urlscan.io logo urlscan.io
SecurityTrails logo

142.252.172.3 Open in urlscan Pro
142.252.172.3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://marshcreekweddings.com/
Effective URL: http://142.252.172.3:1689/
Submission: On August 23 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 3 countries across 10 domains to perform 26 HTTP transactions. The main IP is 142.252.172.3, located in United States and belongs to EGIHOSTING, US. The main domain is 142.252.172.3.
This is the only time 142.252.172.3 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 4 142.252.172.178 18779 (EGIHOSTING)
7 142.252.172.3 18779 (EGIHOSTING)
4 104.165.249.254 18779 (EGIHOSTING)
3 2606:4700:10:... 13335 (CLOUDFLAR...)
1 23.225.154.19 40065 (CNSERVERS)
2 45.61.212.33 53587 (AZT)
1 203.205.254.152 132203 (TENCENT-N...)
1 2 2606:4700:303... 13335 (CLOUDFLAR...)
1 101.33.29.81 139341 (ACE-AS-AP...)
1 2606:4700:21:... 13335 (CLOUDFLAR...)
1 137.175.12.10 54600 (PEGTECHINC)
1 34.102.136.180 15169 (GOOGLE)
26 12
4    142.252.172.178 (United States)

ASN18779 (EGIHOSTING, US)
marshcreekweddings.com
www.marshcreekweddings.com
7    142.252.172.3 (United States)

ASN18779 (EGIHOSTING, US)
142.252.172.3
4    104.165.249.254 (United States)

ASN18779 (EGIHOSTING, US)
104.165.249.254
3    2606:4700:10::6816:56 (United States)

ASN13335 (CLOUDFLARENET, US)
sycdn.comtucdncom.com
1    23.225.154.19 (United States)

ASN40065 (CNSERVERS, US)
www.govxian.cn
2    45.61.212.33 (United States)

ASN53587 (AZT, US)
3336653.com
ip625e.com
1    203.205.254.152 (Hong Kong)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)
p.qlogo.cn
2    2606:4700:3034::ac43:c0fe (United States)

ASN13335 (CLOUDFLARENET, US)
xs.imgpipi.xyz
1    101.33.29.81 (Singapore)

ASN139341 (ACE-AS-AP ACE, SG)
pic1.58cdn.com.cn
1    2606:4700:21::681b:ce5c (United States)

ASN13335 (CLOUDFLARENET, US)
kanjiantu.com
1    137.175.12.10 (United States)

ASN54600 (PEGTECHINC, US)
137.175.12.10
1    34.102.136.180 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 180.136.102.34.bc.googleusercontent.com
www.rtaicq.com
Domain Requested by
3 sycdn.comtucdncom.com 142.252.172.3
3 www.marshcreekweddings.com www.marshcreekweddings.com
2 xs.imgpipi.xyz 1 redirects 142.252.172.3
1 www.rtaicq.com 142.252.172.3
1 kanjiantu.com 142.252.172.3
1 pic1.58cdn.com.cn 104.165.249.254
1 p.qlogo.cn 104.165.249.254
1 ip625e.com 104.165.249.254
1 3336653.com 104.165.249.254
1 www.govxian.cn 104.165.249.254
1 marshcreekweddings.com 1 redirects
26 11
Subject Issuer Validity Valid
*.comtucdncom.com
R3		 2021-07-12 -
2021-10-10		 3 months crt.sh
govxian.cn
TrustAsia TLS RSA CA		 2021-06-07 -
2022-06-06		 a year crt.sh
3336653.com
Sectigo RSA Domain Validation Secure Server CA		 2020-11-24 -
2021-11-24		 a year crt.sh
ip625e.com
Sectigo RSA Domain Validation Secure Server CA		 2021-06-26 -
2022-06-26		 a year crt.sh
*.qpic.cn
GlobalSign Organization Validation CA - SHA256 - G2		 2021-04-26 -
2022-05-28		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-21 -
2022-07-20		 a year crt.sh
*.58cdn.com.cn
GlobalSign RSA OV SSL CA 2018		 2020-04-27 -
2022-06-17		 2 years crt.sh

