starfiles.co Open in urlscan Pro
2606:4700:20::681a:90d Public Scan

Go To Rescan
Add Verdict Report

URL:
https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa
Submission: On January 09 via api (January 9th 2025, 9:16:37 am UTC) from US — Scanned from US

Summary HTTP 87 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 24 IPs in 1 countries across 16 domains to perform 87 HTTP transactions. The main IP is 2606:4700:20::681a:90d, located in United States and belongs to CLOUDFLARENET, US. The main domain is starfiles.co.
TLS certificate: Issued by E6 on December 26th 2024. Valid for: 3 months.

This is the only time starfiles.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 9	2606:4700:20:... 2606:4700:20::681a:90d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a04:4e42:200... 2a04:4e42:200::485	54113 (FASTLY) (FASTLY)
14	2606:4700:20:... 2606:4700:20::681a:80d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2607:f8b0:400... 2607:f8b0:4006:824::2002	15169 (GOOGLE) (GOOGLE)
14	2607:f8b0:400... 2607:f8b0:4006:81e::200e	15169 (GOOGLE) (GOOGLE)
1	192.243.59.20 192.243.59.20	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS DataWeb Global Group B.V.)
1	108.138.106.53 108.138.106.53	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:7f76	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.77.220.25 104.77.220.25	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6810:5049	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:820::2008	15169 (GOOGLE) (GOOGLE)
6	2607:f8b0:400... 2607:f8b0:4006:80d::2002	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:80d::200a	15169 (GOOGLE) (GOOGLE)
6	192.243.59.13 192.243.59.13	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS DataWeb Global Group B.V.)
1	2607:f8b0:400... 2607:f8b0:4006:81c::200e	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c19::9d	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:821::2002	15169 (GOOGLE) (GOOGLE)
2	23.199.48.23 23.199.48.23	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2607:f8b0:400... 2607:f8b0:4006:81f::2003	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80e::2002	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:4f49	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4006:821::2001	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:821::2004	15169 (GOOGLE) (GOOGLE)
87	24

9 2606:4700:20::681a:90d (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

starfiles.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:4700:20::681a:80d (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.starfiles.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2607:f8b0:4006:824::2002 (United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2607:f8b0:4006:81e::200e (United States)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.243.59.20 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL)

pl22439263.profitablegatecpm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.106.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-106-53.jfk50.r.cloudfront.net

cdn.trustpilot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7f76 (United States)

ASN13335 (CLOUDFLARENET, US)

api.producthunt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.77.220.25 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-77-220-25.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5049 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:820::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:80d::2002 (United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:80d::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 192.243.59.13 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL)

www.topcreativeformat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81c::200e (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c19::9d (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:821::2002 (United States)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.199.48.23 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-199-48-23.deploy.static.akamaitechnologies.com

lg3.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81f::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80e::2002 (United States)

ASN15169 (GOOGLE, US)

ep1.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:4f49 (United States)

ASN13335 (CLOUDFLARENET, US)

cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:821::2001 (United States)

ASN15169 (GOOGLE, US)

ep2.adtrafficquality.google	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:821::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	starfiles.co 2 redirects starfiles.co cdn.starfiles.co api2.starfiles.co Failed api.starfiles.co Failed	95 KB
16	google.com fundingchoicesmessages.google.com — Cisco Umbrella Rank: 695 analytics.google.com — Cisco Umbrella Rank: 142 www.google.com — Cisco Umbrella Rank: 3	88 KB
8	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 stats.g.doubleclick.net — Cisco Umbrella Rank: 135 td.doubleclick.net — Cisco Umbrella Rank: 182	551 B
7	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110	282 KB
6	topcreativeformat.com www.topcreativeformat.com — Cisco Umbrella Rank: 114438
5	media.net contextual.media.net — Cisco Umbrella Rank: 724 lg3.media.net — Cisco Umbrella Rank: 8016	38 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	3 KB
3	adtrafficquality.google ep1.adtrafficquality.google — Cisco Umbrella Rank: 389 ep2.adtrafficquality.google — Cisco Umbrella Rank: 403	19 KB
3	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 617 cloudflareinsights.com — Cisco Umbrella Rank: 591	7 KB
3	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 318	7 KB
1	gstatic.com fonts.gstatic.com	16 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	134 KB
1	producthunt.com api.producthunt.com — Cisco Umbrella Rank: 46698	1 KB
1	trustpilot.net cdn.trustpilot.net — Cisco Umbrella Rank: 59416	1 KB
1	profitablegatecpm.com pl22439263.profitablegatecpm.com
0	hydrafiles.com Failed hydrafiles.com Failed
87	16

	Domain	Requested by
14	fundingchoicesmessages.google.com	starfiles.co pagead2.googlesyndication.com
14	cdn.starfiles.co	starfiles.co
9	starfiles.co	2 redirects starfiles.co
7	pagead2.googlesyndication.com	starfiles.co pagead2.googlesyndication.com
6	www.topcreativeformat.com	starfiles.co
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com
4	fonts.googleapis.com	pagead2.googlesyndication.com
3	contextual.media.net	starfiles.co contextual.media.net
3	cdn.jsdelivr.net	starfiles.co
2	ep2.adtrafficquality.google	pagead2.googlesyndication.com ep2.adtrafficquality.google
2	cloudflareinsights.com	static.cloudflareinsights.com
2	lg3.media.net
1	www.google.com	ep2.adtrafficquality.google
1	ep1.adtrafficquality.google	pagead2.googlesyndication.com
1	fonts.gstatic.com	fonts.googleapis.com
1	td.doubleclick.net	www.googletagmanager.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	www.googletagmanager.com
1	www.googletagmanager.com	starfiles.co
1	static.cloudflareinsights.com	starfiles.co
1	api.producthunt.com	starfiles.co
1	cdn.trustpilot.net	starfiles.co
1	pl22439263.profitablegatecpm.com	starfiles.co
0	hydrafiles.com Failed	starfiles.co
0	api.starfiles.co Failed	starfiles.co
0	api2.starfiles.co Failed	starfiles.co
87	26

This site contains links to these domains. Also see Links.

Domain
search.starfiles.co
starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion
starfiles.i2p
docs.google.com
www.facebook.com
twitter.com
www.snapchat.com
www.reddit.com
t.me
discord.com
api.starfiles.co
signtunes.com
download.starfiles.co
trustpilot.com
producthunt.com
discord.gg
reddit.com
facebook.com
patreon.com
status.starfiles.co
www.flekstore.com

Subject Issuer	Validity	Valid
starfiles.co E6	`2024-12-26` - `2025-03-26`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
*.google.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
profitablegatecpm.com R11	`2024-12-03` - `2025-03-03`	3 months	crt.sh
*.trustpilot.net Amazon RSA 2048 M03	`2024-12-03` - `2026-01-01`	a year	crt.sh
producthunt.com WE1	`2024-11-24` - `2025-02-22`	3 months	crt.sh
*.media.net DigiCert TLS RSA SHA256 2020 CA1	`2024-10-23` - `2025-10-22`	a year	crt.sh
cloudflareinsights.com WE1	`2024-12-30` - `2025-03-30`	3 months	crt.sh
*.google-analytics.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
upload.video.google.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
topcreativeformat.com R10	`2024-11-16` - `2025-02-14`	3 months	crt.sh
*.doubleclick.net WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
*.gstatic.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
adtrafficquality.google WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh

This page contains 13 frames:

Primary Page: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa
Frame ID: 62414BA295AD42709276B92D86A035C5
Requests: 71 HTTP requests in this frame

Frame: https://starfiles.co/cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/main.js
Frame ID: 2C803CC4F4ED7CB0266CB3F582D6AECA
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20250107/r20190131/zrt_lookup_fy2021.html
Frame ID: 2D2910913AE7CAE270C7F35141BE6834
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7198310321194757&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1736414192&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=404x675_l%7C500x675_r&format=0x0&url=https%3A%2F%2Fstarfiles.co%2Ffile%2FVScTtAUmep9u%2Fspotify-red-ipa&pra=5&wgl=1&aihb=0&aiof=3&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~3~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33~38&aifxl=29_18~30_19&aiixl=29_5~30_6&aiict=1&aiapm=0.3221&aiapmi=0.33938&aiombap=1&aief=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1736414192682&bpp=4&bdt=293&idt=152&shv=r20250107&mjsv=m202501070101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=8612836680578&frm=20&pv=2&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31088581%2C31089442%2C95349405%2C31089587%2C31088249%2C95340252%2C95340254&oid=2&pvsid=2641037058475312&tmod=405128656&uas=0&nvt=1&fsapi=1&fc=1920&brdim=100%2C100%2C100%2C100%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=179
Frame ID: A964041D4E4A45494467944CC0D60DFA
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-5NQRXX08WX&gacid=1018854818.1736414194&gtm=45je5170v881073661za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&z=1675841521
Frame ID: EDBA410402406E9F6CAA73FF68CAE812
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/sr/1017354394/SAFEFRAME.html?ule=403&&kkdd=Au%7C3%7C*An9H&UZ=4MPor4r4K_o_44s2__r&pT0g=s&Lv0q=s&1vt0=s&zTU=4r2M&EvzN=cMPK&zZT=bAG(JF!bW&z0zT=8~ZcQurPfSMxub22IM_kIS%3D%3D&zgZT=Pb2_22KPs&vZON=M_bdKs&zz=GV&vz=IS&tEE0v=4&gN~mgf=tEE0v%3A%2F%2FvEqgCZfNvaz7%2FCZfN%2F-VzBESGLN0Km%2Fv07EZCk*gNT*Z0q&hvN=2&mpT=r&Z1=4oss&LzC=os_M_&0pZT=044KbbMsPrrrE_s_2s4sKsK4o&0pZTv=4&tELfvgz=4&sflct=4662095&ure=1
Frame ID: AB781135503CA1F55DD59456A99EFD7B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20250107/r20190131/zrt_lookup_fy2021.html
Frame ID: 13B209F2E3FC6491EDC2B84EB8E2D543
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20250107/r20190131/zrt_lookup_fy2021.html
Frame ID: B2536F5A66022859D341897CACF57508
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20250107/r20190131/zrt_lookup_fy2021.html
Frame ID: 4904B36F6439B0ECEBEE6BE16F4B96AF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20250107/r20190131/zrt_lookup_fy2021.html
Frame ID: 06E99EDD6F21DD166A592472324A990D
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/sr/1017354394/SAFEFRAME.html?ule=403&&kkdd=*H%7CH%7CA9n*&Tn=z9uKXzXzE*u*kKEkX*9&8qO(=Z&CROA=Z&2R5O=Z&SqT=zX69&sRSQ=G9uE&Snq=kY4-j)WkN&SOSq=DwnG0aXuox9.ak66~9*h~x%3D%3D&S(nq=*9*6*u*K9&RnmQ=uZZe*6Z&SS=4!&RS=~x&5ssOR=z&(Qwv(o=5ssOR%3A%2F%2FRsA(7noQRPSI%2F7noQ%2FM!Sbsx4CQOEv%2FROIsn7hi(QqinOA&pRQ=6&v8q=X&n2=zKZZ&CS7=KZ*9*&O8nq=OzzEkk9ZuXXXs*Z*6ZzZEZEzK&O8nqR=*&5sCoR(S=z&sflct=3092663&ure=1
Frame ID: DBC45939FF32AD307BABE058921AD316
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: 9B71C595A7131E26F04D43052A00ED98
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 7645A20394516E5094414B1A2558D9DE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

spotify++ red.ipa - Starfiles

Detected technologies

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

87
Requests

91 %
HTTPS

78 %
IPv6

16
Domains

26
Subdomains

24
IPs

1
Countries

691 kB
Transfer

1904 kB
Size

18
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://search.starfiles.co/
Title: Search

Search URL Search Domain Scan URL

URL: http://starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/
Title: http://starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion

Search URL Search Domain Scan URL

URL: http://starfiles.i2p/?i2paddresshelper=phrv~L7XcxhP516AJ1rIfNi6K1~UXiD2VAic0NQSBwimGu~8vtdzGE~nXoAnWsh82LorX9ReIPZUCJzQ1BIHCKYa7~y-13MYT-degCdayHzYuitf1F4g9lQInNDUEgcIphrv~L7XcxhP516AJ1rIfNi6K1~UXiD2VAic0NQSBwimGu~8vtdzGE~nXoAnWsh82LorX9ReIPZUCJzQ1BIHCKYa7~y-13MYT-degCdayHzYuitf1F4g9lQInNDUEgcIphrv~L7XcxhP516AJ1rIfNi6K1~UXiD2VAic0NQSBwimGu~8vtdzGE~nXoAnWsh82LorX9ReIPZUCJzQ1BIHCKYa7~y-13MYT-degCdayHzYuitf1F4g9lQInNDUEgcIphrv~L7XcxhP516AJ1rIfNi6K1~UXiD2VAic0NQSBwimGu~8vtdzGE~nXoAnWsh82LorX9ReIPZUCJzQ1BIHCBgFWZVH2NjuQKy322EV1Wzc9XfOfhbq-jLcOVCzsbzRBQAEAAcAAA==
Title: http://vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p

Search URL Search Domain Scan URL

URL: https://docs.google.com/forms/d/e/1FAIpQLSeaMclSX3Td_xQYehDwiTb5-SoCv81hwxb4lmjgG0b_wxl5Ww/viewform?usp=sf_link
Title: Leave some feedback

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fstarfiles.co%2Ffile%2FVScTtAUmep9u%2F%2Fspotify-red-ipa%3Futm_medium%3Dshare%26utm_campaign%3Dshare%26utm_source%3Dfacebook
Title: Share

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?source=https%3A%2F%2Fstarfiles.co%2Ffile%2FVScTtAUmep9u%2F%2Fspotify-red-ipa%3Futm_medium%3Dshare%26utm_campaign%3Dshare%26utm_source%3Dtwitter&text=https%3A%2F%2Fstarfiles.co%2Ffile%2FVScTtAUmep9u%2F%2Fspotify-red-ipa%3Futm_medium%3Dshare%26utm_campaign%3Dshare%26utm_source%3Dtwitter
Title: Tweet

Search URL Search Domain Scan URL

URL: https://www.snapchat.com/scan?attachmentUrl=https%3A%2F%2Fstarfiles.co%2Ffile%2FVScTtAUmep9u%2F%2Fspotify-red-ipa%3Futm_medium%3Dshare%26utm_campaign%3Dshare%26utm_source%3Dsnapchat
Title: Snap

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https%3A%2F%2Fstarfiles.co%2Ffile%2FVScTtAUmep9u%2F%2Fspotify-red-ipa%3Futm_medium%3Dshare%26utm_campaign%3Dshare%26utm_source%3Dreddit&title=spotify%2B%2B+red.ipa
Title: Post

Search URL Search Domain Scan URL

URL: https://t.me/share/url?url=https%3A%2F%2Fstarfiles.co%2Ffile%2FVScTtAUmep9u%2F%2Fspotify-red-ipa%3Futm_medium%3Dshare%26utm_campaign%3Dshare%26utm_source%3Dtelegram&text=spotify%2B%2B+red.ipa
Title: Telegram

