mediafire.ec/en/kLUBGxTSbNvFs9g/file
173.212.242.246301 Moved Permanently 252 B URL HTTP/1.1 mediafire.ec/en/kLUBGxTSbNvFs9g/file
IP 173.212.242.246:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 798ceb192b772b715158b60bf1408184
b688578b18406f54363b187de53760bcaff5600b
8df52232225d4e3ec5c71c5eacb40536f7e940177905022fb803a430d5b77940
GET /en/kLUBGxTSbNvFs9g/file HTTP/1.1
Host: mediafire.ec
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 24 Sep 2022 20:52:22 GMT
Server: Apache
Location: https://mediafire.ec/en/kLUBGxTSbNvFs9g/file
Content-Length: 252
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
firefox.settings.services.mozilla.com/v1/
13.224.132.23200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 13.224.132.23:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 24 Sep 2022 20:05:45 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1977dea801f0741d1661725223f1ca34.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR3-C2
X-Amz-Cf-Id: LI_FerYNbqH_vTuU8SFkHcDgs14fl1maIoUccz4TY6RgsIQGg2kEyg==
Age: 2797
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4356
Expires: Sat, 24 Sep 2022 22:04:58 GMT
Date: Sat, 24 Sep 2022 20:52:22 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
13.224.132.85200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 13.224.132.85:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Sep 2022 04:13:03 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 a7a209acee14726bdc56f2b8600564e0.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C2
x-amz-cf-id: jwMCgqWbnZmnIbldw56CVF0mWxVrE9qLhx72GYXUfDIU2zbFyVJywA==
age: 59959
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 20:52:22 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
13.224.132.23200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 13.224.132.23:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Expires, Alert, Content-Length, ETag, Cache-Control, Content-Type, Backoff, Pragma, Last-Modified
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sat, 24 Sep 2022 20:20:46 GMT
Expires: Sat, 24 Sep 2022 21:02:43 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 e11502649b2fdd9cb3960f027c8c1ea2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR3-C2
X-Amz-Cf-Id: APaseGa6z1Y58-E-c2DyuWb4k0tZhKzlD4qLVm9EmSAsngZm8zoW_w==
Age: 1897
mediafire.ec/en/kLUBGxTSbNvFs9g/file
173.212.242.246200 OK 34 kB URL HTTP/1.1 mediafire.ec/en/kLUBGxTSbNvFs9g/file
IP 173.212.242.246:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4588), with CRLF, LF line terminators
Hash 48cb544af08ca9a1fc343f71d4c4528c
675ab414801d7f475e6b5073f47ed6b82600e59e
5a253162e3e0b736dce987661f6bcbef4499113386e632b28babc402949b51a7
GET /en/kLUBGxTSbNvFs9g/file HTTP/1.1
Host: mediafire.ec
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:23 GMT
Server: Apache
Cache-Control: no-cache, private
Set-Cookie: XSRF-TOKEN=eyJpdiI6IkFSMjV0TjNXK2xpTUtiTmtXREVpV2c9PSIsInZhbHVlIjoiOHQrL1BMUFhCMmhFSUgycHg5QzFOWUtPSm5qcmUzUDZnYVFPcEEwZHErVXdVdEdYb3Bxek5UMk84bllHckJZaFVJbHhuU3dGT2psZzJXemI1cFBIMFFDVmRRWnZjOWFkQlRGbTlmbHcrQjBkNWZWcjlpTVRvNFhNcVBRbnZYYnIiLCJtYWMiOiI1NDJmZjBhYmYzMzk5OWJiNGEyZmMzN2YzZDAzNWUyMWE4NmVkYWI0MTVkYjk5ZjgzNTEyODMxYWU0ZTVlNmY2IiwidGFnIjoiIn0%3D; expires=Sat, 24 Sep 2022 22:52:23 GMT; Max-Age=7200; path=/; samesite=lax
filebob_user_session=eyJpdiI6InNLb2hHZE5ZalVad2JUNDdyQ3I0b2c9PSIsInZhbHVlIjoib2k1a3FZV3hZSlVsSW0ybmdNeUs4RlpzZTNRd1A2RUhNSDZFZWFBQWdqc2hiRXV5NkNtVlMzVU15empDc3cvdFNBM2FaUzkvOUJYb2hYZDRPR2Y1OVp4YXZNZUZGanVCK2FRUS9nQkZLYzFTaitmK05TU3JWSHNZR1psZVFSanUiLCJtYWMiOiJhYTQwZDhkOGE1NGMxZjk0MzA4NjE3NDViMmYxOTQ0YTY2ZjE1MGNkMTI2ZGZjZTIzYTEwOTc2YzY2MjQ1OGNlIiwidGFnIjoiIn0%3D; expires=Sat, 24 Sep 2022 22:52:23 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
mediafire.ec/assets/vendor/libs/bootstrap/bootstrap.min.css
173.212.242.246200 OK 163 kB URL HTTP/1.1 mediafire.ec/assets/vendor/libs/bootstrap/bootstrap.min.css
IP 173.212.242.246:0
File type Unicode text, UTF-8 text, with very long lines (65306)
Size 163 kB (162675 bytes)
Hash 72e4fe18d5a5445178a45ec7f786a88c
7a07b9f71105781cd35cc7ff31edcff5fa3f774d
457d42dfc58373e2b07655f896ed685ba9729c2111684fd6eb02bf3697634939
GET /assets/vendor/libs/bootstrap/bootstrap.min.css HTTP/1.1
Host: mediafire.ec
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/en/kLUBGxTSbNvFs9g/file
Cookie: XSRF-TOKEN=eyJpdiI6IkFSMjV0TjNXK2xpTUtiTmtXREVpV2c9PSIsInZhbHVlIjoiOHQrL1BMUFhCMmhFSUgycHg5QzFOWUtPSm5qcmUzUDZnYVFPcEEwZHErVXdVdEdYb3Bxek5UMk84bllHckJZaFVJbHhuU3dGT2psZzJXemI1cFBIMFFDVmRRWnZjOWFkQlRGbTlmbHcrQjBkNWZWcjlpTVRvNFhNcVBRbnZYYnIiLCJtYWMiOiI1NDJmZjBhYmYzMzk5OWJiNGEyZmMzN2YzZDAzNWUyMWE4NmVkYWI0MTVkYjk5ZjgzNTEyODMxYWU0ZTVlNmY2IiwidGFnIjoiIn0%3D; filebob_user_session=eyJpdiI6InNLb2hHZE5ZalVad2JUNDdyQ3I0b2c9PSIsInZhbHVlIjoib2k1a3FZV3hZSlVsSW0ybmdNeUs4RlpzZTNRd1A2RUhNSDZFZWFBQWdqc2hiRXV5NkNtVlMzVU15empDc3cvdFNBM2FaUzkvOUJYb2hYZDRPR2Y1OVp4YXZNZUZGanVCK2FRUS9nQkZLYzFTaitmK05TU3JWSHNZR1psZVFSanUiLCJtYWMiOiJhYTQwZDhkOGE1NGMxZjk0MzA4NjE3NDViMmYxOTQ0YTY2ZjE1MGNkMTI2ZGZjZTIzYTEwOTc2YzY2MjQ1OGNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:23 GMT
Server: Apache
Last-Modified: Fri, 01 Oct 2021 19:42:20 GMT
Accept-Ranges: bytes
Content-Length: 162675
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
mediafire.ec/assets/vendor/libs/vironeer/vironeer-icons.min.css
173.212.242.246200 OK 3.9 kB URL HTTP/1.1 mediafire.ec/assets/vendor/libs/vironeer/vironeer-icons.min.css
IP 173.212.242.246:0
File type ASCII text, with very long lines (3944), with no line terminators
Hash e3f67e4bbcc7327ad1f6e23a52a9df0b
83b6976409f6ef1e69e2d83904ebe3bafec79b13
f3839edea2db00160654651f669fb63be07c2d66a2251de999eaef9cdfee8875
GET /assets/vendor/libs/vironeer/vironeer-icons.min.css HTTP/1.1
Host: mediafire.ec
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/en/kLUBGxTSbNvFs9g/file
Cookie: XSRF-TOKEN=eyJpdiI6IkFSMjV0TjNXK2xpTUtiTmtXREVpV2c9PSIsInZhbHVlIjoiOHQrL1BMUFhCMmhFSUgycHg5QzFOWUtPSm5qcmUzUDZnYVFPcEEwZHErVXdVdEdYb3Bxek5UMk84bllHckJZaFVJbHhuU3dGT2psZzJXemI1cFBIMFFDVmRRWnZjOWFkQlRGbTlmbHcrQjBkNWZWcjlpTVRvNFhNcVBRbnZYYnIiLCJtYWMiOiI1NDJmZjBhYmYzMzk5OWJiNGEyZmMzN2YzZDAzNWUyMWE4NmVkYWI0MTVkYjk5ZjgzNTEyODMxYWU0ZTVlNmY2IiwidGFnIjoiIn0%3D; filebob_user_session=eyJpdiI6InNLb2hHZE5ZalVad2JUNDdyQ3I0b2c9PSIsInZhbHVlIjoib2k1a3FZV3hZSlVsSW0ybmdNeUs4RlpzZTNRd1A2RUhNSDZFZWFBQWdqc2hiRXV5NkNtVlMzVU15empDc3cvdFNBM2FaUzkvOUJYb2hYZDRPR2Y1OVp4YXZNZUZGanVCK2FRUS9nQkZLYzFTaitmK05TU3JWSHNZR1psZVFSanUiLCJtYWMiOiJhYTQwZDhkOGE1NGMxZjk0MzA4NjE3NDViMmYxOTQ0YTY2ZjE1MGNkMTI2ZGZjZTIzYTEwOTc2YzY2MjQ1OGNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:23 GMT
Server: Apache
Last-Modified: Wed, 22 Jun 2022 21:54:34 GMT
Accept-Ranges: bytes
Content-Length: 3944
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
mediafire.ec/assets/vendor/libs/toastr/toastr.min.css
173.212.242.246200 OK 6.3 kB URL HTTP/1.1 mediafire.ec/assets/vendor/libs/toastr/toastr.min.css
IP 173.212.242.246:0
File type ASCII text, with very long lines (6339), with no line terminators
Hash 52a658235dcc70c2c4f238dc7a2d92be
821c1bfccd3d992e48f9775586077764a528c486
a34df602208737c03a159949be4f22ed4c843ce4dbd5a0211ae34ec190fd6403
GET /assets/vendor/libs/toastr/toastr.min.css HTTP/1.1
Host: mediafire.ec
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/en/kLUBGxTSbNvFs9g/file
Cookie: XSRF-TOKEN=eyJpdiI6IkFSMjV0TjNXK2xpTUtiTmtXREVpV2c9PSIsInZhbHVlIjoiOHQrL1BMUFhCMmhFSUgycHg5QzFOWUtPSm5qcmUzUDZnYVFPcEEwZHErVXdVdEdYb3Bxek5UMk84bllHckJZaFVJbHhuU3dGT2psZzJXemI1cFBIMFFDVmRRWnZjOWFkQlRGbTlmbHcrQjBkNWZWcjlpTVRvNFhNcVBRbnZYYnIiLCJtYWMiOiI1NDJmZjBhYmYzMzk5OWJiNGEyZmMzN2YzZDAzNWUyMWE4NmVkYWI0MTVkYjk5ZjgzNTEyODMxYWU0ZTVlNmY2IiwidGFnIjoiIn0%3D; filebob_user_session=eyJpdiI6InNLb2hHZE5ZalVad2JUNDdyQ3I0b2c9PSIsInZhbHVlIjoib2k1a3FZV3hZSlVsSW0ybmdNeUs4RlpzZTNRd1A2RUhNSDZFZWFBQWdqc2hiRXV5NkNtVlMzVU15empDc3cvdFNBM2FaUzkvOUJYb2hYZDRPR2Y1OVp4YXZNZUZGanVCK2FRUS9nQkZLYzFTaitmK05TU3JWSHNZR1psZVFSanUiLCJtYWMiOiJhYTQwZDhkOGE1NGMxZjk0MzA4NjE3NDViMmYxOTQ0YTY2ZjE1MGNkMTI2ZGZjZTIzYTEwOTc2YzY2MjQ1OGNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:23 GMT
Server: Apache
Last-Modified: Tue, 28 Dec 2021 20:27:24 GMT
Accept-Ranges: bytes
Content-Length: 6339
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
mediafire.ec/assets/css/extra/colors.css
173.212.242.246200 OK 252 B URL HTTP/1.1 mediafire.ec/assets/css/extra/colors.css
IP 173.212.242.246:0
Hash 67b6661a83b72c8d9e356dc3ec90ee84
82ddfa3dcb97cd29665c7a58ad6b1f2dbd882446
aa205052fa07b285cbe508fc7204fe953123478070dd1f9b48aa0d29a30b9d62
GET /assets/css/extra/colors.css HTTP/1.1
Host: mediafire.ec
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/en/kLUBGxTSbNvFs9g/file
Cookie: XSRF-TOKEN=eyJpdiI6IkFSMjV0TjNXK2xpTUtiTmtXREVpV2c9PSIsInZhbHVlIjoiOHQrL1BMUFhCMmhFSUgycHg5QzFOWUtPSm5qcmUzUDZnYVFPcEEwZHErVXdVdEdYb3Bxek5UMk84bllHckJZaFVJbHhuU3dGT2psZzJXemI1cFBIMFFDVmRRWnZjOWFkQlRGbTlmbHcrQjBkNWZWcjlpTVRvNFhNcVBRbnZYYnIiLCJtYWMiOiI1NDJmZjBhYmYzMzk5OWJiNGEyZmMzN2YzZDAzNWUyMWE4NmVkYWI0MTVkYjk5ZjgzNTEyODMxYWU0ZTVlNmY2IiwidGFnIjoiIn0%3D; filebob_user_session=eyJpdiI6InNLb2hHZE5ZalVad2JUNDdyQ3I0b2c9PSIsInZhbHVlIjoib2k1a3FZV3hZSlVsSW0ybmdNeUs4RlpzZTNRd1A2RUhNSDZFZWFBQWdqc2hiRXV5NkNtVlMzVU15empDc3cvdFNBM2FaUzkvOUJYb2hYZDRPR2Y1OVp4YXZNZUZGanVCK2FRUS9nQkZLYzFTaitmK05TU3JWSHNZR1psZVFSanUiLCJtYWMiOiJhYTQwZDhkOGE1NGMxZjk0MzA4NjE3NDViMmYxOTQ0YTY2ZjE1MGNkMTI2ZGZjZTIzYTEwOTc2YzY2MjQ1OGNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:23 GMT
Server: Apache
Last-Modified: Tue, 20 Sep 2022 15:48:32 GMT
Accept-Ranges: bytes
Content-Length: 252
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a7809de115ea73f8b61f3d20a9978493
01fc65a2b694d7aadd5204d21801e87b2b55b73e
72692486033feeb149424c59576c6c75b17228dfc89b4c369d2e17cc4bff3d52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4639
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:52:23 GMT
Last-Modified: Sat, 24 Sep 2022 19:35:04 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
mediafire.ec/assets/css/extra/extra.css
173.212.242.246200 OK 883 B URL HTTP/1.1 mediafire.ec/assets/css/extra/extra.css
IP 173.212.242.246:0
Hash 0c01ce7bc2a4dc5ed8c6f38cc9094eca
28b204c996643b4b30bca6cea1642833748de1f9
9d45a35c655775f855c086ee6839bab57c07390900cbdb3037691f1e5a8cd84f
GET /assets/css/extra/extra.css HTTP/1.1
Host: mediafire.ec
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/en/kLUBGxTSbNvFs9g/file
Cookie: XSRF-TOKEN=eyJpdiI6IkFSMjV0TjNXK2xpTUtiTmtXREVpV2c9PSIsInZhbHVlIjoiOHQrL1BMUFhCMmhFSUgycHg5QzFOWUtPSm5qcmUzUDZnYVFPcEEwZHErVXdVdEdYb3Bxek5UMk84bllHckJZaFVJbHhuU3dGT2psZzJXemI1cFBIMFFDVmRRWnZjOWFkQlRGbTlmbHcrQjBkNWZWcjlpTVRvNFhNcVBRbnZYYnIiLCJtYWMiOiI1NDJmZjBhYmYzMzk5OWJiNGEyZmMzN2YzZDAzNWUyMWE4NmVkYWI0MTVkYjk5ZjgzNTEyODMxYWU0ZTVlNmY2IiwidGFnIjoiIn0%3D; filebob_user_session=eyJpdiI6InNLb2hHZE5ZalVad2JUNDdyQ3I0b2c9PSIsInZhbHVlIjoib2k1a3FZV3hZSlVsSW0ybmdNeUs4RlpzZTNRd1A2RUhNSDZFZWFBQWdqc2hiRXV5NkNtVlMzVU15empDc3cvdFNBM2FaUzkvOUJYb2hYZDRPR2Y1OVp4YXZNZUZGanVCK2FRUS9nQkZLYzFTaitmK05TU3JWSHNZR1psZVFSanUiLCJtYWMiOiJhYTQwZDhkOGE1NGMxZjk0MzA4NjE3NDViMmYxOTQ0YTY2ZjE1MGNkMTI2ZGZjZTIzYTEwOTc2YzY2MjQ1OGNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:23 GMT