This page contains 1 frames:

Primary Page: http://142.252.172.3:1689/
Frame ID: F37D99311F010F060BBC6CD83437DF12
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

运动短视频分享网

Page URL History Show full URLs

  1. http://marshcreekweddings.com/ HTTP 301
    http://www.marshcreekweddings.com/ Page URL
  2. http://142.252.172.3:1689/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

26
Requests

38 %
HTTPS

25 %
IPv6

10
Domains

11
Subdomains

12
IPs

3
Countries

2835 kB
Transfer

2912 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://marshcreekweddings.com/ HTTP 301
    http://www.marshcreekweddings.com/ Page URL
  2. http://142.252.172.3:1689/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://marshcreekweddings.com/ HTTP 301
  • http://www.marshcreekweddings.com/
Request Chain 20
  • http://xs.imgpipi.xyz/2021/06/06/Oh0.gif HTTP 301
  • https://xs.imgpipi.xyz/2021/06/06/Oh0.gif

26 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
www.marshcreekweddings.com/
Redirect Chain
  • http://marshcreekweddings.com/
  • http://www.marshcreekweddings.com/
1 KB
597 B 		Document
General
Check archive.org
Download Go to
Full URL
http://www.marshcreekweddings.com/
Protocol
HTTP/1.1
Server
142.252.172.178 , United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
nginx /
Resource Hash
e8955cef11fc0b45ea0c54e8dcc3ec3a4a8738856a50114d78b8421e7786d21d

Request headers

Host
www.marshcreekweddings.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
nginx
Date
Mon, 23 Aug 2021 05:56:27 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Mon, 23 Aug 2021 05:56:26 GMT
Content-Type
text/html
Content-Length
0
Connection
keep-alive
Location
http://www.marshcreekweddings.com/
common.js
www.marshcreekweddings.com/ 		877 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.marshcreekweddings.com/common.js
Requested by
Host: www.marshcreekweddings.com
URL: http://www.marshcreekweddings.com/
Protocol
HTTP/1.1
Server
142.252.172.178 , United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.marshcreekweddings.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
*/*
Referer
http://www.marshcreekweddings.com/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.marshcreekweddings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 23 Aug 2021 05:56:29 GMT
Server
nginx
Connection
keep-alive
Content-Length
877
Content-Type
application/x-javascript
tj.js
www.marshcreekweddings.com/ 		0
154 B 		Script
General
Check archive.org
Download Go to
Full URL
http://www.marshcreekweddings.com/tj.js
Requested by
Host: www.marshcreekweddings.com
URL: http://www.marshcreekweddings.com/
Protocol
HTTP/1.1
Server
142.252.172.178 , United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.marshcreekweddings.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
*/*
Referer
http://www.marshcreekweddings.com/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.marshcreekweddings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 23 Aug 2021 05:56:28 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
Content-Type
application/x-javascript
Primary Request Cookie set /
142.252.172.3/ 		6 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
http://142.252.172.3:1689/
Requested by
Host: www.marshcreekweddings.com
URL: http://www.marshcreekweddings.com/common.js
Protocol
HTTP/1.1
Server
142.252.172.3 , United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Microsoft-IIS/7.5 / PHP/5.3.29 ASP.NET
Resource Hash

Request headers

Host
142.252.172.3:1689
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://www.marshcreekweddings.com/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://www.marshcreekweddings.com/

