urlscan.io logo urlscan.io
SecurityTrails logo

bl.flirthits.com Open in urlscan Pro
156.67.36.15  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://directlocaldating.com/sok?e=t92YuwWah12ZAlDMyV2ZulGZ1JWYF&m=3202978&l=0.3&_rm=z.z.z&_sdomain=directlocaldating.com
Effective URL: https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPub...
Submission: On June 27 via api from BE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 3 countries across 10 domains to perform 25 HTTP transactions. The main IP is 156.67.36.15, located in Germany and belongs to CQINT-, NL. The main domain is bl.flirthits.com.
TLS certificate: Issued by R3 on May 25th 2021. Valid for: 3 months.
This is the only time bl.flirthits.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 95.215.46.172 52173 (MAKONIX)
1 4 67.55.114.36 20264 (WEBAIR-IN...)
1 34.208.248.154 16509 (AMAZON-02)
1 1 156.67.36.11 25418 (CQINT-)
1 156.67.36.15 25418 (CQINT-)
13 69.16.175.10 20446 (HIGHWINDS3)
1 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
25 9
2    95.215.46.172 (Latvia)

ASN52173 (MAKONIX, LV)
directlocaldating.com
4    67.55.114.36 (United States)

ASN20264 (WEBAIR-INTERNET-2, US)
PTR: protocol-lax6.webair.com
www.positivecushion.com
1    34.208.248.154 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-208-248-154.us-west-2.compute.amazonaws.com
login.ievolved.com
1    156.67.36.11 (Germany)

ASN25418 (CQINT-, NL)
o-2587.prodtraff.com
1    156.67.36.15 (Germany)

ASN25418 (CQINT-, NL)
bl.flirthits.com
13    69.16.175.10 (Memphis, United States)

ASN20446 (HIGHWINDS3, US)
PTR: hwcdn.net
lpmedia.justservingfiles.net
imedia.justservingfiles.net
1    2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    2606:4700::6812:e234 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.onesignal.com
1    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
2    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Domain Requested by
12 lpmedia.justservingfiles.net bl.flirthits.com
lpmedia.justservingfiles.net
4 www.positivecushion.com 1 redirects www.positivecushion.com
2 fonts.gstatic.com fonts.googleapis.com
2 maxcdn.bootstrapcdn.com bl.flirthits.com
maxcdn.bootstrapcdn.com
2 directlocaldating.com 2 redirects
1 imedia.justservingfiles.net bl.flirthits.com
1 ajax.googleapis.com bl.flirthits.com
1 cdn.onesignal.com bl.flirthits.com
1 fonts.googleapis.com bl.flirthits.com
1 bl.flirthits.com www.positivecushion.com
1 o-2587.prodtraff.com 1 redirects
1 login.ievolved.com www.positivecushion.com
25 12

This site contains no links.

Subject Issuer Validity Valid
*.flirthits.com
R3		 2021-05-25 -
2021-08-23		 3 months crt.sh
*.lpmedia.justservingfiles.net
R3		 2021-06-05 -
2021-09-03		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2021-05-31 -
2021-08-23		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-03-01 -
2022-02-28		 a year crt.sh
*.imedia.justservingfiles.net
R3		 2021-06-05 -
2021-09-03		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-05-31 -
2021-08-23		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPublisher=&zz=true&hit_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tp_redirect_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270
Frame ID: 715E18BB9B722BB0AB8C7FD845931E53
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://directlocaldating.com/sok?e=t92YuwWah12ZAlDMyV2ZulGZ1JWYF&m=3202978&l=0.3&_rm=z.z.z&_sdomain=direc... HTTP 307
    http://directlocaldating.com/tracker.php?email=abudinger09@gmail.com&tid=a8affc088c HTTP 302
    http://www.positivecushion.com/track/59b9ba89ba98b/?c=1&s=84&s2=nanites&e=abudinger09%40gmail.com Page URL
  2. http://www.positivecushion.com/track/59b9ba89ba98b/?c=1&s=84&s2=nanites&e=Yjg5OTI1MmRiMTAzODNiMmE2MjUyMDVhN... Page URL
  3. http://www.positivecushion.com/rd/?u=https%253A%252F%252Fo-2587.prodtraff.com%252Fd0dba5dd-628f-4769-bd2e-f... HTTP 302
    https://o-2587.prodtraff.com/d0dba5dd-628f-4769-bd2e-f4223dca4b6f?clicktag=89538339&source=2231 HTTP 302
    https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&p... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

