Report - 205.196.123.171/i98rantcvtlg/6qbdkvwx3kbr6p4/images

Report Overview

URL

205.196.123.171/i98rantcvtlg/6qbdkvwx3kbr6p4/images_977523742.jpeg.exe
IP

205.196.123.171

ASN

#46179 MEDIAFIRE
Submitted

2023-06-03T02:09:56Z

Access

public
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

41
Threat Detection Systems

1

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.pki.goog (12)	175	2018-07-01 08:43:07	2023-06-02 18:12:05	3996	8390	142.250.74.3
static.mediafire.com (23)	47565	2017-12-11 22:20:42	2023-06-02 21:57:17	18767	462114	104.16.54.48
www.googletagmanager.com (3)	75	2013-05-22 04:07:37	2023-06-02 19:28:07	1319	200794	142.250.74.168
fundingchoicesmessages.google.com (5)	2397	2019-01-16 16:59:52	2023-06-02 18:15:13	3132	53543	216.58.211.14
lh3.googleusercontent.com (1)	66	2012-05-22 09:35:05	2023-06-02 18:12:09	547	12778	142.250.74.97
fonts.googleapis.com (2)	8877	2013-06-10 22:14:26	2023-06-02 22:31:04	892	7976	142.250.74.106
translate.googleapis.com (3)	1005	2012-05-31 09:21:21	2023-06-02 22:36:03	1520	79126	142.250.74.106
translate.google.com (2)	1156	2012-05-30 03:30:32	2023-06-02 18:15:29	950	30176	216.58.211.14
205.196.123.171 (1)	unknown	2017-02-02 00:50:51	2023-01-25 23:24:56	442	219	205.196.123.171
ajax.googleapis.com (1)	12905	2013-08-16 11:51:31	2023-06-03 01:10:33	434	34829	142.250.74.74
fonts.gstatic.com (5)	unknown	2014-09-09 02:40:21	2023-06-03 00:31:03	2696	201098	142.250.74.35
www.google.no (1)	25607	2016-04-05 21:50:59	2023-06-03 01:06:10	526	578	142.250.74.131
region1.analytics.google.com (1)	unknown	2022-03-17 12:26:33	2023-06-02 21:31:55	946	448	216.239.34.36
translate-pa.googleapis.com (1)	1620	2021-11-04 07:37:42	2023-06-02 20:51:45	533	2285	142.250.74.106
ocsp.sectigo.com (1)	487	2019-11-29 12:50:24	2023-06-02 21:58:38	330	964	104.18.14.101
www.mediafire.com (11)	30109	2012-05-22 04:29:38	2023-06-02 21:57:17	9390	249882	104.16.54.48
www.google.com (2)	7	2015-05-10 13:11:19	2023-06-02 22:22:18	856	1771	142.250.74.132
static.cloudflareinsights.com (2)	1294	2019-09-24 16:34:56	2023-06-02 18:22:53	1014	89268	104.16.57.101
www.gstatic.com (9)	unknown	2016-07-26 11:37:06	2023-06-02 20:40:44	4739	192895	142.250.74.67

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-03T02:09:38Z	medium	Client IP	205.196.123.171	ET INFO Executable Download from dotted-quad Host
2023-06-03T02:09:38Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:38Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:38Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:38Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:38Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:38Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:38Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:38Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:38Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:38Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:39Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:39Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:39Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:39Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:39Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:39Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:39Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:39Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:39Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:40Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:40Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:40Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:40Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:40Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:40Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:40Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:40Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:40Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:40Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:40Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:40Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:40Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:41Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:41Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:47Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:47Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:47Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:47Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:48Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2023-06-03T02:09:53Z	medium	Client IP	Internal IP	ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-06-03	medium	205.196.123.171

ThreatFox

No alerts detected

HTTP Transactions (86)

URL IP Response Size

ocsp.sectigo.com/

104.18.14.101

472

URL

ocsp.sectigo.com/
IP

104.18.14.101:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

472
Hash

6d2e90c71f43fd9b5d6fb4ac948f2cf5

f1e9c825747d10ace7f1ab3d0e3e35eafc0e23fe

0b7c423c4f48cb4474506f7b70e5eb8a57d45a85c9de96931d9344cb6e29d856

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Sat, 03 Jun 2023 02:09:37 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 30 May 2023 19:44:50 GMT
Expires: Tue, 06 Jun 2023 19:44:49 GMT
Etag: "f1e9c825747d10ace7f1ab3d0e3e35eafc0e23fe"
Cache-Control: max-age=322007,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7d14652399a5fab4-OSL

205.196.123.171/i98rantcvtlg/6qbdkvwx3kbr6p4/images_977523742.jpeg.exe

205.196.123.171

URL

205.196.123.171/i98rantcvtlg/6qbdkvwx3kbr6p4/images_977523742.jpeg.exe
IP

205.196.123.171:0
ASN

#46179 MEDIAFIRE

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO Executable Download from dotted-quad Host

