mediafire11149186.xtrmetut-xzttrrqq.biz.id/
301 Moved Permanently 0 B URL HTTP/1.1 mediafire11149186.xtrmetut-xzttrrqq.biz.id/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: mediafire11149186.xtrmetut-xzttrrqq.biz.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 09 Jan 2023 06:52:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 09 Jan 2023 07:52:56 GMT
Location: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vxpABwS1sLDVhvwazIxl9sitzZO0DYPJGOP63PnRXkTBPJ7z6CzlXpgqeVdozpJWKN1cgzHsPA%2Be3vzDzVk%2BW0qQRFJtJOltSVbtb1FscwVJcUEDQNvltyA8I4HAiISA2ET7I%2Fj1ktk0WY0GI%2BPmeydrddYt5xRIAP%2BilJc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 786b40c2ee240b06-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b782882bdabaf3b08e64120922b4a4b7
2035ed7fc9fb5b6ee9715601ba43de5f94d0c0e9
3fe7d1a9a55b86ec25d02634749ccfae11f3477033ba8cd7ac4131b7948ba619
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3FE7D1A9A55B86EC25D02634749CCFAE11F3477033BA8CD7AC4131B7948BA619"
Last-Modified: Sat, 07 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3324
Expires: Mon, 09 Jan 2023 07:48:20 GMT
Date: Mon, 09 Jan 2023 06:52:56 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 516b9d6951b09439a51d5284994ed92f
5c78edb38bae36caa8e2db8ed6635a32e46c91dd
eaaf4ebc59d2a06d02b552154c5adb7c713ffc4a7f5caabcff1c2b4cd6ec5c7b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EAAF4EBC59D2A06D02B552154C5ADB7C713FFC4A7F5CAABCFF1C2B4CD6EC5C7B"
Last-Modified: Fri, 06 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4102
Expires: Mon, 09 Jan 2023 08:01:18 GMT
Date: Mon, 09 Jan 2023 06:52:56 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 09 Jan 2023 06:48:21 GMT
content-type: application/json
age: 275
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 89a058935fd04697c87e9441fbb466a9
59b5b08119374b1da34cff7e43a7c6dc80103f6e
3a3261f495323ff0f60067b2930b8d0e5e4e5cd6ae9b14929a88047587b735da
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3A3261F495323FF0F60067B2930B8D0E5E4E5CD6AE9B14929A88047587B735DA"
Last-Modified: Sat, 07 Jan 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4227
Expires: Mon, 09 Jan 2023 08:03:23 GMT
Date: Mon, 09 Jan 2023 06:52:56 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: PjToWM2jHER3QCJzN7qhHRfxXAobzFaj4A3ceV1hSvmzJ3CC3PRHhEdobw0ifHea8OspTul1hA0=
x-amz-request-id: 2696202AGPYTR9AE
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 09 Jan 2023 06:01:08 GMT
age: 3108
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 09 Jan 2023 06:52:56 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Expires, Last-Modified, Alert, Content-Type, Content-Length, ETag, Pragma, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 09 Jan 2023 06:33:44 GMT
age: 1152
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 54ac41a005cad66e958c904071ea1d4f
66932889be57eb15ab99237a69d292b12090c68d
52545e144a7ca5c37c5369d5f5b566b4e5e820b1920ab7fe8e413e7fe022e21b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6530
Cache-Control: max-age=100963
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:57 GMT
Etag: "63ba87aa-1d7"
Expires: Tue, 10 Jan 2023 10:55:40 GMT
Last-Modified: Sun, 08 Jan 2023 09:06:50 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jn1qdapCwYYWnCOUtwtSCg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Y7CbMXAXvSs8DDQMFsloKhFLhKM=
mediafire11149186.xtrmetut-xzttrrqq.biz.id/vhsfhqpdhdsih6/
301 Moved Permanently 274 B URL HTTP/1.1 mediafire11149186.xtrmetut-xzttrrqq.biz.id/vhsfhqpdhdsih6/
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3c864a715971b89922b3461536a47554
5a1a2d2a1fcf7f2a803aaf9a6d48022bd78f129d
8cfe595f59a701de21c29845aca46dc880c382af583ce57465897b46acece1b1
Analyzer Verdict Alert fortinet Phishing
GET /vhsfhqpdhdsih6/ HTTP/1.1
Host: mediafire11149186.xtrmetut-xzttrrqq.biz.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 09 Jan 2023 06:52:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 09 Jan 2023 07:52:57 GMT
Location: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/vhsfhqpdhdsih6/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3LeGfdYNJdnST%2FHQ2FGsO0BFarKsHqrJpIyNOuY%2Brgit3I7rDCO7u4rPKGqEZvJU2EC3Zhcwe%2B96Da361LQzFi1k%2BB5Ex3w%2BwUkvXOxmsHCspOIv4VvyCK7qCWcOZoyTmnha5%2Fz1gYm6%2BucZ%2Ff%2F5tu%2FvwH8chOnQy3Nq9Mk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 786b40cb0add0b06-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
200 OK 280 B IP
Hash 4284ed257f5495155b553062d19c53b5
242238bf2ffc6fe5d3658c04a5f87c3db68e7f0a
2f9b60fc4a7ba9cfa127cefb3d3478990de8d2b1720c123ebfc8d6be4783d3b2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2156
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:58 GMT
Last-Modified: Mon, 09 Jan 2023 06:17:03 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
200 OK 280 B IP
Hash 4284ed257f5495155b553062d19c53b5
242238bf2ffc6fe5d3658c04a5f87c3db68e7f0a
2f9b60fc4a7ba9cfa127cefb3d3478990de8d2b1720c123ebfc8d6be4783d3b2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2156
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:58 GMT
Last-Modified: Mon, 09 Jan 2023 06:17:03 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 67efa309cd1a12359fd7a5f70e366655
85ee5c0f2d9deeacbfe1a38bd18eb724138f066c
6872e796d42a65959b21ea56670a5c11643aa3bc06d51275b68dd3b23b0e1844
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 279 B IP
Hash bf1d99b7d6132aead6d3a618aa3443b8
5e68cd25b12e2aeec54055196816d85cd3f89abf
c410594053922d104c0a3b9b5f0fa0d421f6df9fa9773336994ef501e4982b39
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1146
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:58 GMT
Last-Modified: Mon, 09 Jan 2023 06:33:52 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 279 B IP
Hash bf1d99b7d6132aead6d3a618aa3443b8
5e68cd25b12e2aeec54055196816d85cd3f89abf
c410594053922d104c0a3b9b5f0fa0d421f6df9fa9773336994ef501e4982b39
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5065
Cache-Control: max-age=132963
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:58 GMT
Etag: "63bb0a64-117"
Expires: Tue, 10 Jan 2023 19:49:01 GMT
Last-Modified: Sun, 08 Jan 2023 18:24:36 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash cd1d39135eb079c9842a1696f1c3bacf
ee41d3b22fed5948c20a6d1639b6955a4252fc11
c1f219c13b6c6e622515b78d1549a1dacdc6fab1a2109d540e30d07a52990db5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 280 B IP
Hash 4284ed257f5495155b553062d19c53b5
242238bf2ffc6fe5d3658c04a5f87c3db68e7f0a
2f9b60fc4a7ba9cfa127cefb3d3478990de8d2b1720c123ebfc8d6be4783d3b2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2156
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:58 GMT
Last-Modified: Mon, 09 Jan 2023 06:17:03 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 280
cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0
200 OK 55 kB URL HTTP/2 cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0
IP
Hash 055e31cd601c042a9a4e5d60b4d756c6
06ab22850fa0b871707a31b35137ccb1a1dc93b2
7c808836c90db499e6efda78ee52070895572e67e19fbd8f7baa5e4647ef0758
GET /Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0 HTTP/1.1
Host: cdn.otnolatrnup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:58 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, no-transform, max-age=900
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
last-modified: Mon, 09 Jan 2023 06:50:02 GMT
cf-cache-status: HIT
age: 152
server: cloudflare
cf-ray: 786b40d13dd3b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash cd1d39135eb079c9842a1696f1c3bacf
ee41d3b22fed5948c20a6d1639b6955a4252fc11
c1f219c13b6c6e622515b78d1549a1dacdc6fab1a2109d540e30d07a52990db5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-829541-1
200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-829541-1
IP
File type ASCII text, with very long lines (1759)
Hash 4c0653530c7eb6bb672f344b569de10a
1cc2e0ec68e563c71d4db5b0bdb63ad269867507
3a78847e8947f74efd043c790870daa9de84921595c02f49547add0069daf4a9
GET /gtag/js?id=UA-829541-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 09 Jan 2023 06:52:58 GMT
expires: Mon, 09 Jan 2023 06:52:58 GMT
cache-control: private, max-age=900
last-modified: Mon, 09 Jan 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 45296
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
translate.googleapis.com/translate_static/css/translateelement.css
200 OK 4.2 kB URL HTTP/2 translate.googleapis.com/translate_static/css/translateelement.css
IP
File type ASCII text, with very long lines (22967)
Hash ca62e4394a468bc00ae23146e356f03c
8d5049d528ce5cc59d8a1b4bf157a16496845872
1395c950018d049a8a50485c888680b23d5c3a093b2d016b462abd2b75d4a798
GET /translate_static/css/translateelement.css HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 4167
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 09 Jan 2023 06:11:45 GMT
expires: Mon, 09 Jan 2023 07:11:45 GMT
cache-control: public, max-age=3600
last-modified: Thu, 05 Jan 2023 16:38:00 GMT
content-type: text/css
age: 2473
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c
200 OK 68 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c
IP
File type ASCII text, with very long lines (3974)
Hash 75d7e39a88fdd6d8de6c35a004ac15ec
e1f15210ef96f912d39167450d0f6578ff7515f4
6feb0a4ef9e09881f4d8e3e46f368c741c667afd710e7a0404cda9463d7bafd2
GET /gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 09 Jan 2023 06:52:58 GMT
expires: Mon, 09 Jan 2023 06:52:58 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68143
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-53LP4T
200 OK 74 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-53LP4T
IP
File type ASCII text, with very long lines (26731)
Hash fdc1ecd8b4db72b4dce4943ba8344276
3963d4ebc920386dcbbc703862a72738746a9f27
616bd4be232c25edbc0ac9a4ab466889bf770762f583a0fa6d145048eea96bc6
GET /gtm.js?id=GTM-53LP4T HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 09 Jan 2023 06:52:58 GMT
expires: Mon, 09 Jan 2023 06:52:58 GMT
cache-control: private, max-age=900
last-modified: Mon, 09 Jan 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73663
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 53e4963971e19408d4cf264bd653599d
271fa6d9b5843b97d579a713fbb48b388c61eba0
c3245e3793f7aab542ba2b4b719f5145a45ba29d536456ad629a364ab2df400b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/adsid/integrator.js?domain=www.mediafire.com
200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=www.mediafire.com
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.mediafire.com HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 09 Jan 2023 06:52:58 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com.au/adsid/integrator.js?domain=www.mediafire.com
200 OK 100 B URL HTTP/2 adservice.google.com.au/adsid/integrator.js?domain=www.mediafire.com
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.mediafire.com HTTP/1.1
Host: adservice.google.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 09 Jan 2023 06:52:58 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash cd1d39135eb079c9842a1696f1c3bacf
ee41d3b22fed5948c20a6d1639b6955a4252fc11
c1f219c13b6c6e622515b78d1549a1dacdc6fab1a2109d540e30d07a52990db5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 341531eb70a208f0bb6bced9bb40c5d8
523ef913fc4f9e6cd75e7ca95d9ed51daf90e91a
6b307f24cdcc90272a05b3cdf6cf2ec7459ae6d53687d5aa0427e307fbdf0fde
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 53e4963971e19408d4cf264bd653599d
271fa6d9b5843b97d579a713fbb48b388c61eba0
c3245e3793f7aab542ba2b4b719f5145a45ba29d536456ad629a364ab2df400b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 457ca75ed75785c514fb36a16792410f
fcc640c00713c93633d0b2887104c8fbc6c754f9
ff6a40bdaa6bc25eefb2d7ed130ea34460494d92c19c07dff4cc371c45d1ac44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF6A40BDAA6BC25EEFB2D7ED130EA34460494D92C19C07DFF4CC371C45D1AC44"
Last-Modified: Fri, 06 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5934
Expires: Mon, 09 Jan 2023 08:31:52 GMT
Date: Mon, 09 Jan 2023 06:52:58 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 457ca75ed75785c514fb36a16792410f
fcc640c00713c93633d0b2887104c8fbc6c754f9
ff6a40bdaa6bc25eefb2d7ed130ea34460494d92c19c07dff4cc371c45d1ac44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF6A40BDAA6BC25EEFB2D7ED130EA34460494D92C19C07DFF4CC371C45D1AC44"
Last-Modified: Fri, 06 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5934
Expires: Mon, 09 Jan 2023 08:31:52 GMT
Date: Mon, 09 Jan 2023 06:52:58 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 457ca75ed75785c514fb36a16792410f
fcc640c00713c93633d0b2887104c8fbc6c754f9
ff6a40bdaa6bc25eefb2d7ed130ea34460494d92c19c07dff4cc371c45d1ac44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF6A40BDAA6BC25EEFB2D7ED130EA34460494D92C19C07DFF4CC371C45D1AC44"
Last-Modified: Fri, 06 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5934
Expires: Mon, 09 Jan 2023 08:31:52 GMT
Date: Mon, 09 Jan 2023 06:52:58 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 457ca75ed75785c514fb36a16792410f
fcc640c00713c93633d0b2887104c8fbc6c754f9
ff6a40bdaa6bc25eefb2d7ed130ea34460494d92c19c07dff4cc371c45d1ac44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF6A40BDAA6BC25EEFB2D7ED130EA34460494D92C19C07DFF4CC371C45D1AC44"
Last-Modified: Fri, 06 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5934
Expires: Mon, 09 Jan 2023 08:31:52 GMT
Date: Mon, 09 Jan 2023 06:52:58 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 457ca75ed75785c514fb36a16792410f
fcc640c00713c93633d0b2887104c8fbc6c754f9
ff6a40bdaa6bc25eefb2d7ed130ea34460494d92c19c07dff4cc371c45d1ac44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF6A40BDAA6BC25EEFB2D7ED130EA34460494D92C19C07DFF4CC371C45D1AC44"
Last-Modified: Fri, 06 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5934
Expires: Mon, 09 Jan 2023 08:31:52 GMT
Date: Mon, 09 Jan 2023 06:52:58 GMT
Connection: keep-alive
c.aaxads.com/pxusr.gif
200 OK 43 B IP
File type GIF image data, version 87a, 1 x 1\012- data
Hash 6f1d74c7168076c7666246504a8c03f2
00656377deb1a4393e0cf0055385b08b2b81b46c
8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde
GET /pxusr.gif HTTP/1.1
Host: c.aaxads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:58 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 26 Feb 2018 13:29:58 GMT
unused62: 8096267
accept-ranges: bytes
cache-control: max-age=464653
expires: Sat, 14 Jan 2023 15:57:11 GMT
strict-transport-security: max-age=604800
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 786b40d318ecb4f9-OSL
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3ffb256-d515-4bd7-8804-5c32e070765c.jpeg
200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3ffb256-d515-4bd7-8804-5c32e070765c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d0ac656cdf72279d8aab7e906f067ecb
fd70a88299221cbbf71242e572a507bcb1ee45d8
fc6e1e38162173b45ddf5bd0838495fe05a8c12ac50b7977fd66281ed0a7a1cb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3ffb256-d515-4bd7-8804-5c32e070765c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7842
x-amzn-requestid: 2fea5ef4-795f-4d81-ad13-1d9cb738524c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eWhZ7FYVoAMFURA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b8e2a5-6f87591428c52a1a0afc7dee;Sampled=0
x-amzn-remapped-date: Sat, 07 Jan 2023 03:10:29 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: f5ueDtbSD0P2iJlf5_dYEq0VRouB2RP5_R9SF9gs2jx-l3WIhmc5GA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Mon, 09 Jan 2023 04:28:31 GMT
age: 8667
etag: "fd70a88299221cbbf71242e572a507bcb1ee45d8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f66a423-2d06-442e-9b60-52f1638487d5.jpeg
200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f66a423-2d06-442e-9b60-52f1638487d5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f0defc5fd929d3ca7df12b102b551453
f44e4ac4a10991e12994e3b5d6f3cc1b1658967a
f551a1c156ec30405668d66bff9e1359805b773457602e44748be80cbb1f8a23
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f66a423-2d06-442e-9b60-52f1638487d5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4687
x-amzn-requestid: 18bf71d4-030e-4a08-ae18-48fe037e6e0d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eWhZ7GzXIAMFnFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b8e2a5-710f414a2d1b239f6d59d73a;Sampled=0
x-amzn-remapped-date: Sat, 07 Jan 2023 03:10:29 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wkKw4Bgb_vxuY641mGDczUNQUfGXiozbOtpFwfK6aThfJj_q5T_IDg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 09 Jan 2023 03:49:53 GMT
age: 10985
etag: "f44e4ac4a10991e12994e3b5d6f3cc1b1658967a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c35b6f8-ae25-4552-b3cc-44e57542d5ec.jpeg
200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c35b6f8-ae25-4552-b3cc-44e57542d5ec.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 210f951bd43cd838048f3568adb84c8c
db87b6eeaad681f1232c104dd4d0a902a921ed6d
b0d21c80c6c53ba04c8b216f6428a0e8b8eff4ca16f44c31782857d4a2749c39
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c35b6f8-ae25-4552-b3cc-44e57542d5ec.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9407
x-amzn-requestid: 08f125d6-46ed-4a83-98bc-94f688def00c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eP6aMG3loAMFU5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b63dda-06f1fa975f43a24564b86524;Sampled=0
x-amzn-remapped-date: Thu, 05 Jan 2023 03:02:50 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 9n51KAFwvuNqst4kr1NAzrt1YnxqueZK8i5toCmJRVWOEITb2ohKLQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 3bb2b699cd244bf37141ea08a6a61732.cloudfront.net (CloudFront), 1.1 google
date: Sun, 08 Jan 2023 07:01:34 GMT
age: 85884
etag: "db87b6eeaad681f1232c104dd4d0a902a921ed6d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F334a9cec-5233-4d79-821a-adb923b9d115.jpeg
200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F334a9cec-5233-4d79-821a-adb923b9d115.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9adc723b6823a4cf4ca3595febeccfa3
e20675c6a85a03fab85576b65892790058072377
0717e810d9e1908a206f12f54e77caa829426bbfe8c178db4566151f3562c177
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F334a9cec-5233-4d79-821a-adb923b9d115.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6317
x-amzn-requestid: 144bd535-24b1-414d-94dc-8fc40838572c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ecWFdH7GIAMFavA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bb36ef-5a595f255fd3f929499d782b;Sampled=0
x-amzn-remapped-date: Sun, 08 Jan 2023 21:34:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HvzCI2mKasNP1XSUHrsNGt8YVbtWcJQPtqs-Lu3Vnw3ERrrd4d2W1A==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 08 Jan 2023 21:42:06 GMT
age: 33052
etag: "e20675c6a85a03fab85576b65892790058072377"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg
200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash afcc8f4875f4b74ca0640829b689731e
584d0e11665ae89f9a294baf1e9bb4f0e4e9a4df
3e487396389c4330abc99bc99053eecc6aaf56f7afa398d70c30e1f4709577a0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13626
x-amzn-requestid: 4769eaeb-0c78-4054-ad47-eefdd6ab2d03
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eWHMZErbIAMF6sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b8b8b5-4c7bacfe060899044e361f70;Sampled=0
x-amzn-remapped-date: Sat, 07 Jan 2023 00:11:33 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: H3uGFYbyPSwFZQCvn99EtVQw1Xz9DBbTgrK2FmfoKYBcZXkj60CbuQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 abbf2df97f9d83839470842dc2e68cb6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 08 Jan 2023 13:24:11 GMT
age: 62927
etag: "584d0e11665ae89f9a294baf1e9bb4f0e4e9a4df"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faede32e1-a6ef-46a9-8048-2bc4b3382d7b.jpeg
200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faede32e1-a6ef-46a9-8048-2bc4b3382d7b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a0473691ea0d4426c66441d3e049b139
2ba1b24cc0f903a534458642236adc8495d87519
5475d4935fea484eabbac57be8e5604952f59374e1ccf26392c3283d39b96a8d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faede32e1-a6ef-46a9-8048-2bc4b3382d7b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 173c95c5-690c-4381-9cf1-cb31e4456f14
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eQd8LF0YoAMFTUg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b676b4-0b9191ab25e33cb436995203;Sampled=0
x-amzn-remapped-date: Thu, 05 Jan 2023 07:05:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ugd6PvgcQYjFctkOjVM5zXz3muWfr3o-8qf2hLbu-B_orF1ruOiTGQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sun, 08 Jan 2023 08:02:04 GMT
age: 82254
etag: "2ba1b24cc0f903a534458642236adc8495d87519"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.jsdelivr.net/gh/stylesheett/jquery.min.js@main/slim.js
200 OK 40 kB URL HTTP/2 cdn.jsdelivr.net/gh/stylesheett/jquery.min.js@main/slim.js
IP
Hash b74f1b5dcf6e1bb945570c4fbccd6ca6
60f811e583839147337fa47f78a2d5c35bb8fdba
00d985a98ef41f3c2ec4f4a99ec6e04b752b925b4afa079c44ef5356adbc1ca2
GET /gh/stylesheett/jquery.min.js@main/slim.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: main
x-jsd-version-type: branch
etag: W/"2c68c-0mnOY3Agc98IzSXRzjVvoPyAYF4"
content-encoding: gzip
accept-ranges: bytes
date: Mon, 09 Jan 2023 06:52:58 GMT
age: 24912
x-served-by: cache-fra-eddf8230107-FRA, cache-bma1655-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 40309
X-Firefox-Spdy: h2
static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
200 OK 6.6 kB URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
IP
Hash 18107b08f99974e1711ffa729f34daaa
d3037d3faba7876e5b7912d2573c1d9f632bc8a0
2d357c6379ff69761cb38972135f9551ab6db878f41dacc9f527bb23a8d798d6
GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:58 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 786b40d37f17b51b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
status.geotrust.com/
200 OK 471 B IP
Hash e5336678c17c977c68dce722c73545fa
68f1d4040e7f4948869c2fa05d0d3a5d8ea32365
56b44c2b75914d22abef7f4c1c032ab5b7e001adaa5e0984841e0ce92250d906
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6492
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:59 GMT
Last-Modified: Mon, 09 Jan 2023 05:04:47 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
ocsp.sectigo.com/
200 OK 472 B IP
Hash 5b8a3d058dbbfeade120bc70987f1ff9
30bb0169285d902428b583d1aa3ab9ab063b491b
c3ad5516a5020a0565c9bf3fdb11ae547d44e7e69a61490b1934424df3086544
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 09 Jan 2023 06:52:59 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 07 Jan 2023 07:44:40 GMT
Expires: Sat, 14 Jan 2023 07:44:39 GMT
Etag: "30bb0169285d902428b583d1aa3ab9ab063b491b"
Cache-Control: max-age=434499,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 786b40d5cb2fb4f9-OSL
jp-u.openx.net/w/1.0/pd?plm=10&ph=74c7d33a-f978-474b-98bd-3e72347fbee9&gdpr=0
302 Found 0 B URL HTTP/2 jp-u.openx.net/w/1.0/pd?plm=10&ph=74c7d33a-f978-474b-98bd-3e72347fbee9&gdpr=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /w/1.0/pd?plm=10&ph=74c7d33a-f978-474b-98bd-3e72347fbee9&gdpr=0 HTTP/1.1
Host: jp-u.openx.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
set-cookie: i=962240c2-16a6-03ff-3eff-b3255939069d|1673247179; Version=1; Expires=Tue, 09-Jan-2024 06:52:59 GMT; Max-Age=31536000; Domain=.openx.net; Path=/
server: OXGW/0.0.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://jp-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=74c7d33a-f978-474b-98bd-3e72347fbee9&gdpr=0
date: Mon, 09 Jan 2023 06:52:59 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 27d78738a9609be605b9885f7a5f90e1
cc0794b5d6eff980221081c785662ffa3f770f13
388060a0450ea600c005936f51fbb7e7779ab49eb33044141926cfdb2cf01be3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.mediafire.com/images/backgrounds/footer/social/footerIcons.png
200 OK 583 B URL HTTP/2 static.mediafire.com/images/backgrounds/footer/social/footerIcons.png
IP
File type PNG image data, 112 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash e0abc4fea89d2c5153b73cd02ac5ba13
00465ef774805c82fb5b8a40b743f7b1a1d1a7d6
f917a9105c311331b1d40f4d2bdbf11233c1c465616c1a9c46232f451463b061
GET /images/backgrounds/footer/social/footerIcons.png HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:59 GMT
content-type: image/png
content-length: 583
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: "62deda56-247"
expires: Wed, 08 Feb 2023 03:32:42 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1315
accept-ranges: bytes
set-cookie: __cf_bm=jfsdby3QcMjS0VIY9hnvsR1qYMxmoZpLTT1QLGizBJw-1673247179-0-AaqK3At4CTnGCBneOSt3Zpq7mypmFv9xN7yaVkiRGtG4mmvYsSL9CDYo+Z7haBQI7uz4C3sNRcvy4OBGVLV8z7Y=; path=/; expires=Mon, 09-Jan-23 07:22:59 GMT; domain=.mediafire.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 786b40d62d6db4ee-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 8b33ebf66adf8ea748d256ed5248639a
54f661bd5cdfe8ec55371d0d7d63437abc1d54b7
d7b4bf07bc0c94009920239a1136dfdafa898ac2efab9d4131e68682f826e76b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
85d03a68e65d779d96bdb6794e318fd8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
200 OK 3.1 kB URL HTTP/2 85d03a68e65d779d96bdb6794e318fd8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5835)
Hash 3fa5e95a358d660ddb3c45769ae1357f
5f6164fbaf8cfbccfd061b00ae48dedfc16bbcd9
d32f4b680031c0e11222eb17385aa9d3b11d2903b05bff34c3d4eb6292631137
GET /safeframe/1-0-38/html/container.html HTTP/1.1
Host: 85d03a68e65d779d96bdb6794e318fd8.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 07 Jan 2023 19:41:58 GMT
expires: Sun, 07 Jan 2024 19:41:58 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 126661
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jp-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=74c7d33a-f978-474b-98bd-3e72347fbee9&gdpr=0
200 OK 99 B URL HTTP/2 jp-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=74c7d33a-f978-474b-98bd-3e72347fbee9&gdpr=0
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash c3280775e6f0d91ad4f2210b819655c0
2e216cac6678259f3077e893a5838b5c749a57e7
847173dcee1cf0dcb48fa3058173f36ffae1b4b528cff7b8f582b20f0be607ed
GET /w/1.0/pd?cc=1&plm=10&ph=74c7d33a-f978-474b-98bd-3e72347fbee9&gdpr=0 HTTP/1.1
Host: jp-u.openx.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept, Accept-Encoding
server: OXGW/0.0.0
date: Mon, 09 Jan 2023 06:52:59 GMT
content-type: text/html
content-length: 99
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
200 OK 5.6 kB URL HTTP/2 ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
IP
File type HTML document text\012- HTML document, ASCII text, with very long lines (15889), with no line terminators
Hash 18a6bc0e051c0767f814f63ff07e65f9
8fbe4eb399d8501b90276723d38c9ffb4ab483fa
26341482a8d6c8384b2cb91aba95833ac2002bd284ff690adbd2009bf76cb95b
GET /AdServer/js/user_sync.html?kdntuid=1&p=158936 HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
server: Apache
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5554
content-type: text/html
cache-control: max-age=121090
expires: Tue, 10 Jan 2023 16:31:09 GMT
date: Mon, 09 Jan 2023 06:52:59 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 27d78738a9609be605b9885f7a5f90e1
cc0794b5d6eff980221081c785662ffa3f770f13
388060a0450ea600c005936f51fbb7e7779ab49eb33044141926cfdb2cf01be3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.mediafire.com/images/icons/svg_dark/share.svg
200 OK 913 B URL HTTP/2 static.mediafire.com/images/icons/svg_dark/share.svg
IP
Hash 4e577232ea0e169863be6dc0258a566b
a8cd5a0703f239673bddbcf24fd9f1f536b907ae
c977474062b3cda599ef2662b0c39c90e3fa3bbbaf2c46ba1eeb566beff67e4a
GET /images/icons/svg_dark/share.svg HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:59 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-2e1"
access-control-allow-origin: *
cf-cache-status: HIT
age: 12751
set-cookie: __cf_bm=k6_CKHhwCWw5pxd.kGKo5l3dPV.qYisGouIT7h6PbUQ-1673247179-0-AaqYfwBz5SpsiHc29cwFJSqdXfbkR9t7flr6Cxa8qN/UYlx/SQeyOOArY9n18sk8+9jtBzJ1LcQVm/9/XE6Dh58=; path=/; expires=Mon, 09-Jan-23 07:22:59 GMT; domain=.mediafire.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 786b40d62d64b4ee-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
static.mediafire.com/images/filetype/file-zip-v3.png
200 OK 1.9 kB URL HTTP/2 static.mediafire.com/images/filetype/file-zip-v3.png
IP
File type PNG image data, 43 x 58, 8-bit/color RGBA, non-interlaced\012- data
Hash a23b8b7059e953fc1b74bf87a77ebb0c
f23e0ad301389083104f04d4164fa57423387b17
4448e430d3c53bad548a5d135e1c7e2f9593e806ba47892640d430ea752e979e
GET /images/filetype/file-zip-v3.png HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:59 GMT
content-type: image/png
content-length: 1872
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: "62deda56-750"
expires: Wed, 08 Feb 2023 03:32:40 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
cf-cache-status: HIT
age: 11469
accept-ranges: bytes
set-cookie: __cf_bm=4VuCSSHw4nx1WlgM_9dqYdJiESMQhpLjHCZrBvjsQqo-1673247179-0-AdTRih1p45mFlSta7bDCjeU7IhXF+Yq2XvBSVyq0IAxULpVycjh+9PqI4prVVUNTrckRFc401Zoknh2GEP1cA2o=; path=/; expires=Mon, 09-Jan-23 07:22:59 GMT; domain=.mediafire.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 786b40d67dabb4ee-OSL
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/html/r20220511/r20190131/zrt_lookup.html
200 OK 4.2 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20220511/r20190131/zrt_lookup.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2579)
Hash 2fb3574102373e2e076cfa2ff90cdf25
d06c985183def975546d6e47ab6369c11dcf7195
e61cbc207f7fc2f429deceff11e7a339a3d9a9574da6d035054eba02ee381345
GET /pagead/html/r20220511/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4242
x-xss-protection: 0
date: Sun, 08 Jan 2023 15:09:25 GMT
expires: Sun, 22 Jan 2023 15:09:25 GMT
cache-control: public, max-age=1209600
age: 56614
etag: 10353107486223812946
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/recaptcha/api2/aframe
200 OK 513 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 987c873f33f5ee7a7afa00e8c0833656
551084b5d480ca2ea1f9a0c3e4d2029d15608e03
0fff2645a4bbe3a051bcb294de16620f6e8e4469f576beb014f28f6866f05794
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 09 Jan 2023 06:52:59 GMT
date: Mon, 09 Jan 2023 06:52:59 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-_WySC7zi5erCSBV1U_VEIg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 27d78738a9609be605b9885f7a5f90e1
cc0794b5d6eff980221081c785662ffa3f770f13
388060a0450ea600c005936f51fbb7e7779ab49eb33044141926cfdb2cf01be3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
200 OK 472 B IP
Hash 5b8a3d058dbbfeade120bc70987f1ff9
30bb0169285d902428b583d1aa3ab9ab063b491b
c3ad5516a5020a0565c9bf3fdb11ae547d44e7e69a61490b1934424df3086544
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 09 Jan 2023 06:52:59 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 07 Jan 2023 07:44:40 GMT
Expires: Sat, 14 Jan 2023 07:44:39 GMT
Etag: "30bb0169285d902428b583d1aa3ab9ab063b491b"
Cache-Control: max-age=434499,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 786b40d5cb32b4f9-OSL
contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C3020%2C173%2C251%2C175%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C3014%2C337%2C338%2C77%2C38%2C182%2C261%2C141%2C262%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
200 OK 12 kB URL HTTP/2 contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C3020%2C173%2C251%2C175%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C3014%2C337%2C338%2C77%2C38%2C182%2C261%2C141%2C262%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (27146)
Hash de0e22f2328ee5f5f3dbda3d2ec2214e
486ece310a9bda4579b35f65144fefca70a2907a
44792762ef472dd4d5d75653fe0ade440f1f3bb758ff44edf0bcd5b3606a6c1e
GET /checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C97%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C3020%2C173%2C251%2C175%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C3014%2C337%2C338%2C77%2C38%2C182%2C261%2C141%2C262%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1 HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
content-type: text/html; charset=UTF-8
set-cookie: visitor-id=3162487793580299000V10; Expires=Tue, 09 Jan 2024 06:52:59 GMT; domain=.media.net; Path=/;
x-mnet-hl2: E
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=104302
expires: Tue, 10 Jan 2023 11:51:21 GMT
date: Mon, 09 Jan 2023 06:52:59 GMT
content-length: 11706
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-K68XP6D85D>m=2oe120&_p=722435447&cid=907118166.1673247166&ul=en-us&sr=1280x1024&_s=1&sid=1673247165&sct=1&seg=0&dl=https%3A%2F%2Fmediafire11149186.xtrmetut-xzttrrqq.biz.id%2Fvhsfhqpdhdsih6%2F&dt=FULL%20VIDEO%20TERBARU!&en=page_view&_fv=1&_nsi=1&_ss=1
204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-K68XP6D85D>m=2oe120&_p=722435447&cid=907118166.1673247166&ul=en-us&sr=1280x1024&_s=1&sid=1673247165&sct=1&seg=0&dl=https%3A%2F%2Fmediafire11149186.xtrmetut-xzttrrqq.biz.id%2Fvhsfhqpdhdsih6%2F&dt=FULL%20VIDEO%20TERBARU!&en=page_view&_fv=1&_nsi=1&_ss=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-K68XP6D85D>m=2oe120&_p=722435447&cid=907118166.1673247166&ul=en-us&sr=1280x1024&_s=1&sid=1673247165&sct=1&seg=0&dl=https%3A%2F%2Fmediafire11149186.xtrmetut-xzttrrqq.biz.id%2Fvhsfhqpdhdsih6%2F&dt=FULL%20VIDEO%20TERBARU!&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id
date: Mon, 09 Jan 2023 06:52:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash 5b8a3d058dbbfeade120bc70987f1ff9
30bb0169285d902428b583d1aa3ab9ab063b491b
c3ad5516a5020a0565c9bf3fdb11ae547d44e7e69a61490b1934424df3086544
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 09 Jan 2023 06:52:59 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 07 Jan 2023 07:44:40 GMT
Expires: Sat, 14 Jan 2023 07:44:39 GMT
Etag: "30bb0169285d902428b583d1aa3ab9ab063b491b"
Cache-Control: max-age=434499,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 786b40d65bacb4f9-OSL
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Mon, 09 Jan 2023 06:41:08 GMT
expires: Mon, 09 Jan 2023 08:41:08 GMT
cache-control: public, max-age=7200
age: 711
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js
200 OK 22 kB URL HTTP/2 cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash 660c3b546f2a131de50b69b91f26c636
70f80e7f10e1dd9180efe191ce92d28296ec9035
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9
GET /libs/amplitude-8.5.0-min.gz.js HTTP/1.1
Host: cdn.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 22154
date: Wed, 04 Jan 2023 12:43:15 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
last-modified: Fri, 13 Aug 2021 22:37:42 GMT
etag: "660c3b546f2a131de50b69b91f26c636"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
content-encoding: gzip
x-amz-version-id: NY8_7uBz3xoXYJBVsMSBAGHOz8ixMBS3
accept-ranges: bytes
server: AmazonS3
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Hg3uQvQhpZ4b_yKu0eI2PiIoa6dvwmwKn56TVQBasYgbyn2xTsItzw==
age: 410985
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 6845714035871de50607bf6185f94f64
c8b0da305ef4c6a587307d87224ce7ae19ac31dc
75d805e1f96447b58ac3f8226c16c4b13d4e664e1e508be26e9968510145017a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 6845714035871de50607bf6185f94f64
c8b0da305ef4c6a587307d87224ce7ae19ac31dc
75d805e1f96447b58ac3f8226c16c4b13d4e664e1e508be26e9968510145017a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 6845714035871de50607bf6185f94f64
c8b0da305ef4c6a587307d87224ce7ae19ac31dc
75d805e1f96447b58ac3f8226c16c4b13d4e664e1e508be26e9968510145017a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
securepubads.g.doubleclick.net/gpt/pubads_impl_2022051001.js
200 OK 126 kB URL HTTP/2 securepubads.g.doubleclick.net/gpt/pubads_impl_2022051001.js
IP
Size 126 kB (126547 bytes)
Hash af877f9b515e9b05cfa9ad140c913f77
f067db1221fe0b36f9af34358a7f5aa87d458481
0c575d42b393fa2e09389ab572da2e29b46995a1e278a2e570d7e4c9e9cfa526
GET /gpt/pubads_impl_2022051001.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 126527
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 08 Jan 2023 03:07:07 GMT
expires: Mon, 08 Jan 2024 03:07:07 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 10 May 2022 08:34:29 GMT
content-type: text/javascript
age: 99952
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.mediafire.com/images/flags_svg/idn.svg
200 OK 28 kB URL HTTP/2 www.mediafire.com/images/flags_svg/idn.svg
IP
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (39126)
Hash a0bab41d1700d98a43130ee71ca832c4
c17ad12349e51f6d5ebd36e45552ba7db9eb6e59
2f2b9ebedb4b9e3f68a4f0bda5c117fd7df349845d2cb94e33f66ebd52c4d8c3
GET /images/flags_svg/idn.svg HTTP/1.1
Host: www.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:59 GMT
content-type: image/svg+xml
access-control-allow-origin: *
etag: W/"62deda56-ee"
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
cf-cache-status: HIT
age: 10472
set-cookie: __cf_bm=nM9g7b0VSn9DeUWPhRuzs71wq_YZ5wD0gvIKzKiP9QU-1673247179-0-AXtCDYBjIc1fujFS5xJ4b/uFvZr+2yCuwKEEdpAt/UgnHuYava/K9IqKTd8NADAFtWj6c8XsoIcFWOxZ40nw9Ug=; path=/; expires=Mon, 09-Jan-23 07:22:59 GMT; domain=.mediafire.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 786b40d68db0b4ee-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/gpt/pubads_impl_2022051101.js?cb=31067573
200 OK 128 kB URL HTTP/2 securepubads.g.doubleclick.net/gpt/pubads_impl_2022051101.js?cb=31067573
IP
File type ASCII text, with very long lines (65439)
Size 128 kB (127621 bytes)
Hash 15f1f45710d2cf78b75217f595e99566
8124d69441f177915ac2b38b325fc7586a5b153f
51782efc88a97b2baa8fafa2ebee47b707496be8024aa91d647e44e5cb64862f
GET /gpt/pubads_impl_2022051101.js?cb=31067573 HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 127621
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 08 Jan 2023 03:07:08 GMT
expires: Mon, 08 Jan 2024 03:07:08 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Wed, 11 May 2022 08:34:41 GMT
content-type: text/javascript
age: 99951
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png
200 OK 910 B URL HTTP/2 www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png
IP
File type PNG image data, 42 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash efa6bb2bfe459bc6f4bdafa3db0383f6
52d15ce52fe50643e542c17812de43f4ed1b6ee0
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
GET /images/branding/googlelogo/1x/googlelogo_color_42x16dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 910
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 05 Jan 2023 16:18:40 GMT
expires: Fri, 05 Jan 2024 16:18:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: image/png
age: 311659
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
l3.aaxads.com/log?___stu13p=aveoaamactga5dnnuee25ti2rm86bcrodqacb&lwbsh=AAX&wHos=265&dgw=desktop&flg=AAX3221EY&fw=OSLO&ff=NO&xjg=4&dss=0&skw=939&slg=8PR6YK195&gq=mediafire11149186.xtrmetut-xzttrrqq.biz.id&vhuyqdph=ssp-serving-dbd8b95cb-h26cz&vyu=010411_505_010210_481_ssp&vf=&yhuvlrq=4&yk=939&yz=1280&yvlg=&ylg=00001673247166464015326356482718&vvsDeExfnhw=CONTROL&oz=1&gdss=green&lwbshlg=6&vg=1&dgeg=0&qsd=0&jgsu_hqi=1&fvha=0&jgivwu=Y-N&jgsu=1&fvvwu=&wfi_fps=&wfi_vwdwxv=&wfi_sus=&vxf=0&wfi_dsl=0&xvs_hqi=1&xvs_vwdwxv=0&xvs_ogi=&xvs_vwulqj=&xifd=-1&frssd_vwdwxv=&frssd_dssolhg=&lg_ghwdlov=&dewh=SSP_CLIENT_delay400°=2&fdeg=0&gdeg=2&ghqg=77&fhqg=19&hqg=265&gvwduw=20&fvwduw=19&vwduw=19&uhtxuo=https%3A%2F%2Fmediafire11149186.xtrmetut-xzttrrqq.biz.id%2Fvhsfhqpdhdsih6%2F&nzui=
200 OK 35 B URL HTTP/1.1 l3.aaxads.com/log?___stu13p=aveoaamactga5dnnuee25ti2rm86bcrodqacb&lwbsh=AAX&wHos=265&dgw=desktop&flg=AAX3221EY&fw=OSLO&ff=NO&xjg=4&dss=0&skw=939&slg=8PR6YK195&gq=mediafire11149186.xtrmetut-xzttrrqq.biz.id&vhuyqdph=ssp-serving-dbd8b95cb-h26cz&vyu=010411_505_010210_481_ssp&vf=&yhuvlrq=4&yk=939&yz=1280&yvlg=&ylg=00001673247166464015326356482718&vvsDeExfnhw=CONTROL&oz=1&gdss=green&lwbshlg=6&vg=1&dgeg=0&qsd=0&jgsu_hqi=1&fvha=0&jgivwu=Y-N&jgsu=1&fvvwu=&wfi_fps=&wfi_vwdwxv=&wfi_sus=&vxf=0&wfi_dsl=0&xvs_hqi=1&xvs_vwdwxv=0&xvs_ogi=&xvs_vwulqj=&xifd=-1&frssd_vwdwxv=&frssd_dssolhg=&lg_ghwdlov=&dewh=SSP_CLIENT_delay400°=2&fdeg=0&gdeg=2&ghqg=77&fhqg=19&hqg=265&gvwduw=20&fvwduw=19&vwduw=19&uhtxuo=https%3A%2F%2Fmediafire11149186.xtrmetut-xzttrrqq.biz.id%2Fvhsfhqpdhdsih6%2F&nzui=
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 349909ce1e0bc971d452284590236b09
adfc01f8a9de68b9b27e6f98a68737c162167066
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
GET /log?___stu13p=aveoaamactga5dnnuee25ti2rm86bcrodqacb&lwbsh=AAX&wHos=265&dgw=desktop&flg=AAX3221EY&fw=OSLO&ff=NO&xjg=4&dss=0&skw=939&slg=8PR6YK195&gq=mediafire11149186.xtrmetut-xzttrrqq.biz.id&vhuyqdph=ssp-serving-dbd8b95cb-h26cz&vyu=010411_505_010210_481_ssp&vf=&yhuvlrq=4&yk=939&yz=1280&yvlg=&ylg=00001673247166464015326356482718&vvsDeExfnhw=CONTROL&oz=1&gdss=green&lwbshlg=6&vg=1&dgeg=0&qsd=0&jgsu_hqi=1&fvha=0&jgivwu=Y-N&jgsu=1&fvvwu=&wfi_fps=&wfi_vwdwxv=&wfi_sus=&vxf=0&wfi_dsl=0&xvs_hqi=1&xvs_vwdwxv=0&xvs_ogi=&xvs_vwulqj=&xifd=-1&frssd_vwdwxv=&frssd_dssolhg=&lg_ghwdlov=&dewh=SSP_CLIENT_delay400°=2&fdeg=0&gdeg=2&ghqg=77&fhqg=19&hqg=265&gvwduw=20&fvwduw=19&vwduw=19&uhtxuo=https%3A%2F%2Fmediafire11149186.xtrmetut-xzttrrqq.biz.id%2Fvhsfhqpdhdsih6%2F&nzui= HTTP/1.1
Host: l3.aaxads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/gif
Access-Control-Allow-Origin: *
Content-Length: 35
Expires: Mon, 09 Jan 2023 06:52:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 09 Jan 2023 06:52:59 GMT
Connection: keep-alive
static.mediafire.com/images/backgrounds/header/mf_logo_full_color.svg
200 OK 3.4 kB URL HTTP/2 static.mediafire.com/images/backgrounds/header/mf_logo_full_color.svg
IP
Hash 02c69f2dade8855cebeb53eeebce3d8f
f808fff892d85cfb49f825cd400dbb2ccb5f96fc
921d8fd07379e60488e1ba455fd1581ea234ea48406a2ccd92b341c3922f9616
GET /images/backgrounds/header/mf_logo_full_color.svg HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:59 GMT
content-type: image/svg+xml
last-modified: Fri, 28 Oct 2016 22:22:42 GMT
etag: W/"5813cfb2-d1d"
access-control-allow-origin: *
cf-cache-status: HIT
age: 4531
set-cookie: __cf_bm=qEuE0i8Vkc8kwEOx565BQiL0BSHCSC3.i73k3VLVvtQ-1673247179-0-AZfe64U8Wc+oOGrCD71llgOZqcwSMcKjYSx6Uu7M7Reb5apro19pigLAXHiu8iOK3n619tMY7FTq0GO1r7R/2EM=; path=/; expires=Mon, 09-Jan-23 07:22:59 GMT; domain=.mediafire.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 786b40d70e17b4ee-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
static.mediafire.com/images/icons/svg_light/twitter.svg
200 OK 1.4 kB URL HTTP/2 static.mediafire.com/images/icons/svg_light/twitter.svg
IP
Hash 7200963dd35822a761097490b4f4fc0e
08c539c4921598256b7eb104aca0d820947eb95a
bdbc5d93e976dc4b49745450bc045842f5fbac6c0f5bea42eb6f6255b25e7533
GET /images/icons/svg_light/twitter.svg HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:59 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-3b5"
access-control-allow-origin: *
cf-cache-status: HIT
age: 10643
set-cookie: __cf_bm=OiAD5KU198EI1NmYqEy0tcrVAl9B4ASkhQTZJBnRebI-1673247179-0-AUDZ4c9Lo2P1hBnx5vPgSc6l/7418yeyuWF3ot10zIASWY7yhQuBCrPQ3rgFLUd3eBfrUVSTEDP+Ch9Tduvhyds=; path=/; expires=Mon, 09-Jan-23 07:22:59 GMT; domain=.mediafire.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 786b40d7ae89b4ee-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
c.aaxads.com/aax.js?pub=AAX3221EY&hst=mediafire11149186.xtrmetut-xzttrrqq.biz.id&ver=1.2
200 OK 138 kB URL HTTP/2 c.aaxads.com/aax.js?pub=AAX3221EY&hst=mediafire11149186.xtrmetut-xzttrrqq.biz.id&ver=1.2
IP
Size 138 kB (138029 bytes)
Hash 1b4f78ccd7b7d30fc6600865dc9a7184
e5afcd49b89d757f5502c7ae79686636ab7eb17a
0b1121fefdf25e2dbc1e1b2254dd46262b38ba4e2e80f9c4011c913493890b43
GET /aax.js?pub=AAX3221EY&hst=mediafire11149186.xtrmetut-xzttrrqq.biz.id&ver=1.2 HTTP/1.1
Host: c.aaxads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:59 GMT
content-type: text/javascript; charset=utf-8
x-mnet-h: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1800
expires: Mon, 09 Jan 2023 07:22:59 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 786b40d18faab4f9-OSL
X-Firefox-Spdy: h2
static.mediafire.com/images/icons/svg_light/download.svg
200 OK 1.1 kB URL HTTP/2 static.mediafire.com/images/icons/svg_light/download.svg
IP
Hash 0d5d45dba7ade8b2390fcbb7819619b9
57642397e5de851390fd01919ce4e1b67801a3c0
b73b534bb2f7f5701377783fe11824bdb0c48c02afb290362b3dd54cfe07d71b
GET /images/icons/svg_light/download.svg HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:59 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-15c"
access-control-allow-origin: *
cf-cache-status: HIT
age: 9437
set-cookie: __cf_bm=gI_DqbWC6qXM6G8aEwioKGnFMpa6bDXLERow.2lV7G0-1673247179-0-AXXT81V3QEwbjA8gXqoPo3jC62T3NKNaLs/pQEVdDhP2Txx5clSs3e/F7S4qCuGM9ddvARfgRTf86CnuCnuIcVo=; path=/; expires=Mon, 09-Jan-23 07:22:59 GMT; domain=.mediafire.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 786b40d67d9eb4ee-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 6845714035871de50607bf6185f94f64
c8b0da305ef4c6a587307d87224ce7ae19ac31dc
75d805e1f96447b58ac3f8226c16c4b13d4e664e1e508be26e9968510145017a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:52:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-829541-1&cid=907118166.1673247166&jid=1328114163&gjid=606003115&_gid=545309259.1673247167&_u=YADAAUAAAAAAACAAI~&z=1408110452
200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-829541-1&cid=907118166.1673247166&jid=1328114163&gjid=606003115&_gid=545309259.1673247167&_u=YADAAUAAAAAAACAAI~&z=1408110452
IP
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-829541-1&cid=907118166.1673247166&jid=1328114163&gjid=606003115&_gid=545309259.1673247167&_u=YADAAUAAAAAAACAAI~&z=1408110452 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 09 Jan 2023 06:53:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.mediafire.com/images/icons/svg_dark/facebook.svg
200 OK 60 kB URL HTTP/2 static.mediafire.com/images/icons/svg_dark/facebook.svg
IP
Hash ba8ae335918844509f19dde6df06e017
7b4fe7e1ea240296bac2220b45634fc3e9036e69
7b793f3584c45b1d08e4c6e398193c842b2ae956f069f144feba422122d8b0b7
GET /images/icons/svg_dark/facebook.svg HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:59 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-185"
access-control-allow-origin: *
cf-cache-status: HIT
age: 10472
set-cookie: __cf_bm=gOhDGBUfRow2ULjUPkDvxQEv4E7yoPQQ09U61OikBp8-1673247179-0-AcLanEE6EQNVuAlwDrWHhJBs1fk3sHF9ccPTJDopsKhTPfDZWUADAEPCXTmcvvzO0YIyqGIqEMGoAaVnM2HkoFU=; path=/; expires=Mon, 09-Jan-23 07:22:59 GMT; domain=.mediafire.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 786b40d62d63b4ee-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 8fd95f99c767ca2559dfa76e78fa1ddd
1bcfa611a72225e6cd9cfedf6d03a43aa525946f
01595b34ecb16f26e964615a0b43bc3a886e2c15a027314af991d4ccd56e64cc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:53:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fundingchoicesmessages.google.com/f/AGSKWxW4mZbHfABgQYQjYivupH9MIZ-3VZJ_U6WjaERrQM9r1glQTSp-NP48XnpoHu4JLfXjoFDAspfze82v8Oj1iiViwUyP_PQDjC4cDP48gaBiiaFw-kWWRoEFKTGRWfwsl7-IsadkKcSkoYYLgqnt7HWh7WPGGRFoMKilbdUTadp8EqC6iLJzjZFNm3xA?fccs=W1siQUtzUm9sX1lwTWxVRHFhenpvcG9laUxzc2Zpb2J5U1RFUWY2czR1MTJEWERWZE1FeVdFV1hEWkpiRGJBcjJ2ZXJjdnBPMTRSQVZBeGFyV2ZXcFpyOGROenhGeGtseVJnQVZMNTZLZnVzQ0REcnA0aXdoRzFRb05NTy1lNVFWWW1Rd2dkZUF2UjVTMlpkY3JTZXBUTUhENVgxbUJ4NGFmOHhRPT0iXSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsWzE2NTI1NTYxNzcsMjI5MDAwMDAwXSxudWxsLG51bGwsbnVsbCxbbnVsbCxbNyw2XSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlL2I3dW5lajhwM3R5c20yOC9jdXRlX2NhdF9yZWxheF9vbl9vdXRkb29yX2dyb3VuZF82ODkyNTMzLm1wNC9maWxlIixudWxsLFtdXQ
200 OK 60 kB URL HTTP/2 fundingchoicesmessages.google.com/f/AGSKWxW4mZbHfABgQYQjYivupH9MIZ-3VZJ_U6WjaERrQM9r1glQTSp-NP48XnpoHu4JLfXjoFDAspfze82v8Oj1iiViwUyP_PQDjC4cDP48gaBiiaFw-kWWRoEFKTGRWfwsl7-IsadkKcSkoYYLgqnt7HWh7WPGGRFoMKilbdUTadp8EqC6iLJzjZFNm3xA?fccs=W1siQUtzUm9sX1lwTWxVRHFhenpvcG9laUxzc2Zpb2J5U1RFUWY2czR1MTJEWERWZE1FeVdFV1hEWkpiRGJBcjJ2ZXJjdnBPMTRSQVZBeGFyV2ZXcFpyOGROenhGeGtseVJnQVZMNTZLZnVzQ0REcnA0aXdoRzFRb05NTy1lNVFWWW1Rd2dkZUF2UjVTMlpkY3JTZXBUTUhENVgxbUJ4NGFmOHhRPT0iXSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsWzE2NTI1NTYxNzcsMjI5MDAwMDAwXSxudWxsLG51bGwsbnVsbCxbbnVsbCxbNyw2XSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlL2I3dW5lajhwM3R5c20yOC9jdXRlX2NhdF9yZWxheF9vbl9vdXRkb29yX2dyb3VuZF82ODkyNTMzLm1wNC9maWxlIixudWxsLFtdXQ
IP
Hash efabefb20fa136cbdd9480e63b6d265f
730f6091fcc7b93384b58ad5108765bb5d5b5a3c
1c5f2589a5a30cc3bc421f47d4366c82058cab4d950057e4da835245a4c10d05
GET /f/AGSKWxW4mZbHfABgQYQjYivupH9MIZ-3VZJ_U6WjaERrQM9r1glQTSp-NP48XnpoHu4JLfXjoFDAspfze82v8Oj1iiViwUyP_PQDjC4cDP48gaBiiaFw-kWWRoEFKTGRWfwsl7-IsadkKcSkoYYLgqnt7HWh7WPGGRFoMKilbdUTadp8EqC6iLJzjZFNm3xA?fccs=W1siQUtzUm9sX1lwTWxVRHFhenpvcG9laUxzc2Zpb2J5U1RFUWY2czR1MTJEWERWZE1FeVdFV1hEWkpiRGJBcjJ2ZXJjdnBPMTRSQVZBeGFyV2ZXcFpyOGROenhGeGtseVJnQVZMNTZLZnVzQ0REcnA0aXdoRzFRb05NTy1lNVFWWW1Rd2dkZUF2UjVTMlpkY3JTZXBUTUhENVgxbUJ4NGFmOHhRPT0iXSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsWzE2NTI1NTYxNzcsMjI5MDAwMDAwXSxudWxsLG51bGwsbnVsbCxbbnVsbCxbNyw2XSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlL2I3dW5lajhwM3R5c20yOC9jdXRlX2NhdF9yZWxheF9vbl9vdXRkb29yX2dyb3VuZF82ODkyNTMzLm1wNC9maWxlIixudWxsLFtdXQ HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 09 Jan 2023 06:52:59 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'nonce-ItYpF1czHqjJg1GQo6TuSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
cross-origin-opener-policy: same-origin; report-to="ContributorGlobalRouterHttp"
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 8fd95f99c767ca2559dfa76e78fa1ddd
1bcfa611a72225e6cd9cfedf6d03a43aa525946f
01595b34ecb16f26e964615a0b43bc3a886e2c15a027314af991d4ccd56e64cc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 06:53:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fundingchoicesmessages.google.com/f/AGSKWxVwy3NKtSpzh5HSOuq5kx6Xg4Lbvy0RZ-9IxXsEjL8EKVzR2az9gU8KfMRc2HL9WgUX3PfqdhVRiJ5-UgzKuNqNfyMIyNWZ0rUGFrnSEq2hvtZooVYth5WRsPav1oIIBAD55wEnupRRLW9V8mMDHdoaVpxS2rRIqX1Ada96bo2ZWONp6bM35qFVUGam?fccs=W1siQUtzUm9sX1lwTWxVRHFhenpvcG9laUxzc2Zpb2J5U1RFUWY2czR1MTJEWERWZE1FeVdFV1hEWkpiRGJBcjJ2ZXJjdnBPMTRSQVZBeGFyV2ZXcFpyOGROenhGeGtseVJnQVZMNTZLZnVzQ0REcnA0aXdoRzFRb05NTy1lNVFWWW1Rd2dkZUF2UjVTMlpkY3JTZXBUTUhENVgxbUJ4NGFmOHhRPT0iXSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsWzE2NTI1NTYxNzgsNjQwMDAwMDBdLG51bGwsbnVsbCxudWxsLFtudWxsLFs3LDYsMTAsOV0sbnVsbCwyLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vd3d3Lm1lZGlhZmlyZS5jb20vZmlsZS9iN3VuZWo4cDN0eXNtMjgvY3V0ZV9jYXRfcmVsYXhfb25fb3V0ZG9vcl9ncm91bmRfNjg5MjUzMy5tcDQvZmlsZSIsbnVsbCxbXV0
200 OK 11 kB URL HTTP/2 fundingchoicesmessages.google.com/f/AGSKWxVwy3NKtSpzh5HSOuq5kx6Xg4Lbvy0RZ-9IxXsEjL8EKVzR2az9gU8KfMRc2HL9WgUX3PfqdhVRiJ5-UgzKuNqNfyMIyNWZ0rUGFrnSEq2hvtZooVYth5WRsPav1oIIBAD55wEnupRRLW9V8mMDHdoaVpxS2rRIqX1Ada96bo2ZWONp6bM35qFVUGam?fccs=W1siQUtzUm9sX1lwTWxVRHFhenpvcG9laUxzc2Zpb2J5U1RFUWY2czR1MTJEWERWZE1FeVdFV1hEWkpiRGJBcjJ2ZXJjdnBPMTRSQVZBeGFyV2ZXcFpyOGROenhGeGtseVJnQVZMNTZLZnVzQ0REcnA0aXdoRzFRb05NTy1lNVFWWW1Rd2dkZUF2UjVTMlpkY3JTZXBUTUhENVgxbUJ4NGFmOHhRPT0iXSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsWzE2NTI1NTYxNzgsNjQwMDAwMDBdLG51bGwsbnVsbCxudWxsLFtudWxsLFs3LDYsMTAsOV0sbnVsbCwyLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vd3d3Lm1lZGlhZmlyZS5jb20vZmlsZS9iN3VuZWo4cDN0eXNtMjgvY3V0ZV9jYXRfcmVsYXhfb25fb3V0ZG9vcl9ncm91bmRfNjg5MjUzMy5tcDQvZmlsZSIsbnVsbCxbXV0
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1773)
Hash 2930ab75e20a08e3699d6025158dda49
b9de4d3ee5b2cea54bb4837aa2cee533684c3620
9de0d94f1e274efd490305725ea7327842ff4c7449870499798b450004ba2c9b
GET /f/AGSKWxVwy3NKtSpzh5HSOuq5kx6Xg4Lbvy0RZ-9IxXsEjL8EKVzR2az9gU8KfMRc2HL9WgUX3PfqdhVRiJ5-UgzKuNqNfyMIyNWZ0rUGFrnSEq2hvtZooVYth5WRsPav1oIIBAD55wEnupRRLW9V8mMDHdoaVpxS2rRIqX1Ada96bo2ZWONp6bM35qFVUGam?fccs=W1siQUtzUm9sX1lwTWxVRHFhenpvcG9laUxzc2Zpb2J5U1RFUWY2czR1MTJEWERWZE1FeVdFV1hEWkpiRGJBcjJ2ZXJjdnBPMTRSQVZBeGFyV2ZXcFpyOGROenhGeGtseVJnQVZMNTZLZnVzQ0REcnA0aXdoRzFRb05NTy1lNVFWWW1Rd2dkZUF2UjVTMlpkY3JTZXBUTUhENVgxbUJ4NGFmOHhRPT0iXSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsWzE2NTI1NTYxNzgsNjQwMDAwMDBdLG51bGwsbnVsbCxudWxsLFtudWxsLFs3LDYsMTAsOV0sbnVsbCwyLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vd3d3Lm1lZGlhZmlyZS5jb20vZmlsZS9iN3VuZWo4cDN0eXNtMjgvY3V0ZV9jYXRfcmVsYXhfb25fb3V0ZG9vcl9ncm91bmRfNjg5MjUzMy5tcDQvZmlsZSIsbnVsbCxbXV0 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 09 Jan 2023 06:52:59 GMT
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-4ZL4ClfgfLWN8XsjInIt1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
cross-origin-opener-policy: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
api.amplitude.com/
200 OK 7 B IP
File type ASCII text, with no line terminators
Hash 260ca9dd8a4577fc00b7bd5810298076
53a5687cb26dc41f2ab4033e97e13adefd3740d6
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
POST / HTTP/1.1
Host: api.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 1025
Origin: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:53:00 GMT
content-type: text/html;charset=utf-8
content-length: 7
access-control-allow-origin: *
access-control-allow-methods: GET, POST
trace-id: Root=1-63bbb9cc-5a19ad215af4a4ad3a8c25d3
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mediafire11149186.xtrmetut-xzttrrqq.biz.id/
200 OK 0 B URL HTTP/2 mediafire11149186.xtrmetut-xzttrrqq.biz.id/
IP
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: mediafire11149186.xtrmetut-xzttrrqq.biz.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:56 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z5j7lOZKzcg%2BL7nvAlm5qXGGIfkOc3pEvEUecjcclJRW9SXCjF29GijfIgPYDn%2FthLVe87TiYvy79ACRcRdkDW1JslUXDsTuM5DIYHdqqOJeeWPc4XnFvVJtyc4gB8wOYRKdk4j6Jc11GG8ahYYeSKjxuDNKEsTiFD6gqLw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 786b40c4cea6b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.mediafire.com/images/backgrounds/download/additional_content/flag.svg
200 OK 0 B URL HTTP/2 static.mediafire.com/images/backgrounds/download/additional_content/flag.svg
IP
GET /images/backgrounds/download/additional_content/flag.svg HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:59 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-ea"
access-control-allow-origin: *
cf-cache-status: HIT
age: 11365
set-cookie: __cf_bm=.pX5PVWfTdMQPRoKd1bbjeMcyb5mAKKcnzeOo6_MKPo-1673247179-0-AdjdhRy6E5gb7OOLAUij9j+OfV+WuWwArHIyXJbiwJiBsHUcssbmDQyafeEcSrT0LpUbdLNoy/b/Luy0EP2J594=; path=/; expires=Mon, 09-Jan-23 07:22:59 GMT; domain=.mediafire.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 786b40d62d6ab4ee-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
c.aaxads.com/aax.js?pub=AAX3221EY&hst=www.mediafire.com&ver=1.2
200 OK 0 B URL HTTP/2 c.aaxads.com/aax.js?pub=AAX3221EY&hst=www.mediafire.com&ver=1.2
IP
GET /aax.js?pub=AAX3221EY&hst=www.mediafire.com&ver=1.2 HTTP/1.1
Host: c.aaxads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:59 GMT
content-type: text/javascript; charset=utf-8
x-mnet-h: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1800
expires: Mon, 09 Jan 2023 07:22:59 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 786b40d17f92b4f9-OSL
X-Firefox-Spdy: h2
www.mediafire.com/images/icons/svg_dark/arrow_dropdown.svg
200 OK 0 B URL HTTP/2 www.mediafire.com/images/icons/svg_dark/arrow_dropdown.svg
IP
GET /images/icons/svg_dark/arrow_dropdown.svg HTTP/1.1
Host: www.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:59 GMT
content-type: image/svg+xml
access-control-allow-origin: *
etag: W/"62deda56-13b"
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
cf-cache-status: HIT
age: 9287
set-cookie: __cf_bm=0Cz4cPd_l34bxBMLCP1gTUxnZcrizNrgeMNC579nOyw-1673247179-0-ARhZMgyqj3eKHWMG7dI+B/xcTY6DfHRdU904iF12gJtJZIRPtU7i8ksHYUEU70qr/lo2yZfa9oMaMi9juTPcK/E=; path=/; expires=Mon, 09-Jan-23 07:22:59 GMT; domain=.mediafire.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 786b40d66d97b4ee-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
static.mediafire.com/images/icons/svg_dark/link.svg
200 OK 0 B URL HTTP/2 static.mediafire.com/images/icons/svg_dark/link.svg
IP
GET /images/icons/svg_dark/link.svg HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:59 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-177"
access-control-allow-origin: *
cf-cache-status: HIT
age: 10472
set-cookie: __cf_bm=lOo8Hb0pQ_IskP3EcBATrpsFc0.chs6WDITPF12juOs-1673247179-0-AeUa7ydzuv5HjXucaDSH1ZnobFGPJn0ARSzP7dgla+kEuMC5THmkirdVFu96Yo9ehm44lpvOcLctfI/7ch2LWXY=; path=/; expires=Mon, 09-Jan-23 07:22:59 GMT; domain=.mediafire.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 786b40d67daeb4ee-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
fundingchoicesmessages.google.com/f/AGSKWxV9eJxVcrpvmyYsEOfDifXg6BNvs57Wgm_-PU21XZnuabQCx-ztoKOssSTgTAOeBSpJ15PuO0leQyl-t6n0joU=?fccs=W1siQUtzUm9sX1lwTWxVRHFhenpvcG9laUxzc2Zpb2J5U1RFUWY2czR1MTJEWERWZE1FeVdFV1hEWkpiRGJBcjJ2ZXJjdnBPMTRSQVZBeGFyV2ZXcFpyOGROenhGeGtseVJnQVZMNTZLZnVzQ0REcnA0aXdoRzFRb05NTy1lNVFWWW1Rd2dkZUF2UjVTMlpkY3JTZXBUTUhENVgxbUJ4NGFmOHhRPT0iXSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsWzE2NTI1NTYxNzUsODQ5MDAwMDAwXSwiMzhBNTVFMDUtOTI1Ri00ODNDLThEMEEtNjVBNzhCMENDMzYwIiwiMDA1NzlFQ0MtRDQwNC00MTkxLUE3MjEtMzI1MUQ0OEQ1M0UyIixudWxsLFtudWxsLFs3XV0sImh0dHBzOi8vd3d3Lm1lZGlhZmlyZS5jb20vZmlsZS9iN3VuZWo4cDN0eXNtMjgvY3V0ZV9jYXRfcmVsYXhfb25fb3V0ZG9vcl9ncm91bmRfNjg5MjUzMy5tcDQvZmlsZSIsbnVsbCxbXV0
200 OK 0 B URL HTTP/2 fundingchoicesmessages.google.com/f/AGSKWxV9eJxVcrpvmyYsEOfDifXg6BNvs57Wgm_-PU21XZnuabQCx-ztoKOssSTgTAOeBSpJ15PuO0leQyl-t6n0joU=?fccs=W1siQUtzUm9sX1lwTWxVRHFhenpvcG9laUxzc2Zpb2J5U1RFUWY2czR1MTJEWERWZE1FeVdFV1hEWkpiRGJBcjJ2ZXJjdnBPMTRSQVZBeGFyV2ZXcFpyOGROenhGeGtseVJnQVZMNTZLZnVzQ0REcnA0aXdoRzFRb05NTy1lNVFWWW1Rd2dkZUF2UjVTMlpkY3JTZXBUTUhENVgxbUJ4NGFmOHhRPT0iXSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsWzE2NTI1NTYxNzUsODQ5MDAwMDAwXSwiMzhBNTVFMDUtOTI1Ri00ODNDLThEMEEtNjVBNzhCMENDMzYwIiwiMDA1NzlFQ0MtRDQwNC00MTkxLUE3MjEtMzI1MUQ0OEQ1M0UyIixudWxsLFtudWxsLFs3XV0sImh0dHBzOi8vd3d3Lm1lZGlhZmlyZS5jb20vZmlsZS9iN3VuZWo4cDN0eXNtMjgvY3V0ZV9jYXRfcmVsYXhfb25fb3V0ZG9vcl9ncm91bmRfNjg5MjUzMy5tcDQvZmlsZSIsbnVsbCxbXV0
IP
GET /f/AGSKWxV9eJxVcrpvmyYsEOfDifXg6BNvs57Wgm_-PU21XZnuabQCx-ztoKOssSTgTAOeBSpJ15PuO0leQyl-t6n0joU=?fccs=W1siQUtzUm9sX1lwTWxVRHFhenpvcG9laUxzc2Zpb2J5U1RFUWY2czR1MTJEWERWZE1FeVdFV1hEWkpiRGJBcjJ2ZXJjdnBPMTRSQVZBeGFyV2ZXcFpyOGROenhGeGtseVJnQVZMNTZLZnVzQ0REcnA0aXdoRzFRb05NTy1lNVFWWW1Rd2dkZUF2UjVTMlpkY3JTZXBUTUhENVgxbUJ4NGFmOHhRPT0iXSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsWzE2NTI1NTYxNzUsODQ5MDAwMDAwXSwiMzhBNTVFMDUtOTI1Ri00ODNDLThEMEEtNjVBNzhCMENDMzYwIiwiMDA1NzlFQ0MtRDQwNC00MTkxLUE3MjEtMzI1MUQ0OEQ1M0UyIixudWxsLFtudWxsLFs3XV0sImh0dHBzOi8vd3d3Lm1lZGlhZmlyZS5jb20vZmlsZS9iN3VuZWo4cDN0eXNtMjgvY3V0ZV9jYXRfcmVsYXhfb25fb3V0ZG9vcl9ncm91bmRfNjg5MjUzMy5tcDQvZmlsZSIsbnVsbCxbXV0 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 09 Jan 2023 06:52:59 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-6q36mIZ7E5oMdBcbM-fDTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
otnolatrnup.com/Tag.vrfy?time=0&id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=51240&ver=async&referrerUrl=https%3A%2F%2F103-136-43-42.cprapid.com%3A2087%2F&fingerPrint=123&abr=false&stdTime=0&fpe=1&bw=1365&bh=969&res=1920x1080&curl=http%3A%2F%2F103.136.43.42%2F~xmediafire%2F&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone&sig=BAYAYoAAggFigACCgAGBAcAAIDYo0zHGzxyppJWlrfQ16ppqjRmAmUAUBxwGwlBa2_E3wQAg-M1MC-tAfhavCrWMBv54ZHQaYRX2SD4D7aB16ay9WoY
200 OK 0 B URL HTTP/2 otnolatrnup.com/Tag.vrfy?time=0&id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=51240&ver=async&referrerUrl=https%3A%2F%2F103-136-43-42.cprapid.com%3A2087%2F&fingerPrint=123&abr=false&stdTime=0&fpe=1&bw=1365&bh=969&res=1920x1080&curl=http%3A%2F%2F103.136.43.42%2F~xmediafire%2F&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone&sig=BAYAYoAAggFigACCgAGBAcAAIDYo0zHGzxyppJWlrfQ16ppqjRmAmUAUBxwGwlBa2_E3wQAg-M1MC-tAfhavCrWMBv54ZHQaYRX2SD4D7aB16ay9WoY
IP
GET /Tag.vrfy?time=0&id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=51240&ver=async&referrerUrl=https%3A%2F%2F103-136-43-42.cprapid.com%3A2087%2F&fingerPrint=123&abr=false&stdTime=0&fpe=1&bw=1365&bh=969&res=1920x1080&curl=http%3A%2F%2F103.136.43.42%2F~xmediafire%2F&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone&sig=BAYAYoAAggFigACCgAGBAcAAIDYo0zHGzxyppJWlrfQ16ppqjRmAmUAUBxwGwlBa2_E3wQAg-M1MC-tAfhavCrWMBv54ZHQaYRX2SD4D7aB16ay9WoY HTTP/1.1
Host: otnolatrnup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:58 GMT
content-type: application/json; charset=utf-8
cf-ray: 786b40d17e0ab512-OSL
access-control-allow-origin: *
cache-control: private, no-transform
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: DYNAMIC
p3p: CP="CAO PSA OUR IND"
set-cookie: IKSR={}; path=/; SameSite=None; secure
__INF_CC=; expires=Fri, 30-Dec-2022 06:52:58 GMT; path=/
INF_DFL8=false; path=/; SameSite=None; secure
IUID=d2ea35ef-c2b2-45cd-a007-4af2a55f3d84; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure
ISSH=68803C; path=/; SameSite=None; secure
VMI=; path=/; SameSite=None; secure
CHN=#[]; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{}; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Mon, 09-Jan-2023 10:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{"101":[{"SId":"68803C","D":"23/1/8T22:52:58"}]}; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[101]; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
x-adscore-status: null
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
otnolatrnup.com/Tag.vrfy?time=0&id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=63764&ver=async&referrerUrl=&fingerPrint=123&abr=false&stdTime=0&fpe=1&bw=1365&bh=969&res=1920x1080&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fb7unej8p3tysm28%2FFULL%20VIDEO%20TERBARU!.zip%2Ffile&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone&sig=BAYAYoAA7gFigADugAGBAcAAIL3atlrl_GZM3EoC5rbIUcm8rXCGklB4FYJwmJsgeS8AwQAgMnIwSvLlexsNFhbr3w8lr4fmqMp7Ld8WTMnt5l_Bqvg
200 OK 0 B URL HTTP/2 otnolatrnup.com/Tag.vrfy?time=0&id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=63764&ver=async&referrerUrl=&fingerPrint=123&abr=false&stdTime=0&fpe=1&bw=1365&bh=969&res=1920x1080&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fb7unej8p3tysm28%2FFULL%20VIDEO%20TERBARU!.zip%2Ffile&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone&sig=BAYAYoAA7gFigADugAGBAcAAIL3atlrl_GZM3EoC5rbIUcm8rXCGklB4FYJwmJsgeS8AwQAgMnIwSvLlexsNFhbr3w8lr4fmqMp7Ld8WTMnt5l_Bqvg
IP
GET /Tag.vrfy?time=0&id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=63764&ver=async&referrerUrl=&fingerPrint=123&abr=false&stdTime=0&fpe=1&bw=1365&bh=969&res=1920x1080&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fb7unej8p3tysm28%2FFULL%20VIDEO%20TERBARU!.zip%2Ffile&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone&sig=BAYAYoAA7gFigADugAGBAcAAIL3atlrl_GZM3EoC5rbIUcm8rXCGklB4FYJwmJsgeS8AwQAgMnIwSvLlexsNFhbr3w8lr4fmqMp7Ld8WTMnt5l_Bqvg HTTP/1.1
Host: otnolatrnup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:58 GMT
content-type: application/json; charset=utf-8
cf-ray: 786b40d16e04b512-OSL
access-control-allow-origin: *
cache-control: private, no-transform
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: DYNAMIC
p3p: CP="CAO PSA OUR IND"
set-cookie: IKSR={}; path=/; SameSite=None; secure
__INF_CC=; expires=Fri, 30-Dec-2022 06:52:58 GMT; path=/
INF_DFL8=false; path=/; SameSite=None; secure
IUID=b742de51-000d-42a4-9471-7e70665dde83; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure
ISSH=68803C; path=/; SameSite=None; secure
VMI=; path=/; SameSite=None; secure
CHN=#[]; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{}; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Mon, 09-Jan-2023 10:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{"101":[{"SId":"68803C","D":"23/1/8T22:52:58"}]}; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[101]; expires=Sun, 09-Jan-2033 06:52:58 GMT; path=/; SameSite=None; secure; HttpOnly
x-adscore-status: null
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
c.aaxads.com/aax.js?pub=AAX3221EY&hst=103.136.43.42&ver=1.2
200 OK 0 B URL HTTP/2 c.aaxads.com/aax.js?pub=AAX3221EY&hst=103.136.43.42&ver=1.2
IP
GET /aax.js?pub=AAX3221EY&hst=103.136.43.42&ver=1.2 HTTP/1.1
Host: c.aaxads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:59 GMT
content-type: text/javascript; charset=utf-8
x-mnet-h: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1800
expires: Mon, 09 Jan 2023 07:22:59 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 786b40d17f94b4f9-OSL
X-Firefox-Spdy: h2
www.mediafire.com/images/flags_svg/usa.svg
200 OK 0 B URL HTTP/2 www.mediafire.com/images/flags_svg/usa.svg
IP
GET /images/flags_svg/usa.svg HTTP/1.1
Host: www.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:59 GMT
content-type: image/svg+xml
access-control-allow-origin: *
etag: W/"62deda56-5c7"
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
cf-cache-status: HIT
age: 1315
set-cookie: __cf_bm=ohD5hFo5q6OVAOZVDYTG8Gb0wgHZK_5t9H33MxECqJ8-1673247179-0-AeNcBdnIQk4TDOG2WelubRVjeTHsRy4aaQBBM2sbEyzF9LxX2bv78gKdhxc2UXyzNDBZKwrp5OWl2QKaLIzwqZI=; path=/; expires=Mon, 09-Jan-23 07:22:59 GMT; domain=.mediafire.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 786b40d61d5db4ee-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
static.mediafire.com/images/icons/svg_dark/add.svg
200 OK 0 B URL HTTP/2 static.mediafire.com/images/icons/svg_dark/add.svg
IP
GET /images/icons/svg_dark/add.svg HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:59 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-c7"
access-control-allow-origin: *
cf-cache-status: HIT
age: 7234
set-cookie: __cf_bm=UTc92W478wDbNh5xEkZXOCLMsiaf45O4bmYKT3Ev6is-1673247179-0-Ad6YaeS6AI9HFUnWb3ZfXh1Cy+AyQPJ7Tb/p4mLKoU/xh7wHk9joQYaWkljS+2K97TH4anUlkfhEFldL9vwV3nw=; path=/; expires=Mon, 09-Jan-23 07:22:59 GMT; domain=.mediafire.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 786b40d62d65b4ee-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
static.mediafire.com/images/backgrounds/download/additional_content/continent-as.svg
200 OK 0 B URL HTTP/2 static.mediafire.com/images/backgrounds/download/additional_content/continent-as.svg
IP
GET /images/backgrounds/download/additional_content/continent-as.svg HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:59 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-aae3"
access-control-allow-origin: *
cf-cache-status: HIT
age: 1315
set-cookie: __cf_bm=lnxFkojk6DHAIPPnBcJuKPr1WuzgcjJpvCZoI0CGAt4-1673247179-0-AVSiWzdy/it8rY+QscBn6yCMsqzvazGgMxLPmJFODf2ZmCTdADRRUS+ViOgT+jDPKJmKFXLXHrMkrT39Giefstw=; path=/; expires=Mon, 09-Jan-23 07:22:59 GMT; domain=.mediafire.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 786b40d62d67b4ee-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
static.mediafire.com/images/backgrounds/download/additional_content/world.svg
200 OK 0 B URL HTTP/2 static.mediafire.com/images/backgrounds/download/additional_content/world.svg
IP
GET /images/backgrounds/download/additional_content/world.svg HTTP/1.1
Host: static.mediafire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 09 Jan 2023 06:52:59 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-23ce2"
access-control-allow-origin: *
cf-cache-status: HIT
age: 2997
set-cookie: __cf_bm=yYXPFbaXoAruv.dRsfB5sg6PJfFsB6hvEKs0ECANm6Q-1673247179-0-AacmB6/WZ6nZ5dcsVSjLuyfRGorwJTHN8rJ1M8UPQYGfHJpUmR7YY1N1WnJfG2P10gCjO5KDip0cBDhjD7ler58=; path=/; expires=Mon, 09-Jan-23 07:22:59 GMT; domain=.mediafire.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 786b40d62d66b4ee-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
fundingchoicesmessages.google.com/f/AGSKWxXxhCjA0376PEJRKvPbYABIeaqFcJOARWkOOyVBNfrKKqu3hGNujPnDlFLsbJnzVyv6SNOTkimv2wm82c-AdjA=
200 OK 0 B URL HTTP/2 fundingchoicesmessages.google.com/f/AGSKWxXxhCjA0376PEJRKvPbYABIeaqFcJOARWkOOyVBNfrKKqu3hGNujPnDlFLsbJnzVyv6SNOTkimv2wm82c-AdjA=
IP
GET /f/AGSKWxXxhCjA0376PEJRKvPbYABIeaqFcJOARWkOOyVBNfrKKqu3hGNujPnDlFLsbJnzVyv6SNOTkimv2wm82c-AdjA= HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 09 Jan 2023 06:52:59 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-zV8uZOcbBxBEfBRZpA_-Mg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fundingchoicesmessages.google.com/f/AGSKWxXxhCjA0376PEJRKvPbYABIeaqFcJOARWkOOyVBNfrKKqu3hGNujPnDlFLsbJnzVyv6SNOTkimv2wm82c-AdjA=
200 OK 0 B URL HTTP/2 fundingchoicesmessages.google.com/f/AGSKWxXxhCjA0376PEJRKvPbYABIeaqFcJOARWkOOyVBNfrKKqu3hGNujPnDlFLsbJnzVyv6SNOTkimv2wm82c-AdjA=
IP
GET /f/AGSKWxXxhCjA0376PEJRKvPbYABIeaqFcJOARWkOOyVBNfrKKqu3hGNujPnDlFLsbJnzVyv6SNOTkimv2wm82c-AdjA= HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediafire11149186.xtrmetut-xzttrrqq.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 09 Jan 2023 06:52:59 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-O2HJQn13fexB9rwWY74O1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
188.114.97.1
52.42.234.253
104.16.53.48
23.36.76.226
93.184.220.29
104.88.23.134