25
Requests

84 %
HTTPS

45 %
IPv6

10
Domains

12
Subdomains

9
IPs

3
Countries

225 kB
Transfer

372 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://directlocaldating.com/sok?e=t92YuwWah12ZAlDMyV2ZulGZ1JWYF&m=3202978&l=0.3&_rm=z.z.z&_sdomain=directlocaldating.com HTTP 307
    http://directlocaldating.com/tracker.php?email=abudinger09@gmail.com&tid=a8affc088c HTTP 302
    http://www.positivecushion.com/track/59b9ba89ba98b/?c=1&s=84&s2=nanites&e=abudinger09%40gmail.com Page URL
  2. http://www.positivecushion.com/track/59b9ba89ba98b/?c=1&s=84&s2=nanites&e=Yjg5OTI1MmRiMTAzODNiMmE2MjUyMDVhNjBmMTJiN2RqWVl5bXRzOGpjVkg4N2dvS2t4eXloT0pQeDE4&k=6345&ms=1624785434480&url=YjkxM2I1OWJhNjI1ZWRjZDJmOGNiNjQxOWM3M2Y1MWQ1TU5YTkM3VzZMQ3FwVkc0bDV4eXNFaWZYbmNicUYwTzNHTldLL2RNYkNZTkFPVzNZZ2VqdlZmcjZ0aGlJaE1YVXI2SkRkSFRvcjY2UmRVVitVWnpnYzIxVTZpTm5sOWNUS0NybVlYODh6VVFRcU5jRVQ1ai9RMHpzMllmUkVubFdzNFQvZ05tODB4WGdYTUVqakFaRXZiTXJZV1dQclF1TXloREc5UT0%3D Page URL
  3. http://www.positivecushion.com/rd/?u=https%253A%252F%252Fo-2587.prodtraff.com%252Fd0dba5dd-628f-4769-bd2e-f4223dca4b6f%253Fclicktag%253D89538339%2526source%253D2231&r=108077436&d=0.63032793998718&ad=1.3113021850586E-5&c=89538339&cam=4 HTTP 302
    https://o-2587.prodtraff.com/d0dba5dd-628f-4769-bd2e-f4223dca4b6f?clicktag=89538339&source=2231 HTTP 302
    https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPublisher=&zz=true&hit_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tp_redirect_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://directlocaldating.com/sok?e=t92YuwWah12ZAlDMyV2ZulGZ1JWYF&m=3202978&l=0.3&_rm=z.z.z&_sdomain=directlocaldating.com HTTP 307
  • http://directlocaldating.com/tracker.php?email=abudinger09@gmail.com&tid=a8affc088c HTTP 302
  • http://www.positivecushion.com/track/59b9ba89ba98b/?c=1&s=84&s2=nanites&e=abudinger09%40gmail.com

25 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set /
www.positivecushion.com/track/59b9ba89ba98b/
Redirect Chain
  • http://directlocaldating.com/sok?e=t92YuwWah12ZAlDMyV2ZulGZ1JWYF&m=3202978&l=0.3&_rm=z.z.z&_sdomain=directlocaldating.com
  • http://directlocaldating.com/tracker.php?email=abudinger09@gmail.com&tid=a8affc088c
  • http://www.positivecushion.com/track/59b9ba89ba98b/?c=1&s=84&s2=nanites&e=abudinger09%40gmail.com
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.positivecushion.com/track/59b9ba89ba98b/?c=1&s=84&s2=nanites&e=abudinger09%40gmail.com
Protocol
HTTP/1.1
Server
67.55.114.36 , United States, ASN20264 (WEBAIR-INTERNET-2, US),
Reverse DNS
protocol-lax6.webair.com
Software
Apache /
Resource Hash
52b2848b55e0df10e316c9e3af9827628d3edb7d1bb4baa491344c2088af6016

Request headers

Host
www.positivecushion.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 27 Jun 2021 09:17:14 GMT
Server
Apache
Cache-control
no-cache="set-cookie"
Content-Type
text/html; charset=UTF-8
Content-Length
1257
Set-Cookie
AWSELB=6B13D95B0EBBE03D49495E779F63834617AC250E7572754352888E7FE262F180CA5CADB52E0B0F8C60FE1EF3D10196D83F7496F6ED4DF1D946EE17C0BEE56F1C6CA3FF1C0B;PATH=/
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive

Redirect headers

Connection
Close
Content-type
text/html
Date
Sun, 27 Jun 2021 09:17:14 GMT
Location
http://www.positivecushion.com/track/59b9ba89ba98b/?c=1&s=84&s2=nanites&e=abudinger09%40gmail.com
Server
Kucci
Transfer-Encoding
chunked
X-Powered-By
PHP/5.4.16
Cookie set /
www.positivecushion.com/track/59b9ba89ba98b/ 		4 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.positivecushion.com/track/59b9ba89ba98b/?c=1&s=84&s2=nanites&e=Yjg5OTI1MmRiMTAzODNiMmE2MjUyMDVhNjBmMTJiN2RqWVl5bXRzOGpjVkg4N2dvS2t4eXloT0pQeDE4&k=6345&ms=1624785434480&url=YjkxM2I1OWJhNjI1ZWRjZDJmOGNiNjQxOWM3M2Y1MWQ1TU5YTkM3VzZMQ3FwVkc0bDV4eXNFaWZYbmNicUYwTzNHTldLL2RNYkNZTkFPVzNZZ2VqdlZmcjZ0aGlJaE1YVXI2SkRkSFRvcjY2UmRVVitVWnpnYzIxVTZpTm5sOWNUS0NybVlYODh6VVFRcU5jRVQ1ai9RMHpzMllmUkVubFdzNFQvZ05tODB4WGdYTUVqakFaRXZiTXJZV1dQclF1TXloREc5UT0%3D
Requested by
Host: www.positivecushion.com
URL: http://www.positivecushion.com/track/59b9ba89ba98b/?c=1&s=84&s2=nanites&e=abudinger09%40gmail.com
Protocol
HTTP/1.1
Server
67.55.114.36 , United States, ASN20264 (WEBAIR-INTERNET-2, US),
Reverse DNS
protocol-lax6.webair.com
Software
Apache /
Resource Hash
3dd0d0aef3c5baa13026146bd221c9c7fba6be8814a202ea451bc478f137ff90