HTTP Headers

                                        GET /i98rantcvtlg/6qbdkvwx3kbr6p4/images_977523742.jpeg.exe HTTP/1.1
Host: 205.196.123.171
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 302 Found
server: bd-0.1.24
location: http://www.mediafire.com/download_repair.php?flag=4&dkey=i98rantcvtlg&qkey=6qbdkvwx3kbr6p4&ip=91%2E90%2E42%2E154
content-length: 0
date: Sat, 03 Jun 2023 02:09:37 GMT

www.mediafire.com/images/icons/myfiles/default.png

104.16.54.48

363

URL

www.mediafire.com/images/icons/myfiles/default.png
IP

104.16.54.48:0
ASN

#13335 CLOUDFLARENET

Magic

PNG image data, 42 x 42, 8-bit gray+alpha, non-interlaced\012- data

Size

363
Hash

853e3c671adabbc17b0ad9929d507085

d778bef4963b1359a96fc44be0f5154b47b065b6

873b28a0419545d56f83b0e1cc449ce219f35c579bb7ce2cdf2d8fd6d374a2f1

HTTP Headers

                                        GET /images/icons/myfiles/default.png HTTP/1.1
Host: www.mediafire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/download_repair.php?flag=4&dkey=i98rantcvtlg&qkey=6qbdkvwx3kbr6p4&ip=91%2E90%2E42%2E154
Cookie: ukey=l5wxcvm05ogqpuol81rt9lgxcm5ph70q; dr_6qbdkvwx3kbr6p4=1; __cf_bm=q3yag1s23BE6eAZ5g6hkYWL.sKGCZQOHWV40bvNbuSw-1685758178-0-AdvqeKZKe2e0WSOHjfPKQABnfKSsj9M+SF+K7NU7NMNl384zK/2GKrYuxhi/cCXow4htRtNfuC0icbbS4mF6I4M=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 03 Jun 2023 02:09:38 GMT
content-type: image/png
content-length: 363
access-control-allow-origin: *
cache-control: max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=424
etag: "62deda56-1a8"
expires: Sun, 02 Jul 2023 23:18:18 GMT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
cf-cache-status: HIT
age: 8318
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d14652a4cb3b51d-OSL
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

471

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

59c3867d9f5fd9389049d65e30b3140f

733ba18dbdb9e1ec222f89af50428f64eadea277

022d0866c2f9d769d33aef591161014da7977d261c62fda2493a58a600daa8ef

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Jun 2023 02:09:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

471

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

89cf78789180bd118e9b97dad5ed4053

820d2363f5e826f226de0eb9ad170cb135e1b1fd

3effb60c74b1b0e55a5bddd1aa2d3daae71e18e14f273e38cc57db481cc7d04c

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Jun 2023 02:09:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

471

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

59c3867d9f5fd9389049d65e30b3140f

733ba18dbdb9e1ec222f89af50428f64eadea277

022d0866c2f9d769d33aef591161014da7977d261c62fda2493a58a600daa8ef

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Jun 2023 02:09:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

static.mediafire.com/images/backgrounds/header/mf_logo_u1_full_color.svg

104.16.54.48

2557

URL

static.mediafire.com/images/backgrounds/header/mf_logo_u1_full_color.svg
IP

104.16.54.48:0
ASN

#13335 CLOUDFLARENET

Magic

gzip compressed data, from Unix\012- data

Size

2557
Hash

0e5c16b3b7d0ff0357c6083a3ab925fa

618c74c6a411b7d4f871a8bdbc5774c73e9b6d2b

35fabbd20e478eb9bcac7e68c49fde1b3e94156415c6b12767ba599e5be5dd7d

HTTP Headers

                                        GET /images/backgrounds/header/mf_logo_u1_full_color.svg HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/
Cookie: ukey=l5wxcvm05ogqpuol81rt9lgxcm5ph70q; dr_6qbdkvwx3kbr6p4=1; __cf_bm=q3yag1s23BE6eAZ5g6hkYWL.sKGCZQOHWV40bvNbuSw-1685758178-0-AdvqeKZKe2e0WSOHjfPKQABnfKSsj9M+SF+K7NU7NMNl384zK/2GKrYuxhi/cCXow4htRtNfuC0icbbS4mF6I4M=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 03 Jun 2023 02:09:38 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-121c"
access-control-allow-origin: *
cf-cache-status: HIT
age: 8318
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d14652a4cb1b51d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

142.250.74.74

200 OK

33845

URL GET HTTP/3

ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
IP

142.250.74.74:443
ASN

#15169 GOOGLE

Requested by

https://www.mediafire.com/error.php?errno=320&origin=download
Certificate

IssuerGoogle Trust Services LLC

Subjectupload.video.google.com

Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0

ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

Magic

HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)

Size

33845
Hash

b8d64d0bc142b3f670cc0611b0aebcae

abcd2ba13348f178b17141b445bc99f1917d47af

47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4

HTTP Headers

                                        GET /ajax/libs/jquery/1.7.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33845
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Jun 2023 18:34:05 GMT
expires: Fri, 31 May 2024 18:34:05 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 113734
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/recaptcha/api.js

142.250.74.132

556

URL

www.google.com/recaptcha/api.js
IP

142.250.74.132:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (850), with no line terminators