Search URL Search Domain Scan URL

URL: https://discord.com/oauth2/authorize?client_id=1093813400146034718
Title: Add Our Discord Bot

Search URL Search Domain Scan URL

URL: https://api.starfiles.co/torrent/VScTtAUmep9u
Title: Torrent

Search URL Search Domain Scan URL

URL: https://signtunes.com/signer#VScTtAUmep9u
Title: Signtunes

Search URL Search Domain Scan URL

URL: https://signtunes.com/
Title: Signtunes

Search URL Search Domain Scan URL

URL: https://download.starfiles.co/VScTtAUmep9u

Search URL Search Domain Scan URL

URL: https://trustpilot.com/review/starfiles.co?utm_medium=trustbox&utm_source=TrustBoxBasic&utm_campaign=free

Search URL Search Domain Scan URL

URL: https://producthunt.com/posts/starfiles?utm_source=badge-featured&utm_medium=badge&utm_souce=badge-starfiles

Search URL Search Domain Scan URL

URL: https://twitter.com/StarfilesHelp
Title: Twitter

Search URL Search Domain Scan URL

URL: https://discord.gg/JFvfPfJ
Title: Discord

Search URL Search Domain Scan URL

URL: https://t.me/StarfilesChat
Title: Telegram

Search URL Search Domain Scan URL

URL: https://reddit.com/r/starfiles
Title: Reddit

Search URL Search Domain Scan URL

URL: https://facebook.com/StarfilesFileSharing
Title: Facebook

Search URL Search Domain Scan URL

URL: https://patreon.com/starfiles
Title: Patreon

Search URL Search Domain Scan URL

URL: https://status.starfiles.co/
Title: Status

Search URL Search Domain Scan URL

URL: https://www.flekstore.com/
Title: FlekSt0re

Search URL Search Domain Scan URL

URL: https://patreon.com/Starfiles
Title: Patreon

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://cdn.starfiles.co/images/widget/VScTtAUmep9u?type=file&cache=86ffe5bb2ac70be16127b1e824bcec74 HTTP 301
https://api2.starfiles.co/widget/VScTtAUmep9u

Request Chain 13

https://cdn.starfiles.co/qrcode?data=https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa&size=256 HTTP 301
https://api2.starfiles.co/qrcode/qrcode?data=https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa&size=256

Request Chain 27

https://starfiles.co/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://starfiles.co/cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/main.js

Request Chain 67

https://starfiles.co/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://starfiles.co/cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/main.js

87 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request spotify-red-ipa Show response
starfiles.co/file/VScTtAUmep9u/ 117 KB
31 KB 3610ms
3509ms Document
text/html 2606:4700:20::681a:90d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:90d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c05b3d60f2ff57dbc8d3bfcc171a66330c4152284dd1e1263b972a2649772327

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cdn-cache-control: no-cache, no-store, must-revalidate, private
cf-cache-status: BYPASS
cf-ray: 8ff354289bac0c84-EWR
content-encoding: br
content-security-policy: default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
content-type: text/html; charset=UTF-8
date: Thu, 09 Jan 2025 09:16:32 GMT
expect-ct: max-age=86400, enforce
expires: Thu, 19 Nov 1981 08:52:00 GMT
i2p-location: http://vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/file/VScTtAUmep9u/spotify-red-ipa
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
onion-location: http://starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/file/VScTtAUmep9u/spotify-red-ipa
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nirk7UGww9rXBVXw0WUZ7z8%2Ftq4AemhmBT%2F666A7SdVxBJ7lcUdlrqVo8riPTrvR2nUvs6hsDUh3pLZpPRfchDB5KLGXkpx1yNUXw2Uear415pwup66bj%2FsvHf4UV2BOMFf96lHn42runw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=9540&min_rtt=9054&rtt_var=2587&sent=7&recv=9&lost=0&retrans=0&sent_bytes=3959&recv_bytes=2369&delivery_rate=450629&cwnd=255&unsent_bytes=0&cid=ca3f46bd3597bfdc&ts=3527&x=0"
sf-primary: primary-germany-1
sf-primary-cache-status: EXPIRED
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 mobile.min.css
cdn.jsdelivr.net/combine/gh/QuixThe2nd/Starfiles-JSDelivr@latest/css/main.min.css,gh/QuixThe2nd/Starfiles-JSDelivr@latest/css/ 23 KB
6 KB 122ms
30ms Stylesheet
text/css 2a04:4e42:200::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/combine/gh/QuixThe2nd/Starfiles-JSDelivr@latest/css/main.min.css,gh/QuixThe2nd/Starfiles-JSDelivr@latest/css/mobile.min.css

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2c31301d903c49a1dab3a2714159746e5a09cdba1ce40247d46772115324f678

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"5dbb-fiOI6f/ImNV5VpgXmfTefGN7suE"
age: 23108
x-content-type-options: nosniff
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Thu, 09 Jan 2025 09:16:32 GMT
content-type: text/css; charset=utf-8
x-served-by: cache-fra-etou8220030-FRA, cache-ewr-kewr1740038-EWR
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5789

GET
H3 200 theme.css
cdn.starfiles.co/css/ 1 KB
2 KB 116ms
39ms Stylesheet
text/css 2606:4700:20::681a:80d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.starfiles.co/css/theme.css?theme=ocean

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:80d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

769406737de2760ebe901774c41536f730ac9757ee1244f8b17bda055a73558f

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location: http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/css/theme.css?theme=ocean
sf-primary: primary-germany-1
content-encoding: gzip
cf-cache-status: HIT
age: 881910
expect-ct: max-age=86400, enforce
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V4F1X2PIccnFu7jA4xghmuOyzxc%2BVVre%2FmVjebkY12DXKAh%2BugYnaFhEHn22BoYH96CZOO054kjpyRuiHVhWkvaH3ano4RBzOkFbnZq0Ll5u%2BXJ2TQPv1KHc%2B4533mwjSJqZ0TnqTJ6%2BZDUX96Q%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22333&min_rtt=22215&rtt_var=8415&sent=17&recv=12&lost=0&retrans=0&sent_bytes=10746&recv_bytes=5992&delivery_rate=131273&cwnd=12000&unsent_bytes=0&cid=a683cf9bdb932e0a&ts=46&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 09 Jan 2025 09:16:32 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
sf-primary-cache-status: MISS
access-control-allow-headers: Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
cache-control: public, max-age=31556926, immutable
cdn-cache-control: public, max-age=7776000
priority: u=0,i=?0
pragma: cache
last-modified: Mon, 30 Dec 2024 03:58:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
onion-location: http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/css/theme.css?theme=ocean
referrer-policy: same-origin
cf-ray: 8ff3543f2ca78cca-EWR
access-control-allow-origin: *
x-xss-protection: 1; mode=block
server: cloudflare

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 158 KB
52 KB 149ms
58ms Script
text/javascript 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7198310321194757

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f750d23460829b6fa304d010b3d39e0f18305ae419506ec7e91b1b112120c3b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://starfiles.co
Referer

Response headers

content-encoding: br
etag: 16857300833163487615
x-content-type-options: nosniff
expires: Thu, 09 Jan 2025 09:16:32 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Thu, 09 Jan 2025 09:16:32 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 53549
x-xss-protection: 0
server: cafe

GET
H2 200 pub-7198310321194757 Show response
fundingchoicesmessages.google.com/i/ 26 KB
11 KB 154ms
66ms Script
application/javascript 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/pub-7198310321194757?ers=1

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a4eef01fee345684240a928ab22237c95e5e6841a7374e6e89b3e052805eff1e

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-d2iXgkFbVBPfNxuDxbWQVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:32 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmII0pBikPj6kkkDiJ3SZ7AGAXHrzXOsU4HYaO15VicgTvp3nrUIiA0VLrE6gnDRJVZPIFbtucRqCsT3111ifQ7EH-ovs_4A4hnnL7MuAOIiiSusTUDM8PUKKwcQC_FwfFj-bzebwI2FPYuYlDSS8gvjk_PzSooyk0pL8ovSktNSi1OLylKL4o0MjEwNDA3M9QxM4gsMAKLsReI"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-d2iXgkFbVBPfNxuDxbWQVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 200 signtunes-64.png
cdn.starfiles.co/images/ 2 KB
3 KB 50ms
38ms Image
image/webp 2606:4700:20::681a:80d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.starfiles.co/images/signtunes-64.png

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:80d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

528db3367adad2cc4d26d3d64bfcd2ec12a38b30f2bc34dbd964e6b3f9781fd7

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location: http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/signtunes-64.png
sf-primary: primary-germany-1
cf-cache-status: HIT
age: 882734
expect-ct: max-age=86400, enforce
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y9pTSpnuq%2B1W2AcGOy6AVuef6a2PezaPRFCzGWOka2FjZM5An%2F6PynBWFrqpOQDwrwEoyb11hoZSafZ5SrdquQHnAsA%2FLKtC0kiN6GW%2Buwq4Bj%2FSwwbQOqqKzKbfWY%2FiGineE7MK3RCEY2aVQUM%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22333&min_rtt=22215&rtt_var=8415&sent=14&recv=12&lost=0&retrans=0&sent_bytes=7729&recv_bytes=5992&delivery_rate=131273&cwnd=12000&unsent_bytes=0&cid=a683cf9bdb932e0a&ts=46&x=1", cfExtPri, cfHdrFlush;dur=0
content-type: image/webp
content-disposition: inline; filename="signtunes-64.webp"
priority: u=3,i
last-modified: Mon, 30 Dec 2024 03:54:12 GMT
cache-control: public, max-age=16070400
cdn-cache-control: public, max-age=7776000
pragma: cache
onion-location: http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/signtunes-64.png
referrer-policy: same-origin
x-xss-protection: 1; mode=block
server: cloudflare
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
cf-polished: origFmt=png, origSize=2069
date: Thu, 09 Jan 2025 09:16:32 GMT
vary: Accept
sf-primary-cache-status: MISS
access-control-allow-headers: Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ff3543f2ca48cca-EWR
access-control-allow-origin: *

GET
H3 200 appdb-64.png
cdn.starfiles.co/images/ 3 KB
4 KB 72ms
60ms Image
image/png 2606:4700:20::681a:80d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.starfiles.co/images/appdb-64.png

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:80d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

735b7f70ab83623127d52f82b9c6bce0311a2ed2f1a5fe4827517b5a5ce4d78f

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location: http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/appdb-64.png
sf-primary: primary-germany-1
cf-cache-status: HIT
age: 882734
expect-ct: max-age=86400, enforce
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YH9u2GSd9Lh8K%2BdyeSqsquubhMK80dq%2BGnNhOam3T8YL7Rm6X%2B%2FDV5IsnVC0sRv%2BCjz2fq7z3EwCUW1Xnlhy3UCiqI%2Frueusjd5G25iibVfDW1Y577yQA3jP43rBkNRabMObd5gergmsmr%2FOA%2Fo%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22333&min_rtt=22215&rtt_var=8415&sent=22&recv=12&lost=0&retrans=0&sent_bytes=15529&recv_bytes=5992&delivery_rate=131273&cwnd=12000&unsent_bytes=0&cid=a683cf9bdb932e0a&ts=47&x=1", cfExtPri, cfHdrFlush;dur=20
content-type: image/png
last-modified: Mon, 30 Dec 2024 03:54:12 GMT
priority: u=3,i
cache-control: public, max-age=16070400
cdn-cache-control: public, max-age=7776000
pragma: cache
onion-location: http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/appdb-64.png
referrer-policy: same-origin
x-xss-protection: 1; mode=block
server: cloudflare
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
cf-polished: origSize=3806, status=webp_bigger
date: Thu, 09 Jan 2025 09:16:32 GMT
vary: Accept-Encoding
sf-primary-cache-status: MISS
access-control-allow-headers: Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ff3543f2ca18cca-EWR
access-control-allow-origin: *

GET
H3 200 altstore-64.png
cdn.starfiles.co/images/ 1 KB
3 KB 74ms
62ms Image
image/webp 2606:4700:20::681a:80d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.starfiles.co/images/altstore-64.png

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:80d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4eee2ec19acb04d23c103ea264973702058758cd168608cb4b2051f085675ce

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location: http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/altstore-64.png
sf-primary: primary-germany-1
cf-cache-status: HIT
age: 882310
expect-ct: max-age=86400, enforce
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ctFhkgkvfOw4vt1li%2F5mVdrsG0Q%2BH7IjkNL2CVJhOdJSTExJANtG111iEGS0RJp0UCQiWymi5hC%2FL7T7kx4iKRuh2TRHmpiMT9jbSIyoRvZKxV6vRKWOAd%2FSc%2F2ehl8Li3%2B1YiZjIGtpwz1UWnc%3D"}],"group":"cf-nel","max_age":604800}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=ASCr06Mk2pMlsGmEj0wvh6F.Xe_KebmljHSnbJ9wa7w-1736414192-1.0.1.1-2Tdx.c8M9nhgH2LHM1ENkgeONvKAPypwaYdwRYNo8XDk13I7pFqOLLQvLrQ9ZWTKM3H7xaoibAQdLxoRvA9eNq4d7lnN6UzxP69miRdWTjMIiwnEdw0jJV3k_Tc1c7z3YShAOzcIOCNa13cHQVLKgRJW0Fgi_HR.EX4Y4_S1jW0"}],"group":"cf-csp-endpoint","max_age":86400}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22333&min_rtt=22215&rtt_var=8415&sent=22&recv=12&lost=0&retrans=0&sent_bytes=15529&recv_bytes=5992&delivery_rate=131273&cwnd=12000&unsent_bytes=0&cid=a683cf9bdb932e0a&ts=47&x=1", cfExtPri, cfHdrFlush;dur=20
content-type: image/webp
content-disposition: inline; filename="altstore-64.webp"
priority: u=3,i
last-modified: Thu, 19 Dec 2024 19:33:32 GMT
cache-control: public, max-age=16070400
cdn-cache-control: public, max-age=7776000
pragma: cache
onion-location: http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/altstore-64.png
referrer-policy: same-origin
x-xss-protection: 1; mode=block
server: cloudflare
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
cf-polished: origFmt=png, origSize=2487
date: Thu, 09 Jan 2025 09:16:32 GMT
vary: Accept
sf-primary-cache-status: MISS
access-control-allow-headers: Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ASCr06Mk2pMlsGmEj0wvh6F.Xe_KebmljHSnbJ9wa7w-1736414192-1.0.1.1-2Tdx.c8M9nhgH2LHM1ENkgeONvKAPypwaYdwRYNo8XDk13I7pFqOLLQvLrQ9ZWTKM3H7xaoibAQdLxoRvA9eNq4d7lnN6UzxP69miRdWTjMIiwnEdw0jJV3k_Tc1c7z3YShAOzcIOCNa13cHQVLKgRJW0Fgi_HR.EX4Y4_S1jW0; report-to cf-csp-endpoint
cf-ray: 8ff3543f2ca58cca-EWR
access-control-allow-origin: *

