www-plnsafedeal.link Open in urlscan Pro
95.181.158.9  Malicious Activity! Public Scan

28 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

34 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 79225 Show response www-plnsafedeal.link/obyavlenye/	110 KB 36 KB	687ms 509ms	Document text/html	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Full URL https://www-plnsafedeal.link/obyavlenye/79225 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash f0d1d0a66f4e16c55b6e3a93a80d3ff35f2da9f33cbb1f6b888379029bdbfe55 Request headers :method GET :authority www-plnsafedeal.link :scheme https :path /obyavlenye/79225 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 15 Mar 2021 16:39:51 GMT content-type text/html; charset=UTF-8 content-length 36499 set-cookie __ddg1=2zXmcK6V7aG5PgrFWUkJ; Domain=.www-plnsafedeal.link; HttpOnly; Path=/; Expires=Tue, 15-Mar-2022 16:39:51 GMT PHPSESSID=mq7tln3ivh1mv0e43aa9v9dsb7; path=/ expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache vary Accept-Encoding content-encoding gzip server my-server
GET H2	200	card-payy.css www-plnsafedeal.link/css/	12 KB 3 KB	75ms 73ms	Stylesheet text/css	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Full URL https://www-plnsafedeal.link/css/card-payy.css Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/obyavlenye/79225 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash 6045f5aba119ebbcbabd2c1caf211d09388d4d6eb8f4b8dee6fab573d8626ba3 Request headers Referer https://www-plnsafedeal.link/obyavlenye/79225 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 15 Mar 2021 16:39:52 GMT content-encoding gzip last-modified Thu, 31 Dec 2020 14:11:47 GMT server my-server etag "30eb-5b7c3344b2b77-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 3062
GET H2	200	bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.2/css/	157 KB 18 KB	14ms 12ms	Stylesheet text/css	2606:4700::6810:125e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.2/css/bootstrap.min.css Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/obyavlenye/79225 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://www-plnsafedeal.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 15 Mar 2021 16:39:52 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"max_age":604800,"report_to":"cf-nel"} age 2229431 cross-origin-resource-policy cross-origin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 17550 cf-request-id 08d85b2c1400000609449f0000000001 timing-allow-origin * last-modified Thu, 06 Aug 2020 17:01:51 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5f2c377f-2722e" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ctFqBingsEIHACLp91tmk6wMxBync7k6bmxVGpI%2FwngxOfyncAgjEDIz%2Bhzh9Vifa6caF7uORw59nNHtd%2BUyN47sdxyLf3la8UwhvXLMxKvsTRRFUjdcpC%2Ff%2F%2Bf6P%2Brg5Q%3D%3D"}],"max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 63072e268e080609-FRA expires Sat, 05 Mar 2022 16:39:52 GMT
GET H2	200	full.css www-plnsafedeal.link/css/	2 MB 265 KB	79ms 78ms	Stylesheet text/css	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Full URL https://www-plnsafedeal.link/css/full.css Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/obyavlenye/79225 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash 6b861dc5d143325269be6688737df2673b106062a5d4f91565af41ca57cdfc2d Request headers Referer https://www-plnsafedeal.link/obyavlenye/79225 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 15 Mar 2021 16:39:52 GMT content-encoding gzip last-modified Thu, 31 Dec 2020 14:11:50 GMT server my-server etag "1b4cfb-5b7c3347a2a6b-gzip" vary Accept-Encoding content-type text/css
GET H2	200	style.css www-plnsafedeal.link/css/	45 KB 5 KB	131ms 129ms	Stylesheet text/css	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Full URL https://www-plnsafedeal.link/css/style.css Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/obyavlenye/79225 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash bf49263bcc3c9bfb43ba70329da1034f3d9ac75a0634d9516250cf02f4560a09 Request headers Referer https://www-plnsafedeal.link/obyavlenye/79225 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 15 Mar 2021 16:39:52 GMT content-encoding gzip last-modified Thu, 31 Dec 2020 14:11:49 GMT server my-server etag "b396-5b7c33471ed19-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 4513
