urlscan.io logo urlscan.io
SecurityTrails logo

kns.dailyorderforyou.com Open in urlscan Pro
2606:4700:3030::6815:3140  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://rosvom-trk.ki4j.in/ga/click/2-84202273-6949-21084-41602-48421-ec65c3aa06-d33b08682a
Effective URL: https://kns.dailyorderforyou.com/Xvfv_Ga?cB7_LE=Z3xzmGthpZVllq5zwGh1emBxqMGwjGtrfZiTZX1zkWZmaKZgY35wkWthh4Y/matthew.ellis%40ubc.c...
Submission: On February 10 via manual from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 1 countries across 8 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3030::6815:3140, located in United States and belongs to CLOUDFLARENET, US. The main domain is kns.dailyorderforyou.com.
TLS certificate: Issued by GTS CA 1P5 on February 1st 2023. Valid for: 3 months.
This is the only time kns.dailyorderforyou.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
3 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
5 97.107.133.178 63949 (AKAMAI-AP...)
4 2606:4700::68... 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2001:4860:480... 15169 (GOOGLE)
18 9
1    2606:4700:3030::ac43:9738 (United States)

ASN13335 (CLOUDFLARENET, US)
rosvom-trk.ki4j.in
2    2606:4700:3030::6815:3140 (United States)

ASN13335 (CLOUDFLARENET, US)
kns.dailyorderforyou.com
3    2607:f8b0:4004:c09::5f (Ashburn, United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
5    97.107.133.178 (Cedar Knolls, United States)

ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG)
PTR: 97-107-133-178.ip.linodeusercontent.com
roadssign.com
4    2606:4700::6812:12b7 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.by.wonderpush.com
1    2607:f8b0:4004:c1b::5e (Washington, United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2606:4700:20::681a:64 (United States)

ASN13335 (CLOUDFLARENET, US)
get.geojs.io
1    2001:4860:4802:32::15 (United States)

ASN15169 (GOOGLE, US)
measurements-api.wonderpush.com
Apex Domain
Subdomains		 Transfer
5 wonderpush.com
cdn.by.wonderpush.com — Cisco Umbrella Rank: 43371
measurements-api.wonderpush.com — Cisco Umbrella Rank: 31262
115 KB
5 roadssign.com
roadssign.com
185 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 34
4 KB
2 dailyorderforyou.com
kns.dailyorderforyou.com
6 KB
1 geojs.io
get.geojs.io — Cisco Umbrella Rank: 15509
870 B
1 gstatic.com
fonts.gstatic.com
44 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 202
6 KB
1 ki4j.in
rosvom-trk.ki4j.in
766 B
18 8
Domain Requested by
5 roadssign.com kns.dailyorderforyou.com
roadssign.com
4 cdn.by.wonderpush.com kns.dailyorderforyou.com
cdn.by.wonderpush.com
3 fonts.googleapis.com kns.dailyorderforyou.com
roadssign.com
2 kns.dailyorderforyou.com kns.dailyorderforyou.com
1 measurements-api.wonderpush.com cdn.by.wonderpush.com
1 get.geojs.io cdn.by.wonderpush.com
1 fonts.gstatic.com fonts.googleapis.com
1 cdnjs.cloudflare.com kns.dailyorderforyou.com
1 rosvom-trk.ki4j.in 1 redirects
18 9

This site contains no links.

Subject Issuer Validity Valid
*.dailyorderforyou.com
GTS CA 1P5		 2023-02-01 -
2023-05-02		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-01-31 -
2023-04-25		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh
roadssign.com
R3		 2023-02-01 -
2023-05-02		 3 months crt.sh
*.by.wonderpush.com
GTS CA 1P5		 2023-02-06 -
2023-05-07		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-01-31 -
2023-04-25		 3 months crt.sh
measurements-api.wonderpush.com
GTS CA 1D4		 2023-02-09 -
2023-05-10		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://kns.dailyorderforyou.com/Xvfv_Ga?cB7_LE=Z3xzmGthpZVllq5zwGh1emBxqMGwjGtrfZiTZX1zkWZmaKZgY35wkWthh4Y/matthew.ellis%40ubc.ca&s3=&s4=
Frame ID: AD2AB8D4D5CEF20441904073E3AC97ED
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Payout Verification