GET
H3 200 trollstore-64.png
cdn.starfiles.co/images/ 3 KB
4 KB 52ms
40ms Image
image/webp 2606:4700:20::681a:80d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.starfiles.co/images/trollstore-64.png

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:80d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45810cdad805df84722b2c03391b8d1ce16f8ee5048b9be90c300bf929a6b3ee

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location: http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/trollstore-64.png
sf-primary: primary-germany-1
cf-cache-status: HIT
age: 882734
expect-ct: max-age=86400, enforce
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CMdwZvbPm%2BNRpWa1Q2%2F%2FTDyM2Hp1ICtMrXpNj3SUFMNcoMec3okX3x4G8oOqzhn4PAUbioBJCMtXiRzqDQdlIrZFyX0KukoOoL3KBFyfmREZn%2Fsne7weBLLX2mwouaeIaSp1ezi4AnGX%2F8PYe1Q%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22333&min_rtt=22215&rtt_var=8415&sent=19&recv=12&lost=0&retrans=0&sent_bytes=12457&recv_bytes=5992&delivery_rate=131273&cwnd=12000&unsent_bytes=0&cid=a683cf9bdb932e0a&ts=46&x=1", cfExtPri, cfHdrFlush;dur=0
content-type: image/webp
content-disposition: inline; filename="trollstore-64.webp"
priority: u=3,i
last-modified: Thu, 19 Dec 2024 17:06:32 GMT
cache-control: public, max-age=16070400
cdn-cache-control: public, max-age=7776000
pragma: cache
onion-location: http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/trollstore-64.png
referrer-policy: same-origin
x-xss-protection: 1; mode=block
server: cloudflare
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
cf-polished: origFmt=png, origSize=5889
date: Thu, 09 Jan 2025 09:16:32 GMT
vary: Accept
sf-primary-cache-status: HIT
access-control-allow-headers: Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ff3543f2ca38cca-EWR
access-control-allow-origin: *

GET
H3 200 gbox-64.png
cdn.starfiles.co/images/ 2 KB
3 KB 49ms
39ms Image
image/webp 2606:4700:20::681a:80d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.starfiles.co/images/gbox-64.png

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:80d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2eba21ae4c2a4af47caa1154d8711a6bdbf85d295b228426354ac42b4c430621

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location: http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/gbox-64.png
sf-primary: primary-germany-1
cf-cache-status: HIT
age: 882734
expect-ct: max-age=86400, enforce
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G%2B7PxDhc01Uqqj7fkqgL1ztDobXcPDhmzcImQO7ZhHAFsGtKYA4BqxIxjB02yQZ8BXbLSKTjRPOVNYih4h8CYyBhVwIpVCsPGJf%2FVyOD6OrJgxAo3yTLvW%2FL4RpAONUyP5L2ks9ECgFBjJzi2lI%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22333&min_rtt=22215&rtt_var=8415&sent=11&recv=12&lost=0&retrans=0&sent_bytes=4159&recv_bytes=5992&delivery_rate=131273&cwnd=12000&unsent_bytes=0&cid=a683cf9bdb932e0a&ts=45&x=1", cfExtPri, cfHdrFlush;dur=0
content-type: image/webp
content-disposition: inline; filename="gbox-64.webp"
priority: u=3,i
last-modified: Thu, 26 Dec 2024 06:59:55 GMT
cache-control: public, max-age=16070400
cdn-cache-control: public, max-age=7776000
pragma: cache
onion-location: http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/gbox-64.png
referrer-policy: same-origin
x-xss-protection: 1; mode=block
server: cloudflare
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
cf-polished: origFmt=png, origSize=3408
date: Thu, 09 Jan 2025 09:16:32 GMT
vary: Accept
sf-primary-cache-status: HIT
access-control-allow-headers: Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ff3543f2ca28cca-EWR
access-control-allow-origin: *

GET
H3 200 scarlet-64.png
cdn.starfiles.co/images/ 3 KB
4 KB 48ms
47ms Image
image/webp 2606:4700:20::681a:80d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.starfiles.co/images/scarlet-64.png

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:80d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

afad6a7ce2b8646c18508d67d8fb33ffdcb6c930b96a36e3b35a14aa8bfe0fbf

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location: http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/scarlet-64.png
sf-primary: primary-germany-1
cf-cache-status: HIT
age: 882310
expect-ct: max-age=86400, enforce
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BAgMDJfTGSJiB%2FkSWJQnXKItm5MSeRX8l2Sh46xofxZt5LwNdxce%2FMyAYazv3pkuk748lxrqf1DEOKtKl4ypkcg%2B%2Fkgfgg%2BmuFv9WQzNbF1zMn5wfnsiM%2BKMDasKktnWI0XPeOwAbQlTDNI2u%2BY%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=31006&min_rtt=21910&rtt_var=9729&sent=33&recv=24&lost=0&retrans=0&sent_bytes=25007&recv_bytes=8149&delivery_rate=547684&cwnd=16800&unsent_bytes=0&cid=a683cf9bdb932e0a&ts=87&x=1", cfExtPri, cfHdrFlush;dur=0
content-type: image/webp
content-disposition: inline; filename="scarlet-64.webp"
priority: u=3,i
last-modified: Thu, 19 Dec 2024 20:34:43 GMT
cache-control: public, max-age=16070400
cdn-cache-control: public, max-age=7776000
pragma: cache
onion-location: http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/scarlet-64.png
referrer-policy: same-origin
x-xss-protection: 1; mode=block
server: cloudflare
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
cf-polished: origFmt=png, origSize=3917
date: Thu, 09 Jan 2025 09:16:32 GMT
vary: Accept
sf-primary-cache-status: HIT
access-control-allow-headers: Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ff3543f6cde8cca-EWR
access-control-allow-origin: *

GET
H3 200 reprovision-64.png
cdn.starfiles.co/images/ 2 KB
3 KB 50ms
49ms Image
image/webp 2606:4700:20::681a:80d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.starfiles.co/images/reprovision-64.png

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:80d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8a9c2d58a3ab6790cc912f9b046c35bd4e0a672569136c338907920e137cdcd

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location: http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/reprovision-64.png
sf-primary: primary-germany-1
cf-cache-status: HIT
age: 882734
expect-ct: max-age=86400, enforce
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fuQKymH%2BBVIHQ0bmyv7PqM9PV0Nnk9v15QtZd%2BfqkdiJwNtAXLB%2FkROPXq9nCVGd2DqBYhlpSkSzOZA8gGiH7YbSoKlXUFAOJg63XKpl1rpx8LRA7o%2B1daQlCjKPJ%2FJR3r1ienn5uN7%2BA0clClI%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=31006&min_rtt=21910&rtt_var=9729&sent=40&recv=24&lost=0&retrans=0&sent_bytes=31930&recv_bytes=8149&delivery_rate=547684&cwnd=16800&unsent_bytes=0&cid=a683cf9bdb932e0a&ts=89&x=1", cfExtPri, cfHdrFlush;dur=2
content-type: image/webp
content-disposition: inline; filename="reprovision-64.webp"
priority: u=3,i
last-modified: Wed, 18 Dec 2024 20:46:35 GMT
cache-control: public, max-age=16070400
cdn-cache-control: public, max-age=7776000
pragma: cache
onion-location: http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/reprovision-64.png
referrer-policy: same-origin
x-xss-protection: 1; mode=block
server: cloudflare
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
cf-polished: origFmt=png, origSize=3059
date: Thu, 09 Jan 2025 09:16:32 GMT
vary: Accept
sf-primary-cache-status: MISS
access-control-allow-headers: Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ff3543f6cdf8cca-EWR
access-control-allow-origin: *

GET
H3 200 appinstallerios-64.png
cdn.starfiles.co/images/ 3 KB
4 KB 49ms
47ms Image
image/webp 2606:4700:20::681a:80d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.starfiles.co/images/appinstallerios-64.png

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:80d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d8731b2fd3a584e177be6ee04b3f9a05be6e32fde2f97993921a8a3bad26e82

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location: http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/appinstallerios-64.png
sf-primary: primary-germany-1
cf-cache-status: HIT
age: 882734
expect-ct: max-age=86400, enforce
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GDoRVI%2BAIKCgwNcxI%2Fb74GCuFV0%2Byv6g29wDYVakWhtyIDeF5UAwwgo7NC%2FaVf2r9%2BP8ne3%2B15zp3wsyymHJvGI4ecC%2BMK8cCkuay2pVVpBr0SPSzMTrMZ44yAkCHZE0xuBxwVbiPd8HDFIV3S8%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=31006&min_rtt=21910&rtt_var=9729&sent=40&recv=24&lost=0&retrans=0&sent_bytes=31930&recv_bytes=8149&delivery_rate=547684&cwnd=16800&unsent_bytes=0&cid=a683cf9bdb932e0a&ts=90&x=1", cfExtPri, cfHdrFlush;dur=1
content-type: image/webp
content-disposition: inline; filename="appinstallerios-64.webp"
priority: u=3,i
last-modified: Thu, 19 Dec 2024 19:43:30 GMT
cache-control: public, max-age=16070400
cdn-cache-control: public, max-age=7776000
pragma: cache
onion-location: http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/appinstallerios-64.png
referrer-policy: same-origin
x-xss-protection: 1; mode=block
server: cloudflare
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
cf-polished: origFmt=png, origSize=4199
date: Thu, 09 Jan 2025 09:16:32 GMT
vary: Accept
sf-primary-cache-status: MISS
access-control-allow-headers: Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ff3543f6ce08cca-EWR
access-control-allow-origin: *

GET

VScTtAUmep9u
api2.starfiles.co/widget/
Redirect Chain

https://cdn.starfiles.co/images/widget/VScTtAUmep9u?type=file&cache=86ffe5bb2ac70be16127b1e824bcec74
https://api2.starfiles.co/widget/VScTtAUmep9u

0
0

GET

qrcode
api2.starfiles.co/qrcode/
Redirect Chain

https://cdn.starfiles.co/qrcode?data=https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa&size=256
https://api2.starfiles.co/qrcode/qrcode?data=https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa&size=256

0
0

GET
H/1.1 403
Forbidden invoke.js
pl22439263.profitablegatecpm.com/3ec188bf80670554461a35ea9780534a/ 0
0 175ms
66ms Script
application/javascript 192.243.59.20
ADVANCEDHOSTERS-A...

General

Check archive.org

Show headers Download Go to

Full URL: https://pl22439263.profitablegatecpm.com/3ec188bf80670554461a35ea9780534a/invoke.js
Requested by: Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.20 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software: nginx/1.19.5 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 0
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 09 Jan 2025 09:16:32 GMT
Content-Type: application/javascript
Host: pl22439263.profitablegatecpm.com
Server: nginx/1.19.5

GET
H2 200 stars-5.svg
cdn.trustpilot.net/brand-assets/4.1.0/stars/ 2 KB
1 KB 125ms
33ms Image
image/svg+xml 108.138.106.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.trustpilot.net/brand-assets/4.1.0/stars/stars-5.svg
Requested by: Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.106.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-106-53.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: da694facc08b1b4e4639b29f607547b51743e29db6f87ee33852f4115b97f376

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-amz-cf-pop: JFK50-P3
vary: Accept-Encoding
cache-control: public, max-age=31536000
content-encoding: gzip
etag: W/"64883a012ca0adaa9d04c153ff3e6478"
age: 9733109
via: 1.1 bce50d2cc476ede482a8048a0c124908.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: azTqRGLJm_X5I-_29IYg5fYw1MweDvLSKwWHWsl1wMK1jBQ6o-rqBg==
date: Wed, 18 Sep 2024 17:38:03 GMT
content-type: image/svg+xml
last-modified: Wed, 12 Jun 2019 14:13:13 GMT
x-amz-meta-cache-control: public, max-age=31536000
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H3 200 featured.svg
api.producthunt.com/widgets/embed-image/v1/ 2 KB
1 KB 146ms
51ms Image
image/svg+xml 2606:4700::6812:7f76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://api.producthunt.com/widgets/embed-image/v1/featured.svg?post_id=281011&theme=dark

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:7f76 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df8f16dbb4e42d0e1d4db01ced826e12f830f7d84b1ed43b4122e1aa3dd3a1fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-request-id: 35ec9a55-dad2-4337-aa7b-cc4db7c7841d
content-encoding: br
cf-cache-status: HIT
etag: W/"df8f16dbb4e42d0e1d4db01ced826e12"
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
expires: Thu, 09 Jan 2025 13:16:32 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 09 Jan 2025 09:16:32 GMT
content-type: image/svg+xml
vary: Accept-Encoding
x-runtime: 0.013524
priority: u=3,i
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=2592000; includeSubDomains; preload
cache-control: public, max-age=14400
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8ff3544019691a44-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H3 200 patreon-64.png
cdn.starfiles.co/images/ 938 B
2 KB 50ms
48ms Image
image/webp 2606:4700:20::681a:80d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.starfiles.co/images/patreon-64.png

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:80d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

87bddb29802e457fdfc137657726384b3cc188ba19d4acdb6fd06e4b9135e0dd

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location: http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/patreon-64.png
sf-primary: primary-germany-1
cf-cache-status: HIT
age: 881414
expect-ct: max-age=86400, enforce
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XI5Jbpzg%2Fc%2BklRFtHtOxYDUkeF%2FkvxhcowQrRQwkBvIeX%2FjobXZpH5pvozsO0WLefCWmXOyWdcmbn8d5pavIqAYbtSgT4VYiXpnvNmX2c7RDDlzOLXZICwkZuXWm3syQsuswahr5VcN04sVLFOE%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=31270&min_rtt=21910&rtt_var=8616&sent=50&recv=34&lost=0&retrans=0&sent_bytes=41830&recv_bytes=10125&delivery_rate=425551&cwnd=16800&unsent_bytes=0&cid=a683cf9bdb932e0a&ts=108&x=1", cfExtPri, cfHdrFlush;dur=10
content-type: image/webp
content-disposition: inline; filename="patreon-64.webp"
priority: u=3,i
last-modified: Mon, 30 Dec 2024 03:58:01 GMT
cache-control: public, max-age=16070400
cdn-cache-control: public, max-age=7776000
pragma: cache
onion-location: http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/patreon-64.png
referrer-policy: same-origin
x-xss-protection: 1; mode=block
server: cloudflare
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
cf-polished: origFmt=png, origSize=1933
date: Thu, 09 Jan 2025 09:16:32 GMT
vary: Accept
sf-primary-cache-status: MISS
access-control-allow-headers: Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ff3543f8cf38cca-EWR
access-control-allow-origin: *

GET
H3 200 doge-64.png
cdn.starfiles.co/images/ 4 KB
5 KB 50ms
49ms Image
image/webp 2606:4700:20::681a:80d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.starfiles.co/images/doge-64.png