GET H2	200	swf2b2c7788ddc4d4b429f9445380f377f.css www-plnsafedeal.link/css/	799 KB 127 KB	131ms 130ms	Stylesheet text/css	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Full URL https://www-plnsafedeal.link/css/swf2b2c7788ddc4d4b429f9445380f377f.css Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/obyavlenye/79225 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash 2dd39802aa6a0057e038623ca3d11ff7e0ca36da783abc357a54274710239d8d Request headers Referer https://www-plnsafedeal.link/obyavlenye/79225 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 15 Mar 2021 16:39:52 GMT content-encoding gzip last-modified Thu, 31 Dec 2020 14:11:53 GMT server my-server etag "c7ab0-5b7c334a679e4-gzip" vary Accept-Encoding content-type text/css
GET H2	200	jquery-3.5.1.min.js Show response code.jquery.com/	87 KB 30 KB	29ms 12ms	Script application/javascript	2001:4de0:ac18::1:a:3a HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.5.1.min.js Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/obyavlenye/79225 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac18::1:a:3a , Netherlands, ASN20446 (HIGHWINDS3, US), Reverse DNS Software nginx / Resource Hash f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Request headers Origin https://www-plnsafedeal.link Referer https://www-plnsafedeal.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 15 Mar 2021 16:39:52 GMT content-encoding gzip last-modified Mon, 04 May 2020 23:02:39 GMT server nginx etag W/"5eb09f0f-15d84" vary Accept-Encoding x-hw 1615826392.dop205.fr8.t,1615826392.cds254.fr8.hn,1615826392.cds142.fr8.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 30879
GET H2	200	jquery.js Show response www-plnsafedeal.link/js/	7 KB 3 KB	131ms 130ms	Script application/javascript	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Full URL https://www-plnsafedeal.link/js/jquery.js Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/obyavlenye/79225 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash dbbbb78ee49b2744fb3ccf9c8db2395a45dda1172f33f85a23b5d3456e60ac35 Request headers Referer https://www-plnsafedeal.link/obyavlenye/79225 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 15 Mar 2021 16:39:52 GMT content-encoding gzip last-modified Thu, 31 Dec 2020 14:12:13 GMT server my-server etag "1cfc-5b7c335dfd2a8-gzip" vary Accept-Encoding content-type application/javascript; charset=utf8 accept-ranges bytes content-length 3131
GET H2	200	maskedinput.js Show response www-plnsafedeal.link/js/	11 KB 3 KB	131ms 130ms	Script application/javascript	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Full URL https://www-plnsafedeal.link/js/maskedinput.js Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/obyavlenye/79225 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash 7345baa61a620cacfb000c04a16e9491020c841ee0b60c4166b68c57af1bb688 Request headers Referer https://www-plnsafedeal.link/obyavlenye/79225 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 15 Mar 2021 16:39:52 GMT content-encoding gzip last-modified Thu, 31 Dec 2020 14:12:15 GMT server my-server etag "2a49-5b7c335f4e126-gzip" vary Accept-Encoding content-type application/javascript; charset=utf8 accept-ranges bytes content-length 3153
GET H2	200	chat1.css www-plnsafedeal.link/chat/	5 KB 2 KB	131ms 130ms	Stylesheet text/css	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Full URL https://www-plnsafedeal.link/chat/chat1.css Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/obyavlenye/79225 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash a773a738f305a03a7aeccb9b65af6aa23e4d09156867dc532c955dacb769b9e0 Request headers Referer https://www-plnsafedeal.link/obyavlenye/79225 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 15 Mar 2021 16:39:52 GMT content-encoding gzip last-modified Thu, 31 Dec 2020 14:11:44 GMT server my-server etag "156f-5b7c3341c8a43-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 1831
