Report - www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file

Report Overview

Submitted URL
www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file
IP
104.16.54.48
ASN
#13335 CLOUDFLARENET
Submitted
2022-11-18 13:24:46
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	54.148.242.254
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-10T12:25:49Z	730 B	4.8 kB	142.250.74.10
image6.pubmatic.com	637	2015-10-14T12:06:42Z	2023-03-10T12:51:49Z	402 B	381 B	185.64.190.78
simage4.pubmatic.com	1129	2013-08-22T15:21:53Z	2023-03-09T22:49:29Z	577 B	320 B	198.47.127.20
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-10T05:11:10Z	8.3 kB	17 kB	142.250.74.3
www.facebook.com	99	2012-05-21T02:23:41Z	2021-02-04T00:31:35Z	623 B	3.7 kB	31.13.72.36
fundingchoicesmessages.google.com	2397	2019-01-16T16:59:52Z	2023-03-10T12:46:59Z	464 B	40 kB	142.250.74.46
hbopenbid.pubmatic.com	455	2018-01-08T13:15:02Z	2023-03-10T09:31:44Z	469 B	227 B	185.64.190.77
cdn.amplitude.com	2911	2017-11-18T18:13:36Z	2023-03-10T16:38:06Z	415 B	23 kB	54.230.245.185
stats.g.doubleclick.net	96	2013-06-10T22:21:11Z	2023-03-10T12:41:09Z	604 B	711 B	142.251.1.157
ocsp.comodoca.com	1696	2012-05-21T09:01:17Z	2023-03-10T14:02:39Z	341 B	1.0 kB	172.64.155.188
www.gstatic.com	unknown	2016-07-26T11:37:06Z	2023-03-10T12:47:01Z	858 B	4.3 kB	142.250.74.163
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.8 kB	34.160.144.191
status.geotrust.com	3662	2017-12-01T09:55:31Z	2023-03-10T05:15:32Z	686 B	1.6 kB	93.184.220.29
translate.google.com	1156	2012-05-30T03:30:32Z	2023-03-10T05:17:00Z	765 B	29 kB	142.250.74.46
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.2 kB	59 kB	34.120.237.76
cdn.otnolatrnup.com	50979	2019-03-11T16:12:14Z	2023-03-09T08:43:42Z	422 B	465 B	104.19.215.37
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-10T13:03:15Z	778 B	117 kB	142.250.74.168
securepubads.g.doubleclick.net	190	2013-05-31T06:19:39Z	2023-03-10T08:45:31Z	380 B	28 kB	216.58.207.194
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-10T14:37:36Z	1.0 kB	175 kB	216.58.207.195
static.mediafire.com	47565	2017-12-11T22:20:42Z	2023-03-10T04:20:21Z	4.7 kB	69 kB	104.16.53.48
mediafire-d.openx.net	50006	2017-01-30T08:36:28Z	2023-01-19T08:00:53Z	1.2 kB	585 B	34.98.64.218
ad.doubleclick.net	186	2012-05-24T22:21:08Z	2023-03-10T15:01:23Z	438 B	1.9 kB	142.250.74.102
lh3.googleusercontent.com	66	2012-05-22T09:35:05Z	2023-03-10T13:07:47Z	519 B	13 kB	142.250.74.33
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-10T05:10:00Z	782 B	2.4 kB	34.102.187.140
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
www.mediafire.com	30109	2012-05-22T04:29:38Z	2023-03-10T15:43:55Z	4.9 kB	180 kB	104.16.54.48
translate.googleapis.com	1005	2012-05-31T09:21:21Z	2023-03-10T16:15:17Z	918 B	81 kB	142.250.74.42
api.amplitude.com	1242	2019-01-27T16:02:28Z	2023-03-10T12:42:21Z	471 B	307 B	52.11.249.51
www.google.no	25607	2016-04-05T21:50:59Z	2023-03-10T07:09:08Z	513 B	694 B	142.250.74.3
ads.pubmatic.com	469	2012-05-21T05:56:35Z	2023-03-10T08:45:34Z	1.2 kB	7.7 kB	23.38.200.201
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	3.8 kB	7.4 kB	93.184.220.29
btloader.com	169057	2020-10-22T22:38:52Z	2023-03-10T14:03:39Z	382 B	11 kB	104.26.7.139
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-10T14:35:32Z	340 B	964 B	172.64.155.188
static.cloudflareinsights.com	1294	2019-09-24T16:34:56Z	2023-03-10T13:32:49Z	457 B	393 B	104.16.56.101
prebid.media.net	1256	2018-02-14T18:41:07Z	2023-03-10T15:14:51Z	456 B	1.2 kB	34.107.148.139
api.btloader.com	1320	2020-10-14T17:25:59Z	2023-03-10T08:45:35Z	954 B	597 B	130.211.23.194
contextual.media.net	513	2012-05-21T09:20:31Z	2023-03-10T15:55:16Z	931 B	8.6 kB	23.38.200.22
www.google.com	7	2015-05-10T13:11:19Z	2023-03-10T12:19:40Z	919 B	1.5 kB	142.250.74.164
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	2.0 kB	5.3 kB	23.36.77.32
ad-delivery.net	1341	2017-06-22T07:33:30Z	2023-03-10T14:03:39Z	790 B	2.4 kB	104.26.2.70
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-10T13:35:34Z	1.2 kB	21 kB	142.250.74.174

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-11-18	medium	ryckzff.zip	Sinkholed

JavaScript (44)

	URL	Size	First Seen	Last Seen
	www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file	15 kB	2023-03-08	2023-03-11
Pretty URL www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file IP 104.16.54.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:38:00 Last Seen2023-03-11 23:08:37 Times Seen1 Hash 8f431ef4a250a5ccecf93168508fd96a f143a224117160cb979a02fb73f785090991fcfd 74d6493eed9d74ef5cc53677a43faec73cd39e5401ed890f1c6f92903fa40a58 Loading...

	www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file	340 B	2023-03-07	2024-04-26
Pretty URL www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file IP 104.16.54.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2024-04-26 17:42:42 Times Seen1804 Hash 7b0298352717334914068ec708c9513a faf49acfb2d927211e20a345a4f6d77b31fbb539 16d9425c57376be8131894bb4b01fea2547be2fbbed0f3587cba20af9dae4190 Loading...

	www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file	1.4 kB	2023-03-07	2024-04-20
Pretty URL www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file IP 104.16.54.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2024-04-20 18:00:38 Times Seen1255 Hash ac28d3adfc51fa961f442efde7c10ce6 faed185c2f5dea63f1140b033f7d6e8c02c29295 c78d75016d77016fa0ef5cd7ee429bb10974397b970ef6eb975bce72099c29c6 Loading...

	www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file	244 B	2023-03-07	2024-04-20
Pretty URL www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file IP 104.16.54.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2024-04-20 18:00:38 Times Seen1275 Hash 3d3cc144a4263f35a45be0ce301a7765 d4f9599219bcf86d846eaf65ebd8833fa67ddcae 9ee897df84988e54e3816800f2fd31ea5c2157dff7f21ab50fdb1eff4f1e3fde Loading...

	otnolatrnup.com/Tag.engine?time=0&id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=96820&ver=async&referrerUrl=&fingerPrint=123&abr=false&stdTime=0&fpe=1&bw=1280&bh=939&res=1280x1024&curl=http%3A%2F%2Fwww.mediafire.com%2Ffile%2Fdxgbv1hgks8bd1p%2F%40ryckzff.zip%2Ffile&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone	1.9 kB	2023-03-11	2023-03-11
Pretty URL otnolatrnup.com/Tag.engine?time=0&id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=96820&ver=async&referrerUrl=&fingerPrint=123&abr=false&stdTime=0&fpe=1&bw=1280&bh=939&res=1280x1024&curl=http%3A%2F%2Fwww.mediafire.com%2Ffile%2Fdxgbv1hgks8bd1p%2F%40ryckzff.zip%2Ffile&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 14:01:47 Last Seen2023-03-11 14:01:47 Times Seen1 Hash f3b1746ede66bc3daf4ceab180c0555f 5cedf5908fa3b1a486a1dfce356c3cc96d52e094 f892d99a1496c9c98c008cb0a5dbe0c288f631546088428c07f7e22d4c3655bc Loading...

	ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936	16 kB	2023-03-07	2023-03-17
Pretty URL ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936 IP 23.38.200.201 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2023-03-17 21:47:34 Times Seen1 Hash 772d546636c1872e4cb7a31a12729334 816b8fac9bc38963382ff30d12baa2b74cbd354b 7d799e920aa5b42a25cff20542a231174a917efb27799ca3c27b279bd832b979 Loading...

	www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file	99 B	2023-03-07	2024-01-16
Pretty URL www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file IP 104.16.54.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2024-01-16 05:47:01 Times Seen793 Hash a11fb74027afaefcf2078d2c17739163 416b8adf94667a3552b37c4dbc93bf4e36b6cb6e 02bd4f056189f10d506c63fb2dbd6879896654fdbe64ea8f927745e00510ab20 Loading...

	www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file	90 B	2023-03-07	2023-03-29
Pretty URL www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file IP 104.16.54.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2023-03-29 21:43:15 Times Seen5 Hash 6460d29283ac4fba5b74cbd3ca275236 b5dd8e0ec6e8fbd07c9ef9a323f518cfaa9a3813 08e492c45a4d0cc5cbec895f132ed277ee74695481948461ff70a00487b08e2c Loading...

	btloader.com/tag?o=5678961798414336&upapi=true	13 kB	2023-03-11	2023-03-11
Pretty URL btloader.com/tag?o=5678961798414336&upapi=true IP 104.26.7.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 08:34:12 Last Seen2023-03-11 20:58:13 Times Seen1 Hash 9abdc1edfcf8ffb77ccd0e5a2ab640bb d05ce6be9d6464462623372eb06a0f419e905474 2cbb0404abf40a0fd02c450a94d8d68a29fce568480f45b82b3dba834ee408f3 Loading...

	www.googletagmanager.com/gtag/js?id=UA-829541-1	112 kB	2023-03-11	2023-03-11
Pretty URL www.googletagmanager.com/gtag/js?id=UA-829541-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 14:01:47 Last Seen2023-03-11 14:04:17 Times Seen1 Hash e5505896396e7cc83c1426ecb31227cf fa60c4e2daff0f6eb2d90ec591a998cff004d75d 4c4f4117574523a821ca341d2524e6c4d261f28190f7bc8523cf6db5ebc6e205 Loading...

	translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback	17 kB	2023-03-07	2024-04-26
Pretty URL translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-26 20:22:36 Times Seen14195 Hash a3eefe14b1b4698460d992bd1673a26b a2fca6ebb00b8bdcca3eda88654d02d2c165b9c4 87514750a90cd70dd22c8673cfa80d804ef55840bd0755950af2118d8d218067 Loading...

	image6.pubmatic.com/AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB	60 B	2023-03-11	2023-03-11
Pretty URL image6.pubmatic.com/AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB IP 185.64.190.78 ASN #62713 AS-PUBMATIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 14:01:47 Last Seen2023-03-11 14:01:47 Times Seen1 Hash a6a1d03705f891aa69114272157f3f10 d8d8e92490601a8f27b52a93ea424b5004163f4d 3ea920461068f7bf333722b55c30c340c4dfe3e37080f2db8dd0543995ccb51a Loading...

	www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file	166 B	2023-03-07	2023-07-31
Pretty URL www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file IP 104.16.54.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2023-07-31 12:46:10 Times Seen369 Hash f941f76ccee1ae706eedd6add8c7d3b3 5d4c4a5d7f5fb030dc6e01b656fcc393423cd5b5 c40fd0b9a7e6d6ab90cf21f10aafe06639f1e6735bed9068e893b0ffd0d07c76 Loading...

	www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file	99 B	2023-03-07	2024-04-13
Pretty URL www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file IP 104.16.54.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2024-04-13 10:55:46 Times Seen834 Hash f669d6bf5c7ad4dc205ba9ceeb629791 e5401d4cd8dea04b0f707db35451ae3944152a01 9fe4e69552905c408b9c2cead95f2f5c314e83a91b72af6ff284e46f16a5af49 Loading...

	www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file	13 kB	2023-03-11	2023-03-11
Pretty URL www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file IP 104.16.54.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 14:01:47 Last Seen2023-03-11 14:01:47 Times Seen1 Hash b9931f1ac51aa057ed1e73b028c93687 7b0a72a6aea8d899ca5fbb0b0b4d846fda96c6b0 eb7841cc22a77694f3189b52d00abb4e4bcf1fb5f67a2bb3629bfe29a1a2cbd7 Loading...

	www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file	50 B	2023-03-07	2024-04-13
Pretty URL www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file IP 104.16.54.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2024-04-13 10:55:45 Times Seen1134 Hash 2a3e0cf1eb9a605784a92569cf894f8c 10e7021ec5823da40f0916471956088fe86473da baeead41095f1450cfb9f5bc75df542fcc953f28f0455499e308407e72ad4b0d Loading...