Size

556
Hash

df783ce1aff114831a54f9f75f41f66c

33148dcdac51d1a72787969900203bc0316ff82f

f75b96abf98a7f4874b54f268b85ba2b2fa261741afa891097537bcfa1e73fd3

HTTP Headers

                                        GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
expires: Sat, 03 Jun 2023 02:09:39 GMT
date: Sat, 03 Jun 2023 02:09:39 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 556
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-829541-1

142.250.74.168

47370

URL

www.googletagmanager.com/gtag/js?id=UA-829541-1
IP

142.250.74.168:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (2271)

Size

47370
Hash

0b0c7a34a167ff608ee2c633b996f4a1

fc531c4fcb8e8775890655230ba32a64f95e54ad

5d37e5ed7cfd1fa00788ae71e37101c6252218c4a2fa06d4b648d8b079332611

HTTP Headers

                                        GET /gtag/js?id=UA-829541-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 03 Jun 2023 02:09:39 GMT
expires: Sat, 03 Jun 2023 02:09:39 GMT
cache-control: private, max-age=900
last-modified: Sat, 03 Jun 2023 00:05:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 47370
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.mediafire.com/js/master_121908.js

104.16.54.48

200 OK

152564

URL GET HTTP/2

static.mediafire.com/js/master_121908.js
IP

104.16.54.48:443
ASN

#13335 CLOUDFLARENET

Requested by

https://www.mediafire.com/error.php?errno=320&origin=download
Certificate

IssuerSectigo Limited

Subject*.mediafire.com

Fingerprint21:E7:A1:51:5C:8B:3A:28:A0:31:00:00:E5:21:7D:E9:25:A0:30:53

ValidityTue, 30 Aug 2022 00:00:00 GMT - Sat, 30 Sep 2023 23:59:59 GMT

Magic

gzip compressed data, from Unix\012- data

Size

152564
Hash

f1a8c65bc2496073c1428e1a1c61e1b3

72b534b5bb1109002c14becb9846ee900a3cbc99

14f9027ddec5884e7bd91194acdc10b5d82d113afb5423534a059439ebbf6385

HTTP Headers

                                        GET /js/master_121908.js HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/
Cookie: ukey=l5wxcvm05ogqpuol81rt9lgxcm5ph70q; dr_6qbdkvwx3kbr6p4=1; __cf_bm=q3yag1s23BE6eAZ5g6hkYWL.sKGCZQOHWV40bvNbuSw-1685758178-0-AdvqeKZKe2e0WSOHjfPKQABnfKSsj9M+SF+K7NU7NMNl384zK/2GKrYuxhi/cCXow4htRtNfuC0icbbS4mF6I4M=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 03 Jun 2023 02:09:38 GMT
content-type: application/x-javascript
last-modified: Mon, 22 May 2023 17:22:43 GMT
vary: Accept-Encoding
etag: W/"646ba4e3-8d735"
expires: Sun, 02 Jul 2023 19:11:45 GMT
cache-control: max-age=2592000
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 14307
server: cloudflare
cf-ray: 7d14652a4cb5b51d-OSL
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

471

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

0affd42f3b881bc89a46594868663e52

03ca33c099bbc747c00360101c6ca6e21810aa07

1a1eb9e073803bd3864fdc023b727bcdd97df9074a2b8a657769da4a8b858d97

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Jun 2023 02:09:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

static.mediafire.com/css/mfv4_121908.php?ver=ssl&date=2023-06-02

104.16.54.48

53512

URL

static.mediafire.com/css/mfv4_121908.php?ver=ssl&date=2023-06-02
IP

104.16.54.48:0
ASN

#13335 CLOUDFLARENET

Magic

gzip compressed data, from Unix\012- data

Size

53512
Hash

1cedf94a881293a42533772294cd944a

0cac10d93b5f79a28d334d8d2212421654535b20

c79dc4f15616900387cf6812b453b3e96df71ef3e36d0cc7d117f8ed9f6019d4

HTTP Headers

                                        GET /css/mfv4_121908.php?ver=ssl&date=2023-06-02 HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/
Cookie: ukey=l5wxcvm05ogqpuol81rt9lgxcm5ph70q; dr_6qbdkvwx3kbr6p4=1; __cf_bm=q3yag1s23BE6eAZ5g6hkYWL.sKGCZQOHWV40bvNbuSw-1685758178-0-AdvqeKZKe2e0WSOHjfPKQABnfKSsj9M+SF+K7NU7NMNl384zK/2GKrYuxhi/cCXow4htRtNfuC0icbbS4mF6I4M=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 03 Jun 2023 02:09:38 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
pragma: public
cache-control: max-age=
expires: Sat, 17 Jun 2023 01:00:12 GMT
content-encoding: gzip
access-control-allow-origin: *
last-modified: Sat, 03 Jun 2023 01:00:12 GMT
cf-cache-status: HIT
age: 2953
server: cloudflare
cf-ray: 7d14652a3ca6b51d-OSL
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:800,700,400,300