GET H2	200	chip.png raw.githubusercontent.com/muhammederdem/credit-card-form/master/src/assets/images/	16 KB 17 KB	126ms 41ms	Image image/png	185.199.111.133 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://raw.githubusercontent.com/muhammederdem/credit-card-form/master/src/assets/images/chip.png Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/obyavlenye/79225 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.199.111.133 , United States, ASN54113 (FASTLY, US), Reverse DNS cdn-185-199-111-133.github.com Software / Resource Hash 612d3c3f8efad0b9073b164950a2c3b5ed6d73e214fe539e6c21b4f18fed0ad8 Security Headers Name Value Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers Referer https://www-plnsafedeal.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-fastly-request-id fe37b4d5fb93bada3a84aec15fad1c07fccade2e content-security-policy default-src 'none'; style-src 'unsafe-inline'; sandbox via 1.1 varnish x-content-type-options nosniff x-cache HIT x-cache-hits 1 vary Authorization,Accept-Encoding content-length 16470 x-xss-protection 1; mode=block x-served-by cache-cdg20744-CDG x-github-request-id 7DAC:91F2:1708F20:1832F20:604F1AD2 x-timer S1615826393.518867,VS0,VE1 x-frame-options deny date Mon, 15 Mar 2021 16:39:52 GMT source-age 123 strict-transport-security max-age=31536000 content-type image/png access-control-allow-origin * cache-control max-age=300 etag W/"0eef0729fb842b647b8e55e6077eb705bfff46d0f861a866fe759566cb54d035" accept-ranges bytes expires Mon, 15 Mar 2021 16:44:52 GMT
GET H2	200	vue.min.js Show response www-plnsafedeal.link/js/	91 KB 33 KB	55ms 55ms	Script application/javascript	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Full URL https://www-plnsafedeal.link/js/vue.min.js Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/obyavlenye/79225 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash 72194d152571dd375c4365e5c3b4af9db2c06af0102ced18fcb062597d38be26 Request headers Referer https://www-plnsafedeal.link/obyavlenye/79225 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 15 Mar 2021 16:39:52 GMT content-encoding gzip last-modified Thu, 31 Dec 2020 14:12:19 GMT server my-server etag "16deb-5b7c3363b6f34-gzip" vary Accept-Encoding content-type application/javascript; charset=utf8 accept-ranges bytes content-length 34057
GET H2	200	vue-the-mask.js Show response www-plnsafedeal.link/js/	5 KB 2 KB	56ms 55ms	Script application/javascript	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Full URL https://www-plnsafedeal.link/js/vue-the-mask.js Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/obyavlenye/79225 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash 9ef6dd0c1dbd61b792f7791c989d68b3939263c502269643f8e96c28f7e49a15 Request headers Referer https://www-plnsafedeal.link/obyavlenye/79225 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 15 Mar 2021 16:39:52 GMT content-encoding gzip last-modified Thu, 31 Dec 2020 14:12:17 GMT server my-server etag "1281-5b7c3361161d8-gzip" vary Accept-Encoding content-type application/javascript; charset=utf8 accept-ranges bytes content-length 1863
GET H2	200	main.js Show response www-plnsafedeal.link/js/	2 KB 1006 B	56ms 55ms	Script application/javascript	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Full URL https://www-plnsafedeal.link/js/main.js Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/obyavlenye/79225 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash 04b70d566e3565f58b96d67396e342efa19f6d63390c911ac7e06280c16ef010 Request headers Referer https://www-plnsafedeal.link/obyavlenye/79225 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 15 Mar 2021 16:39:52 GMT content-encoding gzip last-modified Thu, 31 Dec 2020 14:12:14 GMT server my-server etag "881-5b7c335e87d5a-gzip" vary Accept-Encoding content-type application/javascript; charset=utf8 accept-ranges bytes content-length 805