	www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file	9.7 kB	2023-03-07	2024-02-01
Pretty URL www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file IP 104.16.54.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2024-02-01 00:53:44 Times Seen843 Hash fb3ef70a9c3427141a42ff7b9973a5a5 8c6981aa075b2be7874badea20646ebd9273c1bc ff901e96d202c77a3dafe7a0a381bdf49269979c8b54497b1044729cd133f869 Loading...

	www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file	2.0 kB	2023-03-07	2024-04-26
Pretty URL www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file IP 104.16.54.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2024-04-26 17:42:42 Times Seen1803 Hash e48418f18355925eaea03355309b2e00 c51214ad93526b8c02f9624b7ef0dda8c7dfe9a5 2fd1cae6706b4ee934c5c6f90d0aee52851d2310a9a4a413dca147cf907906e1 Loading...

	www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file	166 B	2023-03-07	2023-07-31
Pretty URL www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file IP 104.16.54.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2023-07-31 12:46:10 Times Seen369 Hash 11fce363f5710df0dc32f152e58637f2 9443280608b104eb972669677bbb0bcfa7c1231a b04d0f6b5f781241052b16100d61256d99798ada635d2eaa93fd3d2d2ac7998e Loading...

	unknown	0 B	2023-03-07	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 06:59:12 Times Seen37113278 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993	17 kB	2023-03-08	2024-02-28
Pretty URL static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 IP 104.16.56.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:25:00 Last Seen2024-02-28 12:44:37 Times Seen1362 Hash 33100f2355611b2375f05486299abf05 0b2d1b75f6695e67b884bee2eb72165d6e881a26 0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3 Loading...

	fundingchoicesmessages.google.com/i/183096492?ers=3	113 kB	2023-03-11	2023-03-11
Pretty URL fundingchoicesmessages.google.com/i/183096492?ers=3 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 14:01:47 Last Seen2023-03-11 14:01:47 Times Seen1 Hash ad731a43936a3491745339a527bc443e 1ef01fe5216f8606b10c914f570694bbf1b3a1c3 43afa515753214164e9980446e3c8ec9f09ce281e18d377b06667287a9f8984c Loading...

	www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file	367 B	2023-03-07	2023-07-26
Pretty URL www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file IP 104.16.54.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:58:47 Last Seen2023-07-26 17:29:16 Times Seen71 Hash 35fd5d438b217cc204c7f2ab7abb570d 9eafb977dfb236d7c553870a65f97b2fe565e690 3e6a1658668df6dbf19a6aacc0586232419ae1c2ebb7f4f13e845163389b8846 Loading...

	www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file	166 B	2023-03-07	2023-07-31
Pretty URL www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file IP 104.16.54.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2023-07-31 12:46:10 Times Seen369 Hash 25b1cf26c97255912ad392a889e66a07 c934c0f0d64eeb228cdc0f3491516281f8374d38 01caddfe898aea02b6d55a3c52683b46ac27c921d03f17804a5fbe7f462676ba Loading...

	www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file	543 B	2023-03-07	2024-04-13
Pretty URL www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file IP 104.16.54.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2024-04-13 10:55:46 Times Seen837 Hash 9d139d72e2571ec8b88f2b08f79efb25 adb7b37f804197f726caf37ae6cd6e7becb2a549 f41723d29915e771a79001b062c73b94ccfcb9bda5a1ba30aa5f29bda7c0faf4 Loading...

	translate.google.com/translate_a/element.js?cb=googFooterTranslate	76 kB	2023-03-11	2023-03-11
Pretty URL translate.google.com/translate_a/element.js?cb=googFooterTranslate IP 142.250.74.46 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 14:01:47 Last Seen2023-03-11 14:01:47 Times Seen1 Hash 93a9d7d5a1d2abb40c05b07253d2b536 d7413acde6b532aac35330d3c13eb9689b0422cd cc179c70eecac8f5129c6348edbecd48890422474fcbfed62b9e4115b802b3e2 Loading...

	ads.pubmatic.com/AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3D5E48D576-D1A4-48FD-9A16-A011EDEA808E%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID	1.7 kB	2023-03-08	2023-03-17
Pretty URL ads.pubmatic.com/AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3D5E48D576-D1A4-48FD-9A16-A011EDEA808E%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID IP 23.38.200.201 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:30:01 Last Seen2023-03-17 21:47:34 Times Seen1 Hash 33c1736dc4614876d1536e2dad54357c 06a0ba6c3be9e07eb4ed999771cfe68b5208a381 fd937b2d24f04ee2d97046130c2b0dc120fbb0c715f1101e7ddbcf6ac68ae174 Loading...

	www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file	166 B	2023-03-07	2023-07-31
Pretty URL www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file IP 104.16.54.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2023-07-31 12:46:10 Times Seen369 Hash cfdc30831a0b3c68f6e25651e0337060 0294ded30901cc2effefa6916ad438c3d3f43d8a 7069594ae3cf7da34743de2228eee51ded6510ac80a13ce08571bc195d4ed8d2 Loading...

	cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js	70 kB	2023-03-07	2023-05-06
Pretty URL cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js IP 54.230.245.185 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2023-05-06 01:23:33 Times Seen337 Hash c43d9f000a09bd500ed8728606a09de3 36ad6b0fa2c6bcd116fb642f25789fc2d08a68e6 2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-27
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-27 02:03:36 Times Seen1536 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	securepubads.g.doubleclick.net/tag/js/gpt.js	80 kB	2023-03-11	2023-03-11
Pretty URL securepubads.g.doubleclick.net/tag/js/gpt.js IP 216.58.207.194 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 13:43:35 Last Seen2023-03-11 14:07:22 Times Seen1 Hash 7f2d59ee6550e82cdb9e761cc077771a 81e1972ac94a383f8e9b9e0615c21d0858bf2b60 9e136e6a1e65ca479d6a937f2d25dfbdef122b7cff7a10cde98eb6565949a559 Loading...

	fundingchoicesmessages.google.com/f/AGSKWxXrjtEH6OsIEa1eMxJNrJTV18lP5XKGKMJi5rI13IlsGpcs5yT-0hk0wJuzpkaKFvH14rtURv0da3wnJCfhkp8=	113 kB	2023-03-11	2023-03-11
Pretty URL fundingchoicesmessages.google.com/f/AGSKWxXrjtEH6OsIEa1eMxJNrJTV18lP5XKGKMJi5rI13IlsGpcs5yT-0hk0wJuzpkaKFvH14rtURv0da3wnJCfhkp8= IP 142.250.74.46 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 14:01:47 Last Seen2023-03-11 14:01:47 Times Seen1 Hash 3f7e0b595ab8fc95b091a2f7d8e63255 09d001f4dbc0835e516293a85f3ee33c2b072a3b 12776dc12c5ecac5641eb1bf178f360bef124249c6c1801a5bafa9ce9be74690 Loading...

	http:srcdoc	1.2 kB	2023-03-08	2023-04-22
Pretty URL http:srcdoc IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:55 Last Seen2023-04-22 02:10:05 Times Seen1280 Hash 1bdd099873761648dd3aa8aad60e2ac3 713e5a99347bd73f3d9c359acd1c885430e22060 0624e7ce1ad63657924f8ca830c5a9a16c721b527ea1b98d2ef471d04348a07d Loading...

	www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file	2.1 kB	2023-03-07	2024-02-20
Pretty URL www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file IP 104.16.54.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2024-02-20 22:13:21 Times Seen867 Hash 93aa8e871ebf303daab6f0b0093d879d cd91630b93ddd892e3e910d42f44f1f5836e7aa9 7f824ad0e56ad94ae36acd4b9ac580ae8e6fb262b8eb5443d66653c1cdad4bc2 Loading...

	www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file	166 B	2023-03-07	2023-07-31
Pretty URL www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file IP 104.16.54.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2023-07-31 12:46:10 Times Seen369 Hash bd154b3d8a8e6cd2d00aed789067724c e5b3ffec82f7e987e002d278e9f1a71d579c2209 964ed903f0f240fa1ada1d7274afb52279e544088550b21512c012c6953311da Loading...

	www.googletagmanager.com/gtm.js?id=GTM-53LP4T	226 kB	2023-03-11	2023-03-11
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-53LP4T IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 14:01:47 Last Seen2023-03-11 14:01:47 Times Seen1 Hash af7e3d06eb832f063fb1c87d34802bbf cedcd16d5a275a8b2423dd22a4ca36446c3b0d3c 881d7362baaf8af11b0d6c65af1913447f8164f97a54dce87dd0a91c9f36e530 Loading...

	www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file	658 B	2023-03-07	2024-04-20
Pretty URL www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file IP 104.16.54.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2024-04-20 18:00:38 Times Seen1255 Hash 3d9dd3dfd08271e8e67d096e4e43db5c 973cda2469d945e79930c96089eff05ee619294c 2c6a061a66c76e6a96530d6190e183aa6d17932f0d76778bba8bd9a6d80e09cf Loading...

	www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file	805 B	2023-03-07	2024-04-13
Pretty URL www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file IP 104.16.54.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:08 Last Seen2024-04-13 10:55:45 Times Seen1120 Hash f9aec3b48bec0e276b5ebbf90dd111e7 7da6fbeab0b7d5f3b4207a632ac672ecca0f2aa7 50dc7f84488cec37c774f2d47c05b549ffd9fb71baaf5d46d34b313e1c18e3ef Loading...

	cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0	185 kB	2023-03-11	2023-03-11
Pretty URL cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0 IP 104.19.215.37 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 14:01:47 Last Seen2023-03-11 14:01:47 Times Seen1 Hash 5ddc8c908e321c413a33abf841ebc369 31e6b961a490ef7c1057652c4d7938c820613850 08d97bc62f25035d6b3002cdb1ca7037f4c62775b82833c3a6188798cc365513 Loading...

	securepubads.g.doubleclick.net/gpt/pubads_impl_2022111401.js	390 kB	2023-03-11	2023-11-04
Pretty URL securepubads.g.doubleclick.net/gpt/pubads_impl_2022111401.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 12:21:20 Last Seen2023-11-04 16:55:45 Times Seen5 Hash 9b62e1abb42a26ffd88a40f212f3598c 305c3283b8b5c5e7f1e2afaebcf1e8d5198c0982 72c530773071f1aa1e6f7a3b0d20810449c8b6eb39d6e109fcd7082868888f68 Loading...

	contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C77%2C38%2C182%2C261%2C141%2C262%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1	23 kB	2023-03-11	2023-03-11
Pretty URL contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C77%2C38%2C182%2C261%2C141%2C262%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1 IP 23.38.200.22 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 14:01:47 Last Seen2023-03-11 14:01:47 Times Seen1 Hash 4bfdbc42bff50ac00d09415aca95e530 1acc05d05096f3b2c14faaa609e01ae1bc8c7fb2 92e49371cc0f03d0b1dca65934b9cbeb32a15935a54203b74718d0e609513bed Loading...

		Size	First Seen	Last Seen
	#1 Write - 1ea872e800e8178012560994a717feee	2.9 kB	2023-03-07	2023-03-17
Pretty Observations First Seen2023-03-07 01:02:06 Last Seen2023-03-17 12:49:46 Times Seen1 Hash 1ea872e800e8178012560994a717feee 391fb300646cecffead4773ee363d154bdc7b723 bd9b9037f2231777bcc799f76eeeae2e5a01663cce765e72e2ed1bda49cc926c Loading...

	#2 Write - 8b61ee8612aec53f39c77bf6f6bd989f	382 B	2023-03-07	2023-06-19
Pretty Observations First Seen2023-03-07 01:02:06 Last Seen2023-06-19 20:30:52 Times Seen84 Hash 8b61ee8612aec53f39c77bf6f6bd989f 100a093c0b3e54546f31abf306c6ecc99e293938 d2485660acb012ca34ca118cb59e6fbb11edb83ea98a0e050dd9bed186ee9274 Loading...

	#3 Write - 17b4f42d4db289726d11bffdeb8ecb62	382 B	2023-03-07	2023-06-19
Pretty Observations First Seen2023-03-07 01:02:06 Last Seen2023-06-19 20:30:52 Times Seen84 Hash 17b4f42d4db289726d11bffdeb8ecb62 4714b95ed330602e794dcb5c76a744645b463b8c c68c84b340115ef05318c4438aed24d3cd6198fdac59ac30dc7bac98452fda69 Loading...