Page URL History Show full URLs

  1. https://rosvom-trk.ki4j.in/ga/click/2-84202273-6949-21084-41602-48421-ec65c3aa06-d33b08682a HTTP 302
    https://kns.dailyorderforyou.com/Xvfv_Ga?cB7_LE=Z3xzmGthpZVllq5zwGh1emBxqMGwjGtrfZiTZX1zkWZmaKZgY35wkWthh4Y/m... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

100 %
HTTPS

89 %
IPv6

8
Domains

9
Subdomains

9
IPs

1
Countries

360 kB
Transfer

822 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://rosvom-trk.ki4j.in/ga/click/2-84202273-6949-21084-41602-48421-ec65c3aa06-d33b08682a HTTP 302
    https://kns.dailyorderforyou.com/Xvfv_Ga?cB7_LE=Z3xzmGthpZVllq5zwGh1emBxqMGwjGtrfZiTZX1zkWZmaKZgY35wkWthh4Y/matthew.ellis%40ubc.ca&s3=&s4= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Xvfv_Ga
kns.dailyorderforyou.com/
Redirect Chain
  • https://rosvom-trk.ki4j.in/ga/click/2-84202273-6949-21084-41602-48421-ec65c3aa06-d33b08682a
  • https://kns.dailyorderforyou.com/Xvfv_Ga?cB7_LE=Z3xzmGthpZVllq5zwGh1emBxqMGwjGtrfZiTZX1zkWZmaKZgY35wkWthh4Y/matthew.ellis%40ubc.ca&s3=&s4=
19 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://kns.dailyorderforyou.com/Xvfv_Ga?cB7_LE=Z3xzmGthpZVllq5zwGh1emBxqMGwjGtrfZiTZX1zkWZmaKZgY35wkWthh4Y/matthew.ellis%40ubc.ca&s3=&s4=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:3140 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.30
Resource Hash
a61912143c0f9c431181fad6434ea96ab0e2f3081d478d4d6e053675ddeaed22

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7977b4feab4515d3-EWR
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 10 Feb 2023 20:48:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZH6PTXgY02QKGh3cBCiAvSAW0h6kAHd1Q497jyh81kgigCwmrRkOAh1wGDPtUiMyC7qnCoDujaIgNA3%2BaO7B64T87jo6RIPKVls%2BLTup0HfH7os8i3itrQm5oJJJzAAXKEvEFRc2UculGnOBihITXx2BM4dS%2BCg%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.4.30