GET H2	200	bootstrap.min.js Show response cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.2/js/	59 KB 13 KB	11ms 10ms	Script application/javascript	2606:4700::6810:125e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.2/js/bootstrap.min.js Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/obyavlenye/79225 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://www-plnsafedeal.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 15 Mar 2021 16:39:52 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"max_age":604800,"report_to":"cf-nel"} age 304800 cross-origin-resource-policy cross-origin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 13009 cf-request-id 08d85b2d5d0000060977280000000001 timing-allow-origin * last-modified Thu, 06 Aug 2020 17:01:51 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5f2c377f-ea8c" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Aowq8SoFstKHWAoTrhzTKF%2FbZN14YcGZS5PHgezjNniYiuSsq6t7WT2tQ84VoUPDnAky73qgLy0Y71EHc98iVu87s1kwwNw3zW0X%2FEaC8amTuZ2QxRWjMeOKgPvHbW5iBA%3D%3D"}],"max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 63072e2899730609-FRA expires Sat, 05 Mar 2022 16:39:52 GMT
GET H2	200	wait_olx.gif www-plnsafedeal.link/img/	22 KB 16 KB	58ms 57ms	Image image/gif	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Show image Full URL https://www-plnsafedeal.link/img/wait_olx.gif Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/obyavlenye/79225 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash d76c46d6ff4a488d111dc36cbcac0a9df700e21196e23192a25f5974b9de5798 Request headers Referer https://www-plnsafedeal.link/obyavlenye/79225 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 15 Mar 2021 16:39:52 GMT content-encoding gzip last-modified Thu, 31 Dec 2020 14:11:59 GMT server my-server etag W/"590f-5b7c3350a7302" content-type image/gif
GET H2	200	image;s=1000x700 ireland.apollo.olxcdn.com/v1/files/d4mz97zhk58q1-PL/	21 KB 21 KB	147ms 74ms	Image image/webp	13.226.159.16 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ireland.apollo.olxcdn.com/v1/files/d4mz97zhk58q1-PL/image;s=1000x700 Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/obyavlenye/79225 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.226.159.16 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-226-159-16.dus51.r.cloudfront.net Software / Resource Hash fddf3cd10c0d20cbb4d8be044468590de80bbee413a9494cb753c5cd7b771083 Request headers Referer https://www-plnsafedeal.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sat, 13 Mar 2021 21:56:36 GMT via 1.1 987c00b911316df568db602f83876a8e.cloudfront.net (CloudFront) last-modified Sat, 13 Mar 2021 21:56:36 GMT age 153796 x-trace ea902b5e-3bf2-4e91-a2bb-5e685cae5efd etag "d4mz97zhk58q1-PL" access-control-allow-methods GET, OPTIONS content-type image/webp access-control-allow-origin * cache-control public,max-age=604800 x-cache Hit from cloudfront x-amz-cf-pop DUS51-C1 content-length 21076 x-amz-cf-id -xdQ6W-mnZsdaveYJxtg8kht2sucDEnjm05xrupKIIX_hxGLeq263g==
GET H2	200	css fonts.googleapis.com/	15 KB 1 KB	15ms 15ms	Stylesheet text/css	2a00:1450:4001:82a::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Source+Code+Pro:400,500,600,700|Source+Sans+Pro:400,600,700&display=swap Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/css/card-payy.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 90d6aa4beda607325ea5db81a18dca7b87662e6220be2aad4dbb03f67cf3a4c2 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://www-plnsafedeal.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Mon, 15 Mar 2021 16:39:52 GMT server ESF date Mon, 15 Mar 2021 16:39:52 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Mon, 15 Mar 2021 16:39:52 GMT
GET H2	200	8a3bda829217687e9e80017fc9dbb252.svg www-plnsafedeal.link/delivery/	0 196 B	2507ms 2507ms	Image text/html	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Show image Full URL https://www-plnsafedeal.link/delivery/8a3bda829217687e9e80017fc9dbb252.svg Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/css/style.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www-plnsafedeal.link/css/style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Mon, 15 Mar 2021 16:39:54 GMT cache-control no-store, no-cache, must-revalidate expires Thu, 19 Nov 1981 08:52:00 GMT server my-server content-encoding gzip content-type text/html; charset=UTF-8