HTTP Transactions (109)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
30c30d01178fc74ac5266ee64c3ee85b
c0c2af8a864c00aa85a8775d55f85ab107150a3b
c15644f69fbfeb99074c7e9711dfc9452ee164fa78eb981b6bae4fb7e3585f2a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C15644F69FBFEB99074C7E9711DFC9452EE164FA78EB981B6BAE4FB7E3585F2A"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4631
Expires: Fri, 18 Nov 2022 14:41:46 GMT
Date: Fri, 18 Nov 2022 13:24:35 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
67f53a639d57dd6237b5be86fe4f6c1b
287f09532dc331228d09c20b75f4160e91e9800a
41913a8af366685c42af59e9d8e02fccedbe68a3313d2d9fe353deb0c1019075

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5083
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:35 GMT
Last-Modified: Fri, 18 Nov 2022 11:59:52 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4e84f361a3c81abc5d665a5f441452a8
7aa4b9cb0a7ba1daa514dbb48fe8e74fdf09b60d
04d64920cc8e6b096841938b0c1140889f5d7a04eabd440934a31f1c7ab90352

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04D64920CC8E6B096841938B0C1140889F5D7A04EABD440934A31F1C7AB90352"
Last-Modified: Wed, 16 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5269
Expires: Fri, 18 Nov 2022 14:52:24 GMT
Date: Fri, 18 Nov 2022 13:24:35 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 18 Nov 2022 12:45:03 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2372
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 5fRJT9IkkgJ0rjh0yYoZILTdXXADPjJ9ZtnR/A5pfle4LfJytKGkRScae+D3ht2a1FEojvogjXU=
x-amz-request-id: TF4Y0FNBAXAYM46R
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 18 Nov 2022 13:15:37 GMT
age: 538
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 13:24:35 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file

104.16.54.48

200 OK

86 kB

URL HTTP/1.1
www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file
IP
104.16.54.48:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63117)
Size
86 kB (85648 bytes)
Hash
33185d53bf57adcbb22e3977a14b8379
4bde2d626c261b89711bf9bb4230150e72b8d22b
4d372626b6bbb9b04027ae4a88608fbde2906d3abb034f01fd24e8cf9e165241

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /file/dxgbv1hgks8bd1p/@ryckzff.zip/file HTTP/1.1
Host: www.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 13:24:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: http://www.mediafire.com
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
Expires: 0
Pragma: no-cache
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: noindex, nofollow
CF-Cache-Status: DYNAMIC
Set-Cookie: ukey=tbnil2tipza6d06ww21cnq2im7yy09zy; expires=Tue, 18-Nov-2042 13:24:35 GMT; Max-Age=631152000; path=/; domain=.mediafire.com; HttpOnly
dx61=1; expires=Mon, 21-Nov-2022 13:24:35 GMT; Max-Age=259200; path=/; domain=.mediafire.com; HttpOnly
ad_count=1; expires=Fri, 18-Nov-2022 13:54:35 GMT; Max-Age=1800; path=/; domain=.mediafire.com; HttpOnly
conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-34%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FFirefox%22%2C%22mf_campaign%22%3A%22dxgbv1hgks8bd1p%22%2C%22mf_term%22%3A%22c562d2ec43420b28a00229c95aebab1c%22%7D; expires=Sun, 18-Dec-2022 13:24:35 GMT; Max-Age=2592000; path=/; domain=.mediafire.com
__cf_bm=JMahixmP9vac.BkIvksPZHgcaA61GDoUHokkA1eNJ9Y-1668777875-0-AebcxgBk+coAaMEL/n3mynpyW8ypBwMQ6u/ohTkKzTDv/qT7vvE/oPs4rQR1SgL4zNUotiBFsFmOBcSW0qtl7rg=; path=/; expires=Fri, 18-Nov-22 13:54:35 GMT; domain=.mediafire.com; HttpOnly; SameSite=None
Server: cloudflare
CF-RAY: 76c106f799ddb518-OSL
Content-Encoding: gzip

www.mediafire.com/js/prebid5.17.0.js

104.16.54.48

200 OK

80 kB

URL HTTP/1.1
www.mediafire.com/js/prebid5.17.0.js
IP
104.16.54.48:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
80 kB (79852 bytes)
Hash
57054ccba30c2dedde9b6139f72bf37e
04d436872be1c702db70b33b56b97b9daa17ec48
c4808b176fc686e19da8d088b99f9e607ea2a9040f736397343f8b35e0fc6511

HTTP Headers

GET /js/prebid5.17.0.js HTTP/1.1
Host: www.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file
Cookie: ukey=tbnil2tipza6d06ww21cnq2im7yy09zy; dx61=1; ad_count=1; conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-34%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FFirefox%22%2C%22mf_campaign%22%3A%22dxgbv1hgks8bd1p%22%2C%22mf_term%22%3A%22c562d2ec43420b28a00229c95aebab1c%22%7D

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 13:24:35 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Cf-Bgj: minify
Cf-Polished: origSize=269036
Etag: W/"62deda56-41aec"
Expires: Sun, 18 Dec 2022 11:36:17 GMT
Last-Modified: Mon, 25 Jul 2022 18:00:54 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 3455
Set-Cookie: __cf_bm=HmC_s5x0kSTBFREytkvPplXDFJPQSBBHzq6bIE1SMPc-1668777875-0-AeXg6eK2fb1TaBBuPRQ4bbY1JfKGaZpxPaLETz6O2Ar0uYE3zBNcc+uxdOPQhj7CyWdT5hKytiO1d1ctSHI+okY=; path=/; expires=Fri, 18-Nov-22 13:54:35 GMT; domain=.mediafire.com; HttpOnly; SameSite=None
Server: cloudflare
CF-RAY: 76c106fa8e6b1c12-OSL
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
7b6560962a389bb66c1c15115a53edab
f7ce37aae0274b21f36eab70839d2e35b986a93a
c529f17f81500b536be21d7424697ae6475edadc114415f4a5f4b0973317b822

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5662
Cache-Control: max-age=126662
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:35 GMT
Etag: "6376bd3b-117"
Expires: Sun, 20 Nov 2022 00:35:37 GMT
Last-Modified: Thu, 17 Nov 2022 23:01:15 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279

www.mediafire.com/images/icons/svg_dark/arrow_dropdown.svg

104.16.54.48

200 OK

244 B

URL HTTP/1.1
www.mediafire.com/images/icons/svg_dark/arrow_dropdown.svg
IP
104.16.54.48:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document, ASCII text, with very long lines (315), with no line terminators
Size
244 B (244 bytes)
Hash
438c74ce96fb46c379506f9a1a4b9882
0449a026abfda3ef8498ea612951d167202e44c8
3529bb7eb84889386b8b3dfaf3cb475fecbd83e1912d80fd43b790ca90aadb1f

HTTP Headers

GET /images/icons/svg_dark/arrow_dropdown.svg HTTP/1.1
Host: www.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file
Cookie: ukey=tbnil2tipza6d06ww21cnq2im7yy09zy; dx61=1; ad_count=1; conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-34%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FFirefox%22%2C%22mf_campaign%22%3A%22dxgbv1hgks8bd1p%22%2C%22mf_term%22%3A%22c562d2ec43420b28a00229c95aebab1c%22%7D

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 13:24:35 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Etag: W/"62deda56-13b"
Last-Modified: Mon, 25 Jul 2022 18:00:54 GMT
CF-Cache-Status: HIT
Age: 13008
Set-Cookie: __cf_bm=27lRh7t9b8_TIpTOOVigdwKYAdYHIHrKvELksRCwFdQ-1668777875-0-AaKHa0gnew68GIkRKMkiqxZ1YuN0h4q2Gzlx2rq1jiW+tqk2vwQDHnFxXo54aVqF7Feci3W1BN+L+LyBIVEFl2g=; path=/; expires=Fri, 18-Nov-22 13:54:35 GMT; domain=.mediafire.com; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76c106faddf3b518-OSL
Content-Encoding: gzip

static.mediafire.com/images/filetype/file-zip-v3.png

104.16.53.48

200 OK

1.9 kB

URL HTTP/1.1
static.mediafire.com/images/filetype/file-zip-v3.png
IP
104.16.53.48:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 43 x 58, 8-bit/color RGBA, non-interlaced\012- data
Size
1.9 kB (1872 bytes)
Hash
a23b8b7059e953fc1b74bf87a77ebb0c
f23e0ad301389083104f04d4164fa57423387b17
4448e430d3c53bad548a5d135e1c7e2f9593e806ba47892640d430ea752e979e

HTTP Headers

GET /images/filetype/file-zip-v3.png HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mediafire.com/
Cookie: ukey=tbnil2tipza6d06ww21cnq2im7yy09zy; dx61=1; ad_count=1; conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-34%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FFirefox%22%2C%22mf_campaign%22%3A%22dxgbv1hgks8bd1p%22%2C%22mf_term%22%3A%22c562d2ec43420b28a00229c95aebab1c%22%7D

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 13:24:35 GMT
Content-Type: image/png
Content-Length: 1872
Connection: keep-alive
Last-Modified: Mon, 25 Jul 2022 18:00:54 GMT
ETag: "62deda56-750"
Expires: Sun, 18 Dec 2022 08:10:48 GMT
Cache-Control: max-age=2592000
Access-Control-Allow-Origin: *
CF-Cache-Status: HIT
Age: 11790
Accept-Ranges: bytes
Set-Cookie: __cf_bm=5mEOEfrdEVZv5ytDMaPoRFgbPbIveOQeuypwPScsBIY-1668777875-0-AYFnhzvrmzn38dSwZI59MgZstYj63cz1q9rWEaEvDBHzBfpFvCKUGuiNz4E7JFMSy76wPasX6K8n4V4q5sFMh6c=; path=/; expires=Fri, 18-Nov-22 13:54:35 GMT; domain=.mediafire.com; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76c106face931c12-OSL

www.mediafire.com/images/icons/svg_light/icons_sprite.svg

104.16.54.48

200 OK

8.4 kB

URL HTTP/1.1
www.mediafire.com/images/icons/svg_light/icons_sprite.svg
IP
104.16.54.48:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- exported SGML document, ASCII text, with very long lines (1204)
Size
8.4 kB (8372 bytes)
Hash
c01bdde26a363ed7260b44fd1a731e98
669c691b1e1e4210ce80997387536c2aee7733f3
158cb8de96c09cdecff36d1b3de54c2853a1e57d32693d6e41f34572e6df6062

HTTP Headers

GET /images/icons/svg_light/icons_sprite.svg HTTP/1.1
Host: www.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file
Cookie: ukey=tbnil2tipza6d06ww21cnq2im7yy09zy; dx61=1; ad_count=1; conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-34%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FFirefox%22%2C%22mf_campaign%22%3A%22dxgbv1hgks8bd1p%22%2C%22mf_term%22%3A%22c562d2ec43420b28a00229c95aebab1c%22%7D

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 13:24:35 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Etag: W/"62deda56-90ab"
Last-Modified: Mon, 25 Jul 2022 18:00:54 GMT
CF-Cache-Status: HIT
Age: 13008
Set-Cookie: __cf_bm=8bLmuFo0j5_bgK3hv5sXPAWB0A_nnp9oXi0oHL2y99Y-1668777875-0-AczOaqpue0kCgg3LvLixcRx0Fpuf/7EkRdnoVVclGvAaS56FT5oUgfgrUBMbjafeNHYDaZs9RCwx5B/FH1WKKwI=; path=/; expires=Fri, 18-Nov-22 13:54:35 GMT; domain=.mediafire.com; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76c106fadea01c12-OSL
Content-Encoding: gzip

static.mediafire.com/images/backgrounds/footer/social/footerIcons.png

104.16.53.48

200 OK

583 B

URL HTTP/1.1
static.mediafire.com/images/backgrounds/footer/social/footerIcons.png
IP
104.16.53.48:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 112 x 28, 8-bit/color RGBA, non-interlaced\012- data
Size
583 B (583 bytes)
Hash
e0abc4fea89d2c5153b73cd02ac5ba13
00465ef774805c82fb5b8a40b743f7b1a1d1a7d6
f917a9105c311331b1d40f4d2bdbf11233c1c465616c1a9c46232f451463b061

HTTP Headers

GET /images/backgrounds/footer/social/footerIcons.png HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mediafire.com/
Cookie: ukey=tbnil2tipza6d06ww21cnq2im7yy09zy; dx61=1; ad_count=1; conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-34%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FFirefox%22%2C%22mf_campaign%22%3A%22dxgbv1hgks8bd1p%22%2C%22mf_term%22%3A%22c562d2ec43420b28a00229c95aebab1c%22%7D

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 13:24:35 GMT
Content-Type: image/png
Content-Length: 583
Connection: keep-alive
Last-Modified: Mon, 25 Jul 2022 18:00:54 GMT
ETag: "62deda56-247"
Expires: Sun, 18 Dec 2022 08:10:36 GMT
Cache-Control: max-age=2592000
Access-Control-Allow-Origin: *
CF-Cache-Status: HIT
Age: 11787
Accept-Ranges: bytes
Set-Cookie: __cf_bm=9ok6mIgBt3a7kxKSrfq2tZ6OpFD36tVvVlgDfzi4KIY-1668777875-0-AeU0RauyU1b3jWBPHejtwhgV/W5hwaHP261o2Ib88qiPXLuaHVU9JZg0OlEtEKOxtHIFYlUSRZfBmtD9dfXLv/A=; path=/; expires=Fri, 18-Nov-22 13:54:35 GMT; domain=.mediafire.com; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76c106fadd790b3d-OSL

static.mediafire.com/images/backgrounds/download/apps_list_sprite-v6.png

104.16.53.48

200 OK

8.1 kB

URL HTTP/1.1
static.mediafire.com/images/backgrounds/download/apps_list_sprite-v6.png
IP
104.16.53.48:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 36 x 828, 8-bit colormap, non-interlaced\012- data
Size
8.1 kB (8145 bytes)
Hash
d3df203853c4482e8753a856e13b0b07
bcee90ce0ef36a1aecdfc64596fee107b5a07a3a
dc54b817820f14ce6395ba2a037f37d4bb0af75d5b017336140793fbe2f7f738