Response headers

Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Content-Type
text/html;Charset=utf-8
Content-Encoding
gzip
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Vary
Accept-Encoding
Server
Microsoft-IIS/7.5
X-Powered-By
PHP/5.3.29 ASP.NET
Set-Cookie
PHPSESSID=7c12ukv3adu530ep7u6ea8vhn4; path=/
Date
Mon, 23 Aug 2021 05:56:30 GMT
Content-Length
3344
comment.css
142.252.172.3/template/m1938pc/css/ 		10 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://142.252.172.3:1689/template/m1938pc/css/comment.css
Requested by
Host: 142.252.172.3
URL: http://142.252.172.3:1689/
Protocol
HTTP/1.1
Server
142.252.172.3 , United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Microsoft-IIS/7.5 / ASP.NET
Resource Hash
3272f5bf66379cce5468c150a50ca704d1620752eca2ff5764e85cc98211efab

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
142.252.172.3:1689
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://142.252.172.3:1689/
Cookie
PHPSESSID=7c12ukv3adu530ep7u6ea8vhn4
Connection
keep-alive
Cache-Control
no-cache
Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 23 Aug 2021 05:56:30 GMT
Content-Encoding
gzip
Last-Modified
Fri, 16 Jul 2021 14:54:54 GMT
Server
Microsoft-IIS/7.5
X-Powered-By
ASP.NET
ETag
"4020df89527ad71:0"
Vary
Accept-Encoding
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
3032
jquery.js
142.252.172.3/js/ 		48 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
http://142.252.172.3:1689/js/jquery.js
Requested by
Host: 142.252.172.3
URL: http://142.252.172.3:1689/
Protocol
HTTP/1.1
Server
142.252.172.3 , United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Microsoft-IIS/7.5 / ASP.NET
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
142.252.172.3:1689
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
*/*
Referer
http://142.252.172.3:1689/
Cookie
PHPSESSID=7c12ukv3adu530ep7u6ea8vhn4
Connection
keep-alive
Cache-Control
no-cache
Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 23 Aug 2021 05:56:30 GMT
Content-Encoding
gzip
Last-Modified
Sat, 28 Sep 2013 03:06:42 GMT
Server
Microsoft-IIS/7.5
X-Powered-By
ASP.NET
ETag
"92a2bcc1f7bbce1:0"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Accept-Ranges
bytes
Content-Length
33964
jquery.lazyload.js
142.252.172.3/js/jq/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://142.252.172.3:1689/js/jq/jquery.lazyload.js
Requested by
Host: 142.252.172.3
URL: http://142.252.172.3:1689/
Protocol
HTTP/1.1
Server
142.252.172.3 , United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Microsoft-IIS/7.5 / ASP.NET
Resource Hash
f3a5e91219434ff92ae7b36b9582136a75f56b605ebeb54bac21efdfea4466d1

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
142.252.172.3:1689
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
*/*
Referer
http://142.252.172.3:1689/
Cookie
PHPSESSID=7c12ukv3adu530ep7u6ea8vhn4
Connection
keep-alive
Cache-Control
no-cache
Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 23 Aug 2021 05:56:30 GMT
Content-Encoding
gzip
Last-Modified
Thu, 31 Oct 2013 13:29:36 GMT
Server
Microsoft-IIS/7.5
X-Powered-By
ASP.NET
ETag
"8d9e7b3e3dd6ce1:0"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Accept-Ranges
bytes
Content-Length
918
jquery.autocomplete.js
142.252.172.3/js/jq/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://142.252.172.3:1689/js/jq/jquery.autocomplete.js
Requested by
Host: 142.252.172.3
URL: http://142.252.172.3:1689/
Protocol
HTTP/1.1
Server
142.252.172.3 , United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Microsoft-IIS/7.5 / ASP.NET
Resource Hash
c13f5ac7ae0e10138056f4c238226392ad28e883f78d3e19fb43dcb9c1b58582

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
142.252.172.3:1689
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
*/*
Referer
http://142.252.172.3:1689/
Cookie
PHPSESSID=7c12ukv3adu530ep7u6ea8vhn4
Connection
keep-alive
Cache-Control
no-cache
Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 23 Aug 2021 05:56:30 GMT
Content-Encoding
gzip
Last-Modified
Thu, 31 Oct 2013 13:29:36 GMT
Server
Microsoft-IIS/7.5
X-Powered-By
ASP.NET
ETag
"ed177a3e3dd6ce1:0"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Accept-Ranges
bytes
Content-Length
5663
home.js
142.252.172.3/template/m1938pc/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://142.252.172.3:1689/template/m1938pc/js/home.js
Requested by
Host: 142.252.172.3
URL: http://142.252.172.3:1689/
Protocol
HTTP/1.1
Server
142.252.172.3 , United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Microsoft-IIS/7.5 / ASP.NET
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
142.252.172.3:1689
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
*/*
Referer
http://142.252.172.3:1689/
Cookie
PHPSESSID=7c12ukv3adu530ep7u6ea8vhn4
Connection
keep-alive
Cache-Control
no-cache
Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 23 Aug 2021 05:56:30 GMT
Server
Microsoft-IIS/7.5
X-Powered-By
ASP.NET
Content-Length
1245
Content-Type
text/html
hf1.js
104.165.249.254/gg/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://104.165.249.254:8090/gg/hf1.js
Requested by
Host: 142.252.172.3
URL: http://142.252.172.3:1689/
Protocol
HTTP/1.1
Server
104.165.249.254 , United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Microsoft-IIS/7.5 / ASP.NET
Resource Hash
12263ce8cd1ba2f0084e566889a4904b4a6d69c65199d675e50c7a3fbb8eb711

Request headers

Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 23 Aug 2021 05:56:28 GMT
Content-Encoding
gzip
Last-Modified
Sun, 22 Aug 2021 16:54:12 GMT
Server
Microsoft-IIS/7.5
X-Powered-By
ASP.NET
ETag
"87bb46557697d71:0"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Accept-Ranges
bytes
Content-Length
804
wenzi.js
104.165.249.254/gg// 		11 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://104.165.249.254:8090/gg//wenzi.js
Requested by
Host: 142.252.172.3
URL: http://142.252.172.3:1689/
Protocol
HTTP/1.1
Server
104.165.249.254 , United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Microsoft-IIS/7.5 / ASP.NET
Resource Hash
79c4f570d59cfc2e550debbf441b877a0eb64f631889c269236e35f6778c39ea

Request headers

Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 23 Aug 2021 05:56:28 GMT
Content-Encoding
gzip
Last-Modified
Sun, 22 Aug 2021 16:45:01 GMT
Server
Microsoft-IIS/7.5
X-Powered-By
ASP.NET
ETag
"80a4a7c7597d71:0"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Accept-Ranges
bytes
Content-Length
845
hf2.js
104.165.249.254/gg// 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://104.165.249.254:8090/gg//hf2.js
Requested by
Host: 142.252.172.3
URL: http://142.252.172.3:1689/
Protocol
HTTP/1.1
Server
104.165.249.254 , United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Microsoft-IIS/7.5 / ASP.NET
Resource Hash
7398db5cc8fe8a43811c215b4e66b5a073ff5acea7e9ef8a116f2b3305bd4c0e

Request headers

Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 23 Aug 2021 05:56:28 GMT
Content-Encoding
gzip
Last-Modified
Sat, 21 Aug 2021 04:47:32 GMT
Server
Microsoft-IIS/7.5
X-Powered-By
ASP.NET
ETag
"0ca9a74796d71:0"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Accept-Ranges
bytes
Content-Length
1434
shiping.js
104.165.249.254/gg// 		2 KB
790 B 		Script
General
Check archive.org
Download Go to
Full URL
http://104.165.249.254:8090/gg//shiping.js
Requested by
Host: 142.252.172.3
URL: http://142.252.172.3:1689/
Protocol
HTTP/1.1
Server
104.165.249.254 , United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Microsoft-IIS/7.5 / ASP.NET
Resource Hash
db98d7d372c5c859dffe26324cfa428a255bfa2ddda738c3214c24f1ee1a88b6