GET H2	200	2f7d515ccf53e427f222999e9e6f453e1c.woff2 static.olx.ua/static/olxua/packed/font/	42 KB 42 KB	120ms 43ms	Font application/octet-stream	13.226.159.9 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.olx.ua/static/olxua/packed/font/2f7d515ccf53e427f222999e9e6f453e1c.woff2 Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/css/swf2b2c7788ddc4d4b429f9445380f377f.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.226.159.9 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-226-159-9.dus51.r.cloudfront.net Software OLXcdn / Resource Hash 3d2d1cefcb9a492fc0d04a6f10ca26ba35d3cf8610b9badf642caba4b4db92e1 Request headers Origin https://www-plnsafedeal.link Referer https://www-plnsafedeal.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 07 Feb 2021 06:34:06 GMT x-t True x-request-received t=1612679646297819 last-modified Sun, 07 Feb 2021 05:47:06 GMT server OLXcdn age 3146746 x-cache Hit from cloudfront access-control-allow-origin * x-amz-cf-pop DUS51-C1 accept-ranges bytes x-request-processing-time D=457 content-length 42860 via 1.1 f12c01365a7e1bcbb4b6d5b856516527.cloudfront.net (CloudFront) x-amz-cf-id RpefG44elexGzgvzXPhQXPw2g4QtZhtq-HzWPhBtrJdziz0Ep_ZHmw==
GET H2	200	2f5da9077a4fd524bfa4a23e595fc41982.woff2 static.olx.ua/static/olxua/packed/font/	42 KB 43 KB	120ms 43ms	Font application/octet-stream	13.226.159.9 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.olx.ua/static/olxua/packed/font/2f5da9077a4fd524bfa4a23e595fc41982.woff2 Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/css/swf2b2c7788ddc4d4b429f9445380f377f.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.226.159.9 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-226-159-9.dus51.r.cloudfront.net Software OLXcdn / Resource Hash 2383e4a01c9cea2352a87cbd5c1326a38ec4b493025ddba6eb12d3fa8060edee Request headers Origin https://www-plnsafedeal.link Referer https://www-plnsafedeal.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 07 Feb 2021 06:34:06 GMT x-t True x-request-received t=1612679646300887 last-modified Sat, 06 Feb 2021 23:16:54 GMT server OLXcdn age 3146746 x-cache Hit from cloudfront access-control-allow-origin * x-amz-cf-pop DUS51-C1 accept-ranges bytes x-request-processing-time D=453 content-length 43272 via 1.1 f12c01365a7e1bcbb4b6d5b856516527.cloudfront.net (CloudFront) x-amz-cf-id U1EXHYPqSU759Ltn6P5vKf5IdEw3wawm7wwVewl4yGPIiweaMcXNLw==
GET		2f31b2e28c8a5ed8afb69bcc8851caea83.woff2 static.olx.ua/static/olxua/packed/font/	0 0
GET		a35649b1d4c9738de84be469ebdf3b2e.woff2 olx.uapay.ua/delivery/	0 0
GET H2	200	14.jpeg raw.githubusercontent.com/muhammederdem/credit-card-form/master/src/assets/images/	16 KB 16 KB	213ms 212ms	Image image/jpeg	185.199.111.133 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://raw.githubusercontent.com/muhammederdem/credit-card-form/master/src/assets/images/14.jpeg Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/obyavlenye/79225 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.199.111.133 , United States, ASN54113 (FASTLY, US), Reverse DNS cdn-185-199-111-133.github.com Software / Resource Hash d613a336c3fc8cb9c71b835627b19d1772c8347b7633f43de97351d31ecc65bf Security Headers Name Value Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers Referer https://www-plnsafedeal.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-fastly-request-id 0eb46e5567d16b801f29e073f23807e71ded5676 content-security-policy default-src 'none'; style-src 'unsafe-inline'; sandbox via 1.1 varnish x-content-type-options nosniff x-cache MISS x-cache-hits 0 vary Authorization,Accept-Encoding content-length 16259 x-xss-protection 1; mode=block x-served-by cache-cdg20744-CDG x-github-request-id EDBC:D920:19F1C39:1B3282D:604F7A75 x-timer S1615826393.565536,VS0,VE171 x-frame-options deny date Mon, 15 Mar 2021 16:39:52 GMT source-age 0 strict-transport-security max-age=31536000 content-type image/jpeg access-control-allow-origin * cache-control max-age=300 etag W/"6246421675b2f2e0609440ae82af6ecc2f179f0a319481280d49bd56126b62ee" accept-ranges bytes expires Mon, 15 Mar 2021 16:44:52 GMT