HTTP Headers

GET /images/backgrounds/download/apps_list_sprite-v6.png HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mediafire.com/
Cookie: ukey=tbnil2tipza6d06ww21cnq2im7yy09zy; dx61=1; ad_count=1; conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-34%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FFirefox%22%2C%22mf_campaign%22%3A%22dxgbv1hgks8bd1p%22%2C%22mf_term%22%3A%22c562d2ec43420b28a00229c95aebab1c%22%7D

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 13:24:35 GMT
Content-Type: image/png
Content-Length: 8145
Connection: keep-alive
Last-Modified: Mon, 25 Jul 2022 18:00:54 GMT
ETag: "62deda56-1fd1"
Expires: Sun, 18 Dec 2022 12:12:07 GMT
Cache-Control: max-age=2592000
Access-Control-Allow-Origin: *
CF-Cache-Status: HIT
Age: 2282
Accept-Ranges: bytes
Set-Cookie: __cf_bm=T.x4943S7oh0ueM1L1S.q5oxjnoc7_9vWKivR7JW1KI-1668777875-0-AQOwm6y798GCN+4EBerKYal0p/8956r2OVEx1Oe1Q/wq2CVCLyAyu824sW+rOF16eiXlZ8M437b0LR+ax6noO3k=; path=/; expires=Fri, 18-Nov-22 13:54:35 GMT; domain=.mediafire.com; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76c106fadcc9fabc-OSL

static.mediafire.com/images/icons/svg_dark/check_circle_green.svg

104.16.53.48

200 OK

300 B

URL HTTP/1.1
static.mediafire.com/images/icons/svg_dark/check_circle_green.svg
IP
104.16.53.48:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document, ASCII text, with very long lines (444), with no line terminators
Size
300 B (300 bytes)
Hash
748ded416c9ac6cf3e6bf71899654ef4
f4c9e5092d30f4c19acb2150f58cd5829e0bdeed
2e81ec62e6a56b57437ae015adff93fb3e729e441755d3f58ebe3e39003aa487

HTTP Headers

GET /images/icons/svg_dark/check_circle_green.svg HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mediafire.com/
Cookie: ukey=tbnil2tipza6d06ww21cnq2im7yy09zy; dx61=1; ad_count=1; conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-34%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FFirefox%22%2C%22mf_campaign%22%3A%22dxgbv1hgks8bd1p%22%2C%22mf_term%22%3A%22c562d2ec43420b28a00229c95aebab1c%22%7D

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 13:24:35 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 25 Jul 2022 18:00:54 GMT
ETag: W/"62deda56-1bc"
Access-Control-Allow-Origin: *
CF-Cache-Status: HIT
Age: 9174
Set-Cookie: __cf_bm=D41.x91f6Hp6TvHwLQ7cWvp0ns6NiW6pxnfn9VYeVME-1668777875-0-Af0HjrgJP53hptdonEk4TQuPOmNoZx+lU15H/6ukR7/f7WlmF1vjKi+zSLoe4iDpF9/HVkj/qier6CDr5kR29IU=; path=/; expires=Fri, 18-Nov-22 13:54:35 GMT; domain=.mediafire.com; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76c106fadb0db4f1-OSL
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
16bbadb18616687351d4047aedc2ab45
979123c7ad6726befbbab2c07b50ecca31aa2d18
de8231c6ee426b7a76ebf574998dec11ce908efc0a745c2182fb7b61c5915e9a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-829541-1

142.250.74.168

200 OK

44 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-829541-1
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1921)
Size
44 kB (43640 bytes)
Hash
bf295bc3cea29481256694b2dd4e3d3a
79870ebe04abfeb130c4b063c014443bb6f65f1e
c2bd197c569ef7706c93c499b37cf0f216a862f7ef164e29b9ed7f5e23578f6f

HTTP Headers

GET /gtag/js?id=UA-829541-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 18 Nov 2022 13:24:35 GMT
expires: Fri, 18 Nov 2022 13:24:35 GMT
cache-control: private, max-age=900
last-modified: Fri, 18 Nov 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43640
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
5a2ff2788262c77ef63ed40510a67d1c
16d1a8d59e81bd045ae700771f59c9122de1da06
6aae4634384463c91c9fecbd00cd72163c7927f0b1a02ca10c6c2128b9dd4c55

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6182
Cache-Control: max-age=154869
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:35 GMT
Etag: "63772962-117"
Expires: Sun, 20 Nov 2022 08:25:44 GMT
Last-Modified: Fri, 18 Nov 2022 06:42:42 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279

static.mediafire.com/images/backgrounds/download/additional_content/flag.svg

104.16.53.48

200 OK

204 B

URL HTTP/1.1
static.mediafire.com/images/backgrounds/download/additional_content/flag.svg
IP
104.16.53.48:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with no line terminators
Size
204 B (204 bytes)
Hash
47d7d3db93bf1c6d312c0a1eea858eae
3add4272aec9039a339d1a1c8ab0a296d2e0f714
0571284e5e17e3e8108d921ccd12926cd2a5783bace1f254289cdd67e275e976

HTTP Headers

GET /images/backgrounds/download/additional_content/flag.svg HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mediafire.com/
Cookie: ukey=tbnil2tipza6d06ww21cnq2im7yy09zy; dx61=1; ad_count=1; conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-34%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FFirefox%22%2C%22mf_campaign%22%3A%22dxgbv1hgks8bd1p%22%2C%22mf_term%22%3A%22c562d2ec43420b28a00229c95aebab1c%22%7D

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 13:24:35 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 25 Jul 2022 18:00:54 GMT
ETag: W/"62deda56-ea"
Access-Control-Allow-Origin: *
CF-Cache-Status: HIT
Age: 2282
Set-Cookie: __cf_bm=8f3b_mlDipvB_RFQM6lMiL35X3qrwovX3sAl1Es_NDw-1668777875-0-AVJ4GJ/LnQaAPy9L2pNLdCKA9C2+xEaU1N7XQZKyWTnDSZZ6eOrBEn/8/BUWvP+Ng4MyxeNg4mhcoGFQeBD32Xg=; path=/; expires=Fri, 18-Nov-22 13:54:35 GMT; domain=.mediafire.com; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76c106fb8e100b3d-OSL
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
1bc4bf1d13d19fc8e8b3a55d99a7d720
d6c9a5751a88bdb0f8c7e4673e9938bb924ca938
97e32d2e521aff3ef5f7543012a033f1a47f6fd67bce050f745893278dd24562

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6232
Cache-Control: max-age=153130
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:35 GMT
Etag: "63772265-117"
Expires: Sun, 20 Nov 2022 07:56:45 GMT
Last-Modified: Fri, 18 Nov 2022 06:12:53 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279

btloader.com/tag?o=5678961798414336&upapi=true

104.26.7.139

200 OK

9.8 kB

URL HTTP/2
btloader.com/tag?o=5678961798414336&upapi=true
IP
104.26.7.139:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (12886)
Size
9.8 kB (9838 bytes)
Hash
92829d7101aa05e0273401f6d0fd23de
502ee8e5d35ad59f9de8454bf57dce1836d0be2c
f6b8e8f6ffe826e111e619844158edd934b0741aa59c958edc0f169dcc912697

HTTP Headers

GET /tag?o=5678961798414336&upapi=true HTTP/1.1
Host: btloader.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 18 Nov 2022 13:24:35 GMT
content-type: application/javascript
cache-control: public, max-age=300, must-revalidate, stale-if-error=86400
etag: W/"ac96e949c0fab4342765b8f6b531bc81"
last-modified: Fri, 18 Nov 2022 12:34:04 GMT
vary: Origin, Accept-Encoding
via: 1.1 google
cf-cache-status: HIT
age: 2974
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xSQo6ds%2BK1zDKucusVq4L0LEpiedIvE8rMoPjrztHd7Z0B6%2FOmcQaz2xUwPZn1ZxUDckzTw6gTzCTe%2FBZnR20LXhBmogucJiqopaA3DoAEBnP%2BLXq8KUgEpZlsjl9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76c106fb188d0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
af11bb94a0e548b9b4d9289dfb071ca0
a5126b377181a1cfa97f2615df8dff43a27cdadf
407405cc365ae725a1279b378736139fa6f29f5ebc32ea53e81f3a734bf78d03

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5492
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:35 GMT
Last-Modified: Fri, 18 Nov 2022 11:53:03 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
16bbadb18616687351d4047aedc2ab45
979123c7ad6726befbbab2c07b50ecca31aa2d18
de8231c6ee426b7a76ebf574998dec11ce908efc0a745c2182fb7b61c5915e9a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

static.mediafire.com/images/backgrounds/download/additional_content/world.svg

104.16.53.48

200 OK

54 kB

URL HTTP/1.1
static.mediafire.com/images/backgrounds/download/additional_content/world.svg
IP
104.16.53.48:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (25749)
Size
54 kB (53619 bytes)
Hash
39420d41720521a11d7702874b0f049d
03ea3f6b14b69be89446f623ef575b82ab51f941
05c7adadf096e46886f288b977e2905a49d9cae8ba5c15ebcc11a30aa5d67579

HTTP Headers

GET /images/backgrounds/download/additional_content/world.svg HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mediafire.com/
Cookie: ukey=tbnil2tipza6d06ww21cnq2im7yy09zy; dx61=1; ad_count=1; conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-34%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FFirefox%22%2C%22mf_campaign%22%3A%22dxgbv1hgks8bd1p%22%2C%22mf_term%22%3A%22c562d2ec43420b28a00229c95aebab1c%22%7D

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 13:24:35 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 25 Jul 2022 18:00:54 GMT
ETag: W/"62deda56-23ce2"
Access-Control-Allow-Origin: *
CF-Cache-Status: HIT
Age: 2350
Set-Cookie: __cf_bm=6lM22Hgcm5.w2VwgatQ4b_MJ_Ji8y5R.uV7zWvud4NE-1668777875-0-Afh1dTfZwU2rbwdJL+qETra6j4RlfNNVnqpGJNotSUTXt7UxJ9e8A0TPn8ERsrM2pBs0DL8oA95MrpRgZwfhkL4=; path=/; expires=Fri, 18-Nov-22 13:54:35 GMT; domain=.mediafire.com; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76c106fb8d46fabc-OSL
Content-Encoding: gzip

www.googletagmanager.com/gtm.js?id=GTM-53LP4T

142.250.74.168

200 OK

72 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-53LP4T
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (26731)
Size
72 kB (72081 bytes)
Hash
9d8bf068515351545ae0b4d5740c1b8c
0583325c16e3d0ca56c377485e5173b06c489dca
6686c56f84ff134eefe3a10935741c98d314fe81efa60734637323dd6bb3dff2

HTTP Headers

GET /gtm.js?id=GTM-53LP4T HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 18 Nov 2022 13:24:35 GMT
expires: Fri, 18 Nov 2022 13:24:35 GMT
cache-control: private, max-age=900
last-modified: Fri, 18 Nov 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 72081
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
fcb325525c6146064e6879e7c710646e
86e5328f301f143510bf2b31ffd8e2760cb1824f
6ee8d94ada7ed6dfff021400916bb0581212c0a67505f0b095a96d5296ae137f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2497
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:35 GMT
Last-Modified: Fri, 18 Nov 2022 12:42:58 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
fcb325525c6146064e6879e7c710646e
86e5328f301f143510bf2b31ffd8e2760cb1824f
6ee8d94ada7ed6dfff021400916bb0581212c0a67505f0b095a96d5296ae137f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4861
Cache-Control: max-age=162575
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:35 GMT
Etag: "63774ca6-118"
Expires: Sun, 20 Nov 2022 10:34:10 GMT
Last-Modified: Fri, 18 Nov 2022 09:13:10 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
1bc4bf1d13d19fc8e8b3a55d99a7d720
d6c9a5751a88bdb0f8c7e4673e9938bb924ca938
97e32d2e521aff3ef5f7543012a033f1a47f6fd67bce050f745893278dd24562