142.250.74.106

1230

URL

fonts.googleapis.com/css?family=Open+Sans:800,700,400,300
IP

142.250.74.106:0
ASN

#15169 GOOGLE

Magic

gzip compressed data, max compression\012- data

Size

1230
Hash

a33dbc9b85279bb8d23d5d1be0297ba0

9190205a82deb5eb9b145eb6b5df5300fddb4df2

d35526d668c5a86a5dd3e2ff728f501c0ebbafc48989712cdff3e61c839af39d

HTTP Headers

                                        GET /css?family=Open+Sans:800,700,400,300 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Jun 2023 02:09:39 GMT
date: Sat, 03 Jun 2023 02:09:39 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-53LP4T

142.250.74.168

76284

URL

www.googletagmanager.com/gtm.js?id=GTM-53LP4T
IP

142.250.74.168:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (27705)

Size

76284
Hash

46ea4d856ca269a259ce7ba5372aea27

5cc31be9a893c200fd5599db815fd17b16c496e8

0a9b4528e98002005515b0f28ad611d32e77d689a742283636a198db5f24a025

HTTP Headers

                                        GET /gtm.js?id=GTM-53LP4T HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 03 Jun 2023 02:09:39 GMT
expires: Sat, 03 Jun 2023 02:09:39 GMT
cache-control: private, max-age=900
last-modified: Sat, 03 Jun 2023 00:05:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76284
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ocsp.pki.goog/gts1c3

142.250.74.3

471

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

4657e1301201c546b03bf8a42be0e1a4

561ed76fd2c38e8107da101d54546e44b219e539

b7c25875352ba1d913c952fc778770209c663f8b7bb3a33b40532b1910938c73

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Jun 2023 02:09:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816

104.16.57.101

200 OK

55247

URL GET HTTP/2

static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816
IP

104.16.57.101:443
ASN

#13335 CLOUDFLARENET

Requested by

https://www.mediafire.com/error.php?errno=320&origin=download
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint89:79:35:ED:04:A2:CA:50:F7:9A:B8:FE:DF:A5:0C:B1:F2:E6:DD:E8

ValidityMon, 10 Apr 2023 00:00:00 GMT - Tue, 09 Apr 2024 23:59:59 GMT

Magic

gzip compressed data, from Unix\012- data

Size

55247
Hash

8306840f0cfaf58782b6fd84cc2bba2b

f7039cec03bf86829413dacadc96715b95ad2168

ccd4fbfa5f84b990e2148e16209bfc13626d7b34b69b1ca9c667b4c8812542e1

HTTP Headers

                                        GET /beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.mediafire.com
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Sat, 03 Jun 2023 02:09:38 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2023.4.2
last-modified: Mon, 17 Apr 2023 20:41:48 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d14652a98f31bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

471

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

a94a6bf69a5bda20a5a497cff9a93636

fa3de38b0755fc024d6d35dfd833ac95eb79a5f3

64a989eaabc52262e244b627bbc4efd123a8079b8d2499f2f7cf80fa914c801e

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Jun 2023 02:09:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.35

200 OK

48412

URL GET HTTP/3

fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP

142.250.74.35:443
ASN

#15169 GOOGLE

Requested by

https://www.mediafire.com/error.php?errno=320&origin=download
Certificate

IssuerGoogle Trust Services LLC

Subject*.gstatic.com

FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5

ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

Magic

Web Open Font Format (Version 2), TrueType, length 48412, version 1.0\012- data

Size

48412
Hash

31a8297826cdcea344698ff952694a7f

4fa1ee4c471d1c05e9141855eec5ee09b898d594

7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5

HTTP Headers

                                        GET /s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.mediafire.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48412
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Jun 2023 11:49:35 GMT
expires: Fri, 31 May 2024 11:49:35 GMT
cache-control: public, max-age=31536000
age: 138004
last-modified: Tue, 02 May 2023 15:08:53 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

471

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

a94a6bf69a5bda20a5a497cff9a93636

fa3de38b0755fc024d6d35dfd833ac95eb79a5f3

64a989eaabc52262e244b627bbc4efd123a8079b8d2499f2f7cf80fa914c801e

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Jun 2023 02:09:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.mediafire.com/cdn-cgi/challenge-platform/scripts/invisible.js

104.16.54.48

2175

URL

www.mediafire.com/cdn-cgi/challenge-platform/scripts/invisible.js
IP

104.16.54.48:0
ASN

#13335 CLOUDFLARENET

Magic

gzip compressed data, max speed\012- data

Size

2175
Hash

35e9d2205f1c0b703a851d75671c3411

ac050d4d08c423fea6c3448a6e5b6d5e5d486b57

8c806063e5933b07483e1cf7e417fb1758c235838be72c982c673a34c5e8eaf0

HTTP Headers

                                        GET /cdn-cgi/challenge-platform/scripts/invisible.js HTTP/1.1
Host: www.mediafire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ukey=l5wxcvm05ogqpuol81rt9lgxcm5ph70q; dr_6qbdkvwx3kbr6p4=1; __cf_bm=q3yag1s23BE6eAZ5g6hkYWL.sKGCZQOHWV40bvNbuSw-1685758178-0-AdvqeKZKe2e0WSOHjfPKQABnfKSsj9M+SF+K7NU7NMNl384zK/2GKrYuxhi/cCXow4htRtNfuC0icbbS4mF6I4M=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 302 Found
date: Sat, 03 Jun 2023 02:09:39 GMT
content-encoding: gzip
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/68662470/invisible.js
access-control-allow-origin: *
cache-control: max-age=300, public
vary: accept-encoding
server: cloudflare
cf-ray: 7d14652d4e77b51d-OSL
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js