GET H2	200	visa.png raw.githubusercontent.com/muhammederdem/credit-card-form/master/src/assets/images/	6 KB 6 KB	42ms 42ms	Image image/png	185.199.111.133 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://raw.githubusercontent.com/muhammederdem/credit-card-form/master/src/assets/images/visa.png Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/obyavlenye/79225 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.199.111.133 , United States, ASN54113 (FASTLY, US), Reverse DNS cdn-185-199-111-133.github.com Software / Resource Hash 1a9548347c9b338b3168bc5eb94c8206490a3462efc3c674632e9e9236785d54 Security Headers Name Value Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers Referer https://www-plnsafedeal.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-fastly-request-id 298bef0df255fb9ac54f64b074dbfa49c90f84dc content-security-policy default-src 'none'; style-src 'unsafe-inline'; sandbox via 1.1 varnish x-content-type-options nosniff x-cache HIT x-cache-hits 1 vary Authorization,Accept-Encoding content-length 5927 x-xss-protection 1; mode=block x-served-by cache-cdg20744-CDG x-github-request-id 131C:A68E:26EE21:30BE2E:604EBBAD x-timer S1615826393.565516,VS0,VE1 x-frame-options deny date Mon, 15 Mar 2021 16:39:52 GMT source-age 123 strict-transport-security max-age=31536000 content-type image/png access-control-allow-origin * cache-control max-age=300 etag W/"a85601928a11d6b5e6b530a1393acefc80f47d2fe589cadd27da82060323bd15" accept-ranges bytes expires Mon, 15 Mar 2021 16:44:52 GMT
GET H2	200	2fc9f37e6707acfc0e1255cec57c49a986.svg static.olx.ua/static/olxua/packed/font/	6 KB 3 KB	105ms 35ms	Image image/svg+xml	13.226.159.9 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://static.olx.ua/static/olxua/packed/font/2fc9f37e6707acfc0e1255cec57c49a986.svg Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/css/swf2b2c7788ddc4d4b429f9445380f377f.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.226.159.9 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-226-159-9.dus51.r.cloudfront.net Software OLXcdn / Resource Hash 9ef6b58dbcb6ec33c83a2e2100a9cde733d6272965c681360cfdfacc49c77dd9 Request headers Referer https://www-plnsafedeal.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 09 Feb 2021 04:29:00 GMT x-t True x-request-received t=1612844940502522 last-modified Mon, 08 Feb 2021 23:21:19 GMT server OLXcdn age 2981452 vary Accept-Encoding x-cache Hit from cloudfront content-type image/svg+xml access-control-allow-origin * x-amz-cf-pop DUS51-C1 content-encoding gzip x-request-processing-time D=814 x-amz-cf-id xQgG-ep9VcE0Fuw5Bv3YHKBm4MdIBZ31e1Wu25QyD5_zHgtsCO43bQ== via 1.1 892b66fb24658030c9f86276c7abeda5.cloudfront.net (CloudFront)
GET H2	200	2fccd2faa9395d5faed1011516c64dc929.svg static.olx.ua/static/olxua/packed/font/	8 KB 4 KB	105ms 35ms	Image image/svg+xml	13.226.159.9 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://static.olx.ua/static/olxua/packed/font/2fccd2faa9395d5faed1011516c64dc929.svg Requested by Host: www-plnsafedeal.link URL: https://www-plnsafedeal.link/css/swf2b2c7788ddc4d4b429f9445380f377f.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.226.159.9 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-226-159-9.dus51.r.cloudfront.net Software OLXcdn / Resource Hash e7bdf200a2c0ca62218da3ee29d5c4cc8eca4eeaa29f6dae116df3822d6bd898 Request headers Referer https://www-plnsafedeal.link/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sat, 30 Jan 2021 04:11:23 GMT x-t True x-request-received t=1611979883488098 last-modified Sat, 30 Jan 2021 00:55:31 GMT server OLXcdn age 3846509 vary Accept-Encoding x-cache Hit from cloudfront content-type image/svg+xml access-control-allow-origin * x-amz-cf-pop DUS51-C1 content-encoding gzip x-request-processing-time D=472 x-amz-cf-id orFzHStGs3pGyPoFjNrIRfwK3sZ7jjb9ZpSGDl8rcT3G-ZWXiqhniQ== via 1.1 892b66fb24658030c9f86276c7abeda5.cloudfront.net (CloudFront)
GET		deb2e275f84cb3a34faaccd5f0daa4f7.woff olx.uapay.ua/delivery/	0 0
GET		7da201004f3c567bae2df158acb0b639.ttf olx.uapay.ua/delivery/	0 0
GET		2f2b77a1b5c6dbb672de9063d7fc214fd9.woff static.olx.ua/static/olxua/packed/font/	0 0
GET		2f9ff5479ce901683f57150e3c8c9ed82a.ttf static.olx.ua/static/olxua/packed/font/	0 0
GET		2f067c5d5af98b55be445ff041c63d70c8.woff2 static-olxeu.akamaized.net/static/olxua/packed/font/	0 0
GET		2f933b9c0cd0b1ed27ec196d6bd956bfb5.woff static-olxeu.akamaized.net/static/olxua/packed/font/	0 0
GET		2f62107aedb6a2c056f94f7bb366b04c21.ttf static-olxeu.akamaized.net/static/olxua/packed/font/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