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache, no-store, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7977b4fafe0918f2-EWR
content-type
text/html; charset=utf-8
date
Fri, 10 Feb 2023 20:48:40 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
location
https://kns.dailyorderforyou.com/Xvfv_Ga?cB7_LE=Z3xzmGthpZVllq5zwGh1emBxqMGwjGtrfZiTZX1zkWZmaKZgY35wkWthh4Y/matthew.ellis%40ubc.ca&s3=&s4=
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A46ElJHTMW3fD0Bw%2BbZZRz4FNGKsIpt8zP4eBhQiG%2FDYJrywhWMnKQ3I%2BC7bfacNA%2BylwSGe9tESFgdV88eHUQ6qtdcMQUDBkVW3z6mnLi81z5jAJqhDXNQWBJSlx8dFPri%2FhkjhwmTbjNQN%2FsgBkcE%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
status
302 Found
x-powered-by
Phusion Passenger 6.0.4
x-rack-cache
miss
x-request-id
133a7d224b87a3d99b3ed407f23b1019
x-runtime
0.033604
x-ua-compatible
IE=Edge,chrome=1
css
fonts.googleapis.com/ 		46 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i|Raleway:300,300i,400,400i,500,500i,600,600i,700,700i|Poppins:300,300i,400,400i,500,500i,600,600i,700,700i
Requested by
Host: kns.dailyorderforyou.com
URL: https://kns.dailyorderforyou.com/Xvfv_Ga?cB7_LE=Z3xzmGthpZVllq5zwGh1emBxqMGwjGtrfZiTZX1zkWZmaKZgY35wkWthh4Y/matthew.ellis%40ubc.ca&s3=&s4=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::5f Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3f92041fa03058df9cb6c302ca394bc32dc312ba679e5a6673ef346856eb19d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 10 Feb 2023 20:48:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 10 Feb 2023 19:56:21 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 10 Feb 2023 20:48:41 GMT
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/ 		27 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/font-awesome.min.css
Requested by
Host: kns.dailyorderforyou.com
URL: https://kns.dailyorderforyou.com/Xvfv_Ga?cB7_LE=Z3xzmGthpZVllq5zwGh1emBxqMGwjGtrfZiTZX1zkWZmaKZgY35wkWthh4Y/matthew.ellis%40ubc.ca&s3=&s4=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Fri, 10 Feb 2023 20:48:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1015649
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
4972
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-6b4a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6NCRc9tmM2kBKc23BZHz40KU3qFFaCBv4DUHU4%2B1wtyWFA2tR0N%2FJKsVSDKlqH80HbGIZ8fPJoi6bWAI9pJ6UFUTSFH6mr6ds11SRm5%2BRJWlbaOTtA5vVNWS02RdaRD4RkkpZNifC2LUOukX4KsiyreY"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7977b5042e9433f1-YUL
expires
Wed, 31 Jan 2024 20:48:41 GMT
bootstrap.min.css
roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/css/ 		119 KB
119 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/css/bootstrap.min.css
Requested by
Host: kns.dailyorderforyou.com
URL: https://kns.dailyorderforyou.com/Xvfv_Ga?cB7_LE=Z3xzmGthpZVllq5zwGh1emBxqMGwjGtrfZiTZX1zkWZmaKZgY35wkWthh4Y/matthew.ellis%40ubc.ca&s3=&s4=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
97.107.133.178 Cedar Knolls, United States, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
97-107-133-178.ip.linodeusercontent.com
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 /
Resource Hash
1f429f4e2829515fb4ff9b67d875c2d023f08610e15a049ac0976715dd02182a

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Date
Fri, 10 Feb 2023 20:48:41 GMT
Last-Modified
Tue, 19 Jul 2022 06:15:18 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
ETag
"1da71-5e42268926980"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
121457
custom.css
roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/css/ 		49 KB
49 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/css/custom.css
Requested by
Host: kns.dailyorderforyou.com
URL: https://kns.dailyorderforyou.com/Xvfv_Ga?cB7_LE=Z3xzmGthpZVllq5zwGh1emBxqMGwjGtrfZiTZX1zkWZmaKZgY35wkWthh4Y/matthew.ellis%40ubc.ca&s3=&s4=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
97.107.133.178 Cedar Knolls, United States, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
97-107-133-178.ip.linodeusercontent.com
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 /
Resource Hash
7f52ac12899ccf117098e6fabc438dae4f6430725f26ccc02a4566f8bbd3b4e4

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Date
Fri, 10 Feb 2023 20:48:41 GMT
Last-Modified
Thu, 29 Dec 2022 14:36:40 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
ETag
"c2e2-5f0f869bb6e00"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
49890
wonderpush-loader.min.js
cdn.by.wonderpush.com/sdk/1.1/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.by.wonderpush.com/sdk/1.1/wonderpush-loader.min.js
Requested by
Host: kns.dailyorderforyou.com
URL: https://kns.dailyorderforyou.com/Xvfv_Ga?cB7_LE=Z3xzmGthpZVllq5zwGh1emBxqMGwjGtrfZiTZX1zkWZmaKZgY35wkWthh4Y/matthew.ellis%40ubc.ca&s3=&s4=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:12b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77739da5d7f08eb8f3c4570bb628aa068acd7f2942abf1a1a1c3aee68ebc9041