Server: Apache
Last-Modified: Mon, 03 Jan 2022 00:35:36 GMT
Accept-Ranges: bytes
Content-Length: 883
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash cfbe772bfdcc656e94ceed53256863ca
34055ed3761ab4b69af25a2cb70ca7a337a9f79b
7464464772c70e6a9f1b516b9fc3b60f4e567c10f968c573d5a187f5f22d0722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:52:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash cfbe772bfdcc656e94ceed53256863ca
34055ed3761ab4b69af25a2cb70ca7a337a9f79b
7464464772c70e6a9f1b516b9fc3b60f4e567c10f968c573d5a187f5f22d0722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:52:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mediafire.ec/assets/css/application.fced6903cc7e7e0ede21.css
173.212.242.246200 OK 56 kB URL HTTP/1.1 mediafire.ec/assets/css/application.fced6903cc7e7e0ede21.css
IP 173.212.242.246:0
File type ASCII text, with very long lines (55505)
Hash fced6903cc7e7e0ede21a7ff96adcb03
f0a48a448c3b69140a585c3957706e3418245f2e
b65c367772701dddee5aefbde9ed64588c14d3c53543dac69239db73747e49e9
GET /assets/css/application.fced6903cc7e7e0ede21.css HTTP/1.1
Host: mediafire.ec
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/en/kLUBGxTSbNvFs9g/file
Cookie: XSRF-TOKEN=eyJpdiI6IkFSMjV0TjNXK2xpTUtiTmtXREVpV2c9PSIsInZhbHVlIjoiOHQrL1BMUFhCMmhFSUgycHg5QzFOWUtPSm5qcmUzUDZnYVFPcEEwZHErVXdVdEdYb3Bxek5UMk84bllHckJZaFVJbHhuU3dGT2psZzJXemI1cFBIMFFDVmRRWnZjOWFkQlRGbTlmbHcrQjBkNWZWcjlpTVRvNFhNcVBRbnZYYnIiLCJtYWMiOiI1NDJmZjBhYmYzMzk5OWJiNGEyZmMzN2YzZDAzNWUyMWE4NmVkYWI0MTVkYjk5ZjgzNTEyODMxYWU0ZTVlNmY2IiwidGFnIjoiIn0%3D; filebob_user_session=eyJpdiI6InNLb2hHZE5ZalVad2JUNDdyQ3I0b2c9PSIsInZhbHVlIjoib2k1a3FZV3hZSlVsSW0ybmdNeUs4RlpzZTNRd1A2RUhNSDZFZWFBQWdqc2hiRXV5NkNtVlMzVU15empDc3cvdFNBM2FaUzkvOUJYb2hYZDRPR2Y1OVp4YXZNZUZGanVCK2FRUS9nQkZLYzFTaitmK05TU3JWSHNZR1psZVFSanUiLCJtYWMiOiJhYTQwZDhkOGE1NGMxZjk0MzA4NjE3NDViMmYxOTQ0YTY2ZjE1MGNkMTI2ZGZjZTIzYTEwOTc2YzY2MjQ1OGNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:23 GMT
Server: Apache
Last-Modified: Sat, 30 Jul 2022 15:26:43 GMT
Accept-Ranges: bytes
Content-Length: 55506
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
mediafire.ec/assets/css/extra/custom.css
173.212.242.246200 OK 36 B URL HTTP/1.1 mediafire.ec/assets/css/extra/custom.css
IP 173.212.242.246:0
File type ASCII text, with CRLF line terminators
Hash 6f0fd11b55c1dd084deb646bc8dddc53
06c7ce0e661d03a38f44eec9058402153b713e20
ab22989dd2dc62ce90de69d236cc10468ba338d0d50bdffdd2dcc122196aaf13
GET /assets/css/extra/custom.css HTTP/1.1
Host: mediafire.ec
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/en/kLUBGxTSbNvFs9g/file
Cookie: XSRF-TOKEN=eyJpdiI6IkFSMjV0TjNXK2xpTUtiTmtXREVpV2c9PSIsInZhbHVlIjoiOHQrL1BMUFhCMmhFSUgycHg5QzFOWUtPSm5qcmUzUDZnYVFPcEEwZHErVXdVdEdYb3Bxek5UMk84bllHckJZaFVJbHhuU3dGT2psZzJXemI1cFBIMFFDVmRRWnZjOWFkQlRGbTlmbHcrQjBkNWZWcjlpTVRvNFhNcVBRbnZYYnIiLCJtYWMiOiI1NDJmZjBhYmYzMzk5OWJiNGEyZmMzN2YzZDAzNWUyMWE4NmVkYWI0MTVkYjk5ZjgzNTEyODMxYWU0ZTVlNmY2IiwidGFnIjoiIn0%3D; filebob_user_session=eyJpdiI6InNLb2hHZE5ZalVad2JUNDdyQ3I0b2c9PSIsInZhbHVlIjoib2k1a3FZV3hZSlVsSW0ybmdNeUs4RlpzZTNRd1A2RUhNSDZFZWFBQWdqc2hiRXV5NkNtVlMzVU15empDc3cvdFNBM2FaUzkvOUJYb2hYZDRPR2Y1OVp4YXZNZUZGanVCK2FRUS9nQkZLYzFTaitmK05TU3JWSHNZR1psZVFSanUiLCJtYWMiOiJhYTQwZDhkOGE1NGMxZjk0MzA4NjE3NDViMmYxOTQ0YTY2ZjE1MGNkMTI2ZGZjZTIzYTEwOTc2YzY2MjQ1OGNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:23 GMT
Server: Apache
Last-Modified: Mon, 30 May 2022 22:11:58 GMT
Accept-Ranges: bytes
Content-Length: 36
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
mediafire.ec/assets/vendor/libs/jqueryloadingoverlay/loadingoverlay.min.js
173.212.242.246200 OK 12 kB URL HTTP/1.1 mediafire.ec/assets/vendor/libs/jqueryloadingoverlay/loadingoverlay.min.js
IP 173.212.242.246:0
File type ASCII text, with very long lines (11601)
Hash b0a1395fd0b06fa7004b4d4da1d89bcd
6c4a42c991cdd0af1d5b5e6e4e78c0cec6a4b4ac
4b8806e3411f1bd7eccf22dc3dd9c7c6b01156d1c24cb631ab72f3e21e47f771
GET /assets/vendor/libs/jqueryloadingoverlay/loadingoverlay.min.js HTTP/1.1
Host: mediafire.ec
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/en/kLUBGxTSbNvFs9g/file
Cookie: XSRF-TOKEN=eyJpdiI6IkFSMjV0TjNXK2xpTUtiTmtXREVpV2c9PSIsInZhbHVlIjoiOHQrL1BMUFhCMmhFSUgycHg5QzFOWUtPSm5qcmUzUDZnYVFPcEEwZHErVXdVdEdYb3Bxek5UMk84bllHckJZaFVJbHhuU3dGT2psZzJXemI1cFBIMFFDVmRRWnZjOWFkQlRGbTlmbHcrQjBkNWZWcjlpTVRvNFhNcVBRbnZYYnIiLCJtYWMiOiI1NDJmZjBhYmYzMzk5OWJiNGEyZmMzN2YzZDAzNWUyMWE4NmVkYWI0MTVkYjk5ZjgzNTEyODMxYWU0ZTVlNmY2IiwidGFnIjoiIn0%3D; filebob_user_session=eyJpdiI6InNLb2hHZE5ZalVad2JUNDdyQ3I0b2c9PSIsInZhbHVlIjoib2k1a3FZV3hZSlVsSW0ybmdNeUs4RlpzZTNRd1A2RUhNSDZFZWFBQWdqc2hiRXV5NkNtVlMzVU15empDc3cvdFNBM2FaUzkvOUJYb2hYZDRPR2Y1OVp4YXZNZUZGanVCK2FRUS9nQkZLYzFTaitmK05TU3JWSHNZR1psZVFSanUiLCJtYWMiOiJhYTQwZDhkOGE1NGMxZjk0MzA4NjE3NDViMmYxOTQ0YTY2ZjE1MGNkMTI2ZGZjZTIzYTEwOTc2YzY2MjQ1OGNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:23 GMT
Server: Apache
Last-Modified: Fri, 20 Mar 2020 16:27:48 GMT
Accept-Ranges: bytes
Content-Length: 12029
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 58b52380a6b5c598d1ad88e8da148137
a56206a0277aea6e8e2f7629793aba713d8edd0c
561a57c27dfa1f8651a89292428576b626e8700b9cd6b8173a0ce121aa8f9f4a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:52:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mediafire.ec/assets/vendor/libs/fontawesome/fontawesome.min.css
173.212.242.246200 OK 59 kB URL HTTP/1.1 mediafire.ec/assets/vendor/libs/fontawesome/fontawesome.min.css
IP 173.212.242.246:0
File type ASCII text, with very long lines (59173)
Hash bffaa209c10e615876a1e05f95300d72
c8502985ec92a7aeeab534d8952b02850394c987
56c37a33abf5ab4df29dbdb1eca15b9abacd2aa54b2ea1dd606f7010a9d64e0e
GET /assets/vendor/libs/fontawesome/fontawesome.min.css HTTP/1.1
Host: mediafire.ec
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/en/kLUBGxTSbNvFs9g/file
Cookie: XSRF-TOKEN=eyJpdiI6IkFSMjV0TjNXK2xpTUtiTmtXREVpV2c9PSIsInZhbHVlIjoiOHQrL1BMUFhCMmhFSUgycHg5QzFOWUtPSm5qcmUzUDZnYVFPcEEwZHErVXdVdEdYb3Bxek5UMk84bllHckJZaFVJbHhuU3dGT2psZzJXemI1cFBIMFFDVmRRWnZjOWFkQlRGbTlmbHcrQjBkNWZWcjlpTVRvNFhNcVBRbnZYYnIiLCJtYWMiOiI1NDJmZjBhYmYzMzk5OWJiNGEyZmMzN2YzZDAzNWUyMWE4NmVkYWI0MTVkYjk5ZjgzNTEyODMxYWU0ZTVlNmY2IiwidGFnIjoiIn0%3D; filebob_user_session=eyJpdiI6InNLb2hHZE5ZalVad2JUNDdyQ3I0b2c9PSIsInZhbHVlIjoib2k1a3FZV3hZSlVsSW0ybmdNeUs4RlpzZTNRd1A2RUhNSDZFZWFBQWdqc2hiRXV5NkNtVlMzVU15empDc3cvdFNBM2FaUzkvOUJYb2hYZDRPR2Y1OVp4YXZNZUZGanVCK2FRUS9nQkZLYzFTaitmK05TU3JWSHNZR1psZVFSanUiLCJtYWMiOiJhYTQwZDhkOGE1NGMxZjk0MzA4NjE3NDViMmYxOTQ0YTY2ZjE1MGNkMTI2ZGZjZTIzYTEwOTc2YzY2MjQ1OGNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:23 GMT
Server: Apache
Last-Modified: Fri, 01 Oct 2021 20:06:21 GMT
Accept-Ranges: bytes
Content-Length: 59359
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
mediafire.ec/assets/vendor/libs/clipboard/clipboard.min.js
173.212.242.246200 OK 9.0 kB URL HTTP/1.1 mediafire.ec/assets/vendor/libs/clipboard/clipboard.min.js
IP 173.212.242.246:0
File type Unicode text, UTF-8 text, with very long lines (8939)
Hash 274d5f6334c31fdb1b0464a912fa7f15
35cff8543a2d61e22eaa1c565b3457675c04571a
261ffa06f381039cf7d18984d1364c59f3c2b9b60b1fa05d5f9c8c152e4d5be5
GET /assets/vendor/libs/clipboard/clipboard.min.js HTTP/1.1
Host: mediafire.ec
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/en/kLUBGxTSbNvFs9g/file
Cookie: XSRF-TOKEN=eyJpdiI6IkFSMjV0TjNXK2xpTUtiTmtXREVpV2c9PSIsInZhbHVlIjoiOHQrL1BMUFhCMmhFSUgycHg5QzFOWUtPSm5qcmUzUDZnYVFPcEEwZHErVXdVdEdYb3Bxek5UMk84bllHckJZaFVJbHhuU3dGT2psZzJXemI1cFBIMFFDVmRRWnZjOWFkQlRGbTlmbHcrQjBkNWZWcjlpTVRvNFhNcVBRbnZYYnIiLCJtYWMiOiI1NDJmZjBhYmYzMzk5OWJiNGEyZmMzN2YzZDAzNWUyMWE4NmVkYWI0MTVkYjk5ZjgzNTEyODMxYWU0ZTVlNmY2IiwidGFnIjoiIn0%3D; filebob_user_session=eyJpdiI6InNLb2hHZE5ZalVad2JUNDdyQ3I0b2c9PSIsInZhbHVlIjoib2k1a3FZV3hZSlVsSW0ybmdNeUs4RlpzZTNRd1A2RUhNSDZFZWFBQWdqc2hiRXV5NkNtVlMzVU15empDc3cvdFNBM2FaUzkvOUJYb2hYZDRPR2Y1OVp4YXZNZUZGanVCK2FRUS9nQkZLYzFTaitmK05TU3JWSHNZR1psZVFSanUiLCJtYWMiOiJhYTQwZDhkOGE1NGMxZjk0MzA4NjE3NDViMmYxOTQ0YTY2ZjE1MGNkMTI2ZGZjZTIzYTEwOTc2YzY2MjQ1OGNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:23 GMT
Server: Apache
Last-Modified: Tue, 29 Jun 2021 20:03:06 GMT
Accept-Ranges: bytes
Content-Length: 9031
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
mediafire.ec/assets/vendor/libs/toastr/toastr.min.js
173.212.242.246200 OK 5.2 kB URL HTTP/1.1 mediafire.ec/assets/vendor/libs/toastr/toastr.min.js
IP 173.212.242.246:0
File type ASCII text, with very long lines (5215)
Hash 57b703726fe13ac3579b559e7dfc7a46
9691d795cfa6c5c4af45f1439a9b3f3782e6ee6e
7fe565f3385448e1ec8d57dc2c1639d723561f1aabc2e3d547e284bbf9f9b073
GET /assets/vendor/libs/toastr/toastr.min.js HTTP/1.1
Host: mediafire.ec
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/en/kLUBGxTSbNvFs9g/file
Cookie: XSRF-TOKEN=eyJpdiI6IkFSMjV0TjNXK2xpTUtiTmtXREVpV2c9PSIsInZhbHVlIjoiOHQrL1BMUFhCMmhFSUgycHg5QzFOWUtPSm5qcmUzUDZnYVFPcEEwZHErVXdVdEdYb3Bxek5UMk84bllHckJZaFVJbHhuU3dGT2psZzJXemI1cFBIMFFDVmRRWnZjOWFkQlRGbTlmbHcrQjBkNWZWcjlpTVRvNFhNcVBRbnZYYnIiLCJtYWMiOiI1NDJmZjBhYmYzMzk5OWJiNGEyZmMzN2YzZDAzNWUyMWE4NmVkYWI0MTVkYjk5ZjgzNTEyODMxYWU0ZTVlNmY2IiwidGFnIjoiIn0%3D; filebob_user_session=eyJpdiI6InNLb2hHZE5ZalVad2JUNDdyQ3I0b2c9PSIsInZhbHVlIjoib2k1a3FZV3hZSlVsSW0ybmdNeUs4RlpzZTNRd1A2RUhNSDZFZWFBQWdqc2hiRXV5NkNtVlMzVU15empDc3cvdFNBM2FaUzkvOUJYb2hYZDRPR2Y1OVp4YXZNZUZGanVCK2FRUS9nQkZLYzFTaitmK05TU3JWSHNZR1psZVFSanUiLCJtYWMiOiJhYTQwZDhkOGE1NGMxZjk0MzA4NjE3NDViMmYxOTQ0YTY2ZjE1MGNkMTI2ZGZjZTIzYTEwOTc2YzY2MjQ1OGNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:23 GMT
Server: Apache
Last-Modified: Mon, 04 Oct 2021 20:28:26 GMT
Accept-Ranges: bytes
Content-Length: 5217
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
mediafire.ec/assets/js/extra/extra.js
173.212.242.246200 OK 1.5 kB URL HTTP/1.1 mediafire.ec/assets/js/extra/extra.js
IP 173.212.242.246:0
Hash 44789b91908fe1b94d39ffda883a510c
b26a2c736e56d3dc7850dae662e0307afc475fd4
26c889ded1126e23313c91dd85eee48fd6b8065ac82dab9ad3721f3ac2f15c8b
GET /assets/js/extra/extra.js HTTP/1.1
Host: mediafire.ec
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/en/kLUBGxTSbNvFs9g/file
Cookie: XSRF-TOKEN=eyJpdiI6IkFSMjV0TjNXK2xpTUtiTmtXREVpV2c9PSIsInZhbHVlIjoiOHQrL1BMUFhCMmhFSUgycHg5QzFOWUtPSm5qcmUzUDZnYVFPcEEwZHErVXdVdEdYb3Bxek5UMk84bllHckJZaFVJbHhuU3dGT2psZzJXemI1cFBIMFFDVmRRWnZjOWFkQlRGbTlmbHcrQjBkNWZWcjlpTVRvNFhNcVBRbnZYYnIiLCJtYWMiOiI1NDJmZjBhYmYzMzk5OWJiNGEyZmMzN2YzZDAzNWUyMWE4NmVkYWI0MTVkYjk5ZjgzNTEyODMxYWU0ZTVlNmY2IiwidGFnIjoiIn0%3D; filebob_user_session=eyJpdiI6InNLb2hHZE5ZalVad2JUNDdyQ3I0b2c9PSIsInZhbHVlIjoib2k1a3FZV3hZSlVsSW0ybmdNeUs4RlpzZTNRd1A2RUhNSDZFZWFBQWdqc2hiRXV5NkNtVlMzVU15empDc3cvdFNBM2FaUzkvOUJYb2hYZDRPR2Y1OVp4YXZNZUZGanVCK2FRUS9nQkZLYzFTaitmK05TU3JWSHNZR1psZVFSanUiLCJtYWMiOiJhYTQwZDhkOGE1NGMxZjk0MzA4NjE3NDViMmYxOTQ0YTY2ZjE1MGNkMTI2ZGZjZTIzYTEwOTc2YzY2MjQ1OGNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:23 GMT