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:80d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ac33819488de47f25c6a3788e583d04964914c5aa09b83320bac6ffc8a1923e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location: http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/doge-64.png
sf-primary: primary-germany-1
cf-cache-status: HIT
age: 881414
expect-ct: max-age=86400, enforce
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3RmcmZ2mBVTW1cA1VocR0Q1TKe2jM7iC1hgmKutU%2B%2FQFfGzu95zhUuasTdlDtgrslJqWhz4Qq28RWVmi0DeQzFrQtms1OdYoq0m4Fo%2BiS8%2BqfVGhj21E1%2FGDP7QGJOEjDdEXyu8F6vRQH3pMsOo%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=31270&min_rtt=21910&rtt_var=8616&sent=50&recv=34&lost=0&retrans=0&sent_bytes=41830&recv_bytes=10125&delivery_rate=425551&cwnd=16800&unsent_bytes=0&cid=a683cf9bdb932e0a&ts=109&x=1", cfExtPri, cfHdrFlush;dur=9
content-type: image/webp
content-disposition: inline; filename="doge-64.webp"
priority: u=3,i
last-modified: Thu, 26 Dec 2024 03:41:26 GMT
cache-control: public, max-age=16070400
cdn-cache-control: public, max-age=7776000
pragma: cache
onion-location: http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/doge-64.png
referrer-policy: same-origin
x-xss-protection: 1; mode=block
server: cloudflare
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
cf-polished: origFmt=png, origSize=5733
date: Thu, 09 Jan 2025 09:16:32 GMT
vary: Accept
sf-primary-cache-status: MISS
access-control-allow-headers: Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ff3543f8cf48cca-EWR
access-control-allow-origin: *

GET
H3 200 bitcoin-64.png
cdn.starfiles.co/images/ 1 KB
2 KB 54ms
53ms Image
image/webp 2606:4700:20::681a:80d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.starfiles.co/images/bitcoin-64.png

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:80d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9640bf1795ad4d606d37bf3a223f72f7f089242f745c4182843820dcd73d55f

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location: http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/bitcoin-64.png
sf-primary: primary-germany-1
cf-cache-status: HIT
age: 881414
expect-ct: max-age=86400, enforce
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HBVDM8jNUI5Vxzlx1RLPFB%2FgqUwL%2BHY7qD32mcakzyI7rztBGcRukkmKyJIXNNh%2BYErHcFDKZ2d9neIPb2FpWB6yymIgS5%2Bm9IuBHENQP07iR5m63LLh%2FXSyf1M9LylbbmPW9%2BFYSACFyRRsxhU%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=31270&min_rtt=21910&rtt_var=8616&sent=50&recv=34&lost=0&retrans=0&sent_bytes=41830&recv_bytes=10125&delivery_rate=425551&cwnd=16800&unsent_bytes=0&cid=a683cf9bdb932e0a&ts=108&x=1", cfExtPri, cfHdrFlush;dur=14
content-type: image/webp
content-disposition: inline; filename="bitcoin-64.webp"
priority: u=3,i
last-modified: Wed, 18 Dec 2024 22:01:24 GMT
cache-control: public, max-age=16070400
cdn-cache-control: public, max-age=7776000
pragma: cache
onion-location: http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/bitcoin-64.png
referrer-policy: same-origin
x-xss-protection: 1; mode=block
server: cloudflare
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
cf-polished: origFmt=png, origSize=2360
date: Thu, 09 Jan 2025 09:16:32 GMT
vary: Accept
sf-primary-cache-status: MISS
access-control-allow-headers: Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ff3543f8cf58cca-EWR
access-control-allow-origin: *

GET
H3 200 bitcoincash-64.png
cdn.starfiles.co/images/ 1006 B
2 KB 39ms
37ms Image
image/webp 2606:4700:20::681a:80d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.starfiles.co/images/bitcoincash-64.png

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:80d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

13a5cf1b83d072d7532d4f3955015820c5ad18e936151fc820667f3b0102f5f9

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location: http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/bitcoincash-64.png
sf-primary: primary-germany-1
cf-cache-status: HIT
age: 1773448
expect-ct: max-age=86400, enforce
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eQIaTPESPq6LLULlt2UoFbo%2BW8hPxmYAS1bw3f4mLvdy%2FbKRIWmGqGHGKP8P2zGtqFDc6fbyCS4SLl56KRvbadaxX8tOJbzKVZjJzVIylILeVMqJXeetxNxMBlLmt%2FIsHkmKuCBWHVwG2xrmXno%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=31270&min_rtt=21910&rtt_var=8616&sent=48&recv=34&lost=0&retrans=0&sent_bytes=40042&recv_bytes=10125&delivery_rate=425551&cwnd=16800&unsent_bytes=0&cid=a683cf9bdb932e0a&ts=108&x=1", cfExtPri, cfHdrFlush;dur=0
content-type: image/webp
content-disposition: inline; filename="bitcoincash-64.webp"
priority: u=3,i
last-modified: Wed, 18 Dec 2024 22:01:24 GMT
cache-control: public, max-age=16070400
cdn-cache-control: public, max-age=7776000
pragma: cache
onion-location: http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/bitcoincash-64.png
referrer-policy: same-origin
x-xss-protection: 1; mode=block
server: cloudflare
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
cf-polished: origFmt=png, origSize=2468
date: Thu, 09 Jan 2025 09:16:32 GMT
vary: Accept
sf-primary-cache-status: MISS
access-control-allow-headers: Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ff3543f8cf68cca-EWR
access-control-allow-origin: *

GET
H3 200 ethereum-64.png
cdn.starfiles.co/images/ 1 KB
2 KB 55ms
54ms Image
image/webp 2606:4700:20::681a:80d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.starfiles.co/images/ethereum-64.png

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:80d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14d8fcaf2ec89003fb9fbbe591428437aedc458544648d302bbcf2135fb707dc

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location: http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/ethereum-64.png
sf-primary: primary-germany-1
cf-cache-status: HIT
age: 881414
expect-ct: max-age=86400, enforce
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w05P1RQc8424MH9Ejl9iIV2KabLbwJz%2BfGeOvdAD5DcogEnCsHvj6hwYfIoO%2Fm8Af0RlhiHIyHzqn3MLwZF%2FuOhZDl7hfNJ%2BIdWIvcvqiCcA00G3FzXWNcHd7Uqd9U5zqA5msfAwattO%2Fo2D%2Bb0%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=31185&min_rtt=21910&rtt_var=6632&sent=56&recv=35&lost=0&retrans=0&sent_bytes=46630&recv_bytes=10168&delivery_rate=261910&cwnd=19200&unsent_bytes=0&cid=a683cf9bdb932e0a&ts=119&x=1", cfExtPri, cfHdrFlush;dur=3
content-type: image/webp
content-disposition: inline; filename="ethereum-64.webp"
priority: u=3,i
last-modified: Thu, 26 Dec 2024 01:59:05 GMT
cache-control: public, max-age=16070400
cdn-cache-control: public, max-age=7776000
pragma: cache
onion-location: http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/ethereum-64.png
referrer-policy: same-origin
x-xss-protection: 1; mode=block
server: cloudflare
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
cf-polished: origFmt=png, origSize=2426
date: Thu, 09 Jan 2025 09:16:32 GMT
vary: Accept
sf-primary-cache-status: MISS
access-control-allow-headers: Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ff3543f8cf78cca-EWR
access-control-allow-origin: *

GET
H2 200 rocket-loader.min.js Show response
starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 29ms
28ms Script
application/javascript 2606:4700:20::681a:90d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:90d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Response headers

x-frame-options: DENY
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control: max-age=172800, public
content-encoding: gzip
etag: W/"677d0bc5-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=or2hVtkQDKHfuv%2BnjfBDQj4i9LxL%2BaZaWFtRVI8hzNrS8zNlv%2FBVF9TV1Ltej7H5ZIED8Blctx19crCcoUnzqdJo4IyMr3Gwp03hWgPBaX%2Fpu8SBIgU7GVYFcr%2BYwGe3Cl8xFjvdGq9eBA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8ff3543f8f370c84-EWR
expires: Sat, 11 Jan 2025 09:16:32 GMT
date: Thu, 09 Jan 2025 09:16:32 GMT
content-type: application/javascript
last-modified: Tue, 07 Jan 2025 11:11:01 GMT
server: cloudflare
vary: Accept-Encoding

GET
H2 200 dmedianet.js Show response
contextual.media.net/ 101 KB
38 KB 158ms
65ms Script
text/javascript 104.77.220.25
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/dmedianet.js?cid=8CUOZHD8E

Requested by

Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.77.220.25 Secaucus, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-77-220-25.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

bdd7e40674a376a290c133bfa838d96d5e4acc1c298b0bdd3519f2e286456bdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-mnt-h: 22-m61w
strict-transport-security: max-age=31536000
x-mnt-w: 22-r1fq
cache-control: max-age=300
timing-allow-origin: *
content-encoding: gzip
etag: "58163babb149ef86fb56e4121bd23e84"
expires: Thu, 09 Jan 2025 09:21:32 GMT
alt-svc: h3=":443"; ma=93600
content-length: 38539
date: Thu, 09 Jan 2025 09:16:32 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
server: Apache

GET
H2 200 beacon.min.js Show response
static.cloudflareinsights.com/ 19 KB
7 KB 123ms
42ms Script
text/javascript 2606:4700::6810:5049
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js
Requested by: Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"2024.6.1"
cross-origin-resource-policy: cross-origin
cf-ray: 8ff354407bb4f5f6-EWR
access-control-allow-origin: *
date: Thu, 09 Jan 2025 09:16:32 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
vary: Accept-Encoding
server: cloudflare

GET starfilesreact.min.js
cdn.jsdelivr.net/combine/gh/QuixThe2nd/Starfiles-JSDelivr@latest/js/functions.min.js,gh/QuixThe2nd/Starfiles-JSDelivr@latest/js/head.min.js,npm/clipboard@2/dist/clipboard.min.js,gh/QuixThe2nd/Starf... 0
0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 412 KB
134 KB 148ms
59ms Script
application/javascript 2607:f8b0:4006:820::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5NQRXX08WX

Requested by

Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4b3dbab700a6bd0ddc0f717848caf188167f5912595c2d8c2e00f3102425fa38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 09 Jan 2025 09:16:32 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:32 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 136168
x-xss-protection: 0
server: Google Tag Manager

GET
H3

200

main.js Show response
starfiles.co/cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/ Frame 2C80
Redirect Chain

https://starfiles.co/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://starfiles.co/cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/main.js?

8 KB
5 KB

38ms
37ms

Script
application/javascript

2606:4700:20::681a:90d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://starfiles.co/cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/main.js?

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Server

2606:4700:20::681a:90d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf017d01048a5fe710b9bc8db7a78bd719b4c633d9be8b1564344c5edf85d7a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
expect-ct: max-age=86400, enforce
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dTCqt3WahMv44MyVTmIX834P57GRau3DvA1MSXhH6foz0X5YR8PGNeIlqIs9rQZXRELl55Mh89HFNHIrFLTLOUizMxfIUSxsUyDtSXjYoJutS%2Bvsbd9DQ8D3v0VmvMu1AEUsn%2FXIJ7A6DQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22354&min_rtt=22085&rtt_var=4861&sent=12&recv=9&lost=0&retrans=0&sent_bytes=4161&recv_bytes=4312&delivery_rate=28526&cwnd=12000&unsent_bytes=0&cid=9a1227c49dce2d29&ts=66&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 09 Jan 2025 09:16:32 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
priority: u=3,i=?0
x-frame-options: SAMEORIGIN
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: same-origin
cf-ray: 8ff354403d658c48-EWR
x-xss-protection: 1; mode=block
server: cloudflare

Redirect headers

expect-ct: max-age=86400, enforce
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2G0hSifrd0qPizilVCztPLls8dfOMsRZewbz1cSMJv4B0J8VI6EMZHC2T6gi5UzSKaa4MR7Ei9NN4GAFRxNSb0aWRk8hC%2FG3Gzylz5bfiIWjpurNT2%2FRBfQTSOa169u4WnVdxZ%2BKXTw0UQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=9242&min_rtt=8960&rtt_var=294&sent=51&recv=25&lost=0&retrans=0&sent_bytes=40905&recv_bytes=2644&delivery_rate=1325249&cwnd=257&unsent_bytes=0&cid=ca3f46bd3597bfdc&ts=3799&x=0"
date: Thu, 09 Jan 2025 09:16:32 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/main.js?
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: same-origin
cf-ray: 8ff3543fef670c84-EWR
access-control-allow-origin: *
content-length: 0
x-xss-protection: 1; mode=block
server: cloudflare

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/ 432 KB
144 KB 74ms
72ms Script
text/javascript 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js?bust=31089587

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7198310321194757

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a4b9e9018d2c90286121ea7ccf547b3304fed1db2da602a1a53600f0f1304c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 7592710081682814194
age: 54
x-content-type-options: nosniff
expires: Thu, 23 Jan 2025 09:15:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Thu, 09 Jan 2025 09:15:38 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 147594
x-xss-protection: 0
server: cafe

POST
H3 200 8ff354289bac0c84 Show response
starfiles.co/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 2C80 0
1 KB 41ms
34ms XHR
text/plain 2606:4700:20::681a:90d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://starfiles.co/cdn-cgi/challenge-platform/h/g/jsd/r/8ff354289bac0c84

Requested by

Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/challenge-platform/scripts/jsd/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:90d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expect-ct: max-age=86400, enforce
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zug5wdcST%2FAyRUlL90Dgi1zeZMxRITjtMKP9X2%2BQfs0FE%2B7bVta6HQiNkgvpHR9AFuXKzxmmFp%2F6U%2BJwJ0Eksp5IK16lUyEBxQukM3PYk3lvco9HQAmzYPJMOGNUezxNA1Np9s0FigFNOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
referrer-policy: same-origin
x-content-type-options: nosniff
cf-ray: 8ff354413dea8c48-EWR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=29189&min_rtt=22085&rtt_var=12334&sent=30&recv=27&lost=0&retrans=0&sent_bytes=9394&recv_bytes=21644&delivery_rate=115273&cwnd=12000&unsent_bytes=0&cid=9a1227c49dce2d29&ts=232&x=1", cfExtPri, cfHdrFlush;dur=0
content-length: 0
date: Thu, 09 Jan 2025 09:16:32 GMT
x-xss-protection: 1; mode=block
content-type: text/plain; charset=UTF-8
server: cloudflare
priority: u=1,i
x-frame-options: SAMEORIGIN

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
40ms Image
image/gif 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=adsense_fc_has_namespace_but_no_iframes&publisherId=ca-pub-7198310321194757&eid=31088581%2C31089442%2C95349405%2C31089587%2C31088249%2C95340252%2C95340254

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Thu, 09 Jan 2025 09:16:32 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20250107/r20190131/ Frame 2D29 0
0 104ms
21ms Document
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20250107/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js?bust=31089587