142.250.74.67

166449

URL

www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js
IP

142.250.74.67:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (660)

Size

166449
Hash

95a32a4d8f8be968bc15d6ab9b9491d1

fbfbcb40c8d8997096cd2ea3d8cfc3dee1981015

a41096fbcf982d79bf075bf2378c9c0c2e8ada5bdc94bd7cc794454135ccf981

HTTP Headers

                                        GET /recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.mediafire.com
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 166449
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Jun 2023 13:27:11 GMT
expires: Sat, 01 Jun 2024 13:27:11 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 May 2023 20:58:33 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 45748
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/68662470/invisible.js

104.16.54.48

22278

URL

www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/68662470/invisible.js
IP

104.16.54.48:0
ASN

#13335 CLOUDFLARENET

Magic

gzip compressed data, max speed\012- data

Size

22278
Hash

5c5f3c890f5fcb904f074019e1cf00ae

842f0fa503ea2ca83cb8635d48b13342aa55ec51

e3a3f137fff4ce113660c7584db200ea2a9fe36cbbf71ecf783615421b1262bb

HTTP Headers

                                        GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/68662470/invisible.js HTTP/1.1
Host: www.mediafire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ukey=l5wxcvm05ogqpuol81rt9lgxcm5ph70q; dr_6qbdkvwx3kbr6p4=1; __cf_bm=q3yag1s23BE6eAZ5g6hkYWL.sKGCZQOHWV40bvNbuSw-1685758178-0-AdvqeKZKe2e0WSOHjfPKQABnfKSsj9M+SF+K7NU7NMNl384zK/2GKrYuxhi/cCXow4htRtNfuC0icbbS4mF6I4M=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 03 Jun 2023 02:09:39 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
cache-control: max-age=14400, public
vary: accept-encoding
server: cloudflare
cf-ray: 7d14652d9e9cb51d-OSL
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

471

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

37666b9ccb9ec1632df818aa5b9c30ce

73a1cc9b50fa59f3262e6b0577d70514ae639adf

d62cc75cd09bd1a62debedc6273aec0e8206c45fc993553253627a3464f46d57

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Jun 2023 02:09:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.vneFu3d_4ck.L.F4.O/d=0/rs=AN8SPfrNa1b9K5rCmaIpu9SqE3A5sBDBfg/m=el_main_css

142.250.74.67

200 OK

4205

URL GET HTTP/3

www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.vneFu3d_4ck.L.F4.O/d=0/rs=AN8SPfrNa1b9K5rCmaIpu9SqE3A5sBDBfg/m=el_main_css
IP

142.250.74.67:443
ASN

#15169 GOOGLE

Requested by

https://www.mediafire.com/error.php?errno=320&origin=download
Certificate

IssuerGoogle Trust Services LLC

Subject*.gstatic.com

FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5

ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

Magic

ASCII text, with very long lines (23228), with no line terminators

Size

4205
Hash

edf649e1b11a33833272345187bd4eec

73427e2ab282e5f89021e1c7d20f83eaf9830283

553d768412bca504a0c8771705f681dad359370bdcea637298ca5aa486017a06

HTTP Headers

                                        GET /_/translate_http/_/ss/k=translate_http.tr.vneFu3d_4ck.L.F4.O/d=0/rs=AN8SPfrNa1b9K5rCmaIpu9SqE3A5sBDBfg/m=el_main_css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 4205
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Jun 2023 21:45:55 GMT
expires: Fri, 31 May 2024 21:45:55 GMT
cache-control: public, max-age=31536000
last-modified: Sun, 12 Mar 2023 00:11:57 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
age: 102224
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c

142.250.74.168

75285

URL

www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c
IP

142.250.74.168:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (5858)

Size

75285
Hash

aeff6daf0d9acf833986033b45e3e065

ee3a60bb5eca2ec770eddde8a3abd9027d191a35

fc7f9dd9bd386cf49cee0ec9805f38248375b5dfe1968216e2f07d477a82aaef

HTTP Headers

                                        GET /gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 03 Jun 2023 02:09:39 GMT
expires: Sat, 03 Jun 2023 02:09:39 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75285
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.Z9dw9iEydtA.O/d=1/exm=el_conf/ed=1/rs=AN8SPfoJ3YppZh9vnjOb_SBu68tCOE-MXQ/m=el_main

142.250.74.106

200 OK

76232

URL GET HTTP/3

translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.Z9dw9iEydtA.O/d=1/exm=el_conf/ed=1/rs=AN8SPfoJ3YppZh9vnjOb_SBu68tCOE-MXQ/m=el_main
IP