Server: Apache
Last-Modified: Mon, 06 Jun 2022 22:54:38 GMT
Accept-Ranges: bytes
Content-Length: 1456
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
www.googletagmanager.com/gtag/js?id=G-V8VNCY2TKQ
142.250.74.72200 OK 76 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-V8VNCY2TKQ
IP 142.250.74.72:0
File type ASCII text, with very long lines (20189)
Hash 07beaebe64139aaefaa8fb5ccfe48f46
fdbf28365c72221a5daaf46bca0ede14492b2011
716a6d820cdfddd312e6becce3dd191ea2499025f5f0c5bdfa23dfdf6b7fd965
GET /gtag/js?id=G-V8VNCY2TKQ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 24 Sep 2022 20:52:23 GMT
expires: Sat, 24 Sep 2022 20:52:23 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76169
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mediafire.ec/assets/vendor/libs/jquery/jquery.min.js
173.212.242.246200 OK 90 kB URL HTTP/1.1 mediafire.ec/assets/vendor/libs/jquery/jquery.min.js
IP 173.212.242.246:0
File type ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /assets/vendor/libs/jquery/jquery.min.js HTTP/1.1
Host: mediafire.ec
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/en/kLUBGxTSbNvFs9g/file
Cookie: XSRF-TOKEN=eyJpdiI6IkFSMjV0TjNXK2xpTUtiTmtXREVpV2c9PSIsInZhbHVlIjoiOHQrL1BMUFhCMmhFSUgycHg5QzFOWUtPSm5qcmUzUDZnYVFPcEEwZHErVXdVdEdYb3Bxek5UMk84bllHckJZaFVJbHhuU3dGT2psZzJXemI1cFBIMFFDVmRRWnZjOWFkQlRGbTlmbHcrQjBkNWZWcjlpTVRvNFhNcVBRbnZYYnIiLCJtYWMiOiI1NDJmZjBhYmYzMzk5OWJiNGEyZmMzN2YzZDAzNWUyMWE4NmVkYWI0MTVkYjk5ZjgzNTEyODMxYWU0ZTVlNmY2IiwidGFnIjoiIn0%3D; filebob_user_session=eyJpdiI6InNLb2hHZE5ZalVad2JUNDdyQ3I0b2c9PSIsInZhbHVlIjoib2k1a3FZV3hZSlVsSW0ybmdNeUs4RlpzZTNRd1A2RUhNSDZFZWFBQWdqc2hiRXV5NkNtVlMzVU15empDc3cvdFNBM2FaUzkvOUJYb2hYZDRPR2Y1OVp4YXZNZUZGanVCK2FRUS9nQkZLYzFTaitmK05TU3JWSHNZR1psZVFSanUiLCJtYWMiOiJhYTQwZDhkOGE1NGMxZjk0MzA4NjE3NDViMmYxOTQ0YTY2ZjE1MGNkMTI2ZGZjZTIzYTEwOTc2YzY2MjQ1OGNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:23 GMT
Server: Apache
Last-Modified: Fri, 01 Oct 2021 19:56:55 GMT
Accept-Ranges: bytes
Content-Length: 89501
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
mediafire.ec/assets/vendor/libs/bootstrap/bootstrap.bundle.min.js
173.212.242.246200 OK 79 kB URL HTTP/1.1 mediafire.ec/assets/vendor/libs/bootstrap/bootstrap.bundle.min.js
IP 173.212.242.246:0
File type ASCII text, with very long lines (65299)
Hash 74d375bb9f1208a67546d7b1b9e7b73c
11aad571327ebccf184e62ec03b32c67a028846f
8f27c2a51f4f713efda3881de03697fdce7a5022874d94d5256e106e0322d598
GET /assets/vendor/libs/bootstrap/bootstrap.bundle.min.js HTTP/1.1
Host: mediafire.ec
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/en/kLUBGxTSbNvFs9g/file
Cookie: XSRF-TOKEN=eyJpdiI6IkFSMjV0TjNXK2xpTUtiTmtXREVpV2c9PSIsInZhbHVlIjoiOHQrL1BMUFhCMmhFSUgycHg5QzFOWUtPSm5qcmUzUDZnYVFPcEEwZHErVXdVdEdYb3Bxek5UMk84bllHckJZaFVJbHhuU3dGT2psZzJXemI1cFBIMFFDVmRRWnZjOWFkQlRGbTlmbHcrQjBkNWZWcjlpTVRvNFhNcVBRbnZYYnIiLCJtYWMiOiI1NDJmZjBhYmYzMzk5OWJiNGEyZmMzN2YzZDAzNWUyMWE4NmVkYWI0MTVkYjk5ZjgzNTEyODMxYWU0ZTVlNmY2IiwidGFnIjoiIn0%3D; filebob_user_session=eyJpdiI6InNLb2hHZE5ZalVad2JUNDdyQ3I0b2c9PSIsInZhbHVlIjoib2k1a3FZV3hZSlVsSW0ybmdNeUs4RlpzZTNRd1A2RUhNSDZFZWFBQWdqc2hiRXV5NkNtVlMzVU15empDc3cvdFNBM2FaUzkvOUJYb2hYZDRPR2Y1OVp4YXZNZUZGanVCK2FRUS9nQkZLYzFTaitmK05TU3JWSHNZR1psZVFSanUiLCJtYWMiOiJhYTQwZDhkOGE1NGMxZjk0MzA4NjE3NDViMmYxOTQ0YTY2ZjE1MGNkMTI2ZGZjZTIzYTEwOTc2YzY2MjQ1OGNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:23 GMT
Server: Apache
Last-Modified: Fri, 01 Oct 2021 19:42:26 GMT
Accept-Ranges: bytes
Content-Length: 78695
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
mediafire.ec/assets/js/application.4082cc4c2d9c623ec32c.js
173.212.242.246200 OK 28 kB URL HTTP/1.1 mediafire.ec/assets/js/application.4082cc4c2d9c623ec32c.js
IP 173.212.242.246:0
File type ASCII text, with very long lines (27618), with no line terminators
Hash c89d5345a8a7703b632cca4423e8c10b
a2abc6c45d5d90b0c7799c0471906cdf8114efc3
ceef3c97ce2c14caf532b17e85bf1450b7d378e04984ebe25899c7a850d1cca1
GET /assets/js/application.4082cc4c2d9c623ec32c.js HTTP/1.1
Host: mediafire.ec
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/en/kLUBGxTSbNvFs9g/file
Cookie: XSRF-TOKEN=eyJpdiI6IkFSMjV0TjNXK2xpTUtiTmtXREVpV2c9PSIsInZhbHVlIjoiOHQrL1BMUFhCMmhFSUgycHg5QzFOWUtPSm5qcmUzUDZnYVFPcEEwZHErVXdVdEdYb3Bxek5UMk84bllHckJZaFVJbHhuU3dGT2psZzJXemI1cFBIMFFDVmRRWnZjOWFkQlRGbTlmbHcrQjBkNWZWcjlpTVRvNFhNcVBRbnZYYnIiLCJtYWMiOiI1NDJmZjBhYmYzMzk5OWJiNGEyZmMzN2YzZDAzNWUyMWE4NmVkYWI0MTVkYjk5ZjgzNTEyODMxYWU0ZTVlNmY2IiwidGFnIjoiIn0%3D; filebob_user_session=eyJpdiI6InNLb2hHZE5ZalVad2JUNDdyQ3I0b2c9PSIsInZhbHVlIjoib2k1a3FZV3hZSlVsSW0ybmdNeUs4RlpzZTNRd1A2RUhNSDZFZWFBQWdqc2hiRXV5NkNtVlMzVU15empDc3cvdFNBM2FaUzkvOUJYb2hYZDRPR2Y1OVp4YXZNZUZGanVCK2FRUS9nQkZLYzFTaitmK05TU3JWSHNZR1psZVFSanUiLCJtYWMiOiJhYTQwZDhkOGE1NGMxZjk0MzA4NjE3NDViMmYxOTQ0YTY2ZjE1MGNkMTI2ZGZjZTIzYTEwOTc2YzY2MjQ1OGNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:23 GMT
Server: Apache
Last-Modified: Tue, 02 Aug 2022 16:18:08 GMT
Accept-Ranges: bytes
Content-Length: 27618
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash cfbe772bfdcc656e94ceed53256863ca
34055ed3761ab4b69af25a2cb70ca7a337a9f79b
7464464772c70e6a9f1b516b9fc3b60f4e567c10f968c573d5a187f5f22d0722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:52:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash dde08ad6d0d33c288ad70cce74175fbb
de2d638241098268be6c8fc01b748fde38f1dd96
164fa18665323f6274da69ec244a59054ac277e17c5792a04eb2907758e0e586
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:52:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1.bp.blogspot.com/-_A83iDM6JYc/VhtxROLILrI/AAAAAAAADK4/aM4ikIA6aqI/s1600/btn_close.gif
142.250.74.161200 OK 362 B URL HTTP/2 1.bp.blogspot.com/-_A83iDM6JYc/VhtxROLILrI/AAAAAAAADK4/aM4ikIA6aqI/s1600/btn_close.gif
IP 142.250.74.161:0
File type GIF image data, version 89a, 52 x 15\012- data
Hash fd2c05a8c327ace309722b0a5fc4faf3
f446e97c43f8830be9f60644563dd846abe6b8e8
0450e2e1aa3c8b5435690d841f3e573c4f521864e1f8e01a5b6dbcdac922c8b4
GET /-_A83iDM6JYc/VhtxROLILrI/AAAAAAAADK4/aM4ikIA6aqI/s1600/btn_close.gif HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="btn_close.gif"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 362
x-xss-protection: 0
date: Sat, 24 Sep 2022 16:57:46 GMT
expires: Wed, 30 Mar 2022 13:41:21 GMT
cache-control: public, max-age=86400, no-transform
age: 14077
etag: "vcb0"
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 58b52380a6b5c598d1ad88e8da148137
a56206a0277aea6e8e2f7629793aba713d8edd0c
561a57c27dfa1f8651a89292428576b626e8700b9cd6b8173a0ce121aa8f9f4a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:52:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mediafire.ec/assets/vendor/webfonts/fa-solid-900.woff2
173.212.242.246200 OK 78 kB URL HTTP/1.1 mediafire.ec/assets/vendor/webfonts/fa-solid-900.woff2
IP 173.212.242.246:0
File type Web Open Font Format (Version 2), TrueType, length 78268, version 331.-31196\012- data
Hash d824df7eb2e268626a2dd9a6a741ac4e
0ccb2c814a7e4ca12c4778821633809cb0361eaa
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537
GET /assets/vendor/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: mediafire.ec
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://mediafire.ec/assets/vendor/libs/fontawesome/fontawesome.min.css
Cookie: XSRF-TOKEN=eyJpdiI6IkFSMjV0TjNXK2xpTUtiTmtXREVpV2c9PSIsInZhbHVlIjoiOHQrL1BMUFhCMmhFSUgycHg5QzFOWUtPSm5qcmUzUDZnYVFPcEEwZHErVXdVdEdYb3Bxek5UMk84bllHckJZaFVJbHhuU3dGT2psZzJXemI1cFBIMFFDVmRRWnZjOWFkQlRGbTlmbHcrQjBkNWZWcjlpTVRvNFhNcVBRbnZYYnIiLCJtYWMiOiI1NDJmZjBhYmYzMzk5OWJiNGEyZmMzN2YzZDAzNWUyMWE4NmVkYWI0MTVkYjk5ZjgzNTEyODMxYWU0ZTVlNmY2IiwidGFnIjoiIn0%3D; filebob_user_session=eyJpdiI6InNLb2hHZE5ZalVad2JUNDdyQ3I0b2c9PSIsInZhbHVlIjoib2k1a3FZV3hZSlVsSW0ybmdNeUs4RlpzZTNRd1A2RUhNSDZFZWFBQWdqc2hiRXV5NkNtVlMzVU15empDc3cvdFNBM2FaUzkvOUJYb2hYZDRPR2Y1OVp4YXZNZUZGanVCK2FRUS9nQkZLYzFTaitmK05TU3JWSHNZR1psZVFSanUiLCJtYWMiOiJhYTQwZDhkOGE1NGMxZjk0MzA4NjE3NDViMmYxOTQ0YTY2ZjE1MGNkMTI2ZGZjZTIzYTEwOTc2YzY2MjQ1OGNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:23 GMT
Server: Apache
Last-Modified: Wed, 04 Aug 2021 15:25:46 GMT
Accept-Ranges: bytes
Content-Length: 78268
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash da681c2f112645651e5b32be2cfcd052
2e57e4163b8ed8ceebe8c6dde5ff1aa5efc7b946
302a7e1f8156051b7c793c61fbe3e81096374431e22bd9821b4aa38e1a5772f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:52:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mediafire.ec/images/dark-logo.png
173.212.242.246200 OK 55 kB URL HTTP/1.1 mediafire.ec/images/dark-logo.png
IP 173.212.242.246:0
File type PNG image data, 1225 x 175, 8-bit/color RGBA, non-interlaced\012- data
Hash 327e0a2c853bff5a4b7e1d38f0e2c947
ebec26474317b2dbe7f99dd61d0107ced050d482
7f3283c7a71e6963c4aa4c1faa2d63a77e95f852fdec6d92433d4ccaa8c9951e
GET /images/dark-logo.png HTTP/1.1
Host: mediafire.ec
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/en/kLUBGxTSbNvFs9g/file
Cookie: XSRF-TOKEN=eyJpdiI6IkFSMjV0TjNXK2xpTUtiTmtXREVpV2c9PSIsInZhbHVlIjoiOHQrL1BMUFhCMmhFSUgycHg5QzFOWUtPSm5qcmUzUDZnYVFPcEEwZHErVXdVdEdYb3Bxek5UMk84bllHckJZaFVJbHhuU3dGT2psZzJXemI1cFBIMFFDVmRRWnZjOWFkQlRGbTlmbHcrQjBkNWZWcjlpTVRvNFhNcVBRbnZYYnIiLCJtYWMiOiI1NDJmZjBhYmYzMzk5OWJiNGEyZmMzN2YzZDAzNWUyMWE4NmVkYWI0MTVkYjk5ZjgzNTEyODMxYWU0ZTVlNmY2IiwidGFnIjoiIn0%3D; filebob_user_session=eyJpdiI6InNLb2hHZE5ZalVad2JUNDdyQ3I0b2c9PSIsInZhbHVlIjoib2k1a3FZV3hZSlVsSW0ybmdNeUs4RlpzZTNRd1A2RUhNSDZFZWFBQWdqc2hiRXV5NkNtVlMzVU15empDc3cvdFNBM2FaUzkvOUJYb2hYZDRPR2Y1OVp4YXZNZUZGanVCK2FRUS9nQkZLYzFTaitmK05TU3JWSHNZR1psZVFSanUiLCJtYWMiOiJhYTQwZDhkOGE1NGMxZjk0MzA4NjE3NDViMmYxOTQ0YTY2ZjE1MGNkMTI2ZGZjZTIzYTEwOTc2YzY2MjQ1OGNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:23 GMT
Server: Apache
Last-Modified: Mon, 01 Aug 2022 23:41:20 GMT
Accept-Ranges: bytes
Content-Length: 55331
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap
142.250.74.10200 OK 17 kB URL HTTP/2 fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap
IP 142.250.74.10:0
Hash dc43c26f925bfad57525424e7e0ee09f
d3fe13566468d04ab38067ff4da2a160a423dd83
9dec4c0a033ee7facb732977d8be3288b0199e33131eef7a28bddc9daf3d08b2
GET /css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 24 Sep 2022 20:52:23 GMT
date: Sat, 24 Sep 2022 20:52:23 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash da681c2f112645651e5b32be2cfcd052
2e57e4163b8ed8ceebe8c6dde5ff1aa5efc7b946
302a7e1f8156051b7c793c61fbe3e81096374431e22bd9821b4aa38e1a5772f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:52:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