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age: 22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4144
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 09 Jan 2025 09:16:10 GMT
etag: 7793694970870604198
expires: Thu, 23 Jan 2025 09:16:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads
googleads.g.doubleclick.net/pagead/ Frame A964 0
0 689ms
625ms Document
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7198310321194757&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1736414192&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=404x675_l%7C500x675_r&format=0x0&url=https%3A%2F%2Fstarfiles.co%2Ffile%2FVScTtAUmep9u%2Fspotify-red-ipa&pra=5&wgl=1&aihb=0&aiof=3&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~3~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33~38&aifxl=29_18~30_19&aiixl=29_5~30_6&aiict=1&aiapm=0.3221&aiapmi=0.33938&aiombap=1&aief=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1736414192682&bpp=4&bdt=293&idt=152&shv=r20250107&mjsv=m202501070101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=8612836680578&frm=20&pv=2&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31088581%2C31089442%2C95349405%2C31089587%2C31088249%2C95340252%2C95340254&oid=2&pvsid=2641037058475312&tmod=405128656&uas=0&nvt=1&fsapi=1&fc=1920&brdim=100%2C100%2C100%2C100%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=179

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js?bust=31089587

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Browsing-Topics: ();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 132176
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 09 Jan 2025 09:16:33 GMT
expires: Thu, 09 Jan 2025 09:16:33 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/ 178 KB
59 KB 28ms
27ms Script
text/javascript 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/reactive_library_fy2021.js?bust=31089587

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js?bust=31089587

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b79aa4d4f529b5c8e977b1f7752bc93869668574f8da2c0fa86528b7817dff99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 4137711651459886975
age: 72821
x-content-type-options: nosniff
expires: Wed, 22 Jan 2025 13:02:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Wed, 08 Jan 2025 13:02:52 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 60798
x-xss-protection: 0
server: cafe

GET
H2 200 ca-pub-7198310321194757 Show response
fundingchoicesmessages.google.com/i/ 193 KB
63 KB 62ms
60ms Script
application/javascript 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-7198310321194757?href=https%3A%2F%2Fstarfiles.co%2Ffile%2FVScTtAUmep9u%2Fspotify-red-ipa&ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js?bust=31089587

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0d15f4b76bb93b88a776e5c67094557571ef43426c91dd67ae7252d29f5d0924

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-v_FP0FZO5jS3FzBZQgKP8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:33 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmJw1ZBikPj6kkkDiJ3SZ7AGAXHrzXOsU4HYaO15VicgTvp3nrUIiA0VLrE6gnDRJVZPIFbtucRqCsT3111ifQ7EH-ovs_4A4hnnL7MuAOIiiSusTUDM8PUKKwcQC_FwfFz-bzebwILpRy8zKWkk5RfGJ-fnlRRlJpWW5BelJaelFqcWlaUWxRsZGJkaGBqY6xmYxBcYAAChKkX-"
content-security-policy: script-src 'report-sample' 'nonce-v_FP0FZO5jS3FzBZQgKP8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H2 200 css
fonts.googleapis.com/ 1 KB
528 B 131ms
49ms Stylesheet
text/css 2607:f8b0:4006:80d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Symbols%3Aopsz%2Cwght%2CFILL%2CGRAD%4020..48%2C100..700%2C0..1%2C-50..200

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js?bust=31089587

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

38118ddd021b5e6e0a594ec89c79b010cfff0d7c97eb82221ae16d4cb95af648

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 09 Jan 2025 09:16:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:33 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 09 Jan 2025 09:16:33 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 css
fonts.googleapis.com/ 4 KB
743 B 131ms
50ms Stylesheet
text/css 2607:f8b0:4006:80d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Text%3A400%2C500

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js?bust=31089587

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8b1bb264d3f4e9e18f183190a3c443c6409502514f56e670dc60ea04c40747de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 09 Jan 2025 09:16:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:33 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 09 Jan 2025 09:04:58 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 css2
fonts.googleapis.com/ 656 B
862 B 128ms
47ms Stylesheet
text/css 2607:f8b0:4006:80d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Google+Symbols:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js?bust=31089587

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7ab537773fa7c41e6ea63bff0ba09be26be796ebb4b1ef7da1e4c398780d7c86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 09 Jan 2025 09:16:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:33 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 09 Jan 2025 09:16:33 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 css
fonts.googleapis.com/ 4 KB
744 B 130ms
50ms Stylesheet
text/css 2607:f8b0:4006:80d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google+Sans+Text_old:400,500

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js?bust=31089587

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8b1bb264d3f4e9e18f183190a3c443c6409502514f56e670dc60ea04c40747de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 09 Jan 2025 09:16:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:33 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 09 Jan 2025 08:54:36 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 pub-7198310321194757 Show response
fundingchoicesmessages.google.com/b/ 18 KB
7 KB 47ms
47ms Script
application/javascript 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/b/pub-7198310321194757

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2fca55c9911bb19de60a2b5020fb940bdc23aa8622e27bef15de670055d298c7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3zGJ7BEKscM4pWnb-BC7jQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:33 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmII0JBikPj6kkkDiJ3SZ7AGAXHrzXOsU4HYaO15VicgTvp3nrUIiA0VLrE6gnDRJVZPIFbtucRqCsT3111ifQ7EH-ovs_4A4hnnL7MuAOIiiSusTUDM8PUKKwcQC_FwfFz-bzebwIMvZ14yKWkk5RfGJ-fnlRRlJpWW5BelJaelFqcWlaUWxRsZGJkaGBqY6xmYxBcYAADJr0bD"
content-security-policy: script-src 'report-sample' 'nonce-3zGJ7BEKscM4pWnb-BC7jQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H/1.1 403
Forbidden invoke.js
www.topcreativeformat.com/8c1929f123f4bb7f86703573ff51e04d/ 0
0 165ms
62ms Script
application/javascript 192.243.59.13
ADVANCEDHOSTERS-A...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.topcreativeformat.com/8c1929f123f4bb7f86703573ff51e04d/invoke.js
Requested by: Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software: nginx/1.19.5 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 0
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 09 Jan 2025 09:16:33 GMT
Content-Type: application/javascript
Host: www.topcreativeformat.com
Server: nginx/1.19.5

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
40ms Image
image/gif 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_auto_rs&sts=pfno&evt=place&vh=1200&eid=31088581%2C31089442%2C95349405%2C31089587%2C31088249%2C95340252%2C95340254&hl=en&pvc=2641037058475312

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Thu, 09 Jan 2025 09:16:33 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H2 204 collect
analytics.google.com/g/ 0
0 195ms
83ms Fetch
text/plain 2607:f8b0:4006:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-5NQRXX08WX&gtm=45je5170v881073661za200&_p=1736414193656&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1018854818.1736414194&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1736414193&sct=1&seg=0&dl=https%3A%2F%2Fstarfiles.co%2Ffile%2FVScTtAUmep9u%2Fspotify-red-ipa&dt=spotify%2B%2B%20red.ipa%20-%20Starfiles&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=5028
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5NQRXX08WX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:81c::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://starfiles.co
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:33 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
551 B 221ms
100ms Ping
text/plain 2607:f8b0:4004:c19::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-5NQRXX08WX&cid=1018854818.1736414194&gtm=45je5170v881073661za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5NQRXX08WX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c19::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://starfiles.co
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:33 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame EDBA 0
0 213ms
113ms Document
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-5NQRXX08WX&gacid=1018854818.1736414194&gtm=45je5170v881073661za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&z=1675841521

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5NQRXX08WX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 09 Jan 2025 09:16:33 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 SAFEFRAME.html
contextual.media.net/sr/1017354394/ Frame AB78 0
0 174ms
101ms Document
text/html 104.77.220.25
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/sr/1017354394/SAFEFRAME.html?ule=403&&kkdd=Au%7C3%7C*An9H&UZ=4MPor4r4K_o_44s2__r&pT0g=s&Lv0q=s&1vt0=s&zTU=4r2M&EvzN=cMPK&zZT=bAG(JF!bW&z0zT=8~ZcQurPfSMxub22IM_kIS%3D%3D&zgZT=Pb2_22KPs&vZON=M_bdKs&zz=GV&vz=IS&tEE0v=4&gN~mgf=tEE0v%3A%2F%2FvEqgCZfNvaz7%2FCZfN%2F-VzBESGLN0Km%2Fv07EZCk*gNT*Z0q&hvN=2&mpT=r&Z1=4oss&LzC=os_M_&0pZT=044KbbMsPrrrE_s_2s4sKsK4o&0pZTv=4&tELfvgz=4&sflct=4662095&ure=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CUOZHD8E

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.77.220.25 Secaucus, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-77-220-25.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=93600
cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
content-length: 321
content-type: text/html
date: Thu, 09 Jan 2025 09:16:33 GMT
expires: Thu, 09 Jan 2025 09:16:33 GMT
pragma: no-cache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-sc-h: 22-ff8w

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
368 B 159ms
70ms Image
image/gif 23.199.48.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?vgd_len=611&&vgd_cdv=1457&vgd_cage=1&vgd_tsce=L739&vgd_mcf=60272&gdpr=0&mspa=0&wshp=0&prid=8PRHGG6T9&cid=8CUOZHD8E&crid=385255930&vi=1736414192621105224&ugd=4&lf=6&cc=US&sc=PA&lper=100&wsip=170785076&r=1736414193821&requrl=https%3A%2F%2Fstarfiles.co%2Ffile%2FVScTtAUmep9u%2Fspotify-red-ipa&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=701&vgd_rakh=1736414192153517736&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p11988703444t202501090916&vgd_pgids=1&vgd_wshp=0&vgd_uspa=0&vgda_l1btm=%5B%22URLDC%22%5D&hvsid=00001736414193816035061965984716&gdpr=0&mspa=0&wshp=0&vgd_l2type=scs_newfl&vgd_end=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.199.48.23 Secaucus, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-199-48-23.deploy.static.akamaitechnologies.com

Software

Resource Hash

796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Strict-Transport-Security: max-age=21600
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Connection: keep-alive
Expires: Thu, 09 Jan 2025 09:16:33 GMT
Access-Control-Allow-Origin: *
Alt-Svc: h3=":443"; ma=93600
Content-Length: 35
Date: Thu, 09 Jan 2025 09:16:33 GMT
Content-Type: image/gif

GET
H3 200 logo.svg
cdn.jsdelivr.net/gh/QuixThe2nd/Starfiles-JSDelivr@latest/images/ 2 KB
1 KB 23ms
23ms Other
image/svg+xml 2a04:4e42:200::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/QuixThe2nd/Starfiles-JSDelivr@latest/images/logo.svg

Protocol

Security

QUIC, , AES_256_GCM

Server

2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f83261e1f4e0ea00c3bc3df4b4f02f8e1784629e22b588d6cc3b6af76d48da40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"80c-q8ZnCOhJgocQuydOFm8zhM7UsWw"
age: 6278
x-content-type-options: nosniff
x-jsd-version-type: branch
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Thu, 09 Jan 2025 09:16:33 GMT
content-type: image/svg+xml
x-served-by: cache-fra-eddf8230021-FRA, cache-ewr-kewr1740064-EWR
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 800
x-jsd-version: master

GET
H3 200 5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEp2iw.woff2
fonts.gstatic.com/s/googlesanstext/v22/ 16 KB
16 KB 120ms
46ms Font
font/woff2 2607:f8b0:4006:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesanstext/v22/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEp2iw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Text%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97399a2914c593da2895d9729aa0170a1956e91ee54cf7550696691949558a37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://starfiles.co
Referer: https://fonts.googleapis.com/

Response headers

age: 492877
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 03 Jan 2026 16:21:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 03 Jan 2025 16:21:56 GMT
last-modified: Wed, 31 Jul 2024 20:31:46 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 15996
x-xss-protection: 0
server: sffe

GET
H3 200 zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20250107/r20190131/ Frame 13B2 0
0 0ms
0ms Document
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20250107/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js?bust=31089587

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Browsing-Topics: ();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age: 22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4144
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 09 Jan 2025 09:16:10 GMT
etag: 7793694970870604198
expires: Thu, 23 Jan 2025 09:16:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20250107/r20190131/ Frame B253 0
0 0ms
0ms Document
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20250107/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js?bust=31089587

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Browsing-Topics: ();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age: 22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4144
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 09 Jan 2025 09:16:10 GMT
etag: 7793694970870604198
expires: Thu, 23 Jan 2025 09:16:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20250107/r20190131/ Frame 4904 0
0 0ms
0ms Document
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20250107/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js?bust=31089587

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Browsing-Topics: ();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age: 22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4144
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 09 Jan 2025 09:16:10 GMT
etag: 7793694970870604198
expires: Thu, 23 Jan 2025 09:16:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20250107/r20190131/ Frame 06E9 0
0 0ms
0ms Document
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20250107/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js?bust=31089587

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Browsing-Topics: ();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age: 22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4144
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 09 Jan 2025 09:16:10 GMT
etag: 7793694970870604198
expires: Thu, 23 Jan 2025 09:16:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 40ms
39ms Fetch
text/html 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js?bust=31089587
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer

Response headers

GET
H3 200 AGSKWxWwfsygj-joT0jX-bL6eBxxpdbFxGvqdesI19VVjyuf224xMfuxThXVTyNGwQ9YMiHYY1AhNLk7Uuizfm1c6CVaaqRinECKucqRh1OrKFFDYXM3B4mRtldr5POzlF205WZxxAGpXQ== Show response
fundingchoicesmessages.google.com/f/ 3 KB
1 KB 55ms
54ms Script
application/javascript 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWwfsygj-joT0jX-bL6eBxxpdbFxGvqdesI19VVjyuf224xMfuxThXVTyNGwQ9YMiHYY1AhNLk7Uuizfm1c6CVaaqRinECKucqRh1OrKFFDYXM3B4mRtldr5POzlF205WZxxAGpXQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzM2NDE0MTkzLDkzOTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9zdGFyZmlsZXMuY28vZmlsZS9WU2NUdEFVbWVwOXUvc3BvdGlmeS1yZWQtaXBhIixudWxsLFtbOCwicEQ1SV9wZnJMUEkiXSxbOSwiZW4tVVMiXSxbMjAsIltudWxsLG51bGwsWzMxMDg4MjQ3XSxudWxsLDEwXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.pD5I_pfrLPI.es5.O/am=BgM/d=1/rs=AJlcJMw0v_vuEp5extPr4IUi7XA_FVX1Cg/m=kernel_loader,loader_js_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a6c1799b50b6e11b063f8c8574df6d5c87a3fd96f4d6cc2fb8ba8528867091ae

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-TnUWz0d6A3M0_hBpMV1Kmg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:33 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmLw1pBikPj6kkkDiJ3SZ7AGAXHrzXOsU4HYaO15VicgTvp3nrUIiA0VLrE6gnDRJVZPIFbtucRqCsT3111ifQ7EH-ovs_4A4hnnL7MuAOIiiSusTUDM8PUKKwcQC_FwfFz-bzebwIFl388zK2kk5RfGJ-fnlRRlJpWW5BelJaelFqcWlaUWxRsZGJkaGBqY6xmYxBcYAAC12UZi"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-TnUWz0d6A3M0_hBpMV1Kmg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 204 AGSKWxVr6A_hvjc5tj8fj0q0nm1qTf1sxJ8gdfep9-6YEh09Ro2YDOxqqKqyaPtpQMNtLdj7WZ130uDW0_orMm7PFEZ-dA== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 109ms
107ms XHR
text/html 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVr6A_hvjc5tj8fj0q0nm1qTf1sxJ8gdfep9-6YEh09Ro2YDOxqqKqyaPtpQMNtLdj7WZ130uDW0_orMm7PFEZ-dA==