static.olx.ua

URL

https://static.olx.ua/static/olxua/packed/font/2f31b2e28c8a5ed8afb69bcc8851caea83.woff2

Domain

olx.uapay.ua

URL

https://olx.uapay.ua/delivery/a35649b1d4c9738de84be469ebdf3b2e.woff2

Domain

olx.uapay.ua

URL

https://olx.uapay.ua/delivery/deb2e275f84cb3a34faaccd5f0daa4f7.woff

Domain

olx.uapay.ua

URL

https://olx.uapay.ua/delivery/7da201004f3c567bae2df158acb0b639.ttf

Domain

static.olx.ua

URL

https://static.olx.ua/static/olxua/packed/font/2f2b77a1b5c6dbb672de9063d7fc214fd9.woff

Domain

static.olx.ua

URL

https://static.olx.ua/static/olxua/packed/font/2f9ff5479ce901683f57150e3c8c9ed82a.ttf

Domain

static-olxeu.akamaized.net

URL

https://static-olxeu.akamaized.net/static/olxua/packed/font/2f067c5d5af98b55be445ff041c63d70c8.woff2

Domain

static-olxeu.akamaized.net

URL

https://static-olxeu.akamaized.net/static/olxua/packed/font/2f933b9c0cd0b1ed27ec196d6bd956bfb5.woff

Domain

static-olxeu.akamaized.net

URL

https://static-olxeu.akamaized.net/static/olxua/packed/font/2f62107aedb6a2c056f94f7bb366b04c21.ttf

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Visa (Financial) OLX Group (E-commerce)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| $jscomp function| Vue object| VueTheMask object| bootstrap number| opened function| openForm function| closeForm function| checkFocus function| update function| sendmsg

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www-plnsafedeal.link/	1969-12-31 23:59:59	Name: PHPSESSID Value: mq7tln3ivh1mv0e43aa9v9dsb7
			.www-plnsafedeal.link/	1970-01-20 01:36:02	Name: __ddg1 Value: 2zXmcK6V7aG5PgrFWUkJ

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
ireland.apollo.olxcdn.com
olx.uapay.ua
raw.githubusercontent.com
static-olxeu.akamaized.net
static.olx.ua
www-plnsafedeal.link
olx.uapay.ua
static-olxeu.akamaized.net
static.olx.ua
13.226.159.16
13.226.159.9
185.199.111.133
2001:4de0:ac18::1:a:3a
2606:4700::6810:125e
2a00:1450:4001:82a::200a
95.181.158.9
04b70d566e3565f58b96d67396e342efa19f6d63390c911ac7e06280c16ef010
1a9548347c9b338b3168bc5eb94c8206490a3462efc3c674632e9e9236785d54
2383e4a01c9cea2352a87cbd5c1326a38ec4b493025ddba6eb12d3fa8060edee
2dd39802aa6a0057e038623ca3d11ff7e0ca36da783abc357a54274710239d8d
3d2d1cefcb9a492fc0d04a6f10ca26ba35d3cf8610b9badf642caba4b4db92e1
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
6045f5aba119ebbcbabd2c1caf211d09388d4d6eb8f4b8dee6fab573d8626ba3
612d3c3f8efad0b9073b164950a2c3b5ed6d73e214fe539e6c21b4f18fed0ad8
6b861dc5d143325269be6688737df2673b106062a5d4f91565af41ca57cdfc2d
72194d152571dd375c4365e5c3b4af9db2c06af0102ced18fcb062597d38be26
7345baa61a620cacfb000c04a16e9491020c841ee0b60c4166b68c57af1bb688
79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582
90d6aa4beda607325ea5db81a18dca7b87662e6220be2aad4dbb03f67cf3a4c2
9ef6b58dbcb6ec33c83a2e2100a9cde733d6272965c681360cfdfacc49c77dd9
9ef6dd0c1dbd61b792f7791c989d68b3939263c502269643f8e96c28f7e49a15
a773a738f305a03a7aeccb9b65af6aa23e4d09156867dc532c955dacb769b9e0
bf49263bcc3c9bfb43ba70329da1034f3d9ac75a0634d9516250cf02f4560a09
d613a336c3fc8cb9c71b835627b19d1772c8347b7633f43de97351d31ecc65bf
d76c46d6ff4a488d111dc36cbcac0a9df700e21196e23192a25f5974b9de5798
dbbbb78ee49b2744fb3ccf9c8db2395a45dda1172f33f85a23b5d3456e60ac35
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7bdf200a2c0ca62218da3ee29d5c4cc8eca4eeaa29f6dae116df3822d6bd898
f0d1d0a66f4e16c55b6e3a93a80d3ff35f2da9f33cbb1f6b888379029bdbfe55
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fddf3cd10c0d20cbb4d8be044468590de80bbee413a9494cb753c5cd7b771083