Request headers

Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 23 Aug 2021 05:56:28 GMT
Content-Encoding
gzip
Last-Modified
Sun, 22 Aug 2021 08:48:56 GMT
Server
Microsoft-IIS/7.5
X-Powered-By
ASP.NET
ETag
"5626dc8a3297d71:0"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Accept-Ranges
bytes
Content-Length
481
e0beb6d7b22c94d39a687a789879129b.jpg
sycdn.comtucdncom.com/upload/vod/20210726-1/ 		64 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sycdn.comtucdncom.com/upload/vod/20210726-1/e0beb6d7b22c94d39a687a789879129b.jpg
Requested by
Host: 142.252.172.3
URL: http://142.252.172.3:1689/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22754f23849fa90b87cbd0b12d8ed6693c48c96c6e5d2889fb21017c49b3d8f9

Request headers

Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 23 Aug 2021 05:56:30 GMT
cf-cache-status
HIT
last-modified
Mon, 26 Jul 2021 07:42:44 GMT
server
cloudflare
age
1663477
etag
"60fe6774-feff"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Thu, 02 Sep 2021 23:51:53 GMT
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
6832191ccac14e0d-FRA
content-length
65279
cf-bgj
h2pri
c64a5eb0766645b375f0f68f657720e8.jpg
sycdn.comtucdncom.com/upload/vod/20210726-1/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sycdn.comtucdncom.com/upload/vod/20210726-1/c64a5eb0766645b375f0f68f657720e8.jpg
Requested by
Host: 142.252.172.3
URL: http://142.252.172.3:1689/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f5650fbf946fe383a9859b9859dc7eb2703f8aeebdbd1f6f0801482174108e0

Request headers

Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 23 Aug 2021 05:56:30 GMT
cf-cache-status
HIT
last-modified
Mon, 26 Jul 2021 07:42:04 GMT
server
cloudflare
age
1663477
etag
"60fe674c-3d18"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Thu, 02 Sep 2021 23:51:53 GMT
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
6832191cfb304e0d-FRA
content-length
15640
cf-bgj
h2pri
59c893bc1d9772aba8c7243b336cee76.jpg
sycdn.comtucdncom.com/upload/vod/20210726-1/ 		75 KB
75 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sycdn.comtucdncom.com/upload/vod/20210726-1/59c893bc1d9772aba8c7243b336cee76.jpg
Requested by
Host: 142.252.172.3
URL: http://142.252.172.3:1689/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e3f71377b3d7048bbc74474090eea71a6b949a57746da9797e9c9f803f8d096

Request headers

Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 23 Aug 2021 05:56:30 GMT
cf-cache-status
HIT
last-modified
Mon, 26 Jul 2021 07:42:03 GMT
server
cloudflare
age
1663477
etag
"60fe674b-12ce8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Thu, 02 Sep 2021 23:51:53 GMT
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
6832191d0b614e0d-FRA
content-length
77032
cf-bgj
h2pri
home.js
142.252.172.3/template/m1938pc/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://142.252.172.3:1689/template/m1938pc/js/home.js
Requested by
Host: 142.252.172.3
URL: http://142.252.172.3:1689/
Protocol
HTTP/1.1
Server
142.252.172.3 , United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Microsoft-IIS/7.5 / ASP.NET
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
142.252.172.3:1689
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
*/*
Referer
http://142.252.172.3:1689/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 23 Aug 2021 05:56:53 GMT
Server
Microsoft-IIS/7.5
X-Powered-By
ASP.NET
Content-Length
1245
Content-Type
text/html
19C9B53D-E5B5-14686-34-367A3A7C19E2.alpha
www.govxian.cn/ty/ 		26 B
342 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.govxian.cn:12443/ty/19C9B53D-E5B5-14686-34-367A3A7C19E2.alpha
Requested by
Host: 104.165.249.254
URL: http://104.165.249.254:8090/gg/hf1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.225.154.19 , United States, ASN40065 (CNSERVERS, US),
Reverse DNS
Software
tengine / PHP/5.6.40
Resource Hash
bc813b8086414a7a973b0eefa86d9d60e6dbe86ec4d06f1608cae4af9a1b053a