54.149.83.187101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.83.187:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: MVURRMR6AjxW394dr3aVhQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 19W//+1KDNLWVMSo1Kn9ByL2cLQ=
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash dde08ad6d0d33c288ad70cce74175fbb
de2d638241098268be6c8fc01b748fde38f1dd96
164fa18665323f6274da69ec244a59054ac277e17c5792a04eb2907758e0e586
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:52:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mediafire.ec
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 14:52:00 GMT
expires: Thu, 21 Sep 2023 14:52:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 280823
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash da681c2f112645651e5b32be2cfcd052
2e57e4163b8ed8ceebe8c6dde5ff1aa5efc7b946
302a7e1f8156051b7c793c61fbe3e81096374431e22bd9821b4aa38e1a5772f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:52:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 85e1dfc3092ffc42ec10027e7f2028c6
c0afb0e6572bc3b99fa4bfa83be7b1d4bd88c054
974e20b200347f1cea6ffd59a3d49bfcaf75b6a7620ee732a85d4d3b27e495dd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "974E20B200347F1CEA6FFD59A3D49BFCAF75B6A7620EE732A85D4D3B27E495DD"
Last-Modified: Fri, 23 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=578
Expires: Sat, 24 Sep 2022 21:02:02 GMT
Date: Sat, 24 Sep 2022 20:52:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 520e80817e5aff9cc9c9c4830b97bc72
df7ecfa673cc66287aaef667eac719c3fdb1f388
06fcf5ba43e1040ad5490760442647c3b65fa765c054f603d6fb74ccfedeb011
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "06FCF5BA43E1040AD5490760442647C3B65FA765C054F603D6FB74CCFEDEB011"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21578
Expires: Sun, 25 Sep 2022 02:52:02 GMT
Date: Sat, 24 Sep 2022 20:52:24 GMT
Connection: keep-alive
sootproclaim.com/a6f5bf43f065fa9e87784c8f6d0db3aa/invoke.js
192.243.59.20200 OK 9.8 kB URL HTTP/1.1 sootproclaim.com/a6f5bf43f065fa9e87784c8f6d0db3aa/invoke.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26980), with no line terminators
Hash ab62b33f182fed8b8d0a63c72f44ffbd
a5122881b5535bfb35c745ba6a9a9d17a1f982ae
6804cf157a2395384577fe6cad798b632f20e8e377ef0235b2f8d06593919acd
Analyzer Verdict Alert quad9 Sinkholed
GET /a6f5bf43f065fa9e87784c8f6d0db3aa/invoke.js HTTP/1.1
Host: sootproclaim.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 24 Sep 2022 20:52:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3e6b9e5e88c255024a074600a342e1a5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
sootproclaim.com/af370454ef79526fb772bb377344d5dd/invoke.js
192.243.59.20200 OK 9.8 kB URL HTTP/1.1 sootproclaim.com/af370454ef79526fb772bb377344d5dd/invoke.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26980), with no line terminators
Hash c5439d496a3d8f743bb0b33a597e78ea
aa2dc0a484efe1816883c416ff67fcdfa190a7d0
19d5c23bf021b4a5a9e75fddec7352eef1eb20b3e2e34f178c588bfa312d3aa8
Analyzer Verdict Alert quad9 Sinkholed
GET /af370454ef79526fb772bb377344d5dd/invoke.js HTTP/1.1
Host: sootproclaim.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 24 Sep 2022 20:52:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ee786c36abb37117cb04e7c6355220dc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
sootproclaim.com/32/58/e9/3258e9eeadcd2d67a724d425f246337a.js
192.243.59.20200 OK 20 kB URL HTTP/1.1 sootproclaim.com/32/58/e9/3258e9eeadcd2d67a724d425f246337a.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (59869)
Hash c9aaf94e3a7216c0d8e4ef32f1d00e9f
3ec06b1617512497aea60713576aa7fcb68f2ba6
0a3aa74aefef5773a80475dbf4d4b0b2bd30da7fa0996d6241c49126701c73ea
Analyzer Verdict Alert quad9 Sinkholed
GET /32/58/e9/3258e9eeadcd2d67a724d425f246337a.js HTTP/1.1
Host: sootproclaim.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 24 Sep 2022 20:52:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_hd-28118_1=1; expires=Sun, 02 Oct 2022 20:52:24 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6c437a1b092348c9f695c52a2905779e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
99.86.249.127200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 99.86.249.127:0
Hash 0748503adde2cb95a8d0b7a1611c5f80
eee215487ae9ac3cae37a92a4c761fc6d01f3320
67f8645c49b34ea64abd33c9f9429c2b032517d904fd0cddaa5e3d1c44458fa3
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 20:52:24 GMT
Last-Modified: Sat, 24 Sep 2022 19:06:52 GMT
Server: ECS (nyb/1D17)
X-Cache: Miss from cloudfront
Via: 1.1 9fef32c73ce85aca1efbc12a810558ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR3-C2
X-Amz-Cf-Id: rySpx43CdfKMEOvxN0pF9exVYPEFt5U821-tS9nvrJSnT2w2pJRs1Q==
Age: 6332
simplewebanalysis.com/stats
52.29.95.124200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.95.124:0
File type ASCII text, with no line terminators
Hash ee99070b1ab1e214f5c9ea39ac85bb1f
12c386654feac63e8941e69f5b12df134171afe0
80ff4b3dfe0f638722bf012f043d3e71022aee450d7dba9aa9f65cef6eaa5ddf
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediafire.ec
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:52:24 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://mediafire.ec
access-control-allow-credentials: true
set-cookie: uid_id2=9fa41e22-e66f-411b-b9b6-346fcd6eb890:2:1; expires=Tue, 21 Sep 2032 20:52:24 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.29.95.124200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.95.124:0
File type ASCII text, with no line terminators
Hash d322bc424fcc5e90110972877daeb7ab
dccf0678531f88164f86343f35bd722447e87858
4b41d930a953b16b9c7419dd07939cb5304a7f13baaa45884f893b69bf4d94ec
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediafire.ec
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:52:24 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://mediafire.ec
access-control-allow-credentials: true
set-cookie: uid_id2=56773a7b-098f-4b8f-9eeb-66ae00a85759:3:1; expires=Tue, 21 Sep 2032 20:52:24 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mediafire.ec
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 263896
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 13e24f9bf04d6d50a8c2ac7d0e45be55
3ca87e41be3d7f907715ca6f7f8d43cd007bb481
711e7a95012b4c71d8500e0f51be4a3332495c7d29438a813d7cfc30269dc2c1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "711E7A95012B4C71D8500E0F51BE4A3332495C7D29438A813D7CFC30269DC2C1"
Last-Modified: Fri, 23 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13087
Expires: Sun, 25 Sep 2022 00:30:31 GMT
Date: Sat, 24 Sep 2022 20:52:24 GMT
Connection: keep-alive
mediafire.ec/assets/vendor/webfonts/fa-regular-400.woff2
173.212.242.246200 OK 13 kB URL HTTP/1.1 mediafire.ec/assets/vendor/webfonts/fa-regular-400.woff2
IP 173.212.242.246:0
File type Web Open Font Format (Version 2), TrueType, length 13224, version 331.-31196\012- data
Hash b91d376b8d7646d671cd820950d5f7f1
13517529affa39e2585c591acae6dc336b6aa917
e42a88444448ac3d60549cc7c1ff2c8a9cac721034c073d80a14a44e79730cca
GET /assets/vendor/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: mediafire.ec
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://mediafire.ec/assets/vendor/libs/fontawesome/fontawesome.min.css
Cookie: XSRF-TOKEN=eyJpdiI6IkFSMjV0TjNXK2xpTUtiTmtXREVpV2c9PSIsInZhbHVlIjoiOHQrL1BMUFhCMmhFSUgycHg5QzFOWUtPSm5qcmUzUDZnYVFPcEEwZHErVXdVdEdYb3Bxek5UMk84bllHckJZaFVJbHhuU3dGT2psZzJXemI1cFBIMFFDVmRRWnZjOWFkQlRGbTlmbHcrQjBkNWZWcjlpTVRvNFhNcVBRbnZYYnIiLCJtYWMiOiI1NDJmZjBhYmYzMzk5OWJiNGEyZmMzN2YzZDAzNWUyMWE4NmVkYWI0MTVkYjk5ZjgzNTEyODMxYWU0ZTVlNmY2IiwidGFnIjoiIn0%3D; filebob_user_session=eyJpdiI6InNLb2hHZE5ZalVad2JUNDdyQ3I0b2c9PSIsInZhbHVlIjoib2k1a3FZV3hZSlVsSW0ybmdNeUs4RlpzZTNRd1A2RUhNSDZFZWFBQWdqc2hiRXV5NkNtVlMzVU15empDc3cvdFNBM2FaUzkvOUJYb2hYZDRPR2Y1OVp4YXZNZUZGanVCK2FRUS9nQkZLYzFTaitmK05TU3JWSHNZR1psZVFSanUiLCJtYWMiOiJhYTQwZDhkOGE1NGMxZjk0MzA4NjE3NDViMmYxOTQ0YTY2ZjE1MGNkMTI2ZGZjZTIzYTEwOTc2YzY2MjQ1OGNlIiwidGFnIjoiIn0%3D; _ga_V8VNCY2TKQ=GS1.1.1664052742.1.0.1664052742.60.0.0; _ga=GA1.1.697190342.1664052743; _ga_Z8L71EHDEN=GS1.1.1664052742.1.0.1664052742.0.0.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:24 GMT
Server: Apache
Last-Modified: Wed, 04 Aug 2021 15:25:46 GMT
Accept-Ranges: bytes
Content-Length: 13224
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: font/woff2
simplewebanalysis.com/stats
52.29.95.124200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.95.124:0
File type ASCII text, with no line terminators
Hash 125b33665fa6b973c9e11848aaa10e77
a8fae4502e45890eda93c20f91d1804ce62a9eb5
ab5f46d4d12d09548cd509f25116cb126c9b2e5e443257c7e4751dbb0553e355
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediafire.ec
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:52:24 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://mediafire.ec
access-control-allow-credentials: true
set-cookie: uid_id2=338b13d9-4f8b-4137-b745-f61f2dd4c7fe:3:1; expires=Tue, 21 Sep 2032 20:52:24 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
region1.analytics.google.com/g/collect?v=2&tid=G-V8VNCY2TKQ>m=2oe9l0&_p=1989681982&_gaz=1&cid=697190342.1664052743&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664052742&sct=1&seg=0&dl=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&dt=Mediafire%20Ecuador%20%E2%80%94%20Download%20%E2%80%94%20SmartGaGa%201.3.exe&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.analytics.google.com/g/collect?v=2&tid=G-V8VNCY2TKQ>m=2oe9l0&_p=1989681982&_gaz=1&cid=697190342.1664052743&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664052742&sct=1&seg=0&dl=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&dt=Mediafire%20Ecuador%20%E2%80%94%20Download%20%E2%80%94%20SmartGaGa%201.3.exe&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-V8VNCY2TKQ>m=2oe9l0&_p=1989681982&_gaz=1&cid=697190342.1664052743&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664052742&sct=1&seg=0&dl=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&dt=Mediafire%20Ecuador%20%E2%80%94%20Download%20%E2%80%94%20SmartGaGa%201.3.exe&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediafire.ec
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://mediafire.ec
date: Sat, 24 Sep 2022 20:52:24 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd8e3570655a88b47a20fb93af0fc0c5
6ebbd655af47cbe0788f5ea6a7d9cd457bda2f33
