
2607:f8b0:4004:c08::9a
2607:f8b0:4004:c09::64
2607:f8b0:4004:c0b::84
2607:f8b0:4004:c19::84
2607:f8b0:4004:c1d::84
2607:f8b0:4004:c1d::8a
2607:f8b0:4004:c1d::8b
2607:f8b0:4006:816::2002
2607:f8b0:4006:816::2008
2607:f8b0:4006:824::200a
2620:100:a00b::12
2620:100:a00b::4
2a04:4e42:200::485
34.102.146.192
34.96.70.87
35.190.39.111
64.233.180.154
98.83.224.108
1635d2075d3343c86490d2229c1fb868ad59d92958ef65e04cb65767c703e9f6
1764e898369c24be8d7d1cbcb82079c27f3898fbc1883f388a5c1008dd30c9e8
182bf11a786ed9f3b8590415e512883a3a30966e9edff7f1405c7d59dc815ef0
1a0ec73a3ca7f354865d6b95401c50627fdf5a9b0da763a6f75fa818fd775b55
1c4e891f7fe0be30563a5e55ca7c581ed74bce9ef81c8defc5a26f57ff808810
1fdd0b259b84f4ec7478d7fadabf0514dc8952ae2cf24dfa9520cd6475b91a7d
2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4
2b2cc8d82e8740617e5eba8520613d38f1f7579ca2515958a446200d9f7bb971
2e35c37f1f90a38d6e2975108d3ea71e43c00e40f8662114b3ff6373e2bdd04d
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
30b32e97f2e3e06deb742bf2e19daeb4f4657a956e836c2a25a7df2bc72f7500
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3d41b5eccb6d46de2253c6c225a6aef2009f266fc4180385b9d1ad17c19e7329
41fd5a9efea51b6c6345afd1c34a99c4ad7f2f0407171bdf4de08e10a050355f
42d1e8088be4e5282949673dd43d093c4e14062d65489f5a8d2fb6eb9537ce65
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
5833cf584120257e4624950a017a1d944e052313ca7e6328cb5d7bc8ccb10ed3
59855ab21479dde905cf48ff3e82c9c15fcf97c96f99276952e263ede1f58916
5a40187872c582306ee70b3c504497afd2b57d0398269da5ff6950c948a867df
5c87b4d461ad3f07db4fe4e317eea70c3d39794c3bf02bb0b4d7df647b319466
65798d048bc41c72b0af98de541b4953ef67ead2093ee0758bd81adb00c6366a
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
746ff3a7d4fdc2fb88363b4a2d5487e6a4f8ae7f399659607478d79f21b12b82
79399054b44cdca9b15b0bc784b6acb4be9e94e60fcc8b0e68ee70f642253f08
839e11d5ea35fe60fd65d0da091762640d7b98144b58f553a8742d863bc60795
84ade454f5a9f2787b54f4628f54226c85bf99d58861ef0984dd4007395a5407
8976748bdbcd65b0937422c4ab87a74ff636b42d9f54217e6c6f55da1241b66c
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
acbb9bf775bcb9338c2e3c95c8d3d63b2eaad792784ab2f4b661d6b3f6c3dd61
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b95fe6fcb4925330bf629fda90a1362a336b4a8b87bf9573d87927d78c186062
bbf4791b844957205583167e7350cb730a020c8c65c43378c7a6e324d7735cce
bf70136f7c5b7108049cd232a09b2fcd9619da85598197ccb18dd54cca7cdf15
c0a6d7113f3e15429e075e3da748b8ae797e2f0213d09e6cc89eed42e81b860f
c97b1dd9897484d1cf4f75d0eaec154e55bde40725c13c76ea6192a876965e19
cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f
d758d12bc08403a4fda7127055e0aa87e63a39750fcfe0e1b74ad57dafbbc804
d8f19fd251e636aea5aa525de739d0cf1fb8350741ac6955843b29ba773bee33
da1244fa877854255c15561559a0cd7ead0f1d935ef4302ff9a763c220d9f58c
dd79e3657a13bd1ffce027716c665dfd9ff68b257c2500110b9da275e870dff8
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea0d216099b7a761ec78195f2c42877e4aaec4f7d76df2866d609dc8b214e85d
ebb0bfac217c130a869132ced47ade5353df6b94b5d22b60e5b184133ced2853
f0b745f08fdd0c8abd0610409973433e28c288cce88fdceeb9093808a5ee937c
f7f151073a74485ac5fb1b3eabeee787eebdae283a1f7c1718cc1ebc46190181
f917a9105c311331b1d40f4d2bdbf11233c1c465616c1a9c46232f451463b061
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

www.mediafire.com Open in urlscan Pro 104.17.151.117 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

74 Requests

93 %HTTPS

50 %IPv6

23 Domains

38 Subdomains

35 IPs

3 Countries

967 kBTransfer

2918 kBSize

47 Cookies

5 Outgoing links

Redirected requests

74 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.mediafire.com Open in urlscan Pro
104.17.151.117 Public Scan

Screenshot
Live screenshot

Full Image

74
Requests

93 %
HTTPS

50 %
IPv6

23
Domains

38
Subdomains

35
IPs

3
Countries

967 kB
Transfer

2918 kB
Size

47
Cookies

74 HTTP transactions
0 data transactions