Request headers

Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Mon, 23 Aug 2021 05:56:53 GMT
content-encoding
gzip
last-modified
Mon, 23 Aug 2021 05:56:53 GMT
server
tengine
x-powered-by
PHP/5.6.40
vary
Accept-Encoding
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=900
expires
Mon, 23 Aug 2021 06:11:53 GMT
27ed38f7b03848f8a15db0292b6741f2.gif
3336653.com/ 		441 KB
441 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://3336653.com/27ed38f7b03848f8a15db0292b6741f2.gif
Requested by
Host: 104.165.249.254
URL: http://104.165.249.254:8090/gg/hf1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.61.212.33 , United States, ASN53587 (AZT, US),
Reverse DNS
Software
nginx /
Resource Hash
ef0019dd3b1a4fadce94a17e49b83b888a0c7a498234e03d7dc275328c0bb8ed

Request headers

Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 20 Aug 2021 11:33:18 GMT
last-modified
Thu, 19 Aug 2021 08:25:02 GMT
server
nginx
etag
"611e155e-6e2e7"
x-cache
HIT from cloud-us1-cdnb-03
content-type
image/gif
cache-control
max-age=86400
accept-ranges
bytes
content-length
451303
4c7217013e1f48a7868e2a067b24dfa4.gif
ip625e.com/ 		461 KB
461 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ip625e.com/4c7217013e1f48a7868e2a067b24dfa4.gif
Requested by
Host: 104.165.249.254
URL: http://104.165.249.254:8090/gg/hf1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.61.212.33 , United States, ASN53587 (AZT, US),
Reverse DNS
Software
nginx /
Resource Hash
7b7d785bc4f52d311ffeaefa41b5facce8b68afa691991cd8167124d44aaa7f5

Request headers

Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 22 Aug 2021 09:58:25 GMT
last-modified
Mon, 19 Jul 2021 10:16:18 GMT
server
nginx
etag
"60f550f2-73287"
x-cache
HIT from cloud-us1-cdnb-03
content-type
image/gif
cache-control
max-age=86400
accept-ranges
bytes
content-length
471687
0
p.qlogo.cn/qqmail_head/PiajxSqBRaEJV1qNadEsBvC3o1y2gGSRVI0HmU6JvEnPTibtnWOwg5UwsiajuTlV0vVm0EfHL4ibVL4/ 		361 KB
362 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.qlogo.cn/qqmail_head/PiajxSqBRaEJV1qNadEsBvC3o1y2gGSRVI0HmU6JvEnPTibtnWOwg5UwsiajuTlV0vVm0EfHL4ibVL4/0
Requested by
Host: 104.165.249.254
URL: http://104.165.249.254:8090/gg/hf1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.205.254.152 , Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software
Qnginx/1.4.4 /
Resource Hash
9695b8366c4d12c38cf123916d382595e942955432fe7d94bbc25fec3449c6a1