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6232
Cache-Control: max-age=153130
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:35 GMT
Etag: "63772265-117"
Expires: Sun, 20 Nov 2022 07:56:45 GMT
Last-Modified: Fri, 18 Nov 2022 06:12:53 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279

ad-delivery.net/px.gif?ch=2

104.26.2.70

200 OK

43 B

URL HTTP/2
ad-delivery.net/px.gif?ch=2
IP
104.26.2.70:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /px.gif?ch=2 HTTP/1.1
Host: ad-delivery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 18 Nov 2022 13:24:35 GMT
content-type: image/gif
content-length: 43
x-guploader-uploadid: ADPycdt6VCtqtIBnBTdsF1vvDPQfLazGd9ibEd203R5L043lLiuyTx5erfdDBO4fPOmvTjQfhaq1ovVTvyGIn5JVehsmeQ
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *
expires: Sat, 05 Nov 2022 18:30:05 GMT
cache-control: public, max-age=86400
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 1108397
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ozmtahRpiqUcEm0re0pcvd%2Bt1KY94bVeDVlLIdDKskFQNNuKHsGdHmlWdvEnINiWly%2B5GYrdqR%2Fhi9hcQf2hf%2Balo5kH5zg3PoW1UXlLgbf2Mfi0jmqToEopC6tx1xnPOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76c106fc1a21b51b-OSL
X-Firefox-Spdy: h2

ad-delivery.net/px.gif?ch=1&e=0.11961577523712519

104.26.2.70

200 OK

43 B

URL HTTP/2
ad-delivery.net/px.gif?ch=1&e=0.11961577523712519
IP
104.26.2.70:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /px.gif?ch=1&e=0.11961577523712519 HTTP/1.1
Host: ad-delivery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 18 Nov 2022 13:24:35 GMT
content-type: image/gif
content-length: 43
x-guploader-uploadid: ADPycdt6VCtqtIBnBTdsF1vvDPQfLazGd9ibEd203R5L043lLiuyTx5erfdDBO4fPOmvTjQfhaq1ovVTvyGIn5JVehsmeQ
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *
expires: Sat, 05 Nov 2022 18:30:05 GMT
cache-control: public, max-age=86400
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 1108397
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dgKDQsO5Vwf4DVBodO0UVBbgSKtSKUJlmOTMsGqsFqC%2Bd3oW6oB2G21o80tVd66tKOXcrqY40HkEnULe1cDfvurOGxCIF1FWFocrnmp7Ii6X5fX4rJYjeNl4BbECHfcOvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76c106fc1a23b51b-OSL
X-Firefox-Spdy: h2

www.facebook.com/plugins/like.php?href=http://www.facebook.com/MediaFire&width=193&layout=button_count&action=like&show_faces=false&share=true&height=30&appId=124578887583575

31.13.72.36

200 OK

0 B

URL HTTP/2
www.facebook.com/plugins/like.php?href=http://www.facebook.com/MediaFire&width=193&layout=button_count&action=like&show_faces=false&share=true&height=30&appId=124578887583575
IP
31.13.72.36:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /plugins/like.php?href=http://www.facebook.com/MediaFire&width=193&layout=button_count&action=like&show_faces=false&share=true&height=30&appId=124578887583575 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mediafire.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html;charset=utf-8
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-xss-protection: 0
x-fb-debug: +i9xuxY9ybz1aNVFJSidgh9aFkBFJWAmZ+aOuH0NtcqFqhxtWNDDEPsJczpg7zccQ9lj13JcCnjC8EabNRogjw==
content-length: 0
date: Fri, 18 Nov 2022 13:24:35 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
2365f0d1b36e104b453ea087fc9a4788
aacc4ddc81fee8856a1e954990a56da6e57e6726
145ce93d71b43ec20d05348f703a762a6a71ca72ac9b77df3fc3505a367f0113

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 13:24:35 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 15 Nov 2022 19:45:26 GMT
Expires: Tue, 22 Nov 2022 19:45:25 GMT
Etag: "aacc4ddc81fee8856a1e954990a56da6e57e6726"
Cache-Control: max-age=367849,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76c106fc2c4eb4f4-OSL

status.geotrust.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
status.geotrust.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9b3e4759737154bfe77d32c7946192cb
0ac5f6fbe18a1e9bb1259c5d4d05128b25254510
e709c032dd036dccf38f9391d69094eaefe1b9ec24769cd26a5a8b2b8f6fefbc

HTTP Headers

POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2069
Cache-Control: max-age=93892
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:35 GMT
Etag: "63764b42-1d7"
Expires: Sat, 19 Nov 2022 15:29:27 GMT
Last-Modified: Thu, 17 Nov 2022 14:54:58 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
74e6f5b98e37e7e066477a363fdb338d
5db5105c5b258737c4ee169aad0ea24a3255ada3
2083ffd7bbd95031c58f112d36cbe15a46449643b0b9eab3fc8fc0ad67b1594d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5136
Cache-Control: max-age=164260
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:35 GMT
Etag: "63775227-1d7"
Expires: Sun, 20 Nov 2022 11:02:15 GMT
Last-Modified: Fri, 18 Nov 2022 09:36:39 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
af11bb94a0e548b9b4d9289dfb071ca0
a5126b377181a1cfa97f2615df8dff43a27cdadf
407405cc365ae725a1279b378736139fa6f29f5ebc32ea53e81f3a734bf78d03

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5492
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:35 GMT
Last-Modified: Fri, 18 Nov 2022 11:53:03 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

mediafire-d.openx.net/w/1.0/arj?ju=http%3A%2F%2Fwww.mediafire.com%2Ffile%2Fdxgbv1hgks8bd1p%2F%40ryckzff.zip%2Ffile&ch=UTF-8&res=1280x1024x24&ifr=false&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=989765ac-c987-4cf7-93a1-fefda945cbe7%2C72fcdf12-9b4f-400d-ae35-500a914c8689%2C72f7669d-c36b-4081-83cf-e3d0c7872d4f%2C8dbfeaf4-325d-4e14-a180-6d603b0d0789%2Cb06a198c-b9cb-478a-b5ce-7cb5f14fb2d0&nocache=1668777874045&aus=728x90%7C336x280%2C300x250%7C336x280%2C300x250%7C728x90%7C728x90&divids=div-gpt-ad-1579280679906-0%2Cdiv-gpt-ad-1579280773917-0%2Cdiv-gpt-ad-1579280808862-0%2Cdiv-gpt-ad-1579280901640-0%2Cdiv-gpt-ad-1579281349230-0&aucs=div-gpt-ad-1579280679906-0%2Cdiv-gpt-ad-1579280773917-0%2Cdiv-gpt-ad-1579280808862-0%2Cdiv-gpt-ad-1579280901640-0%2Cdiv-gpt-ad-1579281349230-0&auid=539074863%2C539074864%2C539074865%2C539074866%2C539074866

34.98.64.218

200 OK

79 B

URL HTTP/2
mediafire-d.openx.net/w/1.0/arj?ju=http%3A%2F%2Fwww.mediafire.com%2Ffile%2Fdxgbv1hgks8bd1p%2F%40ryckzff.zip%2Ffile&ch=UTF-8&res=1280x1024x24&ifr=false&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=989765ac-c987-4cf7-93a1-fefda945cbe7%2C72fcdf12-9b4f-400d-ae35-500a914c8689%2C72f7669d-c36b-4081-83cf-e3d0c7872d4f%2C8dbfeaf4-325d-4e14-a180-6d603b0d0789%2Cb06a198c-b9cb-478a-b5ce-7cb5f14fb2d0&nocache=1668777874045&aus=728x90%7C336x280%2C300x250%7C336x280%2C300x250%7C728x90%7C728x90&divids=div-gpt-ad-1579280679906-0%2Cdiv-gpt-ad-1579280773917-0%2Cdiv-gpt-ad-1579280808862-0%2Cdiv-gpt-ad-1579280901640-0%2Cdiv-gpt-ad-1579281349230-0&aucs=div-gpt-ad-1579280679906-0%2Cdiv-gpt-ad-1579280773917-0%2Cdiv-gpt-ad-1579280808862-0%2Cdiv-gpt-ad-1579280901640-0%2Cdiv-gpt-ad-1579281349230-0&auid=539074863%2C539074864%2C539074865%2C539074866%2C539074866
IP
34.98.64.218:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text
Size
79 B (79 bytes)
Hash
f708c2100cead61abbe073b86204364c
681ca54148492402c1e5dc3037e309a1f5188d55
7fea2d264fcb1da6405443f20668eebe5e1578d9ed89a6aa5e786b0678c859a2

HTTP Headers

GET /w/1.0/arj?ju=http%3A%2F%2Fwww.mediafire.com%2Ffile%2Fdxgbv1hgks8bd1p%2F%40ryckzff.zip%2Ffile&ch=UTF-8&res=1280x1024x24&ifr=false&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=989765ac-c987-4cf7-93a1-fefda945cbe7%2C72fcdf12-9b4f-400d-ae35-500a914c8689%2C72f7669d-c36b-4081-83cf-e3d0c7872d4f%2C8dbfeaf4-325d-4e14-a180-6d603b0d0789%2Cb06a198c-b9cb-478a-b5ce-7cb5f14fb2d0&nocache=1668777874045&aus=728x90%7C336x280%2C300x250%7C336x280%2C300x250%7C728x90%7C728x90&divids=div-gpt-ad-1579280679906-0%2Cdiv-gpt-ad-1579280773917-0%2Cdiv-gpt-ad-1579280808862-0%2Cdiv-gpt-ad-1579280901640-0%2Cdiv-gpt-ad-1579281349230-0&aucs=div-gpt-ad-1579280679906-0%2Cdiv-gpt-ad-1579280773917-0%2Cdiv-gpt-ad-1579280808862-0%2Cdiv-gpt-ad-1579280901640-0%2Cdiv-gpt-ad-1579281349230-0&auid=539074863%2C539074864%2C539074865%2C539074866%2C539074866 HTTP/1.1
Host: mediafire-d.openx.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: http://www.mediafire.com
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept, Accept-Encoding
server: OXGW/0.0.0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
expires: Mon, 26 Jul 1997 05:00:00 GMT
date: Fri, 18 Nov 2022 13:24:35 GMT
content-type: application/json
content-length: 79
content-encoding: gzip
cache-control: private, max-age=0, no-cache
access-control-allow-origin: http://www.mediafire.com
access-control-allow-credentials: true
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

hbopenbid.pubmatic.com/translator?source=prebid-client

185.64.190.77

204 No Content

0 B

URL HTTP/2
hbopenbid.pubmatic.com/translator?source=prebid-client
IP
185.64.190.77:0
ASN
#62713 AS-PUBMATIC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /translator?source=prebid-client HTTP/1.1
Host: hbopenbid.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1917
Origin: http://www.mediafire.com
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: http://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
date: Fri, 18 Nov 2022 13:24:35 GMT
X-Firefox-Spdy: h2

status.geotrust.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
status.geotrust.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9b3e4759737154bfe77d32c7946192cb
0ac5f6fbe18a1e9bb1259c5d4d05128b25254510
e709c032dd036dccf38f9391d69094eaefe1b9ec24769cd26a5a8b2b8f6fefbc

HTTP Headers

POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2070
Cache-Control: max-age=93892
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Etag: "63764b42-1d7"
Expires: Sat, 19 Nov 2022 15:29:28 GMT
Last-Modified: Thu, 17 Nov 2022 14:54:58 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

www.mediafire.com/favicon.ico

104.16.54.48

200 OK

1.5 kB

URL HTTP/1.1
www.mediafire.com/favicon.ico
IP
104.16.54.48:0
ASN
#13335 CLOUDFLARENET

File type
MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 24x24, 8 bits/pixel\012- data
Size
1.5 kB (1459 bytes)
Hash
6b472b0c8ab8d2274a51755ff936a0f7
de4c3b0b30ff224d77da7a948920f2f26d1b2f91
9b449aabaaa0d0700a85bcd5ed84bd8a179553495846152d690b81807ba11f8b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file
Cookie: ukey=tbnil2tipza6d06ww21cnq2im7yy09zy; dx61=1; ad_count=1; conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-34%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FFirefox%22%2C%22mf_campaign%22%3A%22dxgbv1hgks8bd1p%22%2C%22mf_term%22%3A%22c562d2ec43420b28a00229c95aebab1c%22%7D

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 13:24:36 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Etag: W/"62deda56-2a46"
Expires: Fri, 16 Dec 2022 16:13:13 GMT
Last-Modified: Mon, 25 Jul 2022 18:00:54 GMT
CF-Cache-Status: HIT
Age: 162599
Set-Cookie: __cf_bm=FpHw4plotftuM2dUV.zpoFYdh0o6PNpHlWpo__US._s-1668777876-0-AaeNiLBg9Ouju1uKk4SMQ2hl0nPEbcpr1/bnErAJ21adE30bsy2JbhAVdx8eZU72WiQOPsJhnYClMv2kj2spNXY=; path=/; expires=Fri, 18-Nov-22 13:54:36 GMT; domain=.mediafire.com; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76c106fd696e1c12-OSL
Content-Encoding: gzip

cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js

54.230.245.185

200 OK

22 kB

URL HTTP/2
cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js
IP
54.230.245.185:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (65536), with no line terminators
Size
22 kB (22154 bytes)
Hash
660c3b546f2a131de50b69b91f26c636
70f80e7f10e1dd9180efe191ce92d28296ec9035
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