Request headers

Host
www.positivecushion.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://www.positivecushion.com/track/59b9ba89ba98b/?c=1&s=84&s2=nanites&e=abudinger09%40gmail.com
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
AWSELB=6B13D95B0EBBE03D49495E779F63834617AC250E7572754352888E7FE262F180CA5CADB52E0B0F8C60FE1EF3D10196D83F7496F6ED4DF1D946EE17C0BEE56F1C6CA3FF1C0B
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://www.positivecushion.com/track/59b9ba89ba98b/?c=1&s=84&s2=nanites&e=abudinger09%40gmail.com

Response headers

Date
Sun, 27 Jun 2021 09:17:14 GMT
Server
Apache
Cache-Control
no-cache
Content-Type
text/html; charset=UTF-8
Content-Length
3751
Set-Cookie
cpc_unique_id=60d8421aa6912; expires=Mon, 27-Jun-2022 09:17:14 GMT; Max-Age=31536000; path=/
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
focus.php
login.ievolved.com/ 		0
349 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://login.ievolved.com/focus.php?insert=1&publisher_id=92&pub_sub_id=2231&email=abudinger09%40gmail.com&ip=185.246.211.87&pub_sub_name=84&browser=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/89.0.4389.72%20Safari/537.36&focus=1&tpl=TPL-1-F
Requested by
Host: www.positivecushion.com
URL: http://www.positivecushion.com/track/59b9ba89ba98b/?c=1&s=84&s2=nanites&e=Yjg5OTI1MmRiMTAzODNiMmE2MjUyMDVhNjBmMTJiN2RqWVl5bXRzOGpjVkg4N2dvS2t4eXloT0pQeDE4&k=6345&ms=1624785434480&url=YjkxM2I1OWJhNjI1ZWRjZDJmOGNiNjQxOWM3M2Y1MWQ1TU5YTkM3VzZMQ3FwVkc0bDV4eXNFaWZYbmNicUYwTzNHTldLL2RNYkNZTkFPVzNZZ2VqdlZmcjZ0aGlJaE1YVXI2SkRkSFRvcjY2UmRVVitVWnpnYzIxVTZpTm5sOWNUS0NybVlYODh6VVFRcU5jRVQ1ai9RMHpzMllmUkVubFdzNFQvZ05tODB4WGdYTUVqakFaRXZiTXJZV1dQclF1TXloREc5UT0%3D
Protocol
HTTP/1.1
Server
34.208.248.154 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-208-248-154.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash

Request headers

Referer
http://www.positivecushion.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 27 Jun 2021 09:17:15 GMT
Server
Apache
Access-Control-Allow-Methods
PUT, GET, POST, DELETE, OPTIONS
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Access-Control-Allow-Origin
Content-Length
0
/
www.positivecushion.com/ajax/ 		234 B
447 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://www.positivecushion.com/ajax/?ff=0&c=1&p=92&sid=2231&sid2=54571&adid=1&e=abudinger09%2540gmail.com&v=1&n=0&cid=&auth=1cb531daa80290eaa4eef78cee9dc34b&rawId=108077436&countryId=FR&ip=185.246.211.87&platformId=1&cpcUniqueId=60d8421aa6912&s=84&s2=nanites&ms=1624785434480&r=0
Requested by
Host: www.positivecushion.com
URL: http://www.positivecushion.com/track/59b9ba89ba98b/?c=1&s=84&s2=nanites&e=Yjg5OTI1MmRiMTAzODNiMmE2MjUyMDVhNjBmMTJiN2RqWVl5bXRzOGpjVkg4N2dvS2t4eXloT0pQeDE4&k=6345&ms=1624785434480&url=YjkxM2I1OWJhNjI1ZWRjZDJmOGNiNjQxOWM3M2Y1MWQ1TU5YTkM3VzZMQ3FwVkc0bDV4eXNFaWZYbmNicUYwTzNHTldLL2RNYkNZTkFPVzNZZ2VqdlZmcjZ0aGlJaE1YVXI2SkRkSFRvcjY2UmRVVitVWnpnYzIxVTZpTm5sOWNUS0NybVlYODh6VVFRcU5jRVQ1ai9RMHpzMllmUkVubFdzNFQvZ05tODB4WGdYTUVqakFaRXZiTXJZV1dQclF1TXloREc5UT0%3D
Protocol
HTTP/1.1
Server
67.55.114.36 , United States, ASN20264 (WEBAIR-INTERNET-2, US),
Reverse DNS
protocol-lax6.webair.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.positivecushion.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
*/*
Referer
http://www.positivecushion.com/track/59b9ba89ba98b/?c=1&s=84&s2=nanites&e=Yjg5OTI1MmRiMTAzODNiMmE2MjUyMDVhNjBmMTJiN2RqWVl5bXRzOGpjVkg4N2dvS2t4eXloT0pQeDE4&k=6345&ms=1624785434480&url=YjkxM2I1OWJhNjI1ZWRjZDJmOGNiNjQxOWM3M2Y1MWQ1TU5YTkM3VzZMQ3FwVkc0bDV4eXNFaWZYbmNicUYwTzNHTldLL2RNYkNZTkFPVzNZZ2VqdlZmcjZ0aGlJaE1YVXI2SkRkSFRvcjY2UmRVVitVWnpnYzIxVTZpTm5sOWNUS0NybVlYODh6VVFRcU5jRVQ1ai9RMHpzMllmUkVubFdzNFQvZ05tODB4WGdYTUVqakFaRXZiTXJZV1dQclF1TXloREc5UT0%3D
Cookie
AWSELB=6B13D95B0EBBE03D49495E779F63834617AC250E7572754352888E7FE262F180CA5CADB52E0B0F8C60FE1EF3D10196D83F7496F6ED4DF1D946EE17C0BEE56F1C6CA3FF1C0B; cpc_unique_id=60d8421aa6912
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.positivecushion.com/track/59b9ba89ba98b/?c=1&s=84&s2=nanites&e=Yjg5OTI1MmRiMTAzODNiMmE2MjUyMDVhNjBmMTJiN2RqWVl5bXRzOGpjVkg4N2dvS2t4eXloT0pQeDE4&k=6345&ms=1624785434480&url=YjkxM2I1OWJhNjI1ZWRjZDJmOGNiNjQxOWM3M2Y1MWQ1TU5YTkM3VzZMQ3FwVkc0bDV4eXNFaWZYbmNicUYwTzNHTldLL2RNYkNZTkFPVzNZZ2VqdlZmcjZ0aGlJaE1YVXI2SkRkSFRvcjY2UmRVVitVWnpnYzIxVTZpTm5sOWNUS0NybVlYODh6VVFRcU5jRVQ1ai9RMHpzMllmUkVubFdzNFQvZ05tODB4WGdYTUVqakFaRXZiTXJZV1dQclF1TXloREc5UT0%3D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 27 Jun 2021 09:17:14 GMT
Cache-Control
no-cache
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Content-Length
234
Content-Type
text/html; charset=UTF-8
Primary Request cd630
bl.flirthits.com/landing/
Redirect Chain
  • http://www.positivecushion.com/rd/?u=https%253A%252F%252Fo-2587.prodtraff.com%252Fd0dba5dd-628f-4769-bd2e-f4223dca4b6f%253Fclicktag%253D89538339%2526source%253D2231&r=108077436&d=0.63032793998718&a...
  • https://o-2587.prodtraff.com/d0dba5dd-628f-4769-bd2e-f4223dca4b6f?clicktag=89538339&source=2231
  • https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPublisher=&zz=true&hit_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tp_redirect_id=1...
29 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPublisher=&zz=true&hit_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tp_redirect_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270
Requested by
Host: www.positivecushion.com
URL: http://www.positivecushion.com/track/59b9ba89ba98b/?c=1&s=84&s2=nanites&e=Yjg5OTI1MmRiMTAzODNiMmE2MjUyMDVhNjBmMTJiN2RqWVl5bXRzOGpjVkg4N2dvS2t4eXloT0pQeDE4&k=6345&ms=1624785434480&url=YjkxM2I1OWJhNjI1ZWRjZDJmOGNiNjQxOWM3M2Y1MWQ1TU5YTkM3VzZMQ3FwVkc0bDV4eXNFaWZYbmNicUYwTzNHTldLL2RNYkNZTkFPVzNZZ2VqdlZmcjZ0aGlJaE1YVXI2SkRkSFRvcjY2UmRVVitVWnpnYzIxVTZpTm5sOWNUS0NybVlYODh6VVFRcU5jRVQ1ai9RMHpzMllmUkVubFdzNFQvZ05tODB4WGdYTUVqakFaRXZiTXJZV1dQclF1TXloREc5UT0%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
156.67.36.15 , Germany, ASN25418 (CQINT-, NL),
Reverse DNS
Software
nginx /
Resource Hash
22b1ab379f9d4dfa0c7887b87b929d9b8c8a5163eaf59aeb9739dd088498c0f8

Request headers

Host
bl.flirthits.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
http://www.positivecushion.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://www.positivecushion.com/track/59b9ba89ba98b/?c=1&s=84&s2=nanites&e=Yjg5OTI1MmRiMTAzODNiMmE2MjUyMDVhNjBmMTJiN2RqWVl5bXRzOGpjVkg4N2dvS2t4eXloT0pQeDE4&k=6345&ms=1624785434480&url=YjkxM2I1OWJhNjI1ZWRjZDJmOGNiNjQxOWM3M2Y1MWQ1TU5YTkM3VzZMQ3FwVkc0bDV4eXNFaWZYbmNicUYwTzNHTldLL2RNYkNZTkFPVzNZZ2VqdlZmcjZ0aGlJaE1YVXI2SkRkSFRvcjY2UmRVVitVWnpnYzIxVTZpTm5sOWNUS0NybVlYODh6VVFRcU5jRVQ1ai9RMHpzMllmUkVubFdzNFQvZ05tODB4WGdYTUVqakFaRXZiTXJZV1dQclF1TXloREc5UT0%3D

Response headers

server
nginx
date
Sun, 27 Jun 2021 09:17:15 GMT
content-type
text/html; charset=UTF-8
transfer-encoding
chunked
vary
Accept-Encoding
cache-control
max-age=0, private, must-revalidate no-store, no-cache, must-revalidate, post-check=0, pre-check=0
set-cookie
PHPSESSID=6kf1bsetsdrcj7vl0i8f65r66g; path=/
access-control-allow-origin
*
access-control-allow-headers
X-Requested-With, Content-Type, Accept, Origin, Authorization
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD
pragma
no-cache
content-encoding
gzip