Requested by

Host: starfiles.co
URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7XwXm9NCgEkYOlFNSfGGJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:34 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmJw1pBicEqfwRoExB_qL7P-AGKGr1dYOYBYiJvj0_J_u9kEJiybzKPkkpRfGJ-cn1eSmleim5hSrAtiF2UmlZbkF6GwU8tAKnLy09Mz89LjjQyMTA0MDcz1DMzjCwwAw5wqVA"
content-security-policy: script-src 'report-sample' 'nonce-7XwXm9NCgEkYOlFNSfGGJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://starfiles.co
content-length: 0
x-xss-protection: 0
server: ESF

GET
H/1.1 403
Forbidden invoke.js
www.topcreativeformat.com/dfbe284c9d4e148be30ce00f61f0a5a7/ 0
0 27ms
25ms Script
application/javascript 192.243.59.13
ADVANCEDHOSTERS-A...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.topcreativeformat.com/dfbe284c9d4e148be30ce00f61f0a5a7/invoke.js
Requested by: Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software: nginx/1.19.5 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 0
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 09 Jan 2025 09:16:33 GMT
Content-Type: application/javascript
Host: www.topcreativeformat.com
Server: nginx/1.19.5

GET
H3 200 logo.svg
cdn.jsdelivr.net/gh/QuixThe2nd/Starfiles-JSDelivr@latest/images/ 2 KB
0 1ms
1ms Other
image/svg+xml 2a04:4e42:200::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/QuixThe2nd/Starfiles-JSDelivr@latest/images/logo.svg

Protocol

Security

QUIC, , AES_256_GCM

Server

2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f83261e1f4e0ea00c3bc3df4b4f02f8e1784629e22b588d6cc3b6af76d48da40

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"80c-q8ZnCOhJgocQuydOFm8zhM7UsWw"
age: 6278
x-content-type-options: nosniff
x-jsd-version-type: branch
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Thu, 09 Jan 2025 09:16:33 GMT
content-type: image/svg+xml
x-served-by: cache-fra-eddf8230021-FRA, cache-ewr-kewr1740064-EWR
vary: Accept-Encoding
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 800
x-jsd-version: master

GET
H3 200 favicon.ico
starfiles.co/ 15 KB
6 KB 140ms
139ms Other
image/vnd.microsoft.icon 2606:4700:20::681a:90d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://starfiles.co/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:90d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

61ed8b74b5914ab06737a2b39ac5d40e6b88befaf44238f0c677197ced1980f1

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa

Response headers

i2p-location: http://vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/favicon.ico
sf-primary: primary-germany-1
content-encoding: br
cf-cache-status: HIT
expect-ct: max-age=86400, enforce
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xiQYIZu3kOiW%2BjTOOxYeHg0cIdrsqXkP64%2FRrZ%2FBjDUlVU1F3k%2Fuk7XCvTqWJrMKCYwK2M1ITl5UT3jUDxxqjlR1aTw28J8qVBJDtx1ZTOURNe6dN%2BnyczZZ%2Fp9ecE2lCJ%2BUzBpFac9y0g%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=30263&min_rtt=22085&rtt_var=11398&sent=33&recv=29&lost=0&retrans=0&sent_bytes=10692&recv_bytes=22548&delivery_rate=33672&cwnd=12000&unsent_bytes=0&cid=9a1227c49dce2d29&ts=1477&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 09 Jan 2025 09:16:34 GMT
content-type: image/vnd.microsoft.icon
last-modified: Thu, 09 Jan 2025 09:16:27 GMT
vary: Accept-Encoding
sf-primary-cache-status: MISS
access-control-allow-headers: Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
cache-control: public, max-age=5356800
cdn-cache-control: public, max-age=300
priority: u=1,i
pragma: cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
onion-location: http://starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/favicon.ico
referrer-policy: same-origin
cf-ray: 8ff354485a688c48-EWR
access-control-allow-origin: *
x-xss-protection: 1; mode=block
server: cloudflare

GET
H/1.1 403
Forbidden invoke.js
www.topcreativeformat.com/3429dd4c438cce6c27e962530d0d13fc/ 0
0 41ms
40ms Script
application/javascript 192.243.59.13
ADVANCEDHOSTERS-A...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.topcreativeformat.com/3429dd4c438cce6c27e962530d0d13fc/invoke.js
Requested by: Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software: nginx/1.19.5 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 0
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 09 Jan 2025 09:16:34 GMT
Content-Type: application/javascript
Host: www.topcreativeformat.com
Server: nginx/1.19.5

GET
H3 200 AGSKWxUy56CeIxBfI93jiv-SKpP7CR2mTunhTl7SEK8xik55cbxTsmxuKfW_THzOGr9cjI6RYo4e16bhYTfQk8ISPj4ZUm5cpPwPWVlA7cUIvg97dHNMzJkSOgVIt8H0VkxfLW3kZHPZLA== Show response
fundingchoicesmessages.google.com/f/ 10 KB
4 KB 72ms
60ms Script
application/javascript 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUy56CeIxBfI93jiv-SKpP7CR2mTunhTl7SEK8xik55cbxTsmxuKfW_THzOGr9cjI6RYo4e16bhYTfQk8ISPj4ZUm5cpPwPWVlA7cUIvg97dHNMzJkSOgVIt8H0VkxfLW3kZHPZLA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzM2NDE0MTk0LDE3MDAwMDAwXSxudWxsLG51bGwsbnVsbCxbbnVsbCxbNyw5XSxudWxsLDIsbnVsbCwiZW4iXSwiaHR0cHM6Ly9zdGFyZmlsZXMuY28vZmlsZS9WU2NUdEFVbWVwOXUvc3BvdGlmeS1yZWQtaXBhIixudWxsLFtbOCwicEQ1SV9wZnJMUEkiXSxbOSwiZW4tVVMiXSxbMjAsIltudWxsLG51bGwsWzMxMDg4MjQ3XSxudWxsLDEwXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c9d3c60dbdef7a651c8bd6d17de8731d5d070b7c8683858aa1d35308f0ce3f42

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-3ns5aR0c3rVcPj0QJHPKkQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:34 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmLw15BikPj6kkkDiJ3SZ7AGAXHrzXOsU4HYaO15VicgTvp3nrUIiA0VLrE6gnDRJVZPIFbtucRqCsT3111ifQ7EH-ovs_4A4hnnL7MuAOIiiSusTUDM8PUKKwcQC3FzfFr-bzebwIO9LXJKGkn5hfHJ-XklRZlJpSX5RWnJaanFqUVlqUXxRgZGpgaGBuZ6BibxBQYAWCFFdg"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-3ns5aR0c3rVcPj0QJHPKkQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H/1.1 403
Forbidden invoke.js
www.topcreativeformat.com/975d2d307064a6c9a68067a3d85b9f44/ 0
0 41ms
34ms Script
application/javascript 192.243.59.13
ADVANCEDHOSTERS-A...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.topcreativeformat.com/975d2d307064a6c9a68067a3d85b9f44/invoke.js
Requested by: Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software: nginx/1.19.5 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 0
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 09 Jan 2025 09:16:34 GMT
Content-Type: application/javascript
Host: www.topcreativeformat.com
Server: nginx/1.19.5

GET
H/1.1 403
Forbidden invoke.js
www.topcreativeformat.com/32bbe6651313c859b2a743375e1bea0f/ 0
0 43ms
39ms Script
application/javascript 192.243.59.13
ADVANCEDHOSTERS-A...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.topcreativeformat.com/32bbe6651313c859b2a743375e1bea0f/invoke.js
Requested by: Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software: nginx/1.19.5 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 0
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 09 Jan 2025 09:16:34 GMT
Content-Type: application/javascript
Host: www.topcreativeformat.com
Server: nginx/1.19.5

GET
H/1.1 403
Forbidden invoke.js
www.topcreativeformat.com/f17e6d03e865e747b36807cdeae32475/ 0
0 34ms
34ms Script
application/javascript 192.243.59.13
ADVANCEDHOSTERS-A...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.topcreativeformat.com/f17e6d03e865e747b36807cdeae32475/invoke.js
Requested by: Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software: nginx/1.19.5 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 0
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 09 Jan 2025 09:16:34 GMT
Content-Type: application/javascript
Host: www.topcreativeformat.com
Server: nginx/1.19.5

GET
H2 200 SAFEFRAME.html
contextual.media.net/sr/1017354394/ Frame DBC4 0
0 112ms
105ms Document
text/html 104.77.220.25
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/sr/1017354394/SAFEFRAME.html?ule=403&&kkdd=*H%7CH%7CA9n*&Tn=z9uKXzXzE*u*kKEkX*9&8qO(=Z&CROA=Z&2R5O=Z&SqT=zX69&sRSQ=G9uE&Snq=kY4-j)WkN&SOSq=DwnG0aXuox9.ak66~9*h~x%3D%3D&S(nq=*9*6*u*K9&RnmQ=uZZe*6Z&SS=4!&RS=~x&5ssOR=z&(Qwv(o=5ssOR%3A%2F%2FRsA(7noQRPSI%2F7noQ%2FM!Sbsx4CQOEv%2FROIsn7hi(QqinOA&pRQ=6&v8q=X&n2=zKZZ&CS7=KZ*9*&O8nq=OzzEkk9ZuXXXs*Z*6ZzZEZEzK&O8nqR=*&5sCoR(S=z&sflct=3092663&ure=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CUOZHD8E

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.77.220.25 Secaucus, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-77-220-25.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=93600
cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
content-length: 322
content-type: text/html
date: Thu, 09 Jan 2025 09:16:34 GMT
expires: Thu, 09 Jan 2025 09:16:34 GMT
pragma: no-cache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-sc-h: 22-7k6c

GET VScTtAUmep9u
api.starfiles.co/file/fileinfo/ 0
0

GET
H3 200 bping.php
lg3.media.net/ 35 B
55 B 169ms
29ms Image
image/gif 23.199.48.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?vgd_len=611&&vgd_cdv=1457&vgd_cage=1&vgd_tsce=L739&vgd_mcf=60272&gdpr=0&mspa=0&wshp=0&prid=8PRHGG6T9&cid=8CUOZHD8E&crid=272523267&vi=1736414192328698427&ugd=4&lf=6&cc=US&sc=PA&lper=100&wsip=170785076&r=1736414194180&requrl=https%3A%2F%2Fstarfiles.co%2Ffile%2FVScTtAUmep9u%2Fspotify-red-ipa&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=701&vgd_rakh=1736414192153517736&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p11988703444t202501090916&vgd_pgids=2&vgd_wshp=0&vgd_uspa=0&vgda_l1btm=%5B%22URLDC%22%5D&hvsid=00001736414194178035061965981518&gdpr=0&mspa=0&wshp=0&vgd_l2type=scs_newfl&vgd_end=1

Protocol

Security

QUIC, , AES_256_GCM

Server

23.199.48.23 Secaucus, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-199-48-23.deploy.static.akamaitechnologies.com

Software

Resource Hash

796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=21600
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
quic-version: 0x00000001
expires: Thu, 09 Jan 2025 09:16:34 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=93600
content-length: 35
date: Thu, 09 Jan 2025 09:16:34 GMT
content-type: image/gif

GET
H3

200

main.js Show response
starfiles.co/cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/ Frame 2C80
Redirect Chain

https://starfiles.co/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://starfiles.co/cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/main.js?

8 KB
0

0ms
0ms

Script
application/javascript

2606:4700:20::681a:90d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://starfiles.co/cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/main.js?

Protocol

Server

2606:4700:20::681a:90d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf017d01048a5fe710b9bc8db7a78bd719b4c633d9be8b1564344c5edf85d7a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
expect-ct: max-age=86400, enforce
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dTCqt3WahMv44MyVTmIX834P57GRau3DvA1MSXhH6foz0X5YR8PGNeIlqIs9rQZXRELl55Mh89HFNHIrFLTLOUizMxfIUSxsUyDtSXjYoJutS%2Bvsbd9DQ8D3v0VmvMu1AEUsn%2FXIJ7A6DQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22354&min_rtt=22085&rtt_var=4861&sent=12&recv=9&lost=0&retrans=0&sent_bytes=4161&recv_bytes=4312&delivery_rate=28526&cwnd=12000&unsent_bytes=0&cid=9a1227c49dce2d29&ts=66&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 09 Jan 2025 09:16:32 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
priority: u=3,i=?0
x-frame-options: SAMEORIGIN
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: same-origin
cf-ray: 8ff354403d658c48-EWR
x-xss-protection: 1; mode=block
server: cloudflare

Redirect headers

expect-ct: max-age=86400, enforce
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2G0hSifrd0qPizilVCztPLls8dfOMsRZewbz1cSMJv4B0J8VI6EMZHC2T6gi5UzSKaa4MR7Ei9NN4GAFRxNSb0aWRk8hC%2FG3Gzylz5bfiIWjpurNT2%2FRBfQTSOa169u4WnVdxZ%2BKXTw0UQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=9242&min_rtt=8960&rtt_var=294&sent=51&recv=25&lost=0&retrans=0&sent_bytes=40905&recv_bytes=2644&delivery_rate=1325249&cwnd=257&unsent_bytes=0&cid=ca3f46bd3597bfdc&ts=3799&x=0"
date: Thu, 09 Jan 2025 09:16:32 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/main.js?
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: same-origin
cf-ray: 8ff3543fef670c84-EWR
access-control-allow-origin: *
content-length: 0
x-xss-protection: 1; mode=block
server: cloudflare

GET
H3 200 sodar Show response
ep1.adtrafficquality.google/getconfig/ 17 KB
13 KB 181ms
46ms XHR
application/json 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20250107&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js?bust=31089587

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8924e17ab31d5b1c5a3ffd7dd6a02eb0e06c514e205ce0b257a200dbf4e91fd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 13005
date: Thu, 09 Jan 2025 09:16:34 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET hydrafiles-web.esm.js
hydrafiles.com/ 0
0

POST
H2 204 rum Show response
cloudflareinsights.com/cdn-cgi/ 0
37 B 37ms
34ms XHR
text/plain 2606:4700::6810:4f49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cloudflareinsights.com/cdn-cgi/rum

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type: application/json
Referer

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: POST,OPTIONS
x-content-type-options: nosniff
cf-ray: 8ff3544b2fa28c4d-EWR
access-control-allow-origin: https://starfiles.co
date: Thu, 09 Jan 2025 09:16:34 GMT
vary: Origin
server: cloudflare
x-frame-options: DENY

OPTIONS
H2 200 rum
cloudflareinsights.com/cdn-cgi/ Frame 0
0 195ms
63ms Preflight
text/plain 2606:4700::6810:4f49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cloudflareinsights.com/cdn-cgi/rum

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://starfiles.co
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://starfiles.co
access-control-max-age: 86400
cf-ray: 8ff3544acf7d8c4d-EWR
content-encoding: gzip
content-type: text/plain
date: Thu, 09 Jan 2025 09:16:34 GMT
server: cloudflare
vary: Origin
x-content-type-options: nosniff
x-frame-options: DENY