142.250.74.106:443
ASN

#15169 GOOGLE

Requested by

https://www.mediafire.com/error.php?errno=320&origin=download
Certificate

IssuerGoogle Trust Services LLC

Subjectupload.video.google.com

Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0

ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

Magic

ASCII text, with very long lines (1573)

Size

76232
Hash

e573f520bd8dcdfb40e91a9e0e66e527

7182f9fdf1d72c2f42cbbfda617cb81e34a44044

366f944dab73002110a6add4e66a3eb915695bc4f1244da14080a4bc248880c6

HTTP Headers

                                        GET /_/translate_http/_/js/k=translate_http.tr.no.Z9dw9iEydtA.O/d=1/exm=el_conf/ed=1/rs=AN8SPfoJ3YppZh9vnjOb_SBu68tCOE-MXQ/m=el_main HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 76232
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Jun 2023 20:10:36 GMT
expires: Fri, 31 May 2024 20:10:36 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 31 May 2023 15:11:29 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 107944
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fundingchoicesmessages.google.com/el/AGSKWxU-rFf8IPq34m2TKDgpJ7ZrMuasowSCbxS54R3434rO9mp89aqVrgxoZolGF_PfXIQ_cFIWVQgnTzvJcT_-cRU=?pvid=F26D1945-EDA1-4F1C-9AEC-5278F60CEC06

216.58.211.14

URL

fundingchoicesmessages.google.com/el/AGSKWxU-rFf8IPq34m2TKDgpJ7ZrMuasowSCbxS54R3434rO9mp89aqVrgxoZolGF_PfXIQ_cFIWVQgnTzvJcT_-cRU=?pvid=F26D1945-EDA1-4F1C-9AEC-5278F60CEC06
IP

216.58.211.14:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        POST /el/AGSKWxU-rFf8IPq34m2TKDgpJ7ZrMuasowSCbxS54R3434rO9mp89aqVrgxoZolGF_PfXIQ_cFIWVQgnTzvJcT_-cRU=?pvid=F26D1945-EDA1-4F1C-9AEC-5278F60CEC06 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 72
Origin: https://www.mediafire.com
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 204 No Content
content-type: text/html; charset=utf-8
access-control-allow-methods: POST, GET, OPTIONS
access-control-max-age: 86400
access-control-allow-origin: https://www.mediafire.com
access-control-allow-credentials: true
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 03 Jun 2023 02:09:40 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-QgY9YFJa1hqpb1M_P2FFgA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cross-origin-opener-policy: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ocsp.pki.goog/gts1c3

142.250.74.3

472

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

b3c06338e2b5a3f3a39a462bf17a5020

77fc5ce7ba58c4c30d89cae96832fcd30f85a8d9

0987b3e3c408ca107b2ab329ea179b1965bf00ce9357eadd66102bc55838f299

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Jun 2023 02:09:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

142.250.74.35

200 OK

3340

URL GET HTTP/3

fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
IP

142.250.74.35:443
ASN

#15169 GOOGLE

Requested by

https://www.mediafire.com/error.php?errno=320&origin=download
Certificate

IssuerGoogle Trust Services LLC

Subject*.gstatic.com

FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5

ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

Magic

SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (6225), with no line terminators

Size

3340
Hash

2bd5c073a88b83ed74db88282a56ddfb

d0ebfc376f8c6a44a8d4cd216817dcd7d0c33650

ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

HTTP Headers

                                        GET /s/i/productlogos/translate/v14/24px.svg HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-length: 3340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 27 May 2023 08:05:11 GMT
expires: Sun, 26 May 2024 08:05:11 GMT
cache-control: public, max-age=31536000
age: 583469
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fundingchoicesmessages.google.com/el/AGSKWxU-rFf8IPq34m2TKDgpJ7ZrMuasowSCbxS54R3434rO9mp89aqVrgxoZolGF_PfXIQ_cFIWVQgnTzvJcT_-cRU=?pvid=F26D1945-EDA1-4F1C-9AEC-5278F60CEC06

216.58.211.14

URL

fundingchoicesmessages.google.com/el/AGSKWxU-rFf8IPq34m2TKDgpJ7ZrMuasowSCbxS54R3434rO9mp89aqVrgxoZolGF_PfXIQ_cFIWVQgnTzvJcT_-cRU=?pvid=F26D1945-EDA1-4F1C-9AEC-5278F60CEC06
IP

216.58.211.14:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        POST /el/AGSKWxU-rFf8IPq34m2TKDgpJ7ZrMuasowSCbxS54R3434rO9mp89aqVrgxoZolGF_PfXIQ_cFIWVQgnTzvJcT_-cRU=?pvid=F26D1945-EDA1-4F1C-9AEC-5278F60CEC06 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 65
Origin: https://www.mediafire.com
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 204 No Content
content-type: text/html; charset=utf-8
access-control-allow-methods: POST, GET, OPTIONS
access-control-max-age: 86400
access-control-allow-origin: https://www.mediafire.com
access-control-allow-credentials: true
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 03 Jun 2023 02:09:40 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'nonce-3u3esl_G_VKzCR9DSd10oQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=708704389.1685758180&gtm=45je35v0&aip=1&z=2002308509