Redirect headers

server
openresty/1.15.8.1
date
Sun, 27 Jun 2021 09:17:15 GMT
content-length
0
location
https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPublisher=&zz=true&hit_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tp_redirect_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270
set-cookie
attrk=yes;Version=1;Max-Age=86400 vcid=%7B%22id%22%3A%2251b93cae-f4d8-4907-ad65-cdb464b1263b%22%2C%22firstTime%22%3A%22Jun+27%2C+2021+9%3A17%3A15+AM%22%2C%22visitCount%22%3A1%2C%22firstTimeDay%22%3A%22Jun+27%2C+2021+9%3A17%3A15+AM%22%2C%22visitDays%22%3A1%2C%22origin%22%3A%22routing%22%2C%22lastLocation%22%3A%22routing%22%2C%22ageInSecs%22%3A0%7D;Version=1;Domain=prodtraff.com;Path=/;Max-Age=2147483647;Expires=Fri, 15 Jul 2089 12:31:22 GMT
strict-transport-security
max-age=15724800; includeSubDomains
form.css
lpmedia.justservingfiles.net/widgets/registrationFormBuilder/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lpmedia.justservingfiles.net/widgets/registrationFormBuilder/form.css?691788
Requested by
Host: bl.flirthits.com
URL: https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPublisher=&zz=true&hit_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tp_redirect_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.16.175.10 Memphis, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
hwcdn.net
Software
nginx /
Resource Hash
195c953a7e6f40ca401cbe3b8f67d174909f6bd6a6f58c4d58649dae7341f13f

Request headers

Referer
https://bl.flirthits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 27 Jun 2021 09:17:15 GMT
Content-Encoding
gzip
Last-Modified
Thu, 24 Jun 2021 03:53:17 GMT
server
nginx
etag
W/"60d401ad-1bec"
X-HW
1624785435.dop209.pa1.t,1624785435.cds028.pa1.shn,1624785435.dop209.pa1.t,1624785435.cds226.pa1.c
Content-Type
text/css
access-control-allow-origin
*
cache-control
public, max-age=43200
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
1648
login_form.css
lpmedia.justservingfiles.net/widgets/loginFormBuilder/ 		1 KB
894 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lpmedia.justservingfiles.net/widgets/loginFormBuilder/login_form.css?691788
Requested by
Host: bl.flirthits.com
URL: https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPublisher=&zz=true&hit_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tp_redirect_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.16.175.10 Memphis, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
hwcdn.net
Software
nginx /
Resource Hash
c01ae6f690936b5ea1d7ac0b1e77b8f89a61d7b0720e488ba4d2737db1e82ab3

Request headers

Referer
https://bl.flirthits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 27 Jun 2021 09:17:15 GMT
Content-Encoding
gzip
Last-Modified
Thu, 24 Jun 2021 03:53:17 GMT
server
nginx
etag
W/"60d401ad-591"
X-HW
1624785435.dop212.pa1.t,1624785435.cds002.pa1.shn,1624785435.dop212.pa1.t,1624785435.cds224.pa1.c
Content-Type
text/css
access-control-allow-origin
*
cache-control
public, max-age=43200
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
463
corner.css
lpmedia.justservingfiles.net/widgets/corner/ 		246 B
631 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lpmedia.justservingfiles.net/widgets/corner/corner.css?691788
Requested by
Host: bl.flirthits.com
URL: https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPublisher=&zz=true&hit_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tp_redirect_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.16.175.10 Memphis, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
hwcdn.net
Software
nginx /
Resource Hash
0dccbd3f3d3f9074ca635cc844fcf4c9d31116ae88b53867f07030918b40c88d

Request headers

Referer
https://bl.flirthits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 27 Jun 2021 09:17:15 GMT
Content-Encoding
gzip
Last-Modified
Thu, 24 Jun 2021 03:53:17 GMT
server
nginx
etag
W/"60d401ad-f6"
X-HW
1624785435.dop202.pa1.t,1624785435.cds035.pa1.shn,1624785435.dop202.pa1.t,1624785435.cds007.pa1.c
Content-Type
text/css
access-control-allow-origin
*
cache-control
public, max-age=43200
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
201
css
fonts.googleapis.com/ 		3 KB
595 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:400,700,900|Droid+Sans:400,700&display=swap
Requested by
Host: bl.flirthits.com
URL: https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPublisher=&zz=true&hit_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tp_redirect_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4a37694b0214d062f2760f1b58f1093ac05fa24a095e57368db51f2b95456f93
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://bl.flirthits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 27 Jun 2021 09:17:15 GMT
server
ESF
date
Sun, 27 Jun 2021 09:17:15 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 27 Jun 2021 09:17:15 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: bl.flirthits.com
URL: https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPublisher=&zz=true&hit_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tp_redirect_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://bl.flirthits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 27 Jun 2021 09:17:15 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
723, 617, 617
age
8338791
cdn-cachedat
2021-03-11 11:57:51
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0aee5b54e400005369512ee000000001
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
50f270cef956c80b14f61fa9ad96c573
cf-ray
665d94ce3a575369-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
style-cd2.min.css
lpmedia.justservingfiles.net/build/templates/DailyDate2/ 		18 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lpmedia.justservingfiles.net/build/templates/DailyDate2/style-cd2.min.css?691788
Requested by
Host: bl.flirthits.com
URL: https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPublisher=&zz=true&hit_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tp_redirect_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.16.175.10 Memphis, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
hwcdn.net
Software
nginx /
Resource Hash
987c91ad83653e24a9845fb5c4d6b3aafbd75c06c23a6fcb14d4ffc534101b54

