www.mysql.wordpress.ipts-money.site Open in urlscan Pro
185.178.208.182  Malicious Activity! Public Scan

URL: https://www.mysql.wordpress.ipts-money.site/
Submission: On August 28 via automatic, source certstream-suspicious

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 32 HTTP transactions. The main IP is 185.178.208.182, located in Russian Federation and belongs to DDOS-GUARD, RU. The main domain is www.mysql.wordpress.ipts-money.site.
TLS certificate: Issued by R3 on August 28th 2021. Valid for: 3 months.
This is the only time www.mysql.wordpress.ipts-money.site was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Crypto (Crypto Exchange)

Domain & IP information

IP Address AS Autonomous System
15 185.178.208.182 57724 (DDOS-GUARD)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
9 2606:4700:10:... 13335 (CLOUDFLAR...)
4 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
32 6
Domain Requested by
15 www.mysql.wordpress.ipts-money.site www.mysql.wordpress.ipts-money.site
8 embed.tawk.to www.mysql.wordpress.ipts-money.site
embed.tawk.to
5 fonts.gstatic.com fonts.googleapis.com
1 va.tawk.to embed.tawk.to
1 cdnjs.cloudflare.com www.mysql.wordpress.ipts-money.site
1 chart.googleapis.com www.mysql.wordpress.ipts-money.site
1 fonts.googleapis.com www.mysql.wordpress.ipts-money.site
32 7

This site contains no links.

Subject Issuer Validity Valid
mysql.wordpress.ipts-money.site
R3
2021-08-28 -
2021-11-26
3 months crt.sh
upload.video.google.com
GTS CA 1O1
2021-08-16 -
2021-11-08
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-10-21 -
2021-10-20
a year crt.sh
*.gstatic.com
GTS CA 1C3
2021-08-16 -
2021-11-08
3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.mysql.wordpress.ipts-money.site/
Frame ID: B17CF64323DCB8E30CDA4A37058C9D20
Requests: 32 HTTP requests in this frame

Screenshot

Page Title

Cardano Giveaway

Page Statistics

32
Requests

100 %
HTTPS

83 %
IPv6

5
Domains

7
Subdomains

6
IPs

3
Countries

872 kB
Transfer

1261 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

32 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.mysql.wordpress.ipts-money.site/
14 KB
4 KB
Document
General
Full URL
https://www.mysql.wordpress.ipts-money.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.178.208.182 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
2cacd927c038c7a50f25f113d2de4bd976ac05e06f617f55afa0ce04a8f35134
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;

Request headers

:method
GET
:authority
www.mysql.wordpress.ipts-money.site
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

server
ddos-guard
content-security-policy
upgrade-insecure-requests;
set-cookie
__ddg1=GHAqNgUKKZl1ZlwiYApI; Domain=.ipts-money.site; HttpOnly; Path=/; Expires=Sun, 28-Aug-2022 12:49:16 GMT
date
Sat, 28 Aug 2021 12:49:16 GMT
last-modified
Wed, 25 Aug 2021 14:39:00 GMT
etag
"3928-5ca633600d5ae-gzip"
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-length
3811
content-type
text/html
css2
fonts.googleapis.com/
13 KB
993 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700&family=Montserrat:wght@400;500;600;700;900&display=swap
Requested by
Host: www.mysql.wordpress.ipts-money.site
URL: https://www.mysql.wordpress.ipts-money.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3d0f2e0f3eb92613ecfaacae814439a3aef221d9ee8eaba8670520cd4f04169d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 28 Aug 2021 12:49:16 GMT
server
ESF
date
Sat, 28 Aug 2021 12:49:16 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 28 Aug 2021 12:49:16 GMT
style.css%3Fv=2.css
www.mysql.wordpress.ipts-money.site/css/
10 KB
3 KB
Stylesheet
General
Full URL
https://www.mysql.wordpress.ipts-money.site/css/style.css%3Fv=2.css
Requested by
Host: www.mysql.wordpress.ipts-money.site
URL: https://www.mysql.wordpress.ipts-money.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.178.208.182 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
89f6a49cbbb8d77545072c3c708c3ad1c08bd6b2018d8176d5c0a938e2df182e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;