12bc57afd44ddf43fc3802ecc23e743660b146acff0958093fcea30e96b02f6b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:52:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.google-analytics.com/g/collect?v=2&tid=G-Z8L71EHDEN>m=2oe9l0&_p=1989681982&cid=697190342.1664052743&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664052742&sct=1&seg=0&dl=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&dt=Mediafire%20Ecuador%20%E2%80%94%20Download%20%E2%80%94%20SmartGaGa%201.3.exe&en=page_view&_fv=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-Z8L71EHDEN>m=2oe9l0&_p=1989681982&cid=697190342.1664052743&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664052742&sct=1&seg=0&dl=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&dt=Mediafire%20Ecuador%20%E2%80%94%20Download%20%E2%80%94%20SmartGaGa%201.3.exe&en=page_view&_fv=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-Z8L71EHDEN>m=2oe9l0&_p=1989681982&cid=697190342.1664052743&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664052742&sct=1&seg=0&dl=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&dt=Mediafire%20Ecuador%20%E2%80%94%20Download%20%E2%80%94%20SmartGaGa%201.3.exe&en=page_view&_fv=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediafire.ec
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://mediafire.ec
date: Sat, 24 Sep 2022 20:52:24 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stats.g.doubleclick.net/g/collect?v=2&tid=G-V8VNCY2TKQ&cid=697190342.1664052743>m=2oe9l0&aip=1
64.233.162.157204 No Content 0 B URL HTTP/2 stats.g.doubleclick.net/g/collect?v=2&tid=G-V8VNCY2TKQ&cid=697190342.1664052743>m=2oe9l0&aip=1
IP 64.233.162.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-V8VNCY2TKQ&cid=697190342.1664052743>m=2oe9l0&aip=1 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediafire.ec
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://mediafire.ec
date: Sat, 24 Sep 2022 20:52:24 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0e5edac0eefabfa5d7a942d55dfb4f20
8af3b10e9d8cad9811e5e7ddc6e8ce90babe454d
737dda30c047838b8e04763b6ccae454e1d9273beffda3f2524aecfdb1da787e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "737DDA30C047838B8E04763B6CCAE454E1D9273BEFFDA3F2524AECFDB1DA787E"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10948
Expires: Sat, 24 Sep 2022 23:54:52 GMT
Date: Sat, 24 Sep 2022 20:52:24 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd8e3570655a88b47a20fb93af0fc0c5
6ebbd655af47cbe0788f5ea6a7d9cd457bda2f33
12bc57afd44ddf43fc3802ecc23e743660b146acff0958093fcea30e96b02f6b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:52:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b762e56ac381061c49fa63dacc3596d1
337b9c2749c9b8514d264c56ab62f171be7bd379
1b4b0d3a37121c222fc2194de8bc503ef6a5de6f2cdf08ccc568e455baefd4c4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1B4B0D3A37121C222FC2194DE8BC503EF6A5DE6F2CDF08CCC568E455BAEFD4C4"
Last-Modified: Fri, 23 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4041
Expires: Sat, 24 Sep 2022 21:59:45 GMT
Date: Sat, 24 Sep 2022 20:52:24 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 13e24f9bf04d6d50a8c2ac7d0e45be55
3ca87e41be3d7f907715ca6f7f8d43cd007bb481
711e7a95012b4c71d8500e0f51be4a3332495c7d29438a813d7cfc30269dc2c1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "711E7A95012B4C71D8500E0F51BE4A3332495C7D29438A813D7CFC30269DC2C1"
Last-Modified: Fri, 23 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13087
Expires: Sun, 25 Sep 2022 00:30:31 GMT
Date: Sat, 24 Sep 2022 20:52:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e4bfc75f0d16c27c43c29cf51f6d2d60
c8a6ae371aa871efed540b31fd917db70d8b7a4d
5eb1c7acfa0dc6413b12953820f124b668f2eec4639a25db5173c4eaa70119a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EB1C7ACFA0DC6413B12953820F124B668F2EEC4639A25DB5173C4EAA70119A3"
Last-Modified: Fri, 23 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8857
Expires: Sat, 24 Sep 2022 23:20:01 GMT
Date: Sat, 24 Sep 2022 20:52:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash eeca3cf34c0c9079ea217bba7cc07ec2
f824bc60f2effb5efca6da77ed8c12e95de573c4
2c67d1ac69356360bb4c380d2e04c57391273f35db84999191f03da39bb80a71
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2C67D1AC69356360BB4C380D2E04C57391273F35DB84999191F03DA39BB80A71"
Last-Modified: Sat, 24 Sep 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4304
Expires: Sat, 24 Sep 2022 22:04:08 GMT
Date: Sat, 24 Sep 2022 20:52:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash eeca3cf34c0c9079ea217bba7cc07ec2
f824bc60f2effb5efca6da77ed8c12e95de573c4
2c67d1ac69356360bb4c380d2e04c57391273f35db84999191f03da39bb80a71
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2C67D1AC69356360BB4C380D2E04C57391273F35DB84999191F03DA39BB80A71"
Last-Modified: Sat, 24 Sep 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4304
Expires: Sat, 24 Sep 2022 22:04:08 GMT
Date: Sat, 24 Sep 2022 20:52:24 GMT
Connection: keep-alive
refutationtiptoe.com/e3/2a/72/e32a72b451949cef049953747e51b002.js
173.233.139.164200 OK 13 kB URL HTTP/1.1 refutationtiptoe.com/e3/2a/72/e32a72b451949cef049953747e51b002.js
IP 173.233.139.164:0
File type ASCII text, with very long lines (37144), with no line terminators
Hash 90da841093da830680b17f1f671bff78
8367fe85da4ca2b68b13c90ed38699bcfe9db85c
0c59d0b21693545551bb8ac6c018b55b361431c4b2dffcbf2d1f5934a49be4d2
Analyzer Verdict Alert quad9 Sinkholed
GET /e3/2a/72/e32a72b451949cef049953747e51b002.js HTTP/1.1
Host: refutationtiptoe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 24 Sep 2022 20:52:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 42d5c51a90ba452a5d15faa5141254ff
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3866
Expires: Sat, 24 Sep 2022 21:56:50 GMT
Date: Sat, 24 Sep 2022 20:52:24 GMT
Connection: keep-alive
refutationtiptoe.com/watch.1181008138586.js?key=a6f5bf43f065fa9e87784c8f6d0db3aa&kw=%5B%22mediafire%22%2C%22ecuador%22%2C%22%E2%80%94%22%2C%22download%22%2C%22%E2%80%94%22%2C%22smartgaga%22%2C%221%22%2C%223%22%2C%22exe%22%5D&refer=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&tz=0&dev=r&res=12.31&uuid=56773a7b-098f-4b8f-9eeb-66ae00a85759%3A3%3A1
173.233.139.164307 Temporary Redirect 0 B URL HTTP/1.1 refutationtiptoe.com/watch.1181008138586.js?key=a6f5bf43f065fa9e87784c8f6d0db3aa&kw=%5B%22mediafire%22%2C%22ecuador%22%2C%22%E2%80%94%22%2C%22download%22%2C%22%E2%80%94%22%2C%22smartgaga%22%2C%221%22%2C%223%22%2C%22exe%22%5D&refer=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&tz=0&dev=r&res=12.31&uuid=56773a7b-098f-4b8f-9eeb-66ae00a85759%3A3%3A1
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1181008138586.js?key=a6f5bf43f065fa9e87784c8f6d0db3aa&kw=%5B%22mediafire%22%2C%22ecuador%22%2C%22%E2%80%94%22%2C%22download%22%2C%22%E2%80%94%22%2C%22smartgaga%22%2C%221%22%2C%223%22%2C%22exe%22%5D&refer=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&tz=0&dev=r&res=12.31&uuid=56773a7b-098f-4b8f-9eeb-66ae00a85759%3A3%3A1 HTTP/1.1
Host: refutationtiptoe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediafire.ec
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sat, 24 Sep 2022 20:52:24 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://mediafire.ec
Access-Control-Allow-Origin: https://mediafire.ec
Access-Control-Allow-Credentials: true
Location: https://refutationtiptoe.com/watch.1181008138586.js?key=a6f5bf43f065fa9e87784c8f6d0db3aa&kw=%5B%22mediafire%22%2C%22ecuador%22%2C%22%E2%80%94%22%2C%22download%22%2C%22%E2%80%94%22%2C%22smartgaga%22%2C%221%22%2C%223%22%2C%22exe%22%5D&refer=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&tz=0&dev=r&res=12.31&uuid=56773a7b-098f-4b8f-9eeb-66ae00a85759%3A3%3A1&shu=088f346b8ec30935d42d43b5cb09f8c62f6f6c2f062ca9ee667c6a8357af8f15a4eb31554fb8ac37684540542f44b6059f48006e3f85fb32b04753f15c9b0cc70db4205f29359909af6eff62000a02ebecf45bc8d82825c1ce527a222d02126202&pst=1664052804&rmtc=t
Set-Cookie: u_pl=17579171; expires=Sun, 25 Sep 2022 20:52:24 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzU3OTE3MSwiayI6ImE2ZjViZjQzZjA2NWZhOWU4Nzc4NGM4ZjZkMGRiM2FhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ0MTAwLCJwaWQiOjk0NTIxLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjIzLCJwdCI6NCwicGsiOiJjbWVxd2QycyIsImNwa3MiOnsgIjI5IjoiZTMyYTcyYjQ1MTk0OWNlZjA0OTk1Mzc0N2U1MWIwMDIifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL21lZGlhZmlyZS5lYy9lbi9rTFVCR3hUU2JOdkZzOWcvZmlsZSJ9fQ.ok7FULYPAY3oAxQSN1DvhEkge7uSO6YiP2mZKtP0KyM; expires=Sat, 24 Sep 2022 20:53:24 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7c3c9d1a6a99b8f648c177df7d5b5927
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3866
Expires: Sat, 24 Sep 2022 21:56:50 GMT
Date: Sat, 24 Sep 2022 20:52:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3866
Expires: Sat, 24 Sep 2022 21:56:50 GMT
Date: Sat, 24 Sep 2022 20:52:24 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa150280eb113504d61a25935c0f0127
ed04f74fbb4c77b21e2babc51a82857f5e23d169
07df17fffb391aa82efb09e30d97e88fa4dbe6df00e37bb90304f69179f4848e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10032
x-amzn-requestid: 521c4012-9834-4100-a7ed-30093502f1a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPBHGYoAMFh-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-77b03c321240d76a572d603a;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lAQOV9_fZ2RFvhRKMtDOeRTWJc-Jo1u-DrtJshcQuCSOUXVbNMjhaw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:56:56 GMT
age: 82528
etag: "ed04f74fbb4c77b21e2babc51a82857f5e23d169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 915f02e7338e993f5d10f4f54c95b629
474f359544eb5fe40a941487eb2d8f8e711f9934
848147b73f373d6d09b177205cc3294a93b5f57b863c454217ee7cdaf07a422f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1065
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:52:24 GMT
Last-Modified: Sat, 24 Sep 2022 20:34:39 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 280
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02a682b4703bb9d6381c762726c05531
1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8029
x-amzn-requestid: 2fc5c63d-5cef-42f4-a6d2-b55f51c57af6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0tHjGoAMFcFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-73f2f78a2d1ca8fc666d2571;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 7DX67a-HmEh76IorINvRU61AKtSiimdPnHFnYeR2OJezZJ1_mJq0MA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:59:08 GMT
age: 82396
etag: "1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
inklinkor.com/tag.min.js
172.67.211.29200 OK 35 kB IP 172.67.211.29:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 728ab312077b8538cdb9a339fff8f273
095ca168d0088cd628acf102a73109625f495ee9
ed0bd422112abb08657da7bcfd572baa756e4e300698140e3c3089da1003cd53
GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:52:24 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 209b0a457aac3a03cf8c38ea89911c2c
cache-control: max-age=86400
last-modified: Fri, 23 Sep 2022 16:05:44 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Sun, 25 Sep 2022 19:45:01 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 4043
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=geau%2FF8%2BQUHLa5PryHrVAOxrnBWFPuLEgd6jGgNPHXmHHXwnVGBfmgcz3xKHpRdSNp%2FEcbEXsLyPXG36w%2BI1Krkh13nQ3qVrVbNzVitgLtHenHeCfj3MdeZtN29Wi63h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fe6754cff0b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85d1d130-04e1-43f4-81d7-b15e9286f813.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85d1d130-04e1-43f4-81d7-b15e9286f813.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e1087dcce202bbbc8c84196bd2050662
670d89082f8da643e1196b11fb64bf71707f0e8d
f6a7b6e07177431d7845e2f2b7b1b3b76088671db32aeef580a72e9bd3ddae00
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85d1d130-04e1-43f4-81d7-b15e9286f813.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8354
x-amzn-requestid: 3ec3470c-2268-4102-af88-27dcfed76bfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPCGOcoAMF2xQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-481aa98b413690636fc3a2f0;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: dXqPCGTGK8gW86McTltPuNYKXQgUuSqcL_XbyRQitinH5LsUscmU2w==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:47:49 GMT
age: 83075
etag: "670d89082f8da643e1196b11fb64bf71707f0e8d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 55d224ac83a417772c98bc5080fb6689
a30f9044330824e70dde0dcc785890d981e6fdf5
b2ea4dea200109019a65834b98e31e8fac718a199513810a2819858be2b4470a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9935
x-amzn-requestid: 9eb8463d-172a-40a2-8eed-3c97b1260afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sQ5FARoAMFXQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e2738-3709a2f22ecc033532223b26;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:38:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: e5eETCL5yFnoG4HPx0Qv8hjGnlXx5vOL4syMx9uato8nuIHkSvMezg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:53:50 GMT
age: 82714
etag: "a30f9044330824e70dde0dcc785890d981e6fdf5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8d9af95acfc8b9b431eb1e020157f6d
f6f926be6e265a597aaede424f05fcd7c76fcc20
0b61d6cb0e0908cb8d303b9e951e2854166bd232e0291b5d698a6b757c064e88
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6386
x-amzn-requestid: 4380489e-d0ba-4f67-ac4f-67619ba34422
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7shGHryIAMF6zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e27a0-005f9c783c7722f16c178026;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:39:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: RuUOjTDRTkcaGFf_hTWrHZ89edOajgGUdl5PjbaUV7CUppat6IYsRg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:52:36 GMT
age: 82789
etag: "f6f926be6e265a597aaede424f05fcd7c76fcc20"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
peeredgerman.com/pixel/purst?dl=0&th=0&sc=0&rs=1903&rd=1903&fd=1005&bv=22.9.v.2&tmpl=70
173.233.137.36200 OK 0 B URL HTTP/1.1 peeredgerman.com/pixel/purst?dl=0&th=0&sc=0&rs=1903&rd=1903&fd=1005&bv=22.9.v.2&tmpl=70
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1903&rd=1903&fd=1005&bv=22.9.v.2&tmpl=70 HTTP/1.1
Host: peeredgerman.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 24 Sep 2022 20:52:25 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash af56ebb29d27fb6a049680fe85c8828b
235a3579a72192a6a1fc0366d6d8671e2630b9f5
68454f522f57ca84315459fbf178251544804533512e9bebb8a6e3f3bce12895
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:25 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 22 Sep 2022 18:25:22 GMT
Expires: Thu, 29 Sep 2022 18:25:21 GMT
Etag: "235a3579a72192a6a1fc0366d6d8671e2630b9f5"
Cache-Control: max-age=422575,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74fe67575f7b0b51-OSL
kazanwhoeveryowl.com/17/69/9a/17699a80bfafde3863831d5d1af8c05e.js
173.233.137.36200 OK 13 kB URL HTTP/1.1 kazanwhoeveryowl.com/17/69/9a/17699a80bfafde3863831d5d1af8c05e.js
IP 173.233.137.36:0
File type ASCII text, with very long lines (37144), with no line terminators
Hash 4db44fdc8049d91b5d855961dc70c28a
dbfaf040ae6a8f596bf1abb39f2297a5fde75084
52e67e0e651a8ec2683d5d175432faa3aab46edba4801c907df62f1f16a980fd
Analyzer Verdict Alert quad9 Sinkholed
GET /17/69/9a/17699a80bfafde3863831d5d1af8c05e.js HTTP/1.1
Host: kazanwhoeveryowl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 24 Sep 2022 20:52:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 62ed71d95a572a4a98424eca3c516bd5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
kazanwhoeveryowl.com/watch.1140060248682.js?key=af370454ef79526fb772bb377344d5dd&kw=%5B%22mediafire%22%2C%22ecuador%22%2C%22%E2%80%94%22%2C%22download%22%2C%22%E2%80%94%22%2C%22smartgaga%22%2C%221%22%2C%223%22%2C%22exe%22%5D&refer=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&tz=0&dev=r&res=12.31&uuid=338b13d9-4f8b-4137-b745-f61f2dd4c7fe%3A3%3A1
173.233.137.36307 Temporary Redirect 0 B URL HTTP/1.1 kazanwhoeveryowl.com/watch.1140060248682.js?key=af370454ef79526fb772bb377344d5dd&kw=%5B%22mediafire%22%2C%22ecuador%22%2C%22%E2%80%94%22%2C%22download%22%2C%22%E2%80%94%22%2C%22smartgaga%22%2C%221%22%2C%223%22%2C%22exe%22%5D&refer=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&tz=0&dev=r&res=12.31&uuid=338b13d9-4f8b-4137-b745-f61f2dd4c7fe%3A3%3A1
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1140060248682.js?key=af370454ef79526fb772bb377344d5dd&kw=%5B%22mediafire%22%2C%22ecuador%22%2C%22%E2%80%94%22%2C%22download%22%2C%22%E2%80%94%22%2C%22smartgaga%22%2C%221%22%2C%223%22%2C%22exe%22%5D&refer=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&tz=0&dev=r&res=12.31&uuid=338b13d9-4f8b-4137-b745-f61f2dd4c7fe%3A3%3A1 HTTP/1.1
Host: kazanwhoeveryowl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediafire.ec
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sat, 24 Sep 2022 20:52:25 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://mediafire.ec
Access-Control-Allow-Origin: https://mediafire.ec
Access-Control-Allow-Credentials: true
Location: https://kazanwhoeveryowl.com/watch.1140060248682.js?key=af370454ef79526fb772bb377344d5dd&kw=%5B%22mediafire%22%2C%22ecuador%22%2C%22%E2%80%94%22%2C%22download%22%2C%22%E2%80%94%22%2C%22smartgaga%22%2C%221%22%2C%223%22%2C%22exe%22%5D&refer=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&tz=0&dev=r&res=12.31&uuid=338b13d9-4f8b-4137-b745-f61f2dd4c7fe%3A3%3A1&shu=4aebf7ca4312f29ab15b2d33adefef37cfe7d64c3a7884ec96cc9cdcf6ee046b8042c67c1b6651d8b76382fb32e596f7b4a9b0a7ab04a2592cd9b69e8c8b8e7d34fd38066777024bb9c31af5883ae57dd4ddf4aab2ee3116dbb6dd4e94426a46&pst=1664052805&rmtc=t
Set-Cookie: u_pl=17483892; expires=Sun, 25 Sep 2022 20:52:25 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzQ4Mzg5MiwiayI6ImFmMzcwNDU0ZWY3OTUyNmZiNzcyYmIzNzczNDRkNWRkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODgzNjM3LCJwaWQiOjk0NTIxLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjIzLCJwdCI6NCwicGsiOiJxcjR1czF3NTRjIiwiY3BrcyI6eyAiMjkiOiIxNzY5OWE4MGJmYWZkZTM4NjM4MzFkNWQxYWY4YzA1ZSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWVkaWFmaXJlLmVjL2VuL2tMVUJHeFRTYk52RnM5Zy9maWxlIn19.etQdqdzn53IZ3Rgan7dXXJpXxueAQi-Mc5YPpf6TUN4; expires=Sat, 24 Sep 2022 20:53:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: eabe964af90c50609e1a849cce34c9c0
Strict-Transport-Security: max-age=0; includeSubdomains
bedrapiona.com/5/5397925/?oo=1&js_build=iclick-v1.430.0
139.45.197.234200 OK 1.4 kB URL HTTP/2 bedrapiona.com/5/5397925/?oo=1&js_build=iclick-v1.430.0
IP 139.45.197.234:0
Hash 6c4a32f7d23e3f56140396b357507b4f
6884260c2b835ef14feb20ef5937628be970cb34
8141fec5df94fcc022a04217f03b7b9d7bd2eb5600b40216c875d749f1f142a9
GET /5/5397925/?oo=1&js_build=iclick-v1.430.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediafire.ec
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 20:52:24 GMT
content-type: application/json
x-trace-id: 641d50a45d4d68a16bf3e7d2c97a192a
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://mediafire.ec
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=f76ae50933804b8da262f6d91697a056; expires=Sun, 24 Sep 2023 20:52:24 GMT; path=/; secure; SameSite=None
oaidts=1664052744; expires=Sun, 24 Sep 2023 20:52:24 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
refutationtiptoe.com/watch.1181008138586.js?key=a6f5bf43f065fa9e87784c8f6d0db3aa&kw=%5B%22mediafire%22%2C%22ecuador%22%2C%22%E2%80%94%22%2C%22download%22%2C%22%E2%80%94%22%2C%22smartgaga%22%2C%221%22%2C%223%22%2C%22exe%22%5D&refer=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&tz=0&dev=r&res=12.31&uuid=56773a7b-098f-4b8f-9eeb-66ae00a85759%3A3%3A1&shu=088f346b8ec30935d42d43b5cb09f8c62f6f6c2f062ca9ee667c6a8357af8f15a4eb31554fb8ac37684540542f44b6059f48006e3f85fb32b04753f15c9b0cc70db4205f29359909af6eff62000a02ebecf45bc8d82825c1ce527a222d02126202&pst=1664052804&rmtc=t
173.233.139.164200 OK 2.1 kB URL HTTP/1.1 refutationtiptoe.com/watch.1181008138586.js?key=a6f5bf43f065fa9e87784c8f6d0db3aa&kw=%5B%22mediafire%22%2C%22ecuador%22%2C%22%E2%80%94%22%2C%22download%22%2C%22%E2%80%94%22%2C%22smartgaga%22%2C%221%22%2C%223%22%2C%22exe%22%5D&refer=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&tz=0&dev=r&res=12.31&uuid=56773a7b-098f-4b8f-9eeb-66ae00a85759%3A3%3A1&shu=088f346b8ec30935d42d43b5cb09f8c62f6f6c2f062ca9ee667c6a8357af8f15a4eb31554fb8ac37684540542f44b6059f48006e3f85fb32b04753f15c9b0cc70db4205f29359909af6eff62000a02ebecf45bc8d82825c1ce527a222d02126202&pst=1664052804&rmtc=t
IP 173.233.139.164:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (2586)
Hash e1fd606ac88175c72de0da5fa6a86cd9
7f405a7389aefb777f276570de5a0cc677d0ec6d
9b253efd6c3298cfcf04f4b8e453cc3dcfb57c54e09568781466f539d9b9d9eb
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1181008138586.js?key=a6f5bf43f065fa9e87784c8f6d0db3aa&kw=%5B%22mediafire%22%2C%22ecuador%22%2C%22%E2%80%94%22%2C%22download%22%2C%22%E2%80%94%22%2C%22smartgaga%22%2C%221%22%2C%223%22%2C%22exe%22%5D&refer=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&tz=0&dev=r&res=12.31&uuid=56773a7b-098f-4b8f-9eeb-66ae00a85759%3A3%3A1&shu=088f346b8ec30935d42d43b5cb09f8c62f6f6c2f062ca9ee667c6a8357af8f15a4eb31554fb8ac37684540542f44b6059f48006e3f85fb32b04753f15c9b0cc70db4205f29359909af6eff62000a02ebecf45bc8d82825c1ce527a222d02126202&pst=1664052804&rmtc=t HTTP/1.1
Host: refutationtiptoe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediafire.ec
Referer: https://mediafire.ec/
Connection: keep-alive
Cookie: u_pl=17579171; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzU3OTE3MSwiayI6ImE2ZjViZjQzZjA2NWZhOWU4Nzc4NGM4ZjZkMGRiM2FhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ0MTAwLCJwaWQiOjk0NTIxLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjIzLCJwdCI6NCwicGsiOiJjbWVxd2QycyIsImNwa3MiOnsgIjI5IjoiZTMyYTcyYjQ1MTk0OWNlZjA0OTk1Mzc0N2U1MWIwMDIifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL21lZGlhZmlyZS5lYy9lbi9rTFVCR3hUU2JOdkZzOWcvZmlsZSJ9fQ.ok7FULYPAY3oAxQSN1DvhEkge7uSO6YiP2mZKtP0KyM
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 24 Sep 2022 20:52:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://mediafire.ec
Access-Control-Allow-Origin: https://mediafire.ec
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=56773a7b-098f-4b8f-9eeb-66ae00a85759:3:1; expires=Sat, 01 Oct 2022 20:52:25 GMT; secure; SameSite=None
iprc10891391c210bd46795f9c4a9bfa8170=3569808; expires=Sun, 25 Sep 2022 00:52:25 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 25 Sep 2022 20:52:25 GMT; secure; SameSite=None
uncs=1; expires=Sun, 25 Sep 2022 20:52:25 GMT; secure; SameSite=None
pdhtkv23=true; expires=Sun, 25 Sep 2022 20:52:25 GMT; secure; SameSite=None
uncs23=1; expires=Sun, 25 Sep 2022 20:52:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2fdddd38e0312e455a91df81d51fd319
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f0572919e89ef775d2faafdfee0b86db
1cd16614b2fb1f488f49d4cf9686d9b2591a741c
d6a578b97b79ce7801dbf11f1324b4d67fa269216713f3641dd8199c6b329cec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D6A578B97B79CE7801DBF11F1324B4D67FA269216713F3641DD8199C6B329CEC"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8644
Expires: Sat, 24 Sep 2022 23:16:29 GMT
Date: Sat, 24 Sep 2022 20:52:25 GMT
Connection: keep-alive
kazanwhoeveryowl.com/watch.1140060248682.js?key=af370454ef79526fb772bb377344d5dd&kw=%5B%22mediafire%22%2C%22ecuador%22%2C%22%E2%80%94%22%2C%22download%22%2C%22%E2%80%94%22%2C%22smartgaga%22%2C%221%22%2C%223%22%2C%22exe%22%5D&refer=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&tz=0&dev=r&res=12.31&uuid=338b13d9-4f8b-4137-b745-f61f2dd4c7fe%3A3%3A1&shu=4aebf7ca4312f29ab15b2d33adefef37cfe7d64c3a7884ec96cc9cdcf6ee046b8042c67c1b6651d8b76382fb32e596f7b4a9b0a7ab04a2592cd9b69e8c8b8e7d34fd38066777024bb9c31af5883ae57dd4ddf4aab2ee3116dbb6dd4e94426a46&pst=1664052805&rmtc=t
173.233.137.36200 OK 2.1 kB URL HTTP/1.1 kazanwhoeveryowl.com/watch.1140060248682.js?key=af370454ef79526fb772bb377344d5dd&kw=%5B%22mediafire%22%2C%22ecuador%22%2C%22%E2%80%94%22%2C%22download%22%2C%22%E2%80%94%22%2C%22smartgaga%22%2C%221%22%2C%223%22%2C%22exe%22%5D&refer=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&tz=0&dev=r&res=12.31&uuid=338b13d9-4f8b-4137-b745-f61f2dd4c7fe%3A3%3A1&shu=4aebf7ca4312f29ab15b2d33adefef37cfe7d64c3a7884ec96cc9cdcf6ee046b8042c67c1b6651d8b76382fb32e596f7b4a9b0a7ab04a2592cd9b69e8c8b8e7d34fd38066777024bb9c31af5883ae57dd4ddf4aab2ee3116dbb6dd4e94426a46&pst=1664052805&rmtc=t
IP 173.233.137.36:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (2638)
Hash 3c238b263bfafc0e665537ebd2ae9b2a
a5023537e71379f30165edfb340be69600698f1d
4cd705ea71afb1c918fdb723016b783d914b2370658bfa30df078f7cbb43a665
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1140060248682.js?key=af370454ef79526fb772bb377344d5dd&kw=%5B%22mediafire%22%2C%22ecuador%22%2C%22%E2%80%94%22%2C%22download%22%2C%22%E2%80%94%22%2C%22smartgaga%22%2C%221%22%2C%223%22%2C%22exe%22%5D&refer=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&tz=0&dev=r&res=12.31&uuid=338b13d9-4f8b-4137-b745-f61f2dd4c7fe%3A3%3A1&shu=4aebf7ca4312f29ab15b2d33adefef37cfe7d64c3a7884ec96cc9cdcf6ee046b8042c67c1b6651d8b76382fb32e596f7b4a9b0a7ab04a2592cd9b69e8c8b8e7d34fd38066777024bb9c31af5883ae57dd4ddf4aab2ee3116dbb6dd4e94426a46&pst=1664052805&rmtc=t HTTP/1.1
Host: kazanwhoeveryowl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediafire.ec
Referer: https://mediafire.ec/
Connection: keep-alive
Cookie: u_pl=17483892; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzQ4Mzg5MiwiayI6ImFmMzcwNDU0ZWY3OTUyNmZiNzcyYmIzNzczNDRkNWRkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODgzNjM3LCJwaWQiOjk0NTIxLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjIzLCJwdCI6NCwicGsiOiJxcjR1czF3NTRjIiwiY3BrcyI6eyAiMjkiOiIxNzY5OWE4MGJmYWZkZTM4NjM4MzFkNWQxYWY4YzA1ZSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWVkaWFmaXJlLmVjL2VuL2tMVUJHeFRTYk52RnM5Zy9maWxlIn19.etQdqdzn53IZ3Rgan7dXXJpXxueAQi-Mc5YPpf6TUN4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 24 Sep 2022 20:52:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://mediafire.ec
Access-Control-Allow-Origin: https://mediafire.ec
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=338b13d9-4f8b-4137-b745-f61f2dd4c7fe:3:1; expires=Sat, 01 Oct 2022 20:52:25 GMT; secure; SameSite=None
iprc10891391c210bd46795f9c4a9bfa8170=3569808; expires=Sun, 25 Sep 2022 00:52:25 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 25 Sep 2022 20:52:25 GMT; secure; SameSite=None
uncs=1; expires=Sun, 25 Sep 2022 20:52:25 GMT; secure; SameSite=None
pdhtkv23=true; expires=Sun, 25 Sep 2022 20:52:25 GMT; secure; SameSite=None
uncs23=1; expires=Sun, 25 Sep 2022 20:52:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c2c14dd154a3f00327820121afd844c3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 915f02e7338e993f5d10f4f54c95b629
474f359544eb5fe40a941487eb2d8f8e711f9934
848147b73f373d6d09b177205cc3294a93b5f57b863c454217ee7cdaf07a422f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1066
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:52:25 GMT
Last-Modified: Sat, 24 Sep 2022 20:34:39 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 825b2418e59f9f922455865d4142a84c
797e35706c702b37e3ddd1028aaac635248de9e7
adaf39b31abd0f2d4cd36805be0bad16f31ea4741b4d848c103c6384af711dc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ADAF39B31ABD0F2D4CD36805BE0BAD16F31EA4741B4D848C103C6384AF711DC9"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6853
Expires: Sat, 24 Sep 2022 22:46:38 GMT
Date: Sat, 24 Sep 2022 20:52:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d6ee5ae00f81eebec5b2df19615bf961
a5dad2f2ab11f399da5016e8d944fd3422a03974
2b0151b6a2c52676ab8de2403c9d6854439051654eacea98975c1ae070659439
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2B0151B6A2C52676AB8DE2403C9D6854439051654EACEA98975C1AE070659439"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11353
Expires: Sun, 25 Sep 2022 00:01:38 GMT
Date: Sat, 24 Sep 2022 20:52:25 GMT
Connection: keep-alive
cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png
45.133.44.9200 OK 106 kB URL HTTP/2 cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced\012- data
Size 106 kB (105910 bytes)
Hash a36b92bb68d9b579458560ba9b94862a
782d2932ccd3a56e5aad1cca7e6e7fb4a3cf23d6
9de12cf85ad80cae34d8bdaeb59169d75e3bd4f8b931ec90ea2c3be166647c0e
GET /cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:52:25 GMT
content-type: image/png
content-length: 105910
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 11:08:06 GMT
etag: "62e11c96-19db6"
expires: Mon, 26 Sep 2022 20:52:25 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
banquetunarmedgrater.com/advertisers.js
192.243.59.20200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 24 Sep 2022 20:52:25 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 962f462632d5a52a866768817c32fac3
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 530c1dbfa7d93dce1e33fba7a8633d6f
08aef81788250f1001953e36be697c9074b64a2f
e244b1f95dd2a2aa81175eee0a4888623f9dbdde9cca91df8972888d0c0d402d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5661
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:52:25 GMT
Last-Modified: Sat, 24 Sep 2022 19:18:04 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ea6011094da3116e1bb049caa0e491e1
5809e1f5b0beee0282601045c0a152853c977565
25bd8112864ac34144820c6aecf49dec7ff9cfb863d864ca0ebbf55dee213414
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:52:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-V8VNCY2TKQ&cid=697190342.1664052743>m=2oe9l0&aip=1&z=818220821
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-V8VNCY2TKQ&cid=697190342.1664052743>m=2oe9l0&aip=1&z=818220821
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-V8VNCY2TKQ&cid=697190342.1664052743>m=2oe9l0&aip=1&z=818220821 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 24 Sep 2022 20:52:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mediafire.ec/images/favicon.jpg
173.212.242.246200 OK 58 kB URL HTTP/1.1 mediafire.ec/images/favicon.jpg
IP 173.212.242.246:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 900x520, components 3\012- data
Hash d07471e34890e0a7dee289cc8e971eb7
9385e313753a1f089f07eaf829e0cead7fdaa467
4a614c3733417980741dce01626ae7123af18ff77023e9a62f6b42c30060d272
GET /images/favicon.jpg HTTP/1.1
Host: mediafire.ec
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/en/kLUBGxTSbNvFs9g/file
Cookie: XSRF-TOKEN=eyJpdiI6IkFSMjV0TjNXK2xpTUtiTmtXREVpV2c9PSIsInZhbHVlIjoiOHQrL1BMUFhCMmhFSUgycHg5QzFOWUtPSm5qcmUzUDZnYVFPcEEwZHErVXdVdEdYb3Bxek5UMk84bllHckJZaFVJbHhuU3dGT2psZzJXemI1cFBIMFFDVmRRWnZjOWFkQlRGbTlmbHcrQjBkNWZWcjlpTVRvNFhNcVBRbnZYYnIiLCJtYWMiOiI1NDJmZjBhYmYzMzk5OWJiNGEyZmMzN2YzZDAzNWUyMWE4NmVkYWI0MTVkYjk5ZjgzNTEyODMxYWU0ZTVlNmY2IiwidGFnIjoiIn0%3D; filebob_user_session=eyJpdiI6InNLb2hHZE5ZalVad2JUNDdyQ3I0b2c9PSIsInZhbHVlIjoib2k1a3FZV3hZSlVsSW0ybmdNeUs4RlpzZTNRd1A2RUhNSDZFZWFBQWdqc2hiRXV5NkNtVlMzVU15empDc3cvdFNBM2FaUzkvOUJYb2hYZDRPR2Y1OVp4YXZNZUZGanVCK2FRUS9nQkZLYzFTaitmK05TU3JWSHNZR1psZVFSanUiLCJtYWMiOiJhYTQwZDhkOGE1NGMxZjk0MzA4NjE3NDViMmYxOTQ0YTY2ZjE1MGNkMTI2ZGZjZTIzYTEwOTc2YzY2MjQ1OGNlIiwidGFnIjoiIn0%3D; _ga_V8VNCY2TKQ=GS1.1.1664052742.1.0.1664052742.60.0.0; _ga=GA1.1.697190342.1664052743; _ga_Z8L71EHDEN=GS1.1.1664052742.1.0.1664052742.0.0.0; dom3ic8zudi28v8lr6fgphwffqoz0j6c=338b13d9-4f8b-4137-b745-f61f2dd4c7fe%3A3%3A1; ppu_main_3258e9eeadcd2d67a724d425f246337a=1; prefetchAd_5397925=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:25 GMT
Server: Apache
Last-Modified: Tue, 02 Aug 2022 01:52:15 GMT
Accept-Ranges: bytes
Content-Length: 58500
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/jpeg
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ea6011094da3116e1bb049caa0e491e1
5809e1f5b0beee0282601045c0a152853c977565
25bd8112864ac34144820c6aecf49dec7ff9cfb863d864ca0ebbf55dee213414
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:52:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jsc.adskeeper.co.uk/m/e/mediafire.ec.1352279.js
104.18.26.174200 OK 909 B URL HTTP/2 jsc.adskeeper.co.uk/m/e/mediafire.ec.1352279.js
IP 104.18.26.174:0
File type ASCII text, with very long lines (2338)
Hash c799bec7c2c03dff923f8a6d591e0cbb
c15887f9ba5ac2228365bfe02c3cad49d35cfeed
2c8bf3afd9f5fc28f5080e49a68c5ef0cc6e14ade2c5d464c0e3443203ac5e2d
GET /m/e/mediafire.ec.1352279.js HTTP/1.1
Host: jsc.adskeeper.co.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:52:25 GMT
content-type: text/javascript
content-length: 909
x-amz-id-2: 4I5zn0+cBXux6Crc6FbahwHN/4Z44grq2rouet7kfV774e36BQOaUcXGRsRKLfwBRQSrKlqeTnc=
x-amz-request-id: DP9SC0XQDWBQQ9N9
last-modified: Wed, 07 Sep 2022 14:32:27 GMT
etag: "c799bec7c2c03dff923f8a6d591e0cbb"
content-encoding: gzip
x-amz-version-id: Q_EFMLgiTeIQ3ziezcGZsBckbwQBIUe_
cf-cache-status: REVALIDATED
expires: Sun, 25 Sep 2022 00:52:25 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fe675aedb5b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 530c1dbfa7d93dce1e33fba7a8633d6f
08aef81788250f1001953e36be697c9074b64a2f
e244b1f95dd2a2aa81175eee0a4888623f9dbdde9cca91df8972888d0c0d402d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5661
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:52:25 GMT
Last-Modified: Sat, 24 Sep 2022 19:18:04 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 278
jsc.adskeeper.co.uk/m/e/mediafire.ec.1352279.es6.js
104.18.26.174200 OK 80 kB URL HTTP/2 jsc.adskeeper.co.uk/m/e/mediafire.ec.1352279.es6.js
IP 104.18.26.174:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (33168)
Hash 2936faee721eddb72069105751c2e577
75be960ad9e11074145d563afa06f11fd30b3bd4
f316d13ee6a5e3409557f2d9e7f08830a4e1c7c3e11d2ac0176d8496219adc35
GET /m/e/mediafire.ec.1352279.es6.js HTTP/1.1
Host: jsc.adskeeper.co.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:52:25 GMT
content-type: text/javascript
content-length: 79774
x-amz-id-2: VPp92QBQawwBg26Oj9Xuxqwu0Zu+LclTwR6hVeZZT9HRdvX0WyOQa9ZfdLU3kNszA7/qKsF6pj4=
x-amz-request-id: ZBRCR6R6ZY36XAGT
last-modified: Wed, 07 Sep 2022 14:32:27 GMT
etag: "2936faee721eddb72069105751c2e577"
content-encoding: gzip
x-amz-version-id: HOqaHj_a77mmjlpo_5MtN_1z.dgSZcO5
cf-cache-status: REVALIDATED
expires: Sun, 25 Sep 2022 00:52:25 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fe675c9fbeb4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.net/gh/Arlina-Design/quasar@master/arlinablock.js
151.101.85.229200 OK 62 kB URL HTTP/2 cdn.jsdelivr.net/gh/Arlina-Design/quasar@master/arlinablock.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash e3bb3aeea207298d7922231bf702e69f
4cabbf62332899a21732ee1d11bbf3cabd895f5a
79bf30cc0e6102a8a59ffe8beddfecebe6675bff1c59f77cb8ca9031024c822b
GET /gh/Arlina-Design/quasar@master/arlinablock.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: master
x-jsd-version-type: branch
etag: W/"162b7-J7GuEbwR9hTtBO1SIcoyA3ddHw8"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 24 Sep 2022 20:52:26 GMT
age: 15610
x-served-by: cache-fra19142-FRA, cache-bma1655-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 61721
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.20.226:0
Hash a7dbd28631f2cd65457ccdbea290ee78
12efcf54961446205be819e1b8c98a5924b216d4
68e6bbf4c9903b3bfde80d73db96d99b44619a651a4f72d2db30b3c154282734
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:52:26 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "E72DE173302F4EDFCEFCA85A54D7097EC56E48C8"
Expires: Sun, 25 Sep 2022 08:00:00 GMT
Last-Modified: Sat, 24 Sep 2022 20:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 17
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fe675fdc9cb517-OSL
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
142.250.74.98200 OK 58 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP 142.250.74.98:0
File type ASCII text, with very long lines (2910)
Hash 27a219629bf5da676cbda551d828165b
f124889f5f97ee78cf382afeae11ca9bca8b7740
c9893b11d09f74971fd784b3c111b1ae5a17a3bf257ef6b4dc352e83f2f6d637
GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Origin
date: Sat, 24 Sep 2022 20:52:26 GMT
expires: Sat, 24 Sep 2022 20:52:26 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 9672986142060892862
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 58027
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/html/r20220921/r20190131/zrt_lookup.html
142.250.74.130200 OK 4.4 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20220921/r20190131/zrt_lookup.html
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1731)
Hash 682bf699cccbc0ff817e1fcb7b95262a
11ad3edf0008f52b733c2d6d7199e1f052318d58
bd42f773d589f85cf6884d7893746d5d4e0c082f78e1c80511cf3aefa1c69a0f
GET /pagead/html/r20220921/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4420
x-xss-protection: 0
date: Sat, 24 Sep 2022 03:27:15 GMT
expires: Sat, 08 Oct 2022 03:27:15 GMT
cache-control: public, max-age=1209600
age: 62711
etag: 9671129459699598864
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 968198a1616f58bae179ece51ddee081
255d4fd03085e47ca29f32aa918ecb9e2c6d0f31
5cceecab1e6a45fc389eb9f39fd24a346e8b7dae16d37c2bc9ffe6bd52a46c02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5CCEECAB1E6A45FC389EB9F39FD24A346E8B7DAE16D37C2BC9FFE6BD52A46C02"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10436
Expires: Sat, 24 Sep 2022 23:46:22 GMT
Date: Sat, 24 Sep 2022 20:52:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 968198a1616f58bae179ece51ddee081
255d4fd03085e47ca29f32aa918ecb9e2c6d0f31
5cceecab1e6a45fc389eb9f39fd24a346e8b7dae16d37c2bc9ffe6bd52a46c02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5CCEECAB1E6A45FC389EB9F39FD24A346E8B7DAE16D37C2BC9FFE6BD52A46C02"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10436
Expires: Sat, 24 Sep 2022 23:46:22 GMT
Date: Sat, 24 Sep 2022 20:52:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 968198a1616f58bae179ece51ddee081
255d4fd03085e47ca29f32aa918ecb9e2c6d0f31
5cceecab1e6a45fc389eb9f39fd24a346e8b7dae16d37c2bc9ffe6bd52a46c02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5CCEECAB1E6A45FC389EB9F39FD24A346E8B7DAE16D37C2BC9FFE6BD52A46C02"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10436
Expires: Sat, 24 Sep 2022 23:46:22 GMT
Date: Sat, 24 Sep 2022 20:52:26 GMT
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=338b13d9-4f8b-4137-b745-f61f2dd4c7fe&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=17699a80bfafde3863831d5d1af8c05e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=338b13d9-4f8b-4137-b745-f61f2dd4c7fe&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=17699a80bfafde3863831d5d1af8c05e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=338b13d9-4f8b-4137-b745-f61f2dd4c7fe&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=17699a80bfafde3863831d5d1af8c05e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 24 Sep 2022 20:52:26 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 89d937966c169423c3712af8ce54672f
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=338b13d9-4f8b-4137-b745-f61f2dd4c7fe&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=e32a72b451949cef049953747e51b002&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=338b13d9-4f8b-4137-b745-f61f2dd4c7fe&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=e32a72b451949cef049953747e51b002&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=338b13d9-4f8b-4137-b745-f61f2dd4c7fe&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=e32a72b451949cef049953747e51b002&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 24 Sep 2022 20:52:26 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 59e14e2c34652f49c8d91cd519ab61ba
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=338b13d9-4f8b-4137-b745-f61f2dd4c7fe&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=3258e9eeadcd2d67a724d425f246337a&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=338b13d9-4f8b-4137-b745-f61f2dd4c7fe&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=3258e9eeadcd2d67a724d425f246337a&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=338b13d9-4f8b-4137-b745-f61f2dd4c7fe&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=3258e9eeadcd2d67a724d425f246337a&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 24 Sep 2022 20:52:26 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 153b1b01a0c0f63cfc5b0bcb8cbf5df7
Strict-Transport-Security: max-age=0; includeSubdomains
creepingbrings.com/sfp.js
104.21.234.233200 OK 0 B URL HTTP/2 creepingbrings.com/sfp.js
IP 104.21.234.233:0
GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:52:25 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: bd86be755713f03c50e420f207700124
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 24 Sep 2022 20:52:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xjqbl4XKKb99zA6Q9y42rFQXOrqlekp5uS6bG5Ct9TmhME%2BKRSZGa5v5Y4oclGT%2FaE5zqydmd7w8mfp3cjNS6iFPZhVruJeSHu%2Fny1Pts9H69j0ZXXeMNbTMJVxORyVRUemsUBQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fe67585b6a7488-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
172.64.132.22200 OK 0 B URL HTTP/2 addresseepaper.com/sfp.js
IP 172.64.132.22:0
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:52:24 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 894f7d48bf2638c72548a9d216dc78c6
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 24 Sep 2022 20:52:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9QaerOMhOgVrowI00eMj28up2yWWJmQ0H1fhwXgqlT5nXueEGJHFq%2BEUaT47OezpXX0Y77tsUtXMAAtwC8jKgIT%2BVbCsdWAIUw4x80pilLXLboDWgkGV3Gy3G%2F2X%2Bdd0RC%2F7Db8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fe6755681a88a1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Almarai:wght@300;400;700&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Almarai:wght@300;400;700&display=swap
IP 142.250.74.10:0
GET /css2?family=Almarai:wght@300;400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire.ec/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 24 Sep 2022 20:52:23 GMT
date: Sat, 24 Sep 2022 20:52:23 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
onmarshtompor.com/?rb=MQT-D8F3Jjl5SR8XFceTFNUnb2--EK7duM-jgEukCBCBrWCCkQUkdd7OV8oG2DgtNrsGGR2U-PcnZ28dnRdD-x8gQ2CQkXs13Yy5rM1zZtaCJl1hsXwlrVLAibMc_xfZOhL_D3ZEDub4yR5dT6M3f0TQY6GDaNXG4upehw06cj3GtNJf6NF9OX5q_uWMPwCsxNPRBxXkBSBsGFXYJM5BvQ%3D%3D&request_ab2=0&zoneid=5397925&js_build=iclick-v1.430.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.430.0&bs=74e325ea-0316-4513-806e-9372e8b46d7c&userId=f76ae50933804b8da262f6d91697a056&m=link
139.45.197.243200 OK 0 B URL HTTP/2 onmarshtompor.com/?rb=MQT-D8F3Jjl5SR8XFceTFNUnb2--EK7duM-jgEukCBCBrWCCkQUkdd7OV8oG2DgtNrsGGR2U-PcnZ28dnRdD-x8gQ2CQkXs13Yy5rM1zZtaCJl1hsXwlrVLAibMc_xfZOhL_D3ZEDub4yR5dT6M3f0TQY6GDaNXG4upehw06cj3GtNJf6NF9OX5q_uWMPwCsxNPRBxXkBSBsGFXYJM5BvQ%3D%3D&request_ab2=0&zoneid=5397925&js_build=iclick-v1.430.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.430.0&bs=74e325ea-0316-4513-806e-9372e8b46d7c&userId=f76ae50933804b8da262f6d91697a056&m=link
IP 139.45.197.243:0
GET /?rb=MQT-D8F3Jjl5SR8XFceTFNUnb2--EK7duM-jgEukCBCBrWCCkQUkdd7OV8oG2DgtNrsGGR2U-PcnZ28dnRdD-x8gQ2CQkXs13Yy5rM1zZtaCJl1hsXwlrVLAibMc_xfZOhL_D3ZEDub4yR5dT6M3f0TQY6GDaNXG4upehw06cj3GtNJf6NF9OX5q_uWMPwCsxNPRBxXkBSBsGFXYJM5BvQ%3D%3D&request_ab2=0&zoneid=5397925&js_build=iclick-v1.430.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fmediafire.ec%2Fen%2FkLUBGxTSbNvFs9g%2Ffile&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.430.0&bs=74e325ea-0316-4513-806e-9372e8b46d7c&userId=f76ae50933804b8da262f6d91697a056&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mediafire.ec/
Origin: https://mediafire.ec
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 20:52:25 GMT
content-type: application/json
x-trace-id: a876ccbfa99055ab14c8b910a941e025
access-control-allow-origin: https://mediafire.ec
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=f76ae50933804b8da262f6d91697a056; expires=Sun, 24 Sep 2023 20:52:25 GMT; path=/; secure; SameSite=None
oaidts=1664052745; expires=Sun, 24 Sep 2023 20:52:25 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 01 Oct 2022 20:52:25 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2