POST
H3 200 8ff354289bac0c84 Show response
starfiles.co/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 2C80 0
1 KB 42ms
34ms XHR
text/plain 2606:4700:20::681a:90d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://starfiles.co/cdn-cgi/challenge-platform/h/g/jsd/r/8ff354289bac0c84

Requested by

Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/challenge-platform/scripts/jsd/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:90d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expect-ct: max-age=86400, enforce
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hmf4fvKgWTqVfXq3TR5Qqewt2caiuA24Ed6Wv1BPd8q9p1Dq1Y%2BLMkKvhqcS9l64jt4Nh1%2FJSt1FnEssMZNsSWnp%2B5%2FB5JEhgflaf86ncHJzC5h8xIX3yHxgCr9yxBSDgq9VNLNJHh8RvA%3D%3D"}],"group":"cf-nel","max_age":604800}
referrer-policy: same-origin
x-content-type-options: nosniff
cf-ray: 8ff3544b0cbe8c48-EWR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27504&min_rtt=21738&rtt_var=8937&sent=54&recv=47&lost=0&retrans=0&sent_bytes=16993&recv_bytes=40570&delivery_rate=43325&cwnd=12000&unsent_bytes=0&cid=9a1227c49dce2d29&ts=1809&x=1", cfExtPri, cfHdrFlush;dur=0
content-length: 0
date: Thu, 09 Jan 2025 09:16:34 GMT
x-xss-protection: 1; mode=block
content-type: text/plain; charset=UTF-8
server: cloudflare
priority: u=1,i
x-frame-options: SAMEORIGIN

GET
H2 200 sodar2.js Show response
ep2.adtrafficquality.google/sodar/ 18 KB
7 KB 147ms
55ms Script
text/javascript 2607:f8b0:4006:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js?bust=31089587

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
etag: "1727224258380615"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Thu, 09 Jan 2025 09:16:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:34 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 6445
x-xss-protection: 0
server: sffe

GET
H2 200 runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame 9B71 0
0 117ms
29ms Document
text/html 2607:f8b0:4006:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 1266
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000
content-encoding: gzip
content-length: 5005
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 09 Jan 2025 08:55:28 GMT
expires: Thu, 09 Jan 2025 09:45:28 GMT
last-modified: Mon, 23 Sep 2024 18:12:21 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe
www.google.com/recaptcha/api2/ Frame 7645 0
0 136ms
43ms Document
text/html 2607:f8b0:4006:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ofB-0q8_o7rn5PoE6OsYqw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-ofB-0q8_o7rn5PoE6OsYqw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Thu, 09 Jan 2025 09:16:34 GMT
expires: Thu, 09 Jan 2025 09:16:34 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 newad Show response
fundingchoicesmessages.google.com/f/AGSKWxVlSKxIJZSXHVxKzcbnmUWOyZ3i_YFs82aRobNqqHW9I0iRFnUAzjxM8jyxZH0SERnkw5RBVnd-rrr7BcIrxgyJrncil5mYC4h5P1pD8hdgg4v121twr8H1X1jBKbb_bR-MIrq_URNWhHk2EU4jQQWLa7h_R... 54 B
109 B 50ms
50ms Script
application/javascript 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVlSKxIJZSXHVxKzcbnmUWOyZ3i_YFs82aRobNqqHW9I0iRFnUAzjxM8jyxZH0SERnkw5RBVnd-rrr7BcIrxgyJrncil5mYC4h5P1pD8hdgg4v121twr8H1X1jBKbb_bR-MIrq_URNWhHk2EU4jQQWLa7h_RiLrey1SPlik8j-2AifLGJlg8dai7d3F/_.ch/ads//blogad_/newad?/ad_legend__adbg2a.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.pD5I_pfrLPI.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMxqy_f56IriGB6KiDzhFnQR_PCu1Q/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

42104ec5b2483c973646e1b0a697e83f8616021266e3bb61fa815ca19506ef7c

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-O8FkPyKEz3slOg7pZRjQYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:34 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmLw0pBikPj6kkkDiJ3SZ7AGAXHrzXOsU4HYaO15VicgTvp3nrUIiA0VLrE6gnDRJVZPIFbtucRqCsT3111ifQ7EH-ovs_4A4hnnL7MuAOIiiSusTUDM8PUKKwcQC_FwfFr-bzebwI-Fn_uYlTSS8gvjk_PzSooyk0pL8ovSktNSi1OLylKL4o0MjEwNDA3M9QxM4gsMALLsRlA"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-O8FkPyKEz3slOg7pZRjQYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 200 rum.js Show response
pagead2.googlesyndication.com/pagead/js/ 71 KB
26 KB 24ms
24ms Script
text/javascript 2607:f8b0:4006:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/rum.js?fcd=true

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a62c13509933dcd905cc427c8af6688a58de3e68ee52730b5394247e130495d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 12012068972085634276
age: 2707
x-content-type-options: nosniff
expires: Thu, 09 Jan 2025 09:31:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Thu, 09 Jan 2025 08:31:27 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 26313
x-xss-protection: 0
server: cafe

POST
H3 204 AGSKWxV-rhrY7aEayOVfKCh5NztSntahjfdM0SS-OQK-3ux2ZqbMvqxlWhrIZhC4s9764AUELJcJE-hp6AlasZlst1wK_5oWG7IW7OhDAR24vm8HhpwzSZcGoXJlmz2hAqPPdCWrbAUrYg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 50ms
48ms XHR
text/html 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxV-rhrY7aEayOVfKCh5NztSntahjfdM0SS-OQK-3ux2ZqbMvqxlWhrIZhC4s9764AUELJcJE-hp6AlasZlst1wK_5oWG7IW7OhDAR24vm8HhpwzSZcGoXJlmz2hAqPPdCWrbAUrYg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-RzlQeUoySN9VlZHiCpZOPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:34 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmLw1ZBicEqfwRoExB_qL7P-AGKGr1dYOYBYiIfj0_J_u9kEXuxdMIFZySUpvzA-OT-vJDWvRDcxpVgXxC7KTCotyS9CYaeWgVTk5KenZ-alxxsZGJkaGBqY6xmYxxcYAAAjrCti"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-RzlQeUoySN9VlZHiCpZOPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://starfiles.co
content-length: 0
x-xss-protection: 0
server: ESF

POST
H3 204 AGSKWxV-rhrY7aEayOVfKCh5NztSntahjfdM0SS-OQK-3ux2ZqbMvqxlWhrIZhC4s9764AUELJcJE-hp6AlasZlst1wK_5oWG7IW7OhDAR24vm8HhpwzSZcGoXJlmz2hAqPPdCWrbAUrYg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 46ms
44ms XHR
text/html 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxV-rhrY7aEayOVfKCh5NztSntahjfdM0SS-OQK-3ux2ZqbMvqxlWhrIZhC4s9764AUELJcJE-hp6AlasZlst1wK_5oWG7IW7OhDAR24vm8HhpwzSZcGoXJlmz2hAqPPdCWrbAUrYg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vob0OX1U26uSXIX5tp2GIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:34 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmLw1ZBicEqfwRoExB_qL7P-AGKGr1dYOYBYiIfj0_J_u9kEZux9sYBZySUpvzA-OT-vJDWvRDcxpVgXxC7KTCotyS9CYaeWgVTk5KenZ-alxxsZGJkaGBqY6xmYxxcYAAAlRCtq"
content-security-policy: script-src 'report-sample' 'nonce-vob0OX1U26uSXIX5tp2GIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://starfiles.co
content-length: 0
x-xss-protection: 0
server: ESF

POST
H3 204 AGSKWxV-rhrY7aEayOVfKCh5NztSntahjfdM0SS-OQK-3ux2ZqbMvqxlWhrIZhC4s9764AUELJcJE-hp6AlasZlst1wK_5oWG7IW7OhDAR24vm8HhpwzSZcGoXJlmz2hAqPPdCWrbAUrYg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 49ms
47ms XHR
text/html 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxV-rhrY7aEayOVfKCh5NztSntahjfdM0SS-OQK-3ux2ZqbMvqxlWhrIZhC4s9764AUELJcJE-hp6AlasZlst1wK_5oWG7IW7OhDAR24vm8HhpwzSZcGoXJlmz2hAqPPdCWrbAUrYg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-VrpOw-Pk9BwXuKB3tAqOCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:34 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmLw0ZBicEqfwRoExB_qL7P-AGKGr1dYOYBYiIfj0_J_u9kEJmzZu5pZySUpvzA-OT-vJDWvRDcxpVgXxC7KTCotyS9CYaeWgVTk5KenZ-alxxsZGJkaGBqY6xmYxxcYAAAWtys4"
content-security-policy: script-src 'report-sample' 'nonce-VrpOw-Pk9BwXuKB3tAqOCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://starfiles.co
content-length: 0
x-xss-protection: 0
server: ESF

POST
H3 204 AGSKWxV-rhrY7aEayOVfKCh5NztSntahjfdM0SS-OQK-3ux2ZqbMvqxlWhrIZhC4s9764AUELJcJE-hp6AlasZlst1wK_5oWG7IW7OhDAR24vm8HhpwzSZcGoXJlmz2hAqPPdCWrbAUrYg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 49ms
47ms XHR
text/html 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxV-rhrY7aEayOVfKCh5NztSntahjfdM0SS-OQK-3ux2ZqbMvqxlWhrIZhC4s9764AUELJcJE-hp6AlasZlst1wK_5oWG7IW7OhDAR24vm8HhpwzSZcGoXJlmz2hAqPPdCWrbAUrYg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-dykjZg1V3zcCAAONEMFiGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:34 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmJw15BicEqfwRoExB_qL7P-AGKGr1dYOYBYiIfj0_J_u9kEPnyct5pZySUpvzA-OT-vJDWvRDcxpVgXxC7KTCotyS9CYaeWgVTk5KenZ-alxxsZGJkaGBqY6xmYxxcYAAA5ciux"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-dykjZg1V3zcCAAONEMFiGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://starfiles.co
content-length: 0
x-xss-protection: 0
server: ESF

GET
H3 200 AGSKWxWFn9IPYJb3leYedWoJjDVYveS0j8cnegCnDGWiWNUDvd9Yv0iIkvBt9sYflaln_ieUP5TFAmVN6BcaxcvSzL3zNZrfLESTfaVOqDRMtShkSZjxJp_5nmF0dMtkclFsF5JeQo-tCA== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 59ms
59ms Script
application/javascript 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWFn9IPYJb3leYedWoJjDVYveS0j8cnegCnDGWiWNUDvd9Yv0iIkvBt9sYflaln_ieUP5TFAmVN6BcaxcvSzL3zNZrfLESTfaVOqDRMtShkSZjxJp_5nmF0dMtkclFsF5JeQo-tCA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzM2NDE0MTk0LDg3MjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9zdGFyZmlsZXMuY28vZmlsZS9WU2NUdEFVbWVwOXUvc3BvdGlmeS1yZWQtaXBhIixudWxsLFtbOCwicEQ1SV9wZnJMUEkiXSxbOSwiZW4tVVMiXSxbMjAsIltudWxsLG51bGwsWzMxMDg4MjQ3XSxudWxsLDEwXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5ad17d7164ddb1e9fa8081ac3888608a5ec2e40a641ffc1d883229aaf743a660

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-doE534z7dkpqmPdmVUBM_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:34 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmLw05BikPj6kkkDiJ3SZ7AGAXHrzXOsU4HYaO15VicgTvp3nrUIiA0VLrE6gnDRJVZPIFbtucRqCsT3111ifQ7EH-ovs_4A4hnnL7MuAOIiiSusTUDM8PUKKwcQC_FwfFr-bzebwI-nczcyK2kk5RfGJ-fnlRRlJpWW5BelJaelFqcWlaUWxRsZGJkaGBqY6xmYxBcYAAC4mkZl"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-doE534z7dkpqmPdmVUBM_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

POST
H3 204 AGSKWxVLbDA1Yww2JZKQHHGqGK292kUG0OjAcsEFEs7HJ4bi6oin7cn0qsa754_2YLVTF46w6ndzd6wloYmfmf6bayj3s4toLOAPFmHDtXSnRPdepiCGEBR9YCJFypYuAeXWcs5fRnzV-w== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 48ms
47ms XHR
text/html 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVLbDA1Yww2JZKQHHGqGK292kUG0OjAcsEFEs7HJ4bi6oin7cn0qsa754_2YLVTF46w6ndzd6wloYmfmf6bayj3s4toLOAPFmHDtXSnRPdepiCGEBR9YCJFypYuAeXWcs5fRnzV-w==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-EhtJ_RVLDSwl1x_7LPVP1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:34 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmLw15BicEqfwRoExB_qL7P-AGKGr1dYOYBYiIfj0_J_u9kETtxpOcWs5JKUXxifnJ9XkppXopuYUqwLYhdlJpWW5BehsFPLQCpy8tPTM_PS440MjEwNDA3M9QzM4wsMACx2K4E"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-EhtJ_RVLDSwl1x_7LPVP1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://starfiles.co
content-length: 0
x-xss-protection: 0
server: ESF

POST
H3 204 AGSKWxV-rhrY7aEayOVfKCh5NztSntahjfdM0SS-OQK-3ux2ZqbMvqxlWhrIZhC4s9764AUELJcJE-hp6AlasZlst1wK_5oWG7IW7OhDAR24vm8HhpwzSZcGoXJlmz2hAqPPdCWrbAUrYg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 48ms
47ms XHR
text/html 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxV-rhrY7aEayOVfKCh5NztSntahjfdM0SS-OQK-3ux2ZqbMvqxlWhrIZhC4s9764AUELJcJE-hp6AlasZlst1wK_5oWG7IW7OhDAR24vm8HhpwzSZcGoXJlmz2hAqPPdCWrbAUrYg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-9Ng6Zxb7lb2Dim1-J1uBHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 09 Jan 2025 09:16:34 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmJw1pBicEqfwRoExB_qL7P-AGKGr1dYOYBYiIfj0_J_u9kEHpy8cZpZySUpvzA-OT-vJDWvRDcxpVgXxC7KTCotyS9CYaeWgVTk5KenZ-alxxsZGJkaGBqY6xmYxxcYAABA_CvP"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-9Ng6Zxb7lb2Dim1-J1uBHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://starfiles.co
content-length: 0
x-xss-protection: 0
server: ESF

GET sodar
ep1.adtrafficquality.google/pagead/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api2.starfiles.co
URL: https://api2.starfiles.co/widget/VScTtAUmep9u

Domain: api2.starfiles.co
URL: https://api2.starfiles.co/qrcode/qrcode?data=https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa&size=256