Request headers

:path
/css/style.css%3Fv=2.css
pragma
no-cache
cookie
__ddg1=GHAqNgUKKZl1ZlwiYApI
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.mysql.wordpress.ipts-money.site
referer
https://www.mysql.wordpress.ipts-money.site/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests;
content-encoding
gzip
last-modified
Tue, 24 Aug 2021 14:34:17 GMT
server
ddos-guard
age
0
etag
"29ea-5ca4f0756b8be-gzip"
vary
Accept-Encoding
content-type
text/css
date
Sat, 28 Aug 2021 12:49:16 GMT
accept-ranges
bytes
content-length
2472
logoada.png
www.mysql.wordpress.ipts-money.site/img/
3 KB
3 KB
Image
General
Full URL
https://www.mysql.wordpress.ipts-money.site/img/logoada.png
Requested by
Host: www.mysql.wordpress.ipts-money.site
URL: https://www.mysql.wordpress.ipts-money.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.178.208.182 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
dde2e8e2d6fa0bb720d7ec5225068c656b7ee9415b2e8f0b4d3c672b4fc6cb8d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;

Request headers

:path
/img/logoada.png
pragma
no-cache
cookie
__ddg1=GHAqNgUKKZl1ZlwiYApI
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.mysql.wordpress.ipts-money.site
referer
https://www.mysql.wordpress.ipts-money.site/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests;
last-modified
Sat, 14 Aug 2021 16:32:54 GMT
server
ddos-guard
age
0
etag
"cbd-5c9878513f980"
content-type
image/png
date
Sat, 28 Aug 2021 12:49:16 GMT
accept-ranges
bytes
content-length
3261
creator.png
www.mysql.wordpress.ipts-money.site/img/
355 KB
356 KB
Image
General
Full URL
https://www.mysql.wordpress.ipts-money.site/img/creator.png
Requested by
Host: www.mysql.wordpress.ipts-money.site
URL: https://www.mysql.wordpress.ipts-money.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.178.208.182 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
06c3ac4fb5946b1ffcf9b97cdf6aae0caeb2917d3d2e382badcd96c2b9395b0c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;

Request headers

:path
/img/creator.png
pragma
no-cache
cookie
__ddg1=GHAqNgUKKZl1ZlwiYApI
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.mysql.wordpress.ipts-money.site
referer
https://www.mysql.wordpress.ipts-money.site/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests;
last-modified
Sat, 14 Aug 2021 16:32:54 GMT
server
ddos-guard
age
0
etag
"58cca-5c9878513f980"
content-type
image/png
date
Sat, 28 Aug 2021 12:49:16 GMT
accept-ranges
bytes
content-length
363722
qr.png
www.mysql.wordpress.ipts-money.site/img/
778 B
831 B
Image
General
Full URL
https://www.mysql.wordpress.ipts-money.site/img/qr.png
Requested by
Host: www.mysql.wordpress.ipts-money.site
URL: https://www.mysql.wordpress.ipts-money.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.178.208.182 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
1b459e2d0b5717c9e36d5bab562589de03f7ae8797afd33c0fadbf79955c3793
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;

Request headers

:path
/img/qr.png
pragma
no-cache
cookie
__ddg1=GHAqNgUKKZl1ZlwiYApI
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.mysql.wordpress.ipts-money.site
referer
https://www.mysql.wordpress.ipts-money.site/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests;
last-modified
Sat, 14 Aug 2021 16:32:54 GMT
server
ddos-guard
age
0
etag
"30a-5c9878513f980"
content-type
image/png
date
Sat, 28 Aug 2021 12:49:16 GMT
accept-ranges
bytes
content-length
778
arrow.png
www.mysql.wordpress.ipts-money.site/img/
589 B
642 B
Image
General
Full URL
https://www.mysql.wordpress.ipts-money.site/img/arrow.png
Requested by
Host: www.mysql.wordpress.ipts-money.site
URL: https://www.mysql.wordpress.ipts-money.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.178.208.182 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
8ddd17fb43c526096e7fbe382a18f10184cfcb72da28766251583f76dac6090f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;