Request headers

Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-datasrc
2
date
Mon, 23 Aug 2021 05:56:53 GMT
size
369587
content-length
369587
x-info
real data
x-reqgue
0
user-returncode
0
fid
0
last-modified
Sat, 07 Aug 2021 13:04:54 GMT
server
Qnginx/1.4.4
x-cpt
filename=0
vary
Accept,Origin
chid
0
x-delay
33369 us
cache-control
max-age=2592000
x-bcheck
0_1
x-nws-log-uuid
a4610f2b-afe0-4313-8395-478f8df9d9a5
content-type
image/gif
Oh0.gif
xs.imgpipi.xyz/2021/06/06/
Redirect Chain
  • http://xs.imgpipi.xyz/2021/06/06/Oh0.gif
  • https://xs.imgpipi.xyz/2021/06/06/Oh0.gif
448 KB
450 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xs.imgpipi.xyz/2021/06/06/Oh0.gif
Requested by
Host: 142.252.172.3
URL: http://142.252.172.3:1689/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:c0fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1e4f3a911af31876a5a21b8fced6d4465e5324d4147663ce406f80b9b7b6938
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 23 Aug 2021 05:56:52 GMT
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1353878
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
459260
last-modified
Sun, 06 Jun 2021 10:48:22 GMT
server
cloudflare
etag
"60bca7f6-701fc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IAZoTvWllycoq2eB%2BH4osFvmvuf6KeQ%2F1iKKnj37eTTUSITapfqbwRpqdcKgOBgKJw4w96IVWOBhSX6rMc67x3YcLt8kxZDS5eirv5aUTlFLT%2Bz%2FBK%2BoXgezf0GIUdwnXdB1me6D3oqPx6paRg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
683219a4bd2405c4-FRA
expires
Mon, 06 Sep 2021 13:52:14 GMT

Redirect headers

Date
Mon, 23 Aug 2021 05:56:52 GMT
Connection
keep-alive
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Age
1353879
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7l7ZTtwdmUMZNnLp3BLthJuB8eAx%2FPJg65sDYyQcXbZBSQiRLdrfw9YzJhQo9hfKVd%2FM%2FqJLoJ4h44mzJHaJrE7erGM2lxEG2XiFQG5dRRCwDid1qkoqxc2n4a1wT%2FEwGer63YnXJbCazPtw7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/html
Location
https://xs.imgpipi.xyz/2021/06/06/Oh0.gif
Cache-Control
max-age=31536000
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
CF-RAY
683219a47d3cd72d-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
n_v2b626cae8ad07420ea65e0bc28d663cb6.gif
pic1.58cdn.com.cn/nowater/webim/big/ 		395 KB
396 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pic1.58cdn.com.cn/nowater/webim/big/n_v2b626cae8ad07420ea65e0bc28d663cb6.gif
Requested by
Host: 104.165.249.254
URL: http://104.165.249.254:8090/gg/hf1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
101.33.29.81 , Singapore, ASN139341 (ACE-AS-AP ACE, SG),
Reverse DNS
Software
NWS_Oversea_qdownload /
Resource Hash
e8b2cdbb1a97710814af9d2e0b69c9c7527215eecb67ae2b5893fda518930f98

Request headers

Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 23 Aug 2021 05:56:52 GMT
x-cache-lookup
Hit From Disktank3, Hit From Inner Cluster
last-modified
Tue, 17 Aug 2021 15:00:01 GMT
server
NWS_Oversea_qdownload
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=2592000
x-daa-tunnel
hop_count=1
x-nws-log-uuid
a1a8e2cc-bd19-4cb6-8cfc-e5c722d59873
timing-allow-origin
*
content-length
404315
expires
Wed, 22 Sep 2021 05:56:52 GMT
ix2lp.gif
kanjiantu.com/images/2021/03/15/ 		544 KB
545 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://kanjiantu.com/images/2021/03/15/ix2lp.gif
Requested by
Host: 142.252.172.3
URL: http://142.252.172.3:1689/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:21::681b:ce5c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8af010aa987c38551487825b2cf22e594adb722f1e1021775e1f1df478424afc

Request headers

Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 23 Aug 2021 05:56:53 GMT
cf-cache-status
HIT
last-modified
Mon, 15 Mar 2021 10:10:54 GMT
server
cloudflare
age
5673
etag
"604f32ae-88112"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fCtyUfSnb1%2FSIhzxYmUflxVd2ZsQVFobFpS4zWGmvL260EtxBZUb7z64kcrUoB5hVWk6vuDB%2Bd06P3eY3XYD2jhuUVPTXws1uCcw6ZtHeI1wFTLtrmjs6pQVUcdvzEt0UKn249l%2FR1RvOys%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=31536000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
683219ac5cd05369-FRA
content-length
557330
250.jpg
137.175.12.10/template/m1938pc/ads/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://137.175.12.10/template/m1938pc/ads/250.jpg
Requested by
Host: 142.252.172.3
URL: http://142.252.172.3:1689/
Protocol
HTTP/1.1
Server
137.175.12.10 , United States, ASN54600 (PEGTECHINC, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
c79a225b1c1c912c4524d7a497d2e9908d1bf0ed093c61038e7337656e4bfbf8