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Fri, 10 Feb 2023 20:48:42 GMT
content-encoding
gzip
via
1.1 626cbaf3b4af9c017ec7e762518761d6.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
YTO50-C3
age
15822
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
696
last-modified
Tue, 17 Jan 2023 16:23:59 GMT
server
cloudflare
etag
"3eb4ebbd84300308a46c51d9cd003dd6ed6e"
access-control-max-age
86400
access-control-allow-methods
HEAD, GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=86400
vary
Accept-Encoding
accept-ranges
bytes
cf-ray
7977b50729d07139-YUL
x-amz-cf-id
EILJhW_rWntVxZ1YWxHiOEO-WDvDWr5AYhlO0ylI_t2spzVMSlOY-A==
lander_lp
kns.dailyorderforyou.com/ 		0
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://kns.dailyorderforyou.com/lander_lp?lp=Z3xzmGthpZVllq5zwGh1emBxqMGwjGtrfZiTZX1zkWZmaKZgY35wkWthh4Y/matthew.ellis@ubc.ca
Requested by
Host: kns.dailyorderforyou.com
URL: https://kns.dailyorderforyou.com/Xvfv_Ga?cB7_LE=Z3xzmGthpZVllq5zwGh1emBxqMGwjGtrfZiTZX1zkWZmaKZgY35wkWthh4Y/matthew.ellis%40ubc.ca&s3=&s4=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:3140 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.30
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Fri, 10 Feb 2023 20:48:42 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.4.30
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dSbg6hI3N%2BgHlWxEMeX2jkIjVSQ6cwf6CfC07%2BKi%2BdAohVfN5pajSZDryuZSF96AI1%2F%2BQWHZrEazqnBiiC2tt3FJHoz%2BcB80h0GKGcYJ3VPWuwBA7Oe2V%2FW8157%2BlYteDnCbN%2F4rCuU0V6sIFirF3Nr5gl6oRhA%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cf-ray
7977b506bee215d3-EWR
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
jquery.min.js
roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/https://roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/https://roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/js/jquery.min.js
Requested by
Host: kns.dailyorderforyou.com
URL: https://kns.dailyorderforyou.com/Xvfv_Ga?cB7_LE=Z3xzmGthpZVllq5zwGh1emBxqMGwjGtrfZiTZX1zkWZmaKZgY35wkWthh4Y/matthew.ellis%40ubc.ca&s3=&s4=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
97.107.133.178 Cedar Knolls, United States, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
97-107-133-178.ip.linodeusercontent.com
Software
/
Resource Hash

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers
bootstrap.min.js
roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/https://roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/https://roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/js/bootstrap.min.js
Requested by
Host: kns.dailyorderforyou.com
URL: https://kns.dailyorderforyou.com/Xvfv_Ga?cB7_LE=Z3xzmGthpZVllq5zwGh1emBxqMGwjGtrfZiTZX1zkWZmaKZgY35wkWthh4Y/matthew.ellis%40ubc.ca&s3=&s4=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
97.107.133.178 Cedar Knolls, United States, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
97-107-133-178.ip.linodeusercontent.com
Software
/
Resource Hash

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers
css2
fonts.googleapis.com/ 		6 KB
694 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,200;0,300;0,400;1,100;1,200;1,300&display=swap
Requested by
Host: roadssign.com
URL: https://roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/css/custom.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::5f Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6674c4f7bbb497b1d1380712065cc3589b251cf5605daea1908ab2bebcc6a0ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 10 Feb 2023 20:48:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 10 Feb 2023 20:48:41 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 10 Feb 2023 20:48:41 GMT
css
fonts.googleapis.com/ 		26 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i
Requested by
Host: roadssign.com
URL: https://roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/css/custom.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::5f Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
47a7dd0cada3c63b3d5981848b65973772a3f5ccc578d16ed90e3aa1b74056ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 10 Feb 2023 20:48:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 10 Feb 2023 19:05:18 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 10 Feb 2023 20:48:41 GMT
pay-back.png
roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/img/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/img/pay-back.png
Requested by
Host: roadssign.com
URL: https://roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/css/custom.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
97.107.133.178 Cedar Knolls, United States, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
97-107-133-178.ip.linodeusercontent.com
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 /
Resource Hash
5ea2eb8e01895d74e7309857b739a9cc50e2b18c11d10e315f9321cfab84ceb5