Request headers

:path
/img/arrow.png
pragma
no-cache
cookie
__ddg1=GHAqNgUKKZl1ZlwiYApI
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.mysql.wordpress.ipts-money.site
referer
https://www.mysql.wordpress.ipts-money.site/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests;
last-modified
Sat, 14 Aug 2021 16:32:54 GMT
server
ddos-guard
age
0
etag
"24d-5c9878513f980"
content-type
image/png
date
Sat, 28 Aug 2021 12:49:16 GMT
accept-ranges
bytes
content-length
589
time.png
www.mysql.wordpress.ipts-money.site/img/
891 B
944 B
Image
General
Full URL
https://www.mysql.wordpress.ipts-money.site/img/time.png
Requested by
Host: www.mysql.wordpress.ipts-money.site
URL: https://www.mysql.wordpress.ipts-money.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.178.208.182 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
c60ab4d3b8d48409e529867856c36c3049e7601b97019e628c3775e027ae25b3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;

Request headers

:path
/img/time.png
pragma
no-cache
cookie
__ddg1=GHAqNgUKKZl1ZlwiYApI
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.mysql.wordpress.ipts-money.site
referer
https://www.mysql.wordpress.ipts-money.site/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests;
last-modified
Sat, 14 Aug 2021 16:32:54 GMT
server
ddos-guard
age
0
etag
"37b-5c9878513f980"
content-type
image/png
date
Sat, 28 Aug 2021 12:49:16 GMT
accept-ranges
bytes
content-length
891
ada.png
www.mysql.wordpress.ipts-money.site/img/
1 KB
1 KB
Image
General
Full URL
https://www.mysql.wordpress.ipts-money.site/img/ada.png
Requested by
Host: www.mysql.wordpress.ipts-money.site
URL: https://www.mysql.wordpress.ipts-money.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.178.208.182 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
65fd5a274a14af55380d5ed17cdb26cc2f4e8a5925457a9a1135083a4e3e4ff7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;

Request headers

:path
/img/ada.png
pragma
no-cache
cookie
__ddg1=GHAqNgUKKZl1ZlwiYApI
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.mysql.wordpress.ipts-money.site
referer
https://www.mysql.wordpress.ipts-money.site/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests;
last-modified
Sat, 14 Aug 2021 16:32:54 GMT
server
ddos-guard
age
0
etag
"41d-5c9878513f980"
content-type
image/png
date
Sat, 28 Aug 2021 12:49:16 GMT
accept-ranges
bytes
content-length
1053
verified.png
www.mysql.wordpress.ipts-money.site/img/
779 B
832 B
Image
General
Full URL
https://www.mysql.wordpress.ipts-money.site/img/verified.png
Requested by
Host: www.mysql.wordpress.ipts-money.site
URL: https://www.mysql.wordpress.ipts-money.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.178.208.182 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
540ff4d859480b903bb3a173c63ba49a326b8671498e2f1ba8cfd316be43d542
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;

Request headers

:path
/img/verified.png
pragma
no-cache
cookie
__ddg1=GHAqNgUKKZl1ZlwiYApI
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.mysql.wordpress.ipts-money.site
referer
https://www.mysql.wordpress.ipts-money.site/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests;
last-modified
Sat, 14 Aug 2021 16:32:54 GMT
server
ddos-guard
age
0
etag
"30b-5c9878513f980"
content-type
image/png
date
Sat, 28 Aug 2021 12:49:16 GMT
accept-ranges
bytes
content-length
779
chart
chart.googleapis.com/
2 KB
2 KB
Image
General
Full URL
https://chart.googleapis.com/chart?chs=300x300&cht=qr&chl=addr1q8hjjfjkr8uwll57mqytj0q464wyvtszqcgx0nn0ss6wmysj5dhrwcj98qa4vryglnl8vdsxgnxgz4qespd4nqsrre2qrmdt7l&chld=L|1&choe=UTF-8
Requested by
Host: www.mysql.wordpress.ipts-money.site
URL: https://www.mysql.wordpress.ipts-money.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GoogleChartAPI/1.0 /
Resource Hash
4d2f1200305a155b04c57d3a82dee72dc3c4fe5b5d56aa12df23b03502946eb3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 27 Aug 2021 17:28:24 GMT
x-content-type-options
nosniff
last-modified
Wed, 02 May 2018 18:35:04 GMT
server
GoogleChartAPI/1.0
age
69652
x-frame-options
ALLOWALL
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1756
x-xss-protection
1; mode=block
expires
Wed, 25 Aug 2021 14:56:48 GMT
apply.png
www.mysql.wordpress.ipts-money.site/img/
321 B
373 B
Image
General
Full URL
https://www.mysql.wordpress.ipts-money.site/img/apply.png
Requested by
Host: www.mysql.wordpress.ipts-money.site
URL: https://www.mysql.wordpress.ipts-money.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.178.208.182 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
57b9df63533a8b01e18728d0d1d8e840e631693b29df789536ca335ab71ff470
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;