Domain: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/combine/gh/QuixThe2nd/Starfiles-JSDelivr@latest/js/functions.min.js,gh/QuixThe2nd/Starfiles-JSDelivr@latest/js/head.min.js,npm/clipboard@2/dist/clipboard.min.js,gh/QuixThe2nd/Starfiles-JSDelivr@267/js/file.min.js,gh/QuixThe2nd/Starfiles-JSDelivr@267/js/downloadfile.min.js,npm/showdown@latest/dist/showdown.min.js,gh/QuixThe2nd/Starfiles-JSDelivr@latest/js/starfilesreact.min.js

Domain: api.starfiles.co
URL: https://api.starfiles.co/file/fileinfo/VScTtAUmep9u?preview

Domain: hydrafiles.com
URL: https://hydrafiles.com/hydrafiles-web.esm.js

Domain: ep1.adtrafficquality.google
URL: https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gda_r20250107&jk=2641037058475312&bg=!jY6ljsHNAAYsEuUeDBI7ADQBe5WfOK1-UBNkLjtElvA0P60J2ZwDzn3CJd2CpQbj1c7D-TgWJmNx5hXdBY3YhdoVSwOKAgAAAEZSAAAABGgBB34ANkZ4rylYgX1I_Mymfp_L_5HMQeVSjf8e1WcZoukswF5NhP0ni4XrUAdbH9vxdJsrkfVD_KZXYwoAQXXVIux_LVWfFDNR6k1jfhVTzc8hXYGoLSXr82HvYK5dKkHcQfej0Qxnl5kL3yw3K5wKoxrXRPzgRX3IOvhtKHQ_mQKtvzdL8Kj3W6Q5gTrbOfvY8-t48H22nbLka5mNJBYl08QvmquPmOgbu2COZ0f44N__nj7mC7uieduV5rSiqiPlHTU6bcieJBQ8x9TKNzTlnQTgcYDeV4uNAC6fbjXJpmEVWAwDM6SX1lKU-xUr7kKefrwqJHKXwT5dV9xqnX0p1dHfYZWtBRx5QPXmx3k1tndNmNoJynI-_EF1ZfNvIla0inbfOALh-N3BAPOOIVaWWS4f_x4NARorgBrwi3VPWRZo1cKiRgBB2Yc_sZ7ailbrIgUbHR_NPao1LV-ljIz7b-J3e4Vwd8aIcDVQBD1y35HMdEk_pYkM7u8VD1wR8tFMqaX-_RaFzdKBOHdSbLj20tBlFWlUNjU2tzgdcWsUC4164clvAkPfElQyPc3XhppNTJM9zv7gbyJrPOURnsWK5K4w0dDltBjHf0ViWtrgUgD4VXK6HaCJaneLDNJGoTc5VB7JwaiTU4teXRQTkJutDu5HyjOGU6DxufWL0g1PMJ41zqAjeA4AFuAJV91akkqrmdgJy3L8Y9Bdke_H2Mb5d6Ta9JZiN7XNh5nK9qhUR6LGCYeZ6E6kyj3G18jr9PVux26qrG1XadLXYC0zfXZJv7mqV7p4-k5irlc8l_s9Q3EJKj58STN7mumYdF-SLEUMAF8cX3mblio6AYDo6qVxPPoXHjW4hC3uZFYUEeuQX6YyosGxVMRkFudC95atbACOHY_BOz0ppea2PUBpaBaSUYRjjmRkSUDMF8vYoHtzUDt9dxb2ZOQxkYutmL7H4QgPuMKi_vd-5UZCRt3tHB11yAgaLGxD5psfNK3y6ZyfRjgDBCuLnyDb1slhc5R-o4THxGdYcpOBRmA2Lu8nA_J6K8cJHE2Y58v-xyHYHRhIlM_3fbu8_YoHprGkIp3BEA

Verdicts & Comments Add Verdict or Comment

96 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.starfiles.co/	1970-01-21 11:06:11	Name: sf_session_id Value: 1k0af4ppebng07ckaiq154pplj
.producthunt.com/	1970-01-21 02:20:15	Name: __cf_bm Value: 02pheteSRsTYtMsnJ_YSn.uaVZNk6w1zPh5Apn96h00-1736414192-1.0.1.1-dY.Pj6YMyCkJiPCMT0oXYE_eLujbwobLXElJfHkxHYYEslHZSWP40K_Xi_Locos7drOd2pj2gLFCjjS_sJP6ZQ
.starfiles.co/	1970-01-21 11:56:14	Name: _ga Value: GA1.1.1018854818.1736414194
.doubleclick.net/	1970-01-21 11:56:14	Name: IDE Value: AHWqTUmIb4fg1MRPMD-KtcFMBfYTeC2FprgdbkOLjyVfnGOP11Yd6h048jlbtRIp
.starfiles.co/	1970-01-21 11:41:50	Name: __gads Value: ID=5fee61e3c5b822dd:T=1736414192:RT=1736414192:S=ALNI_Mbr9DPVEI0XyM2lLSYQ3RpBVuxv5A
.starfiles.co/	1970-01-21 11:41:50	Name: __gpi Value: UID=00000fcc69cae239:T=1736414192:RT=1736414192:S=ALNI_Ma4iN81sNqJjuzOt_J6cO1QJMU7EA
.starfiles.co/	1970-01-21 06:39:26	Name: __eoi Value: ID=ec6437edd4d068ef:T=1736414192:RT=1736414192:S=AA-AfjauXm5zKiBFoirfImb2jCFZ
.adnxs.com/	1970-01-21 11:56:14	Name: receive-cookie-deprecation Value: 1
starfiles.co/	1970-01-21 02:20:15	Name: session_depth Value: starfiles.co%3D1%7C385255930%3D1%7C272523267%3D1
.doubleclick.net/	1970-01-21 03:03:26	Name: ar_debug Value: 1
.doubleclick.net/	1970-01-21 06:39:26	Name: receive-cookie-deprecation Value: 1
.teads.tv/	1970-01-21 11:04:23	Name: tt_viewer Value: 88a29dfa-cda1-4ab5-9109-fa0b9559358a
.casalemedia.com/	1970-01-21 04:29:50	Name: CMPS Value: 1292
.starfiles.co/	1970-01-21 11:56:14	Name: _ga_5NQRXX08WX Value: GS1.1.1736414193.1.0.1736414194.59.0.0
.starfiles.co/	1970-01-21 11:05:50	Name: cf_clearance Value: NW7zJxWr7CCr7t.487tf5UyiwDcq9dv7pwAEka9Ihlk-1736414194-1.2.1.1-PSRiaEZbsgL.N7B2gSS94hqjrT9xuaRBhPhuEWsK92OwAxBJQdeG0g7jqWnBw.2q9LQEiqDS8UrKuojZ11wGKLgJUGmvENqzD7185wXzphJbXHJTIbKuJ9deMofvgkDGvrscoW7bS5QiGPhh2hTDoJUa3nxnWaZqZtYlRZfOA7LguXAQuYILjIfG_LV80AzQYMGzkkxlOt3F8cl46yD8O4jmmbl6XSVJR272dKmUuKfc6aKA80L4c_LxaFfcW3pgCsna8ujGJmYwDWnzHQqsoU_GvzkXdcm13S.ZPUPvpRjJzVzKoQCEJttSbVk5LNvOowflk3XXH7SW9Z2UmdR1JTs9EelLRGvx2VS7_ksv9iH3BvX0qqRrpfvCWwu7bPi8
.casalemedia.com/	1970-01-21 11:05:50	Name: CMID Value: Z3.T8tHM51cAAAgnBP82vgAA
.casalemedia.com/	1970-01-21 04:29:50	Name: CMPRO Value: 1396
.starfiles.co/	1970-01-21 11:05:50	Name: FCNEC Value: %5B%5B%22AKsRol-HoBG1kmPgNS5y8N_upiEgCdde-nS1GVzd5QlaH_clHujMu-fVVb_sOsbZ6irmYRVowpipC98anShOcz4ogbOsR49OclE17pr3cvsSDhlXPw6IC32GStJQO-M1gHDjHI84aaShQdVVp2omgFzrNXAL3qMF_g%3D%3D%22%5D%5D

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pl22439263.profitablegatecpm.com/3ec188bf80670554461a35ea9780534a/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://www.topcreativeformat.com/8c1929f123f4bb7f86703573ff51e04d/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://www.topcreativeformat.com/dfbe284c9d4e148be30ce00f61f0a5a7/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://www.topcreativeformat.com/3429dd4c438cce6c27e962530d0d13fc/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://www.topcreativeformat.com/975d2d307064a6c9a68067a3d85b9f44/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://www.topcreativeformat.com/32bbe6651313c859b2a743375e1bea0f/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://www.topcreativeformat.com/f17e6d03e865e747b36807cdeae32475/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript	error	URL: https://starfiles.co/file/VScTtAUmep9u/spotify-red-ipa Message: Access to fetch at 'https://api.starfiles.co/file/fileinfo/VScTtAUmep9u?preview' from origin 'https://starfiles.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://api.starfiles.co/file/fileinfo/VScTtAUmep9u?preview Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
api.producthunt.com
api.starfiles.co
api2.starfiles.co
cdn.jsdelivr.net
cdn.starfiles.co
cdn.trustpilot.net
cloudflareinsights.com
contextual.media.net
ep1.adtrafficquality.google
ep2.adtrafficquality.google
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
hydrafiles.com
lg3.media.net
pagead2.googlesyndication.com
pl22439263.profitablegatecpm.com
starfiles.co
static.cloudflareinsights.com
stats.g.doubleclick.net
td.doubleclick.net
www.google.com
www.googletagmanager.com
www.topcreativeformat.com
api.starfiles.co
api2.starfiles.co
cdn.jsdelivr.net
ep1.adtrafficquality.google
hydrafiles.com
104.77.220.25
108.138.106.53
192.243.59.13
192.243.59.20
23.199.48.23
2606:4700:20::681a:80d
2606:4700:20::681a:90d
2606:4700::6810:4f49
2606:4700::6810:5049
2606:4700::6812:7f76
2607:f8b0:4004:c19::9d
2607:f8b0:4006:80d::2002
2607:f8b0:4006:80d::200a
2607:f8b0:4006:80e::2002
2607:f8b0:4006:81c::200e
2607:f8b0:4006:81e::200e
2607:f8b0:4006:81f::2003
2607:f8b0:4006:820::2008
2607:f8b0:4006:821::2001
2607:f8b0:4006:821::2002
2607:f8b0:4006:821::2004
2607:f8b0:4006:824::2002
2a04:4e42:200::485
0d15f4b76bb93b88a776e5c67094557571ef43426c91dd67ae7252d29f5d0924
13a5cf1b83d072d7532d4f3955015820c5ad18e936151fc820667f3b0102f5f9
14d8fcaf2ec89003fb9fbbe591428437aedc458544648d302bbcf2135fb707dc
2c31301d903c49a1dab3a2714159746e5a09cdba1ce40247d46772115324f678
2eba21ae4c2a4af47caa1154d8711a6bdbf85d295b228426354ac42b4c430621
2fca55c9911bb19de60a2b5020fb940bdc23aa8622e27bef15de670055d298c7
38118ddd021b5e6e0a594ec89c79b010cfff0d7c97eb82221ae16d4cb95af648
3a4b9e9018d2c90286121ea7ccf547b3304fed1db2da602a1a53600f0f1304c3
42104ec5b2483c973646e1b0a697e83f8616021266e3bb61fa815ca19506ef7c
45810cdad805df84722b2c03391b8d1ce16f8ee5048b9be90c300bf929a6b3ee
4b3dbab700a6bd0ddc0f717848caf188167f5912595c2d8c2e00f3102425fa38
528db3367adad2cc4d26d3d64bfcd2ec12a38b30f2bc34dbd964e6b3f9781fd7
5ad17d7164ddb1e9fa8081ac3888608a5ec2e40a641ffc1d883229aaf743a660
61ed8b74b5914ab06737a2b39ac5d40e6b88befaf44238f0c677197ced1980f1
6d8731b2fd3a584e177be6ee04b3f9a05be6e32fde2f97993921a8a3bad26e82
735b7f70ab83623127d52f82b9c6bce0311a2ed2f1a5fe4827517b5a5ce4d78f
769406737de2760ebe901774c41536f730ac9757ee1244f8b17bda055a73558f
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7ab537773fa7c41e6ea63bff0ba09be26be796ebb4b1ef7da1e4c398780d7c86
87bddb29802e457fdfc137657726384b3cc188ba19d4acdb6fd06e4b9135e0dd
8924e17ab31d5b1c5a3ffd7dd6a02eb0e06c514e205ce0b257a200dbf4e91fd3
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
8b1bb264d3f4e9e18f183190a3c443c6409502514f56e670dc60ea04c40747de
97399a2914c593da2895d9729aa0170a1956e91ee54cf7550696691949558a37
9ac33819488de47f25c6a3788e583d04964914c5aa09b83320bac6ffc8a1923e
a4eef01fee345684240a928ab22237c95e5e6841a7374e6e89b3e052805eff1e
a62c13509933dcd905cc427c8af6688a58de3e68ee52730b5394247e130495d0
a6c1799b50b6e11b063f8c8574df6d5c87a3fd96f4d6cc2fb8ba8528867091ae
afad6a7ce2b8646c18508d67d8fb33ffdcb6c930b96a36e3b35a14aa8bfe0fbf
b4eee2ec19acb04d23c103ea264973702058758cd168608cb4b2051f085675ce
b79aa4d4f529b5c8e977b1f7752bc93869668574f8da2c0fa86528b7817dff99
bdd7e40674a376a290c133bfa838d96d5e4acc1c298b0bdd3519f2e286456bdd
c05b3d60f2ff57dbc8d3bfcc171a66330c4152284dd1e1263b972a2649772327
c8a9c2d58a3ab6790cc912f9b046c35bd4e0a672569136c338907920e137cdcd
c9d3c60dbdef7a651c8bd6d17de8731d5d070b7c8683858aa1d35308f0ce3f42
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cf017d01048a5fe710b9bc8db7a78bd719b4c633d9be8b1564344c5edf85d7a5
d9640bf1795ad4d606d37bf3a223f72f7f089242f745c4182843820dcd73d55f
da694facc08b1b4e4639b29f607547b51743e29db6f87ee33852f4115b97f376
df8f16dbb4e42d0e1d4db01ced826e12f830f7d84b1ed43b4122e1aa3dd3a1fe
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f750d23460829b6fa304d010b3d39e0f18305ae419506ec7e91b1b112120c3b2
f83261e1f4e0ea00c3bc3df4b4f02f8e1784629e22b588d6cc3b6af76d48da40
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

starfiles.co Open in urlscan Pro 2606:4700:20::681a:90d Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

87 Requests

91 %HTTPS

78 %IPv6

16 Domains

26 Subdomains

24 IPs

1 Countries

691 kBTransfer

1904 kBSize

18 Cookies

25 Outgoing links

Redirected requests

87 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

starfiles.co Open in urlscan Pro
2606:4700:20::681a:90d Public Scan

Screenshot
Live screenshot

Full Image

87
Requests

91 %
HTTPS

78 %
IPv6

16
Domains

26
Subdomains

24
IPs

1
Countries

691 kB
Transfer

1904 kB
Size

18
Cookies

87 HTTP transactions
0 data transactions