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/css/custom.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Date
Fri, 10 Feb 2023 20:48:42 GMT
Last-Modified
Thu, 29 Dec 2022 06:34:57 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
ETag
"4282-5f0f1aefaa640"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
17026
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i|Raleway:300,300i,400,400i,500,500i,600,600i,700,700i|Poppins:300,300i,400,400i,500,500i,600,600i,700,700i
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://kns.dailyorderforyou.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Fri, 10 Feb 2023 11:04:35 GMT
x-content-type-options
nosniff
age
35047
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44856
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 18:20:18 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 10 Feb 2024 11:04:35 GMT
wonderpush.min.js
cdn.by.wonderpush.com/sdk/1.1.33.13/ 		464 KB
111 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.by.wonderpush.com/sdk/1.1.33.13/wonderpush.min.js
Requested by
Host: cdn.by.wonderpush.com
URL: https://cdn.by.wonderpush.com/sdk/1.1/wonderpush-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:12b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59e0ea7d539401a1f3cd924bf43e2b04e351e53735cdcb6385d2bb67071cf287

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Fri, 10 Feb 2023 20:48:44 GMT
content-encoding
gzip
via
1.1 16a12520cb84572aced3b0a8e5f80bae.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
ORD51-C1
age
2089462
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
112900
last-modified
Tue, 17 Jan 2023 16:23:55 GMT
server
cloudflare
etag
"7b62e04729e63f6a7dd93360781b1d60ed6e"
access-control-max-age
86400
access-control-allow-methods
HEAD, GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000
vary
Accept-Encoding
accept-ranges
bytes
cf-ray
7977b5189c3c7139-YUL
x-amz-cf-id
Tt8SzTeXMjb0my1_k5SV9O1a6BC-EbHJUky7UgjZnqdUerB0Yd3PoA==
41d403593c0b49d57f632b281192a2cc78b1d2de15f2c5576bbb2af96cbee7e0
cdn.by.wonderpush.com/config/webkeys/ 		2 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.by.wonderpush.com/config/webkeys/41d403593c0b49d57f632b281192a2cc78b1d2de15f2c5576bbb2af96cbee7e0?_=1676062125001
Requested by
Host: cdn.by.wonderpush.com
URL: https://cdn.by.wonderpush.com/sdk/1.1.33.13/wonderpush.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:12b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b5b5ca6ebba05351abf77e25cf1c5d3879656ce20117c9f9bd74512bb6dd0bc

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Fri, 10 Feb 2023 20:48:45 GMT
content-encoding
gzip
via
1.1 7fd26103acbe47cf03b34bbd9a65d1e2.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
YTO50-C3
age
1099
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
772
last-modified
Fri, 10 Feb 2023 09:17:13 GMT
server
cloudflare
etag
"9409cb4f2fd561ff5586c24526571a18ed6e"
access-control-max-age
86400
access-control-allow-methods
HEAD, GET
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=3600
vary
Accept-Encoding
accept-ranges
bytes
cf-ray
7977b5197c7a7157-YUL
x-amz-cf-id
40sXH1qwDCM-ZycDZAdy3OhLf_3zsrSOBEdxybedIpsazmSEslOz-A==
geojs.js
cdn.by.wonderpush.com/plugins/geojs/1.0.2/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.by.wonderpush.com/plugins/geojs/1.0.2/geojs.js
Requested by
Host: cdn.by.wonderpush.com
URL: https://cdn.by.wonderpush.com/sdk/1.1.33.13/wonderpush.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:12b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b877ef66eabd2dd21768d59e2ac26f9c4f48e0ed602e27cbd4d53c0701c7d515

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Fri, 10 Feb 2023 20:48:45 GMT
content-encoding
gzip
via
1.1 17c056a089c69d54a02a9a3ca804fdd6.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
IAD66-C2
age
6194412
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1055
last-modified
Mon, 22 Jun 2020 15:30:23 GMT
server
cloudflare
etag
"eade35070a4a96bcbeb77c55c1856e96ed6e"
access-control-max-age
86400
access-control-allow-methods
HEAD, GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,stale-while-revalidate=2592000
vary
Accept-Encoding
accept-ranges
bytes
cf-ray
7977b519de0e33f5-YUL
x-amz-cf-id
BRe5bB213AlVEZD7G2STTuqaPZjzQPipryBo8rdI8HDjuB_rO56HPg==
geo.json
get.geojs.io/v1/ip/ 		329 B
870 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://get.geojs.io/v1/ip/geo.json
Requested by
Host: cdn.by.wonderpush.com
URL: https://cdn.by.wonderpush.com/plugins/geojs/1.0.2/geojs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
52829c74c6676e72b862785a845f2fe9fcf8b47a7041ee3311eaa20bde4542a2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Fri, 10 Feb 2023 20:48:45 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id
b95d5a7cda5f3ff2d91ca664793b3e03-NYC
x-geojs-location
NYC
pragma
no-cache
server
cloudflare
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dNCDoZhHJHbFuzHFzrzYMhup%2FzRE0igzyPKFFajjIf2PqnrQKsX6y9UVzdyq3Fo%2Fp4Ih3Lqh4Bt6o7p1xi6S6kKcpOaFu0jwxB5yqpnqGvGApAZMvt5NjJn18Pffbu%2FcqzzMze4FXgyPYw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
no-store, no-cache, must-revalidate, private, max-age=0
cf-ray
7977b51abea374a7-IAD
truncated
/ 		981 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f59f3632ecd53a95c0f360bd613bdd269b4aff3afa0fcb04ceaaf7c99d53fd96