Request headers

:path
/img/apply.png
pragma
no-cache
cookie
__ddg1=GHAqNgUKKZl1ZlwiYApI
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.mysql.wordpress.ipts-money.site
referer
https://www.mysql.wordpress.ipts-money.site/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests;
last-modified
Sat, 14 Aug 2021 16:32:54 GMT
server
ddos-guard
age
0
etag
"141-5c9878513f980"
content-type
image/png
date
Sat, 28 Aug 2021 12:49:16 GMT
accept-ranges
bytes
content-length
321
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/
87 KB
28 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: www.mysql.wordpress.ipts-money.site
URL: https://www.mysql.wordpress.ipts-money.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 28 Aug 2021 12:49:16 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
151061
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
27938
timing-allow-origin
*
last-modified
Tue, 02 Mar 2021 18:58:36 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"603e8adc-15d9d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7VxDuQNWLqszfmqbNmFz3i%2BPFmE6YFO5OSOfH3%2FE8Fo50oks3y8O8ToTNCJs%2FJlAPG%2FXaVqjbebX8lXMXLi1XCJk2pMcqtaW%2FXGoEBlYYN534B4%2FXalSBtaygj5cBGPXLsIHAANAfF%2BgJLYc7wDyPotx"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
685da89c8ffe5bf1-FRA
expires
Thu, 18 Aug 2022 12:49:16 GMT
scriptada.js
www.mysql.wordpress.ipts-money.site/js/
4 KB
1 KB
Script
General
Full URL
https://www.mysql.wordpress.ipts-money.site/js/scriptada.js
Requested by
Host: www.mysql.wordpress.ipts-money.site
URL: https://www.mysql.wordpress.ipts-money.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.178.208.182 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
1c49b72cfaa051a342fae580459da72b363d1e3f245f471fe6105fb9a21017b6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;

Request headers

:path
/js/scriptada.js
pragma
no-cache
cookie
__ddg1=GHAqNgUKKZl1ZlwiYApI
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.mysql.wordpress.ipts-money.site
referer
https://www.mysql.wordpress.ipts-money.site/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests;
content-encoding
gzip
last-modified
Tue, 24 Aug 2021 14:40:18 GMT
server
ddos-guard
age
0
etag
"e40-5ca4f1cd026e6-gzip"
vary
Accept-Encoding
content-type
application/javascript
date
Sat, 28 Aug 2021 12:49:16 GMT
accept-ranges
bytes
content-length
1084
1fdurum7e
embed.tawk.to/612655d8649e0a0a5cd2e71b/
2 KB
977 B
Script
General
Full URL
https://embed.tawk.to/612655d8649e0a0a5cd2e71b/1fdurum7e
Requested by
Host: www.mysql.wordpress.ipts-money.site
URL: https://www.mysql.wordpress.ipts-money.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:2642 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e3360a57e5bf93fc3d7c2589f6a3de3ac653d6857d6642f5cafaa1dd5efa1e3
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://www.mysql.wordpress.ipts-money.site
Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 28 Aug 2021 12:49:16 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
server
cloudflare
etag
W/"stable-v4-6127f5ffb81"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=7200, s-maxage=3600
strict-transport-security
max-age=0; includeSubDomains; preload
cf-ray
685da89db89d4e26-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
background.png%3Fv
www.mysql.wordpress.ipts-money.site/img/
245 KB
245 KB
Image
General
Full URL
https://www.mysql.wordpress.ipts-money.site/img/background.png%3Fv
Requested by
Host: www.mysql.wordpress.ipts-money.site
URL: https://www.mysql.wordpress.ipts-money.site/css/style.css%3Fv=2.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.178.208.182 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
8507abe1a3e4c7517d5d1304e68dd77d773980c6579debe0468316efe1171fbe
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;