Request headers

Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 23 Aug 2021 05:57:17 GMT
Last-Modified
Sun, 18 Jul 2021 11:28:11 GMT
Server
Microsoft-IIS/8.5
Accept-Ranges
bytes
ETag
"9ce7d9fdc77bd71:0"
Content-Length
8429
Content-Type
image/jpeg
sanzong.png
www.rtaicq.com/images/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.rtaicq.com/images/sanzong.png
Requested by
Host: 142.252.172.3
URL: http://142.252.172.3:1689/
Protocol
HTTP/1.1
Server
34.102.136.180 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
180.136.102.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://142.252.172.3:1689/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated string| SitePath string| SiteAid string| SiteTid string| SiteId

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3336653.com
ip625e.com
kanjiantu.com
marshcreekweddings.com
p.qlogo.cn
pic1.58cdn.com.cn
sycdn.comtucdncom.com
www.govxian.cn
www.marshcreekweddings.com
www.rtaicq.com
xs.imgpipi.xyz
101.33.29.81
104.165.249.254
137.175.12.10
142.252.172.178
142.252.172.3
203.205.254.152
23.225.154.19
2606:4700:10::6816:56
2606:4700:21::681b:ce5c
2606:4700:3034::ac43:c0fe
34.102.136.180
45.61.212.33
12263ce8cd1ba2f0084e566889a4904b4a6d69c65199d675e50c7a3fbb8eb711
1e3f71377b3d7048bbc74474090eea71a6b949a57746da9797e9c9f803f8d096
22754f23849fa90b87cbd0b12d8ed6693c48c96c6e5d2889fb21017c49b3d8f9
3272f5bf66379cce5468c150a50ca704d1620752eca2ff5764e85cc98211efab
7398db5cc8fe8a43811c215b4e66b5a073ff5acea7e9ef8a116f2b3305bd4c0e
79c4f570d59cfc2e550debbf441b877a0eb64f631889c269236e35f6778c39ea
7b7d785bc4f52d311ffeaefa41b5facce8b68afa691991cd8167124d44aaa7f5
8af010aa987c38551487825b2cf22e594adb722f1e1021775e1f1df478424afc
9695b8366c4d12c38cf123916d382595e942955432fe7d94bbc25fec3449c6a1
9f5650fbf946fe383a9859b9859dc7eb2703f8aeebdbd1f6f0801482174108e0
b1e4f3a911af31876a5a21b8fced6d4465e5324d4147663ce406f80b9b7b6938
bc813b8086414a7a973b0eefa86d9d60e6dbe86ec4d06f1608cae4af9a1b053a
c13f5ac7ae0e10138056f4c238226392ad28e883f78d3e19fb43dcb9c1b58582
c79a225b1c1c912c4524d7a497d2e9908d1bf0ed093c61038e7337656e4bfbf8
db98d7d372c5c859dffe26324cfa428a255bfa2ddda738c3214c24f1ee1a88b6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8955cef11fc0b45ea0c54e8dcc3ec3a4a8738856a50114d78b8421e7786d21d
e8b2cdbb1a97710814af9d2e0b69c9c7527215eecb67ae2b5893fda518930f98
ef0019dd3b1a4fadce94a17e49b83b888a0c7a498234e03d7dc275328c0bb8ed
f3a5e91219434ff92ae7b36b9582136a75f56b605ebeb54bac21efdfea4466d1