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Content-Type
image/png
events
measurements-api.wonderpush.com/v1/ 		94 B
277 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://measurements-api.wonderpush.com/v1/events
Requested by
Host: cdn.by.wonderpush.com
URL: https://cdn.by.wonderpush.com/sdk/1.1.33.13/wonderpush.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
34bfff6c0cfa2c6c7a749b980471e8fa325caf2329e388a18fd52ad7fbaec700

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://kns.dailyorderforyou.com
x-cloud-trace-context
c9f7db2c7f5d262cec3c0fd2d592250a
date
Fri, 10 Feb 2023 20:48:45 GMT
access-control-allow-credentials
true
server
Google Frontend
content-length
94
content-type
application/json

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange object| WonderPush function| chkvali function| partstep object| d number| minutes number| hours string| ampm object| months object| days object| o object| two object| three object| four object| five function| moveProgressBar string| string object| array undefined| timer function| frameLooper

0 Cookies

2 Console Messages

Source Level URL
Text
network error URL: https://roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/https://roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/js/jquery.min.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/https://roadssign.com/eml/CA-Casino-Payout-verification-DEC22-eml-avi/js/bootstrap.min.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.by.wonderpush.com
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
get.geojs.io
kns.dailyorderforyou.com
measurements-api.wonderpush.com
roadssign.com
rosvom-trk.ki4j.in
2001:4860:4802:32::15
2606:4700:20::681a:64
2606:4700:3030::6815:3140
2606:4700:3030::ac43:9738
2606:4700::6811:180e
2606:4700::6812:12b7
2607:f8b0:4004:c09::5f
2607:f8b0:4004:c1b::5e
97.107.133.178
1f429f4e2829515fb4ff9b67d875c2d023f08610e15a049ac0976715dd02182a
34bfff6c0cfa2c6c7a749b980471e8fa325caf2329e388a18fd52ad7fbaec700
3f92041fa03058df9cb6c302ca394bc32dc312ba679e5a6673ef346856eb19d3
47a7dd0cada3c63b3d5981848b65973772a3f5ccc578d16ed90e3aa1b74056ab
52829c74c6676e72b862785a845f2fe9fcf8b47a7041ee3311eaa20bde4542a2
59e0ea7d539401a1f3cd924bf43e2b04e351e53735cdcb6385d2bb67071cf287
5b5b5ca6ebba05351abf77e25cf1c5d3879656ce20117c9f9bd74512bb6dd0bc
5ea2eb8e01895d74e7309857b739a9cc50e2b18c11d10e315f9321cfab84ceb5
6674c4f7bbb497b1d1380712065cc3589b251cf5605daea1908ab2bebcc6a0ae
77739da5d7f08eb8f3c4570bb628aa068acd7f2942abf1a1a1c3aee68ebc9041
7f52ac12899ccf117098e6fabc438dae4f6430725f26ccc02a4566f8bbd3b4e4
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
a61912143c0f9c431181fad6434ea96ab0e2f3081d478d4d6e053675ddeaed22
b877ef66eabd2dd21768d59e2ac26f9c4f48e0ed602e27cbd4d53c0701c7d515
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f59f3632ecd53a95c0f360bd613bdd269b4aff3afa0fcb04ceaaf7c99d53fd96