Request headers

:path
/img/background.png%3Fv
pragma
no-cache
cookie
__ddg1=GHAqNgUKKZl1ZlwiYApI
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.mysql.wordpress.ipts-money.site
referer
https://www.mysql.wordpress.ipts-money.site/css/style.css%3Fv=2.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mysql.wordpress.ipts-money.site/css/style.css%3Fv=2.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests;
last-modified
Sat, 14 Aug 2021 16:32:54 GMT
server
ddos-guard
age
0
etag
"3d47a-5c9878513f980"
date
Sat, 28 Aug 2021 12:49:16 GMT
accept-ranges
bytes
content-length
251002
JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/
19 KB
19 KB
Font
General
Full URL
https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700&family=Montserrat:wght@400;500;600;700;900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61519deaa156f24ad28ae848179016c7cc741270cb7b30043c24bd30203bdaf3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.mysql.wordpress.ipts-money.site
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 00:35:15 GMT
x-content-type-options
nosniff
age
389641
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19824
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:20:37 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 24 Aug 2022 00:35:15 GMT
JTURjIg1_i6t8kCHKm45_epG3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/
19 KB
19 KB
Font
General
Full URL
https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_epG3gnD_g.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700&family=Montserrat:wght@400;500;600;700;900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7ce2f8643f80018e1c4f5dae8adadbd552256fbab5e4409672cb2e060aada574
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.mysql.wordpress.ipts-money.site
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 27 Aug 2021 19:00:23 GMT
x-content-type-options
nosniff
age
64133
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19672
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:21:29 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 27 Aug 2022 19:00:23 GMT
JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/
20 KB
20 KB
Font
General
Full URL
https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700&family=Montserrat:wght@400;500;600;700;900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.mysql.wordpress.ipts-money.site
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 00:38:53 GMT
x-content-type-options
nosniff
age
389423
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20040
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:20:44 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 24 Aug 2022 00:38:53 GMT
JTURjIg1_i6t8kCHKm45_ZpC3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/
19 KB
20 KB
Font
General
Full URL
https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_ZpC3gnD_g.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700&family=Montserrat:wght@400;500;600;700;900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
13eb615165c92892fcd46e01782dd0fc52d36f236f883aad488c2cf4dcf9206e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.mysql.wordpress.ipts-money.site
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 28 Aug 2021 06:57:39 GMT
x-content-type-options
nosniff
age
21097
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19868
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:20:31 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 28 Aug 2022 06:57:39 GMT
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v18/
19 KB
19 KB
Font
General
Full URL
https://fonts.gstatic.com/s/montserrat/v18/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700&family=Montserrat:wght@400;500;600;700;900&display=swap
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.mysql.wordpress.ipts-money.site
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 00:36:29 GMT
x-content-type-options
nosniff
age
389567
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19844
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:20:10 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 24 Aug 2022 00:36:29 GMT
check.png
www.mysql.wordpress.ipts-money.site/img/
394 B
394 B
Image
General
Full URL
https://www.mysql.wordpress.ipts-money.site/img/check.png
Requested by
Host: www.mysql.wordpress.ipts-money.site
URL: https://www.mysql.wordpress.ipts-money.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.178.208.182 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
669941527b8a6b55e5a2f7d1c1cde68943032daa82b3e78e51cbec9e5a737e79
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;