HTTP Headers

GET /libs/amplitude-8.5.0-min.gz.js HTTP/1.1
Host: cdn.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.mediafire.com
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
content-length: 22154
date: Tue, 06 Sep 2022 00:40:16 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
last-modified: Fri, 13 Aug 2021 22:37:42 GMT
etag: "660c3b546f2a131de50b69b91f26c636"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
content-encoding: gzip
x-amz-version-id: NY8_7uBz3xoXYJBVsMSBAGHOz8ixMBS3
accept-ranges: bytes
server: AmazonS3
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 1hZYAEAIDTkAJN-RvrjLwxrgvo7tE2x85DiB_NxPmcYfwx1kVBZ6Fg==
age: 6353060
X-Firefox-Spdy: h2

prebid.media.net/rtb/prebid?cid=8CUO2689O

34.107.148.139

200 OK

628 B

URL HTTP/2
prebid.media.net/rtb/prebid?cid=8CUO2689O
IP
34.107.148.139:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1228), with no line terminators
Size
628 B (628 bytes)
Hash
826e07da46e6f393baeb3ead16ba3257
921481bc5de2f4e486c00dbaaebfef25a1875a6b
fd1160a28a2804d83e2a6c237eed0b79e89ced662454bba00be4c82c22df28da

HTTP Headers

POST /rtb/prebid?cid=8CUO2689O HTTP/1.1
Host: prebid.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 2366
Origin: http://www.mediafire.com
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 13:24:36 GMT
content-type: application/json;charset=UTF-8
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
expires: Fri, 18 Nov 2022 13:24:35 GMT
access-control-allow-origin: http://www.mediafire.com
access-control-allow-credentials: true
content-encoding: gzip
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 18 Nov 2022 12:41:09 GMT
expires: Fri, 18 Nov 2022 14:41:09 GMT
cache-control: public, max-age=7200
age: 2607
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
987a8d0483563ca6c6faa59c9a4c6675
da30995169319ad71887a9ba62a0b514c94c653c
3a92b5c992d8b64ffd12507e8dcc0b7fa74215c2a3eefd4a9bafd25724b037c2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
eaa6a3200eda9bf5788df6d9eb04d84c
12efbb66692df6d76c1103b152808d751c0e49f1
6d815027ae40ea2603c0ed5adac0821cd5526f11c2eeb0ada5294b6f2ec3492d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c6dc157b01835e03130aa887b8416ccf
29af6109a46b26b0378fcee5f8702d79623c92f3
537641e802d5b5ee88042fa51ec3debff2325bb9d48d2bfeb3aecffd7f2c826b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

142.250.74.102

200 OK

1.0 kB

URL HTTP/2
ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
IP
142.250.74.102:0
ASN
#15169 GOOGLE

File type
data
Size
1.0 kB (1048 bytes)
Hash
1c0c806668d1fc068f6173bd708b081e
bf7e684dca79b7beab0749f00b63f909752cf97c
65b8516278379b93ca8212acfc3a8a1f00620e1261ccd7b4d6d204a200e509c4

HTTP Headers

GET /favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 104
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Fri, 18 Nov 2022 11:00:31 GMT
expires: Sat, 19 Nov 2022 11:00:31 GMT
cache-control: public, max-age=86400
last-modified: Tue, 08 May 2012 13:08:06 GMT
content-type: image/x-icon
age: 8645
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 18 Nov 2022 12:25:01 GMT
cache-control: public,max-age=3600
age: 3575
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

www.google-analytics.com/j/collect?v=1&_v=j98&a=940014414&t=pageview&_s=1&dl=http%3A%2F%2Fwww.mediafire.com%2Ffile%2Fdxgbv1hgks8bd1p%2F%40ryckzff.zip%2Ffile&ul=en-us&de=UTF-8&dt=%40ryckzff&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=2006554438&gjid=1497878021&cid=535517722.1668777874&tid=UA-829541-1&_gid=1152877631.1668777874&_r=1&gtm=2oub90&cd1=unregistered&cd7=legacy&cd3=archive&cd4=34&cd5=zip&cd8=%2F100%2F&z=1471767139

142.250.74.174

200 OK

2 B

URL HTTP/2
www.google-analytics.com/j/collect?v=1&_v=j98&a=940014414&t=pageview&_s=1&dl=http%3A%2F%2Fwww.mediafire.com%2Ffile%2Fdxgbv1hgks8bd1p%2F%40ryckzff.zip%2Ffile&ul=en-us&de=UTF-8&dt=%40ryckzff&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=2006554438&gjid=1497878021&cid=535517722.1668777874&tid=UA-829541-1&_gid=1152877631.1668777874&_r=1&gtm=2oub90&cd1=unregistered&cd7=legacy&cd3=archive&cd4=34&cd5=zip&cd8=%2F100%2F&z=1471767139
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

HTTP Headers

POST /j/collect?v=1&_v=j98&a=940014414&t=pageview&_s=1&dl=http%3A%2F%2Fwww.mediafire.com%2Ffile%2Fdxgbv1hgks8bd1p%2F%40ryckzff.zip%2Ffile&ul=en-us&de=UTF-8&dt=%40ryckzff&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=2006554438&gjid=1497878021&cid=535517722.1668777874&tid=UA-829541-1&_gid=1152877631.1668777874&_r=1&gtm=2oub90&cd1=unregistered&cd7=legacy&cd3=archive&cd4=34&cd5=zip&cd8=%2F100%2F&z=1471767139 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.mediafire.com
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: http://www.mediafire.com
date: Fri, 18 Nov 2022 13:24:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

securepubads.g.doubleclick.net/tag/js/gpt.js

216.58.207.194

200 OK

27 kB

URL HTTP/2
securepubads.g.doubleclick.net/tag/js/gpt.js
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40310)
Size
27 kB (27283 bytes)
Hash
480d5707a7849d76ec7e7dac26ac39ec
769e2a3ec0713053b4c01a89ac15bf5f8653f96e
4c170ef7bb849adc4fd5947a0523ada60a538455b37cc8fee8ec81882dea5070

HTTP Headers

GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27283
date: Fri, 18 Nov 2022 13:24:36 GMT
expires: Fri, 18 Nov 2022 13:24:36 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1395 / 229 of 1000 / last-modified: 1668773326"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c6dc157b01835e03130aa887b8416ccf
29af6109a46b26b0378fcee5f8702d79623c92f3
537641e802d5b5ee88042fa51ec3debff2325bb9d48d2bfeb3aecffd7f2c826b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
eaa6a3200eda9bf5788df6d9eb04d84c
12efbb66692df6d76c1103b152808d751c0e49f1
6d815027ae40ea2603c0ed5adac0821cd5526f11c2eeb0ada5294b6f2ec3492d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1d4/8WDrLhpUxOc

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/8WDrLhpUxOc
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f71a429a2a85a17bcd077f1d14e19253
5be9417d5dcad0f7d6fbd62d90b311a27a44f11b
dee440086dc1216fe278881ff3808d154bcf5037252501b76d4fa958ad04fb18

HTTP Headers

POST /s/gts1d4/8WDrLhpUxOc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1d4/8WDrLhpUxOc

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/8WDrLhpUxOc
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f71a429a2a85a17bcd077f1d14e19253
5be9417d5dcad0f7d6fbd62d90b311a27a44f11b
dee440086dc1216fe278881ff3808d154bcf5037252501b76d4fa958ad04fb18

HTTP Headers

POST /s/gts1d4/8WDrLhpUxOc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
987a8d0483563ca6c6faa59c9a4c6675
da30995169319ad71887a9ba62a0b514c94c653c
3a92b5c992d8b64ffd12507e8dcc0b7fa74215c2a3eefd4a9bafd25724b037c2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
987a8d0483563ca6c6faa59c9a4c6675
da30995169319ad71887a9ba62a0b514c94c653c
3a92b5c992d8b64ffd12507e8dcc0b7fa74215c2a3eefd4a9bafd25724b037c2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
61adc3498d869b6bf5d19f1499109962
77bd05da84d748bd9052aa9816675feac97ec1d8
4630295bbaedfcf523e18c7d85603363ed32cec7393d68176b45f350eca38e33

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fe40cc6ea871d80382b6082111393fbe
281f75d0a35dc8ef908bb0500e57abd86bd5388e
6d15422cdf7a6d72d06497188f27af893682314e82ac8a189a0ee2d798cb62d7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6567
Cache-Control: max-age=163907
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Etag: "63774b30-1d7"
Expires: Sun, 20 Nov 2022 10:56:23 GMT
Last-Modified: Fri, 18 Nov 2022 09:06:56 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

translate.googleapis.com/translate_static/css/translateelement.css

142.250.74.42

200 OK

3.6 kB

URL HTTP/2
translate.googleapis.com/translate_static/css/translateelement.css
IP
142.250.74.42:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (18670)
Size
3.6 kB (3619 bytes)
Hash
897ba9a21d9625286674da769dacc2e2
84b4923ab7dee562395160824d53496314499b77
696cbf5c2f3f1efae555562b72abbbb22bed02eff03d62074555cab241190ae0

HTTP Headers

GET /translate_static/css/translateelement.css HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 3619
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 18 Nov 2022 13:04:40 GMT
expires: Fri, 18 Nov 2022 14:04:40 GMT
cache-control: public, max-age=3600
age: 1196
last-modified: Wed, 17 Aug 2022 23:38:00 GMT
content-type: text/css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

api.btloader.com/pv?tid=YWEbckPi&w=5115845767331840&o=5678961798414336&cv=2.1.0&r=false&vr=1280x939&pageURL=http%3A%2F%2Fwww.mediafire.com%2Ffile%2Fdxgbv1hgks8bd1p%2F%40ryckzff.zip%2Ffile&upapi=true

130.211.23.194

204 No Content

0 B

URL HTTP/2
api.btloader.com/pv?tid=YWEbckPi&w=5115845767331840&o=5678961798414336&cv=2.1.0&r=false&vr=1280x939&pageURL=http%3A%2F%2Fwww.mediafire.com%2Ffile%2Fdxgbv1hgks8bd1p%2F%40ryckzff.zip%2Ffile&upapi=true
IP
130.211.23.194:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pv?tid=YWEbckPi&w=5115845767331840&o=5678961798414336&cv=2.1.0&r=false&vr=1280x939&pageURL=http%3A%2F%2Fwww.mediafire.com%2Ffile%2Fdxgbv1hgks8bd1p%2F%40ryckzff.zip%2Ffile&upapi=true HTTP/1.1
Host: api.btloader.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.mediafire.com
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
vary: Origin
date: Fri, 18 Nov 2022 13:24:36 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

api.btloader.com/country

130.211.23.194

200 OK

16 B

URL HTTP/2
api.btloader.com/country
IP
130.211.23.194:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
452880c1a375b8fba8c9499f0930d05f
ffe5484a23512c2a574d837fe2d3267b134e48c8
8b3383aa4c71f1d816bfaf33e3ef2e8ded067698a7798b9f306204d5777b140d

HTTP Headers

GET /country HTTP/1.1
Host: api.btloader.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.mediafire.com/
Origin: http://www.mediafire.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
cache-control: private, max-age=300, stale-while-revalidate=600, stale-if-error=600
content-type: application/json
vary: Origin
date: Fri, 18 Nov 2022 13:24:36 GMT
content-length: 16
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.qvkLIg6MEVc.O/d=1/exm=el_conf/ed=1/rs=AN8SPfoxsXHCM1CnEJ_o5xsmnbdq_po64A/m=el_main

142.250.74.42

200 OK

75 kB

URL HTTP/2
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.qvkLIg6MEVc.O/d=1/exm=el_conf/ed=1/rs=AN8SPfoxsXHCM1CnEJ_o5xsmnbdq_po64A/m=el_main
IP
142.250.74.42:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1613)
Size
75 kB (75035 bytes)
Hash
110765e1accf41111543c29721c78b52
3eeceb853d592a297162325f20f0420e136c875a
b5fb084ee4491e64fca48643106c0eb338212638caafdad88ff91e0d4198b589

HTTP Headers

GET /_/translate_http/_/js/k=translate_http.tr.no.qvkLIg6MEVc.O/d=1/exm=el_conf/ed=1/rs=AN8SPfoxsXHCM1CnEJ_o5xsmnbdq_po64A/m=el_main HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 75035
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Nov 2022 20:22:39 GMT
expires: Thu, 16 Nov 2023 20:22:39 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 12 Nov 2022 06:10:12 GMT
content-type: text/javascript; charset=UTF-8
age: 147717
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

translate.google.com/translate_a/element.js?cb=googFooterTranslate

142.250.74.46

200 OK

27 kB

URL HTTP/2
translate.google.com/translate_a/element.js?cb=googFooterTranslate
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type
data
Size
27 kB (26641 bytes)
Hash
324bdfac0efc2f855e2736fed86b2c5e
3ce6791eea7505c9c6d7c5cf78b362f899e43028
e417622836664b0cb2c3897a6b77c441bfa1cb198e1fe06c684ff85c6bbe0895

HTTP Headers

GET /translate_a/element.js?cb=googFooterTranslate HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.mediafire.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 18 Nov 2022 13:24:36 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+406; expires=Sun, 17-Nov-2024 13:24:36 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/8WDrLhpUxOc

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/8WDrLhpUxOc
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f71a429a2a85a17bcd077f1d14e19253
5be9417d5dcad0f7d6fbd62d90b311a27a44f11b
dee440086dc1216fe278881ff3808d154bcf5037252501b76d4fa958ad04fb18