Request headers

Referer
https://bl.flirthits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 27 Jun 2021 09:17:15 GMT
Content-Encoding
gzip
Last-Modified
Thu, 24 Jun 2021 03:53:06 GMT
server
nginx
etag
W/"60d401a2-46a3"
X-HW
1624785435.dop047.pa1.t,1624785435.cds002.pa1.shn,1624785435.dop047.pa1.t,1624785435.cds014.pa1.c
Content-Type
text/css
access-control-allow-origin
*
cache-control
public, max-age=43200
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
4077
OneSignalSDK.js
cdn.onesignal.com/sdks/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by
Host: bl.flirthits.com
URL: https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPublisher=&zz=true&hit_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tp_redirect_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe8b2264b7ef7ae4f5b3ee5fa827b2744a843804a417cc0b39a4f0e9f64f07ed

Request headers

Referer
https://bl.flirthits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 27 Jun 2021 09:17:16 GMT
content-encoding
br
cf-cache-status
HIT
server
cloudflare
age
3242
etag
W/"5fc2f559bc639be298da1ed4b804eeda"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
665d94ced9889790-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0aee5b554d0000979022a59000000001
expires
Wed, 30 Jun 2021 09:17:16 GMT
flirthits_w.png
lpmedia.justservingfiles.net/img/_logos/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lpmedia.justservingfiles.net/img/_logos/flirthits_w.png
Requested by
Host: bl.flirthits.com
URL: https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPublisher=&zz=true&hit_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tp_redirect_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.16.175.10 Memphis, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
hwcdn.net
Software
nginx /
Resource Hash
23d03fe20fccc6dd7bb390ece4a448c072f184b7a5f604b4394b7fcf4b628cb6

Request headers

Referer
https://bl.flirthits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 27 Jun 2021 09:17:15 GMT
Last-Modified
Thu, 24 Jun 2021 03:53:07 GMT
server
nginx
etag
"60d401a3-5c2"
X-HW
1624785435.dop212.pa1.t,1624785435.cds002.pa1.shn,1624785435.dop212.pa1.t,1624785435.cds026.pa1.c
Content-Type
image/png
access-control-allow-origin
*
cache-control
public, max-age=43200
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
1474
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Requested by
Host: bl.flirthits.com
URL: https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPublisher=&zz=true&hit_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tp_redirect_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bl.flirthits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 27 Jun 2021 08:34:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2585
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30306
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 27 Jun 2022 08:34:10 GMT
validation.js
lpmedia.justservingfiles.net/js/helpers/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lpmedia.justservingfiles.net/js/helpers/validation.js?691788
Requested by
Host: bl.flirthits.com
URL: https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPublisher=&zz=true&hit_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tp_redirect_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.16.175.10 Memphis, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
hwcdn.net
Software
nginx /
Resource Hash
d8bec43fa0c0c15402b98176cc557cf4c72c7a881ab1d0143354b87839c90d62

Request headers

Referer
https://bl.flirthits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 27 Jun 2021 09:17:15 GMT
Content-Encoding
gzip
Last-Modified
Thu, 24 Jun 2021 03:53:16 GMT
server
nginx
etag
W/"60d401ac-2ba9"
X-HW
1624785435.dop047.pa1.t,1624785435.cds002.pa1.shn,1624785435.dop047.pa1.t,1624785435.cds015.pa1.c
Content-Type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=43200
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
3436
form_helper.js
lpmedia.justservingfiles.net/widgets/registrationFormBuilder/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lpmedia.justservingfiles.net/widgets/registrationFormBuilder/form_helper.js?691788
Requested by
Host: bl.flirthits.com
URL: https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPublisher=&zz=true&hit_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tp_redirect_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.16.175.10 Memphis, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
hwcdn.net
Software
nginx /
Resource Hash
e9ea9a3362eaff855c8bed3b0451fa0cb3b11e22694804fbc4c7695b873469a9

Request headers

Referer
https://bl.flirthits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 27 Jun 2021 09:17:15 GMT
Content-Encoding
gzip
Last-Modified
Thu, 24 Jun 2021 03:53:17 GMT
server
nginx
etag
W/"60d401ad-15bd"
X-HW
1624785435.dop047.pa1.t,1624785435.cds002.pa1.shn,1624785435.dop047.pa1.t,1624785435.cds215.pa1.c
Content-Type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=43200
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
1527
form.js
lpmedia.justservingfiles.net/widgets/registrationFormBuilder/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lpmedia.justservingfiles.net/widgets/registrationFormBuilder/form.js?691788
Requested by
Host: bl.flirthits.com
URL: https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPublisher=&zz=true&hit_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tp_redirect_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.16.175.10 Memphis, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
hwcdn.net
Software
nginx /
Resource Hash
d5db5dba10eb17b6a17200d511308a45f025fbda16e41a822ff3634107c47146

Request headers

Referer
https://bl.flirthits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 27 Jun 2021 09:17:15 GMT
Content-Encoding
gzip
Last-Modified
Thu, 24 Jun 2021 03:53:17 GMT
server
nginx
etag
W/"60d401ad-f2a"
X-HW
1624785435.dop202.pa1.t,1624785435.cds035.pa1.shn,1624785435.dop202.pa1.t,1624785435.cds031.pa1.c
Content-Type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=43200
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
1051
step.js
lpmedia.justservingfiles.net/widgets/registrationFormBuilder/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lpmedia.justservingfiles.net/widgets/registrationFormBuilder/step.js?691788
Requested by
Host: bl.flirthits.com
URL: https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPublisher=&zz=true&hit_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tp_redirect_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.16.175.10 Memphis, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
hwcdn.net
Software
nginx /
Resource Hash
11ed73b8f19930ef1d1f05da475baa3b0489d3b07d0deb5b73b4a2814911b7f2

Request headers

Referer
https://bl.flirthits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 27 Jun 2021 09:17:15 GMT
Content-Encoding
gzip
Last-Modified
Thu, 24 Jun 2021 03:53:17 GMT
server
nginx
etag
W/"60d401ad-b70"
X-HW
1624785435.dop212.pa1.t,1624785435.cds002.pa1.shn,1624785435.dop212.pa1.t,1624785435.cds023.pa1.c
Content-Type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=43200
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
946
popwin.js
lpmedia.justservingfiles.net/js/ 		1 KB
970 B 		Script
General
Check archive.org
Download Go to
Full URL
https://lpmedia.justservingfiles.net/js/popwin.js?691788
Requested by
Host: bl.flirthits.com
URL: https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPublisher=&zz=true&hit_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tp_redirect_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.16.175.10 Memphis, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
hwcdn.net
Software
nginx /
Resource Hash
80c43823e625ee5e54008f00ff89c66020c614dae397401177a790fee8c950a0

Request headers

Referer
https://bl.flirthits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 27 Jun 2021 09:17:15 GMT
Content-Encoding
gzip
Last-Modified
Thu, 24 Jun 2021 03:53:16 GMT
server
nginx
etag
W/"60d401ac-499"
X-HW
1624785435.dop209.pa1.t,1624785435.cds028.pa1.shn,1624785435.dop209.pa1.t,1624785435.cds043.pa1.c
Content-Type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=43200
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
525
login_form.js
lpmedia.justservingfiles.net/widgets/loginFormBuilder/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lpmedia.justservingfiles.net/widgets/loginFormBuilder/login_form.js
Requested by
Host: bl.flirthits.com
URL: https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPublisher=&zz=true&hit_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tp_redirect_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.16.175.10 Memphis, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
hwcdn.net
Software
nginx /
Resource Hash
32b0e150dd063c392ab1c6a1e48bcc0a553359257746384406c91e2654c86581

Request headers

Referer
https://bl.flirthits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 27 Jun 2021 09:17:15 GMT
Content-Encoding
gzip
Last-Modified
Thu, 24 Jun 2021 03:53:17 GMT
server
nginx
etag
W/"60d401ad-141f"
X-HW
1624785435.dop047.pa1.t,1624785435.cds002.pa1.shn,1624785435.dop047.pa1.t,1624785435.cds035.pa1.c
Content-Type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=43200
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
1369
mobirise-icons.css
lpmedia.justservingfiles.net/style/plugins/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lpmedia.justservingfiles.net/style/plugins/mobirise-icons.css
Requested by
Host: lpmedia.justservingfiles.net
URL: https://lpmedia.justservingfiles.net/build/templates/DailyDate2/style-cd2.min.css?691788
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.16.175.10 Memphis, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
hwcdn.net
Software
nginx /
Resource Hash
8fc0e87e41c5d0f5f168ce5c2fa5997c1b665fc6f5301ed0558a07a88107ee41

Request headers

Referer
https://lpmedia.justservingfiles.net/build/templates/DailyDate2/style-cd2.min.css?691788
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 27 Jun 2021 09:17:15 GMT
Content-Encoding
gzip
Last-Modified
Thu, 24 Jun 2021 03:53:17 GMT
server
nginx
etag
W/"60d401ad-1dca"
X-HW
1624785435.dop202.pa1.t,1624785435.cds035.pa1.shn,1624785435.dop202.pa1.t,1624785435.cds038.pa1.c
Content-Type
text/css
access-control-allow-origin
*
cache-control
public, max-age=43200
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
1557
52e65813-f719-4dde-9304-ef4f00dff3c2_bedbigeyes.jpg
imedia.justservingfiles.net/ 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imedia.justservingfiles.net/52e65813-f719-4dde-9304-ef4f00dff3c2_bedbigeyes.jpg
Requested by
Host: bl.flirthits.com
URL: https://bl.flirthits.com/landing/cd630?clickId=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tracker=SGM_Pro&publisher=1493&subPublisher=&zz=true&hit_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270&tp_redirect_id=12d6a0a3-c3d1-4f7b-ac2d-230b47469270
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.16.175.10 Memphis, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
hwcdn.net
Software
AmazonS3 /
Resource Hash
f4baceb08307ef98f3519b9acc80552bed3bf3dc154ed1c8f1f671d42cf83e1b

Request headers

Referer
https://bl.flirthits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 27 Jun 2021 09:17:16 GMT
Last-Modified
Thu, 15 Oct 2020 02:08:50 GMT
Server
AmazonS3
x-amz-request-id
1XEH4R7XEHDJEJBJ
ETag
"dcc9727e8f21ba5dceaf0210ee5cfd74"
X-HW
1624785436.dop023.pa1.t,1624785436.cds043.pa1.shn,1624785436.dop023.pa1.t,1624785436.cds023.pa1.c
Content-Type
image/jpeg
Cache-Control
max-age=86400
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
26375
x-amz-id-2
W6RrGzgbR3V3vpb05aLb1avRRqxp5q7pbVK3ZVG3NIjyMGwuwIg76jMi24TxkjyFzAWqVnNw2yg=
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ 		22 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700,900|Droid+Sans:400,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://bl.flirthits.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 22 Jun 2021 13:10:17 GMT
x-content-type-options
nosniff
age
418018
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22992
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 18:12:12 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 22 Jun 2022 13:10:17 GMT
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://bl.flirthits.com
Referer
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 27 Jun 2021 09:17:16 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601, 617, 617, 617, 617
age
5630285
cdn-cachedat
2021-04-23 07:11:16
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
77160
cf-request-id
0aee5b555d00004a733ea54000000001
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
font/woff2
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
fa8f712304fdc96f64b2bdb80ebbcee5
accept-ranges
bytes
cf-ray
665d94cefa1a4a73-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v17/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700,900|Droid+Sans:400,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://bl.flirthits.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 23 Jun 2021 06:21:47 GMT
x-content-type-options
nosniff
age
356128
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23484
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 18:10:46 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 23 Jun 2022 06:21:47 GMT

Verdicts & Comments Add Verdict or Comment

41 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| OneSignal function| $ function| jQuery function| Validator object| x undefined| j undefined| ll undefined| selElmnt undefined| a undefined| b undefined| c function| closeAllSelect function| goToStep function| countdownToNextStep function| activeProgressBar object| Popwin object| $btnOpenLogin object| $btnCloseLogin undefined| $loginFormHolder undefined| $errors object| $formLogin boolean| iDates function| loginFormAddRequiredError function| submitHttpRequest function| getLocationName function| processData function| blink function| generateRandom function| nextPicture function| handleAfterGoNextStep

1 Cookies

Domain/Path Name / Value
bl.flirthits.com/ Name: PHPSESSID
Value: 6kf1bsetsdrcj7vl0i8f65r66g

1 Console Messages

Source Level URL
Text
console-api log URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js(Line 1)
Message:
OneSignal: Using fallback ES5 Stub for backwards compatibility.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
bl.flirthits.com
cdn.onesignal.com
directlocaldating.com
fonts.googleapis.com
fonts.gstatic.com
imedia.justservingfiles.net
login.ievolved.com
lpmedia.justservingfiles.net
maxcdn.bootstrapcdn.com
o-2587.prodtraff.com
www.positivecushion.com
156.67.36.11
156.67.36.15
2606:4700::6812:bcf
2606:4700::6812:e234
2a00:1450:4001:828::200a
2a00:1450:4001:829::2003
2a00:1450:4001:830::200a
34.208.248.154
67.55.114.36
69.16.175.10
95.215.46.172
0dccbd3f3d3f9074ca635cc844fcf4c9d31116ae88b53867f07030918b40c88d
11ed73b8f19930ef1d1f05da475baa3b0489d3b07d0deb5b73b4a2814911b7f2
195c953a7e6f40ca401cbe3b8f67d174909f6bd6a6f58c4d58649dae7341f13f
22b1ab379f9d4dfa0c7887b87b929d9b8c8a5163eaf59aeb9739dd088498c0f8
23d03fe20fccc6dd7bb390ece4a448c072f184b7a5f604b4394b7fcf4b628cb6
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
32b0e150dd063c392ab1c6a1e48bcc0a553359257746384406c91e2654c86581
3dd0d0aef3c5baa13026146bd221c9c7fba6be8814a202ea451bc478f137ff90
4a37694b0214d062f2760f1b58f1093ac05fa24a095e57368db51f2b95456f93
52b2848b55e0df10e316c9e3af9827628d3edb7d1bb4baa491344c2088af6016
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
80c43823e625ee5e54008f00ff89c66020c614dae397401177a790fee8c950a0
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
8fc0e87e41c5d0f5f168ce5c2fa5997c1b665fc6f5301ed0558a07a88107ee41
987c91ad83653e24a9845fb5c4d6b3aafbd75c06c23a6fcb14d4ffc534101b54
c01ae6f690936b5ea1d7ac0b1e77b8f89a61d7b0720e488ba4d2737db1e82ab3
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
d5db5dba10eb17b6a17200d511308a45f025fbda16e41a822ff3634107c47146
d8bec43fa0c0c15402b98176cc557cf4c72c7a881ab1d0143354b87839c90d62
e9ea9a3362eaff855c8bed3b0451fa0cb3b11e22694804fbc4c7695b873469a9
f4baceb08307ef98f3519b9acc80552bed3bf3dc154ed1c8f1f671d42cf83e1b
fe8b2264b7ef7ae4f5b3ee5fa827b2744a843804a417cc0b39a4f0e9f64f07ed