Request headers

:path
/img/check.png
pragma
no-cache
cookie
__ddg1=GHAqNgUKKZl1ZlwiYApI
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.mysql.wordpress.ipts-money.site
referer
https://www.mysql.wordpress.ipts-money.site/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests;
content-encoding
br
server
ddos-guard
age
0
date
Sat, 28 Aug 2021 12:49:16 GMT
vary
Accept-Encoding
content-type
text/html; charset=iso-8859-1
twk-main.js
embed.tawk.to/_s/v4/app/6127f5ffb81/js/
121 B
465 B
Script
General
Full URL
https://embed.tawk.to/_s/v4/app/6127f5ffb81/js/twk-main.js
Requested by
Host: embed.tawk.to
URL: https://embed.tawk.to/612655d8649e0a0a5cd2e71b/1fdurum7e
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::ac43:2642 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
705186becc9e0a306a6b4867ae2768aa9dd3b8c12393d9f9c52029e9a6fcf31c
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://www.mysql.wordpress.ipts-money.site
Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 28 Aug 2021 12:49:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
x-cache-status
HIT
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified
Thu, 26 Aug 2021 20:15:13 GMT
server
cloudflare
etag
W/"da5bb1dc647470204df0e49f5afac2de"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=2592000, immutable
cf-ray
685da8a0aacb5373-FRA
twk-vendor.js
embed.tawk.to/_s/v4/app/6127f5ffb81/js/
76 KB
27 KB
Script
General
Full URL
https://embed.tawk.to/_s/v4/app/6127f5ffb81/js/twk-vendor.js
Requested by
Host: embed.tawk.to
URL: https://embed.tawk.to/612655d8649e0a0a5cd2e71b/1fdurum7e
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::ac43:2642 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5958b8f2069b0a3292ed7a9db46b8109adac7e81591238557125893ee7e87bb7
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://www.mysql.wordpress.ipts-money.site
Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 28 Aug 2021 12:49:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
x-cache-status
HIT
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified
Thu, 26 Aug 2021 20:15:13 GMT
server
cloudflare
etag
W/"7dcb496e4882926f93f2e73fa87062c0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=2592000, immutable
cf-ray
685da8a0aacc5373-FRA
twk-chunk-vendors.js
embed.tawk.to/_s/v4/app/6127f5ffb81/js/
191 KB
57 KB
Script
General
Full URL
https://embed.tawk.to/_s/v4/app/6127f5ffb81/js/twk-chunk-vendors.js
Requested by
Host: embed.tawk.to
URL: https://embed.tawk.to/612655d8649e0a0a5cd2e71b/1fdurum7e
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::ac43:2642 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dee30a5384e77724a2759b9cb1b73390f15063dd0bd88ac893ee39f72c08aa32
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://www.mysql.wordpress.ipts-money.site
Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 28 Aug 2021 12:49:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
x-cache-status
HIT
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified
Thu, 26 Aug 2021 20:15:13 GMT
server
cloudflare
etag
W/"cdc69aba75846703221ffe2aa968aea6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=2592000, immutable
cf-ray
685da8a0aaca5373-FRA
twk-chunk-common.js
embed.tawk.to/_s/v4/app/6127f5ffb81/js/
136 KB
34 KB
Script
General
Full URL
https://embed.tawk.to/_s/v4/app/6127f5ffb81/js/twk-chunk-common.js
Requested by
Host: embed.tawk.to
URL: https://embed.tawk.to/612655d8649e0a0a5cd2e71b/1fdurum7e
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::ac43:2642 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f41f19962c2d011c199eba310834096ccc11fede8930a434663f36147d5f0bd4
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://www.mysql.wordpress.ipts-money.site
Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 28 Aug 2021 12:49:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
x-cache-status
HIT
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified
Thu, 26 Aug 2021 20:15:13 GMT
server
cloudflare
etag
W/"eec47e40234d54bef999ae9c75f9d5ac"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=2592000, immutable