HTTP Headers

POST /s/gts1d4/8WDrLhpUxOc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fundingchoicesmessages.google.com/f/AGSKWxXrjtEH6OsIEa1eMxJNrJTV18lP5XKGKMJi5rI13IlsGpcs5yT-0hk0wJuzpkaKFvH14rtURv0da3wnJCfhkp8=

142.250.74.46

200 OK

38 kB

URL HTTP/2
fundingchoicesmessages.google.com/f/AGSKWxXrjtEH6OsIEa1eMxJNrJTV18lP5XKGKMJi5rI13IlsGpcs5yT-0hk0wJuzpkaKFvH14rtURv0da3wnJCfhkp8=
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type
data
Size
38 kB (38463 bytes)
Hash
e7765df8515d32367ae34eb56c0ef9d9
869d3c9b9683f56a81dafaf61dcd7631bb06a0ef
b609aaffacd18341239af14ec809394885354d0146d7ef9aaa1159a69bc604fd

HTTP Headers

GET /f/AGSKWxXrjtEH6OsIEa1eMxJNrJTV18lP5XKGKMJi5rI13IlsGpcs5yT-0hk0wJuzpkaKFvH14rtURv0da3wnJCfhkp8= HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 18 Nov 2022 13:24:36 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-x3AJF-HG6Gv7-rhMfpEdcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-829541-1&cid=535517722.1668777874&jid=2006554438&gjid=1497878021&_gid=1152877631.1668777874&_u=YEBAAUAAAAAAACAAI~&z=69751791

142.251.1.157

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-829541-1&cid=535517722.1668777874&jid=2006554438&gjid=1497878021&_gid=1152877631.1668777874&_u=YEBAAUAAAAAAACAAI~&z=69751791
IP
142.251.1.157:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-829541-1&cid=535517722.1668777874&jid=2006554438&gjid=1497878021&_gid=1152877631.1668777874&_u=YEBAAUAAAAAAACAAI~&z=69751791 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.mediafire.com
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: http://www.mediafire.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 18 Nov 2022 13:24:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.comodoca.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.comodoca.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
0954428a52dfd1e84d7223adc66a5c18
df656938c55c15c26353eb6ab41da72e286a1287
ab52e7e501574631705b6310dca6dffcee4afe1db4987d46ff7ff251e093f432

HTTP Headers

POST / HTTP/1.1
Host: ocsp.comodoca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 13:24:36 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 16 Nov 2022 03:38:22 GMT
Expires: Wed, 23 Nov 2022 03:38:21 GMT
Etag: "df656938c55c15c26353eb6ab41da72e286a1287"
Cache-Control: max-age=603944,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 56
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76c107009a08fac4-OSL

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
71821131fa0825a241bb6f95ad63a26a
4c676dbf861c2fca225bd1b9620237246ddfc724
f2dbe2a5c73657c35a660931a44cda1c1641c5b277ceea3d8fd7b4bfcacaf5ce

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/images/branding/product/1x/translate_24dp.png

142.250.74.163

200 OK

846 B

URL HTTP/2
www.gstatic.com/images/branding/product/1x/translate_24dp.png
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
846 B (846 bytes)
Hash
e9cd262114358f26b7608b56905185dc
6dbde0a96deaab2b529723ce26c62043cf9180ab
5a861509b658aa24fc3aed2867ac3c061e7d818d90b9990959afc6d1b5d4ff99

HTTP Headers

GET /images/branding/product/1x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 846
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 18 Nov 2022 12:14:38 GMT
expires: Sat, 18 Nov 2023 12:14:38 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
age: 4198
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
71821131fa0825a241bb6f95ad63a26a
4c676dbf861c2fca225bd1b9620237246ddfc724
f2dbe2a5c73657c35a660931a44cda1c1641c5b277ceea3d8fd7b4bfcacaf5ce

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/images/branding/product/2x/translate_24dp.png

142.250.74.163

200 OK

1.8 kB

URL HTTP/2
www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1842 bytes)
Hash
c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

HTTP Headers

GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://translate.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 18 Nov 2022 12:20:07 GMT
expires: Sat, 18 Nov 2023 12:20:07 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
age: 3869
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
71821131fa0825a241bb6f95ad63a26a
4c676dbf861c2fca225bd1b9620237246ddfc724
f2dbe2a5c73657c35a660931a44cda1c1641c5b277ceea3d8fd7b4bfcacaf5ce

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

54.148.242.254

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.242.254:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vyEuxgdQlSY2LaxbOUirNQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kcgSbCHJcaxuxm69/lkQzbQXBwc=

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8f8f9454a97c380181251d836a9e5553
2a2b6dcc1988c0e2be539a796304d59c40fce5bc
e444de246c477d3f15217a390747532d1e74c5077e10d6d9a5d7a7595039ba60

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
feaeba711c7421b074e726f89ff34e0b
c590c0b76a7a78ab51a4dabcd8f20a1b172b02fb
ebe6e312ea7116713547fbd756805843b1c242ad22269158a79305f1819fa990

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

lh3.googleusercontent.com/YxmihnhFt54cZYUpI8Vki3ux02R2TgdxT2JLItC4sk0NMsB8q5xXuZr3KKhXns_325CVgfI3IAWpwJrMtsUf1HdwXaWps_lxmzvqH8R5aBB2P50trKqeLQ=h60

142.250.74.33

200 OK

12 kB

URL HTTP/2
lh3.googleusercontent.com/YxmihnhFt54cZYUpI8Vki3ux02R2TgdxT2JLItC4sk0NMsB8q5xXuZr3KKhXns_325CVgfI3IAWpwJrMtsUf1HdwXaWps_lxmzvqH8R5aBB2P50trKqeLQ=h60
IP
142.250.74.33:0
ASN
#15169 GOOGLE

File type
PNG image data, 366 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (12249 bytes)
Hash
f232511b689198ef4eac18e967da3040
38d0f3381708819be8db2df251be3e391a5b0ecf
cf7137aae8e21d7b4a5d0a322b25dfc27c7a1e9b1a06bb4d5f813ef9e3459df3

HTTP Headers

GET /YxmihnhFt54cZYUpI8Vki3ux02R2TgdxT2JLItC4sk0NMsB8q5xXuZr3KKhXns_325CVgfI3IAWpwJrMtsUf1HdwXaWps_lxmzvqH8R5aBB2P50trKqeLQ=h60 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 12249
x-xss-protection: 0
date: Fri, 18 Nov 2022 10:03:06 GMT
expires: Fri, 18 Nov 2022 01:57:56 GMT
cache-control: public, max-age=86400, no-transform
age: 12090
etag: "v1"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

142.250.74.10

200 OK

4.1 kB

URL HTTP/2
fonts.googleapis.com/css?family=Archivo|Arimo|Bitter|EB+Garamond|Lato|Libre+Baskerville|Libre+Franklin|Lora|Google+Sans:regular,medium|Material+Icons|Merriweather|Montserrat|Mukta|Muli|Nunito|Open+Sans:400,600,700|Open+Sans+Condensed:300,400,600,700|Oswald|Playfair+Display|Poppins|Raleway|Roboto|Roboto+Condensed|Roboto+Slab|Slabo+27px|Source+Sans+Pro|Ubuntu|Volkhov&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
4.1 kB (4061 bytes)
Hash
41644bccca3eb36c0f8e1026c76bbce2
b905740250f94b9c11773003b0ff266259189e16
a0ee1a620191d3861a0025b59ffcde7b345b3c48f2b536288ab10db69b08fdbc

HTTP Headers

GET /css?family=Archivo|Arimo|Bitter|EB+Garamond|Lato|Libre+Baskerville|Libre+Franklin|Lora|Google+Sans:regular,medium|Material+Icons|Merriweather|Montserrat|Mukta|Muli|Nunito|Open+Sans:400,600,700|Open+Sans+Condensed:300,400,600,700|Oswald|Playfair+Display|Poppins|Raleway|Roboto|Roboto+Condensed|Roboto+Slab|Slabo+27px|Source+Sans+Pro|Ubuntu|Volkhov&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 18 Nov 2022 13:24:36 GMT
date: Fri, 18 Nov 2022 13:24:36 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
feaeba711c7421b074e726f89ff34e0b
c590c0b76a7a78ab51a4dabcd8f20a1b172b02fb
ebe6e312ea7116713547fbd756805843b1c242ad22269158a79305f1819fa990

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
feaeba711c7421b074e726f89ff34e0b
c590c0b76a7a78ab51a4dabcd8f20a1b172b02fb
ebe6e312ea7116713547fbd756805843b1c242ad22269158a79305f1819fa990

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

api.amplitude.com/

52.11.249.51

200 OK

7 B

URL HTTP/2
api.amplitude.com/
IP
52.11.249.51:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
260ca9dd8a4577fc00b7bd5810298076
53a5687cb26dc41f2ab4033e97e13adefd3740d6
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

HTTP Headers

POST / HTTP/1.1
Host: api.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 1025
Origin: http://www.mediafire.com
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 18 Nov 2022 13:24:36 GMT
content-type: text/html;charset=utf-8
content-length: 7
access-control-allow-origin: *
access-control-allow-methods: GET, POST
trace-id: Root=1-63778794-3c82a7f54d98629a1d96ca8c
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/materialicons/v139/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

216.58.207.195

200 OK

128 kB

URL HTTP/2
fonts.gstatic.com/s/materialicons/v139/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 128352, version 1.0\012- data
Size
128 kB (128352 bytes)
Hash
53436aca8627a49f4deaaa44dc9e3c05
0bc0c675480d94ec7e8609dda6227f88c5d08d2c
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

HTTP Headers

GET /s/materialicons/v139/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.mediafire.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 128352
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Nov 2022 20:36:08 GMT
expires: Fri, 17 Nov 2023 20:36:08 GMT
cache-control: public, max-age=31536000
age: 60508
last-modified: Thu, 25 Aug 2022 00:26:06 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.195

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size
45 kB (44856 bytes)
Hash
565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

HTTP Headers

GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.mediafire.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Nov 2022 05:42:51 GMT
expires: Fri, 17 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 114105
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d3ba0eba720a8e5904bee6e804873c24
df1f9c79e39f777ab12225af0af60b9f26af6485
76500b32cbac4ad40e3f42c7dfd46832f3854ba88c3a6d5a9d2b5633e8e1f27b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

translate.google.com/gen204?sl=en&nca=te_ap&client=te&logld=vTE_20221115

142.250.74.46

204 No Content

0 B

URL HTTP/1.1
translate.google.com/gen204?sl=en&nca=te_ap&client=te&logld=vTE_20221115
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /gen204?sl=en&nca=te_ap&client=te&logld=vTE_20221115 HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mediafire.com/

HTTP/1.1 204 No Content
Content-Type: image/gif; charset=us-ascii
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cross-Origin-Resource-Policy: cross-origin
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport, script-src 'nonce--Oz5uZrBqfVO7WmmlCufmg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self'
Cross-Origin-Opener-Policy: same-origin; report-to="TranslateApiHttp"
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
Report-To: {"group":"TranslateApiHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/TranslateApiHttp/external"}]}
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

www.google.com/images/cleardot.gif

142.250.74.164

200 OK

43 B

URL HTTP/2
www.google.com/images/cleardot.gif
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

HTTP Headers

GET /images/cleardot.gif HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 43
date: Fri, 18 Nov 2022 13:24:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-829541-1&cid=535517722.1668777874&jid=2006554438&_u=YEBAAUAAAAAAACAAI~&z=678924952

142.250.74.164

200 OK

42 B

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-829541-1&cid=535517722.1668777874&jid=2006554438&_u=YEBAAUAAAAAAACAAI~&z=678924952
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-829541-1&cid=535517722.1668777874&jid=2006554438&_u=YEBAAUAAAAAAACAAI~&z=678924952 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 18 Nov 2022 13:24:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
eb5405ca08a5b1038b26ae8f2e3788f3
3341c3d5bed51686ed6c8d85aa59c59a27c652a3
6ffea4a38a9fc074321b874bce4a78eefbf657f1f2a05897fb32d0a9bffa08a1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c15be7bf1c6987951ddd348d6f6b4db1
9faac1fb81abc8fce6d4ae81777c76b8bc11e9b0
7f1d01e3fc0b69e331fd30326ea8fd9b1e3e06a0a93ae4768e7addd03a121025

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-829541-1&cid=535517722.1668777874&jid=2006554438&_u=YEBAAUAAAAAAACAAI~&z=678924952

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-829541-1&cid=535517722.1668777874&jid=2006554438&_u=YEBAAUAAAAAAACAAI~&z=678924952
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-829541-1&cid=535517722.1668777874&jid=2006554438&_u=YEBAAUAAAAAAACAAI~&z=678924952 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 18 Nov 2022 13:24:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
eb5405ca08a5b1038b26ae8f2e3788f3
3341c3d5bed51686ed6c8d85aa59c59a27c652a3
6ffea4a38a9fc074321b874bce4a78eefbf657f1f2a05897fb32d0a9bffa08a1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 13:24:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.mediafire.com/cdn-cgi/rum?