142.250.74.131

URL

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=708704389.1685758180&gtm=45je35v0&aip=1&z=2002308509
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

GIF image data, version 89a, 1 x 1\012- data

Size

42
Hash

d89746888da2d9510b64a9f031eaecd5

d5fceb6532643d0d84ffe09c40c481ecdf59e15a

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

                                        GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=708704389.1685758180&gtm=45je35v0&aip=1&z=2002308509 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 03 Jun 2023 02:09:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png

142.250.74.67

200 OK

910

URL GET HTTP/3

www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png
IP

142.250.74.67:443
ASN

#15169 GOOGLE

Requested by

https://www.mediafire.com/error.php?errno=320&origin=download
Certificate

IssuerGoogle Trust Services LLC

Subject*.gstatic.com

FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5

ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

Magic

PNG image data, 42 x 16, 8-bit/color RGBA, non-interlaced\012- data

Size

910
Hash

efa6bb2bfe459bc6f4bdafa3db0383f6

52d15ce52fe50643e542c17812de43f4ed1b6ee0

6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2

HTTP Headers

                                        GET /images/branding/googlelogo/1x/googlelogo_color_42x16dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 910
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 27 May 2023 17:48:40 GMT
expires: Sun, 26 May 2024 17:48:40 GMT
cache-control: public, max-age=31536000
age: 548460
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ocsp.pki.goog/gts1c3

142.250.74.3

472

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

b3c06338e2b5a3f3a39a462bf17a5020

77fc5ce7ba58c4c30d89cae96832fcd30f85a8d9

0987b3e3c408ca107b2ab329ea179b1965bf00ce9357eadd66102bc55838f299

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Jun 2023 02:09:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/images/branding/product/2x/translate_24dp.png

142.250.74.67

200 OK

1842

URL GET HTTP/3

www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP

142.250.74.67:443
ASN

#15169 GOOGLE

Requested by

https://www.mediafire.com/error.php?errno=320&origin=download
Certificate

IssuerGoogle Trust Services LLC

Subject*.gstatic.com

FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5

ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

Magic

PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data

Size

1842
Hash

c69c796362406f9e11c7f4bf5bb628da

e489ce95ab56208090868882113d7416abf46775

4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

HTTP Headers

                                        GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.vneFu3d_4ck.L.F4.O/d=0/rs=AN8SPfrNa1b9K5rCmaIpu9SqE3A5sBDBfg/m=el_main_css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Jun 2023 08:02:55 GMT
expires: Fri, 31 May 2024 08:02:55 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
age: 151605
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fundingchoicesmessages.google.com/el/AGSKWxXn7-BOyw5c7-Yytm7mAkuz9fvZTMyTXtiz4VdVXR5A4wLyjsyIMMLynhu0oIXn8KJ7ECGuxngx9ubkFz3kU95LsgPtkcT48Qrz9Zdr195d2tRmbbvTKUJzvYhgqzv8UAea3HT5Hg==?pvid=F26D1945-EDA1-4F1C-9AEC-5278F60CEC06

216.58.211.14

URL

fundingchoicesmessages.google.com/el/AGSKWxXn7-BOyw5c7-Yytm7mAkuz9fvZTMyTXtiz4VdVXR5A4wLyjsyIMMLynhu0oIXn8KJ7ECGuxngx9ubkFz3kU95LsgPtkcT48Qrz9Zdr195d2tRmbbvTKUJzvYhgqzv8UAea3HT5Hg==?pvid=F26D1945-EDA1-4F1C-9AEC-5278F60CEC06
IP

216.58.211.14:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        POST /el/AGSKWxXn7-BOyw5c7-Yytm7mAkuz9fvZTMyTXtiz4VdVXR5A4wLyjsyIMMLynhu0oIXn8KJ7ECGuxngx9ubkFz3kU95LsgPtkcT48Qrz9Zdr195d2tRmbbvTKUJzvYhgqzv8UAea3HT5Hg==?pvid=F26D1945-EDA1-4F1C-9AEC-5278F60CEC06 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 72
Origin: https://www.mediafire.com
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 204 No Content
content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-methods: POST, GET, OPTIONS
access-control-max-age: 86400
access-control-allow-origin: https://www.mediafire.com
access-control-allow-credentials: true
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 03 Jun 2023 02:09:40 GMT
cross-origin-opener-policy: same-origin
content-security-policy: script-src 'nonce-apRDrP0Jldh7VzrZoQ3r3A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js

104.16.54.48

3213

URL

www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js
IP

104.16.54.48:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with very long lines (5672), with no line terminators

Size

3213
Hash

ad30af4444ee9a4f4b18a89b9b689abb

b46e59771e112c4ed8d4f08ea4e74becc2e660d5

ef1f8b4cf540dfd420d81c949277152775513c6d33c7c55179f9a5104bf66876

HTTP Headers

                                        GET /cdn-cgi/challenge-platform/h/g/scripts/pica.js HTTP/1.1
Host: www.mediafire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/templates/upgrade/upgrade_button.php
Cookie: ukey=l5wxcvm05ogqpuol81rt9lgxcm5ph70q; dr_6qbdkvwx3kbr6p4=1; __cf_bm=DHr2UC58XBqt4EPzqZCYwXXi5Td4Vfegw8z8a8lQCg4-1685758180-0-AQcMzBFjv98hB4gPw9fkgIcH2iNRNX2Z9ao7h+cQB+z6PM85sZeMZy5woC7x8wZbnOnn4nzDg8+8rwIoVWhtBoEkP0W25whnXGKx+OhfEOly1wBuOdSPUifQWXPW+RbVBfbMj93Tl+7tQ/702gTV7Eo=; _ga_K68XP6D85D=GS1.1.1685758179.1.0.1685758179.60.0.0; _ga=GA1.1.708704389.1685758180
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 03 Jun 2023 02:09:40 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
cache-control: max-age=14400, public
vary: accept-encoding
server: cloudflare
cf-ray: 7d146533da4cb51d-OSL
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

471

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

8d565a8ed959d361e2e2516102a05b61

e1798024b095dc140c828faa0e6d922761b58a99

d47f90b7f6724090ba060ef463fe52edf70d150cb1cbee61ee19b88145bd948b

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Jun 2023 02:09:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

lh3.googleusercontent.com/YxmihnhFt54cZYUpI8Vki3ux02R2TgdxT2JLItC4sk0NMsB8q5xXuZr3KKhXns_325CVgfI3IAWpwJrMtsUf1HdwXaWps_lxmzvqH8R5aBB2P50trKqeLQ=h60

142.250.74.97

12249

URL

lh3.googleusercontent.com/YxmihnhFt54cZYUpI8Vki3ux02R2TgdxT2JLItC4sk0NMsB8q5xXuZr3KKhXns_325CVgfI3IAWpwJrMtsUf1HdwXaWps_lxmzvqH8R5aBB2P50trKqeLQ=h60
IP

142.250.74.97:0
ASN

#15169 GOOGLE

Magic

PNG image data, 366 x 60, 8-bit/color RGBA, non-interlaced\012- data

Size

12249
Hash

f232511b689198ef4eac18e967da3040

38d0f3381708819be8db2df251be3e391a5b0ecf

cf7137aae8e21d7b4a5d0a322b25dfc27c7a1e9b1a06bb4d5f813ef9e3459df3

HTTP Headers

                                        GET /YxmihnhFt54cZYUpI8Vki3ux02R2TgdxT2JLItC4sk0NMsB8q5xXuZr3KKhXns_325CVgfI3IAWpwJrMtsUf1HdwXaWps_lxmzvqH8R5aBB2P50trKqeLQ=h60 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mediafire.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
x-content-type-options: nosniff
server: fife
content-length: 12249
x-xss-protection: 0
date: Sat, 03 Jun 2023 00:45:32 GMT
expires: Sun, 04 Jun 2023 00:45:32 GMT
cache-control: public, max-age=86400, no-transform
age: 5048
etag: "v1"
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

471

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

8d565a8ed959d361e2e2516102a05b61

e1798024b095dc140c828faa0e6d922761b58a99

d47f90b7f6724090ba060ef463fe52edf70d150cb1cbee61ee19b88145bd948b

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Jun 2023 02:09:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

region1.analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je35v0&_p=1544395445&_gaz=1&cid=708704389.1685758180&ul=en-us&sr=1280x1024&_s=1&sid=1685758179&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Fdownload_repair.php%3Fflag%3D4%26dkey%3Di98rantcvtlg%26qkey%3D6qbdkvwx3kbr6p4%26ip%3D91%252E90%252E42%252E154&dt=File%20sharing%20and%20storage%20made%20simple&en=page_view&_fv=1&_nsi=1&_ss=1&up.page_url=https%3A%2F%2Fwww.mediafire.com%2Fdownload_repair.php%3Fflag%3D4%26dkey%3Di98rantcvtlg%26qkey%3D6qbdkvwx3kbr6p4%26ip%3D91%252E90%252E42%252E154

216.239.34.36

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (15)

#1 JS:Script (size: 94840)

#2 JS:Script (size: 17)

#3 JS:Script (size: 223)

#4 JS:Script (size: 79721)

#5 JS:Script (size: 379)

#6 JS:Script (size: 569)

#7 JS:Script (size: 579381)

#8 JS:Script (size: 1017)

#9 JS:Script (size: 19927)

#10 JS:Script (size: 217674)

#11 JS:Script (size: 698)

#1 JS:Write (size: 27)

#2 JS:Write (size: 3003)

#3 JS:Write (size: 462)

#4 JS:Write (size: 462)

HTTP Transactions (86)

URL

IP

ASN

Magic

Size

Hash

HTTP Headers

URL

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

Magic

Size

Hash

HTTP Headers

URL

IP

ASN

Magic

Size

Hash

HTTP Headers

URL

IP

ASN

Magic

Size

Hash

HTTP Headers

URL

IP

ASN

Magic