cf-ray
685da8a0aad05373-FRA
twk-runtime.js
embed.tawk.to/_s/v4/app/6127f5ffb81/js/
2 KB
2 KB
Script
General
Full URL
https://embed.tawk.to/_s/v4/app/6127f5ffb81/js/twk-runtime.js
Requested by
Host: embed.tawk.to
URL: https://embed.tawk.to/612655d8649e0a0a5cd2e71b/1fdurum7e
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::ac43:2642 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3159d0bc6d967e54c11cdf7e3b666db5f06d33df68b1361301254eeaab20797e
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://www.mysql.wordpress.ipts-money.site
Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 28 Aug 2021 12:49:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
x-cache-status
HIT
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified
Thu, 26 Aug 2021 20:15:13 GMT
server
cloudflare
etag
W/"45a6eade9291e1d3a933ac9f6ef4600f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=2592000, immutable
cf-ray
685da8a0aac85373-FRA
twk-app.js
embed.tawk.to/_s/v4/app/6127f5ffb81/js/
151 B
489 B
Script
General
Full URL
https://embed.tawk.to/_s/v4/app/6127f5ffb81/js/twk-app.js
Requested by
Host: embed.tawk.to
URL: https://embed.tawk.to/612655d8649e0a0a5cd2e71b/1fdurum7e
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::ac43:2642 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13cf82e6f9d48221cd55f8b3c3d206f7bdb83f291034b478e484ccfef7d500dd
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://www.mysql.wordpress.ipts-money.site
Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 28 Aug 2021 12:49:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
x-cache-status
HIT
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified
Thu, 26 Aug 2021 20:15:13 GMT
server
cloudflare
etag
W/"e736e189edb5d0d9d5b8e7f23dd9114a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=2592000, immutable
cf-ray
685da8a0aace5373-FRA
widget-settings
va.tawk.to/v1/
3 KB
1 KB
Fetch
General
Full URL
https://va.tawk.to/v1/widget-settings?propertyId=612655d8649e0a0a5cd2e71b&widgetId=1fdurum7e&sv=undefined
Requested by
Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/6127f5ffb81/js/twk-chunk-common.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:2642 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
daeb0f68ed24d61df5636e84ebde6f110b40b49ffb63ce54f0dac0a4f4c50c7e
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 28 Aug 2021 12:49:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-served-by
visitor-application-preemptive-7hx4
server
cloudflare
etag
W/"2-2-0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
access-control-allow-methods
GET,OPTIONS
content-type
application/json
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=7200, s-maxage=1800
cf-ray
685da8a46e0b4e26-FRA
access-control-allow-headers
content-type,x-tawk-token
en.js
embed.tawk.to/_s/v4/app/6127f5ffb81/languages/
16 KB
4 KB
Script
General
Full URL
https://embed.tawk.to/_s/v4/app/6127f5ffb81/languages/en.js
Requested by
Host: embed.tawk.to
URL: https://embed.tawk.to/_s/v4/app/6127f5ffb81/js/twk-chunk-common.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::ac43:2642 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c4a4f6b701712b8f32107c462990f7a822fee1af946043c293b21294289bfe7
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 28 Aug 2021 12:49:18 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
145261
x-cache-status
HIT
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified
Thu, 26 Aug 2021 20:15:13 GMT
server
cloudflare
etag
W/"c3edce989b37d8be81c7d5c99d7eba08"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=2592000, immutable
cf-ray
685da8a78a385bfd-FRA
check.png
www.mysql.wordpress.ipts-money.site/img/
298 B
298 B
Image
General
Full URL
https://www.mysql.wordpress.ipts-money.site/img/check.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.178.208.182 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
ccf630bdaaa25655235cd87c66956e1f9b6db974bceea5fc542cc16b4c1ea1f2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;

Request headers

:path
/img/check.png
pragma
no-cache
cookie
__ddg1=GHAqNgUKKZl1ZlwiYApI; TawkConnectionTime=1630154961399
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.mysql.wordpress.ipts-money.site
referer
https://www.mysql.wordpress.ipts-money.site/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests;
content-encoding
br
server
ddos-guard
age
0
date
Sat, 28 Aug 2021 12:49:21 GMT
vary
Accept-Encoding
content-type
text/html; charset=iso-8859-1
check.png
www.mysql.wordpress.ipts-money.site/img/
298 B
298 B
Image
General
Full URL
https://www.mysql.wordpress.ipts-money.site/img/check.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.178.208.182 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
ccf630bdaaa25655235cd87c66956e1f9b6db974bceea5fc542cc16b4c1ea1f2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;

Request headers

:path
/img/check.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.mysql.wordpress.ipts-money.site
referer
https://www.mysql.wordpress.ipts-money.site/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.mysql.wordpress.ipts-money.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests;
content-encoding
br
server
ddos-guard
age
0
date
Sat, 28 Aug 2021 12:49:26 GMT
vary
Accept-Encoding
content-type
text/html; charset=iso-8859-1
set-cookie
__ddg1=cvzsbpMb386H6cSlffxu; Domain=.ipts-money.site; HttpOnly; Path=/; Expires=Sun, 28-Aug-2022 12:49:26 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Crypto (Crypto Exchange)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| Tawk_API object| Tawk_LoadStart function| $ function| jQuery function| copy string| $_Tawk_AccountKey string| $_Tawk_WidgetId boolean| $_Tawk_Unstable object| $_Tawk object| tawkJsonp function| $__TawkEngine function| EventEmitter function| $__TawkSocket object| regeneratorRuntime object| Tawk_Window

1 Cookies

Domain/Path Name / Value
.ipts-money.site/ Name: __ddg1
Value: GHAqNgUKKZl1ZlwiYApI

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
chart.googleapis.com
embed.tawk.to
fonts.googleapis.com
fonts.gstatic.com
va.tawk.to
www.mysql.wordpress.ipts-money.site
185.178.208.182
2606:4700:10::ac43:2642
2606:4700::6810:135e
2a00:1450:4001:802::2003
2a00:1450:4001:811::200a
2a00:1450:4001:82a::2003
06c3ac4fb5946b1ffcf9b97cdf6aae0caeb2917d3d2e382badcd96c2b9395b0c
13cf82e6f9d48221cd55f8b3c3d206f7bdb83f291034b478e484ccfef7d500dd
13eb615165c92892fcd46e01782dd0fc52d36f236f883aad488c2cf4dcf9206e
1b459e2d0b5717c9e36d5bab562589de03f7ae8797afd33c0fadbf79955c3793
1c49b72cfaa051a342fae580459da72b363d1e3f245f471fe6105fb9a21017b6
1e3360a57e5bf93fc3d7c2589f6a3de3ac653d6857d6642f5cafaa1dd5efa1e3
2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3
2cacd927c038c7a50f25f113d2de4bd976ac05e06f617f55afa0ce04a8f35134
3159d0bc6d967e54c11cdf7e3b666db5f06d33df68b1361301254eeaab20797e
3d0f2e0f3eb92613ecfaacae814439a3aef221d9ee8eaba8670520cd4f04169d
4d2f1200305a155b04c57d3a82dee72dc3c4fe5b5d56aa12df23b03502946eb3
540ff4d859480b903bb3a173c63ba49a326b8671498e2f1ba8cfd316be43d542
57b9df63533a8b01e18728d0d1d8e840e631693b29df789536ca335ab71ff470
5958b8f2069b0a3292ed7a9db46b8109adac7e81591238557125893ee7e87bb7
61519deaa156f24ad28ae848179016c7cc741270cb7b30043c24bd30203bdaf3
65fd5a274a14af55380d5ed17cdb26cc2f4e8a5925457a9a1135083a4e3e4ff7
669941527b8a6b55e5a2f7d1c1cde68943032daa82b3e78e51cbec9e5a737e79
6c4a4f6b701712b8f32107c462990f7a822fee1af946043c293b21294289bfe7
705186becc9e0a306a6b4867ae2768aa9dd3b8c12393d9f9c52029e9a6fcf31c
7ce2f8643f80018e1c4f5dae8adadbd552256fbab5e4409672cb2e060aada574
8507abe1a3e4c7517d5d1304e68dd77d773980c6579debe0468316efe1171fbe
89f6a49cbbb8d77545072c3c708c3ad1c08bd6b2018d8176d5c0a938e2df182e
8ddd17fb43c526096e7fbe382a18f10184cfcb72da28766251583f76dac6090f
c60ab4d3b8d48409e529867856c36c3049e7601b97019e628c3775e027ae25b3
ccf630bdaaa25655235cd87c66956e1f9b6db974bceea5fc542cc16b4c1ea1f2
daeb0f68ed24d61df5636e84ebde6f110b40b49ffb63ce54f0dac0a4f4c50c7e
dde2e8e2d6fa0bb720d7ec5225068c656b7ee9415b2e8f0b4d3c672b4fc6cb8d
dee30a5384e77724a2759b9cb1b73390f15063dd0bd88ac893ee39f72c08aa32
ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60
f41f19962c2d011c199eba310834096ccc11fede8930a434663f36147d5f0bd4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e