104.16.54.48

204 No Content

0 B

URL HTTP/1.1
www.mediafire.com/cdn-cgi/rum?
IP
104.16.54.48:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: www.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
content-type: application/json
Content-Length: 18634
Origin: http://www.mediafire.com
Connection: keep-alive
Referer: http://www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file
Cookie: ukey=tbnil2tipza6d06ww21cnq2im7yy09zy; dx61=1; ad_count=1; conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-34%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FFirefox%22%2C%22mf_campaign%22%3A%22dxgbv1hgks8bd1p%22%2C%22mf_term%22%3A%22c562d2ec43420b28a00229c95aebab1c%22%7D; amp_28916b=7epdxyyLCpu2mQBJqJ57LH...1gi5ej4v8.1gi5ej4va.0.1.1; _ga=GA1.2.535517722.1668777874; _gid=GA1.2.1152877631.1668777874; _gat_gtag_UA_829541_1=1

HTTP/1.1 204 No Content
Date: Fri, 18 Nov 2022 13:24:37 GMT
Connection: keep-alive
access-control-allow-origin: http://www.mediafire.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
Server: cloudflare
CF-RAY: 76c10703a8921c12-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5836
Expires: Fri, 18 Nov 2022 15:01:53 GMT
Date: Fri, 18 Nov 2022 13:24:37 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5836
Expires: Fri, 18 Nov 2022 15:01:53 GMT
Date: Fri, 18 Nov 2022 13:24:37 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5836
Expires: Fri, 18 Nov 2022 15:01:53 GMT
Date: Fri, 18 Nov 2022 13:24:37 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5836
Expires: Fri, 18 Nov 2022 15:01:53 GMT
Date: Fri, 18 Nov 2022 13:24:37 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F484ffe7b-1073-4220-bf53-ccbfc7e9654e.webp

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F484ffe7b-1073-4220-bf53-ccbfc7e9654e.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8884 bytes)
Hash
14649d486602810c1b218b96b27b2cc4
96c6cbfe31e7247c64dfa8c3759967627f8c6286
80f5d7573fd2bf4e6a6038ebf1335d159ad37c391ee539918455963d6ee88654

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F484ffe7b-1073-4220-bf53-ccbfc7e9654e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8884
x-amzn-requestid: 3739b8f5-bb0c-4798-a931-e955dd6df81d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-MiGFxoAMFlxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376aa50-74c24a2f737634b655a5b47c;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:40:32 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: d_bLYyZzi1phYwQ2e5uvUmzO0GuvNu9Ubi2PQ0ChilQJegKr3uUiRw==
via: 1.1 79880188a81becf1687ba18c0e064230.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 22:08:13 GMT
age: 54984
etag: "96c6cbfe31e7247c64dfa8c3759967627f8c6286"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.8 kB (3759 bytes)
Hash
5d0b6106f00f9fd8b89c2d484a559a1a
399ac393209dcdac7d2188d7aa8d95f04570ef7c
5d8151c9eb558f4a2b8bd2952c6845606ddb0c27e36f6e49aca7e60908cd9fe4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3759
x-amzn-requestid: 8c91ac59-89dc-4218-b69f-0cebb29f301b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-wJHgxoAMF-hQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab33-4dac305614a92bc52c038222;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:44:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mb2-PTjNmt06Wd5jOjQ5WoLY-0NgI80CKPXtwgzBt4n5km8Pu_WN0Q==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 22:08:54 GMT
age: 54943
etag: "399ac393209dcdac7d2188d7aa8d95f04570ef7c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10349 bytes)
Hash
7d16e5ff718353c095d266b080fe547f
fa7c5c9a1d16355859196271f3d13f3850931888
9a94d8eb20cc56d0898b1e2b80c0006ebbef75c15ad94e907050c5be4e19a960

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10349
x-amzn-requestid: fc85e078-a81a-4fed-899e-15249961f59c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-7tHGLIAMF00Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab7d-4224d193517794684fcdc0ad;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:45:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UK-XD_8EcfPwfLb-QVwfLr8aG-sqVBoUJcbPb5hKAlQS68eOxdgM5g==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 22:05:52 GMT
age: 55125
etag: "fa7c5c9a1d16355859196271f3d13f3850931888"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11667 bytes)
Hash
032386e5c9dffff1ba1ee5e8a322d438
dd4fd6c803a9b333bace9a541c6bd183d0c56bb9
0e9f559a0aa7e114c5810a27ba243c0da7b44dc0bf7aec2b7ab32b8f0e2b536c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11667
x-amzn-requestid: 4778d1bd-28c3-4665-89da-046e356087f0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bjyD1HE-oAMF0QQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637163b1-53c7330c5fd36d3c4d9e6aed;Sampled=0
x-amzn-remapped-date: Sun, 13 Nov 2022 21:37:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: CHi9V7-WaWmG6Y0249CZJnhe_RjvleaGFVXoOnJ62cjrcXoLLKwzgw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 07:20:30 GMT
age: 21847
etag: "dd4fd6c803a9b333bace9a541c6bd183d0c56bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12065 bytes)
Hash
05289172c1455c4134e496c6f4606efd
ce1bb33256b0754f9acc01e7e9f3e5dc85f89244
a8b4411a0310cc376efe2aec7c0830b8d3b63b8827631b0ff43ec092f1f80f82

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12065
x-amzn-requestid: 45c97153-71c7-4985-a1ad-fc21a509d153
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-K5FyVIAMFtDg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376aa45-0f9d22dd544a4580570f3089;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: dxT2WJB7m5tUhgBn2PwTIN4Zskzm3X7CW-29hl1nCyNPbKt5j6q5iA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 22:02:57 GMT
age: 55300
etag: "ce1bb33256b0754f9acc01e7e9f3e5dc85f89244"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.3 kB (6344 bytes)
Hash
a9d32fa3866dd741de610a61a93ad893
4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e
4492338de536cfae6fb42fd37170c60f4fbc281a2a924efe6d2b5af352cd102c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6344
x-amzn-requestid: cac35b04-be3b-4ae1-bb5e-8cedcd7a7db4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: btqOVFCXIAMFcOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63755728-45c28fa333b748520be29b57;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 21:33:28 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: RQqPegf6sdVW0qmrGnUo6EORLuT7BRikwhtF08LAxWNCpLGwGZnG8Q==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 b48dedcc55e63f14261aa92cf2d61522.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:34:03 GMT
age: 57034
etag: "4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936

23.38.200.201

200 OK

5.5 kB

URL HTTP/2
ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
IP
23.38.200.201:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document, ASCII text, with very long lines (15844), with no line terminators
Size
5.5 kB (5549 bytes)
Hash
7725e8e949141c8ded449d86975d4c04
8cd8c314a2002cc26f821d331ab9512f52a551a2
a0c49aacf6f552bce544eb8516404f696918253cd934a6404ebeafd71f8780ae

HTTP Headers

GET /AdServer/js/user_sync.html?kdntuid=1&p=158936 HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mediafire.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=78093
expires: Sat, 19 Nov 2022 11:06:12 GMT
date: Fri, 18 Nov 2022 13:24:39 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2

contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C77%2C38%2C182%2C261%2C141%2C262%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1

23.38.200.22

200 OK

8.3 kB

URL HTTP/2
contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C77%2C38%2C182%2C261%2C141%2C262%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
IP
23.38.200.22:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (18979)
Size
8.3 kB (8257 bytes)
Hash
5523f72f327c43b56a8c233f710342d2
df2b41081e44420270482e03c2062656aac8c3ce
c1447d9db798db41a98de9d51afc0d943d98facdf17b444224617505b60498c5

HTTP Headers

GET /checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C77%2C38%2C182%2C261%2C141%2C262%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1 HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mediafire.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Sun, 20 Nov 2022 13:24:39 GMT
date: Fri, 18 Nov 2022 13:24:39 GMT
content-length: 8257
X-Firefox-Spdy: h2

image6.pubmatic.com/AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB

185.64.190.78

200 OK

60 B

URL HTTP/2
image6.pubmatic.com/AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB
IP
185.64.190.78:0
ASN
#62713 AS-PUBMATIC

File type
ASCII text, with no line terminators
Size
60 B (60 bytes)
Hash
a6a1d03705f891aa69114272157f3f10
d8d8e92490601a8f27b52a93ea424b5004163f4d
3ea920461068f7bf333722b55c30c340c4dfe3e37080f2db8dd0543995ccb51a

HTTP Headers

GET /AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB HTTP/1.1
Host: image6.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.pubmatic.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=UTF-8
expires: Thu, 16 Feb 2023 04:44:58 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Fri, 18 Nov 2022 13:24:39 GMT
content-length: 60
X-Firefox-Spdy: h2

ads.pubmatic.com/AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3D5E48D576-D1A4-48FD-9A16-A011EDEA808E%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID

23.38.200.201

200 OK

953 B

URL HTTP/2
ads.pubmatic.com/AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3D5E48D576-D1A4-48FD-9A16-A011EDEA808E%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID
IP
23.38.200.201:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document, ASCII text, with very long lines (1720), with no line terminators
Size
953 B (953 bytes)
Hash
499546dec064c08e4c7c354bab138f7f
f155d071d071e4e7c1d45e22943915df9d9f2b75
1a9219bc3962479cfa6ff0ca64e2f810aab8b816ae4f937b252d0ca044d693b4

HTTP Headers

GET /AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3D5E48D576-D1A4-48FD-9A16-A011EDEA808E%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://simage4.pubmatic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 17 Aug 2016 09:36:32 GMT
etag: "fa18f0-6b8-53a413358bd01"
server: Apache
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 953
content-type: text/html; charset=UTF-8
cache-control: max-age=21741
expires: Fri, 18 Nov 2022 19:27:00 GMT
date: Fri, 18 Nov 2022 13:24:39 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2

www.mediafire.com/cdn-cgi/rum?

104.16.54.48

204 No Content

0 B

URL HTTP/1.1
www.mediafire.com/cdn-cgi/rum?
IP
104.16.54.48:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: www.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 776
Origin: http://www.mediafire.com
Connection: keep-alive
Referer: http://www.mediafire.com/file/dxgbv1hgks8bd1p/@ryckzff.zip/file
Cookie: ukey=tbnil2tipza6d06ww21cnq2im7yy09zy; dx61=1; ad_count=1; conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-34%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FFirefox%22%2C%22mf_campaign%22%3A%22dxgbv1hgks8bd1p%22%2C%22mf_term%22%3A%22c562d2ec43420b28a00229c95aebab1c%22%7D; amp_28916b=7epdxyyLCpu2mQBJqJ57LH...1gi5ej4v8.1gi5ej4va.0.1.1; _ga=GA1.2.535517722.1668777874; _gid=GA1.2.1152877631.1668777874; _gat_gtag_UA_829541_1=1

HTTP/1.1 204 No Content
Date: Fri, 18 Nov 2022 13:24:44 GMT
Connection: keep-alive
access-control-allow-origin: http://www.mediafire.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
Server: cloudflare
CF-RAY: 76c107307c931c12-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff

simage4.pubmatic.com/AdServer/SPug?o=1&p=158936&sc=1&u=5E48D576-D1A4-48FD-9A16-A011EDEA808E&rs=3&gdpr=0&gdpr_consent=&us_privacy=

198.47.127.20

200 OK

0 B

URL HTTP/2
simage4.pubmatic.com/AdServer/SPug?o=1&p=158936&sc=1&u=5E48D576-D1A4-48FD-9A16-A011EDEA808E&rs=3&gdpr=0&gdpr_consent=&us_privacy=
IP
198.47.127.20:0
ASN
#62713 AS-PUBMATIC

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /AdServer/SPug?o=1&p=158936&sc=1&u=5E48D576-D1A4-48FD-9A16-A011EDEA808E&rs=3&gdpr=0&gdpr_consent=&us_privacy= HTTP/1.1
Host: simage4.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site

HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 13:24:38 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2

static.mediafire.com/images/backgrounds/download/social/fb_16x16.png

0 B

URL
static.mediafire.com/images/backgrounds/download/social/fb_16x16.png
IP
:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/backgrounds/download/social/fb_16x16.png HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mediafire.com/
Cookie: ukey=tbnil2tipza6d06ww21cnq2im7yy09zy; dx61=1; ad_count=1; conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-34%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FFirefox%22%2C%22mf_campaign%22%3A%22dxgbv1hgks8bd1p%22%2C%22mf_term%22%3A%22c562d2ec43420b28a00229c95aebab1c%22%7D

cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0

104.19.215.37

200 OK

0 B

URL HTTP/2
cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0
IP
104.19.215.37:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0 HTTP/1.1
Host: cdn.otnolatrnup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 18 Nov 2022 13:24:35 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, no-transform, max-age=900
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
last-modified: Fri, 18 Nov 2022 13:16:48 GMT
cf-cache-status: HIT
age: 193
server: cloudflare
cf-ray: 76c106fbb9beb51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993

104.16.56.101

200 OK

0 B

URL HTTP/2
static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
IP
104.16.56.101:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.mediafire.com
Connection: keep-alive
Referer: http://www.mediafire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 18 Nov 2022 13:24:35 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2022.10.1
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 76c106fbad240b31-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (44)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations