urlscan.io logo urlscan.io
SecurityTrails logo

promo.ad-dirtyzone.com Open in urlscan Pro
2606:4700:4400::ac40:9538  Public Scan

Go To Rescan Add Verdict Report
URL: https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpop...
Submission: On November 01 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 5 domains to perform 31 HTTP transactions. The main IP is 2606:4700:4400::ac40:9538, located in United States and belongs to CLOUDFLARENET, US. The main domain is promo.ad-dirtyzone.com.
TLS certificate: Issued by E6 on October 1st 2024. Valid for: 3 months.
This is the only time promo.ad-dirtyzone.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 5 2606:4700:440... 13335 (CLOUDFLAR...)
17 2606:4700:440... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
3 104.16.160.145 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 142.250.185.227 15169 (GOOGLE)
3 104.17.111.223 13335 (CLOUDFLAR...)
31 7
5    2606:4700:4400::ac40:9538 (United States)

ASN13335 (CLOUDFLARENET, US)
promo.ad-dirtyzone.com
17    2606:4700:4400::ac40:9819 (United States)

ASN13335 (CLOUDFLARENET, US)
lpmedia.servefilesonly.com
imedia.servefilesonly.com
1    2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    104.16.160.145 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.onesignal.com
img.onesignal.com
1    2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
2    142.250.185.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f3.1e100.net
fonts.gstatic.com
3    104.17.111.223 (None, )

ASN13335 (CLOUDFLARENET, US)
onesignal.com
Apex Domain
Subdomains		 Transfer
17 servefilesonly.com
lpmedia.servefilesonly.com — Cisco Umbrella Rank: 385158
imedia.servefilesonly.com — Cisco Umbrella Rank: 442021
1 MB
6 onesignal.com
cdn.onesignal.com — Cisco Umbrella Rank: 5396
onesignal.com — Cisco Umbrella Rank: 1637
img.onesignal.com — Cisco Umbrella Rank: 9324
90 KB
5 ad-dirtyzone.com
promo.ad-dirtyzone.com
13 KB
2 gstatic.com
fonts.gstatic.com
50 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 30
ajax.googleapis.com — Cisco Umbrella Rank: 412
32 KB
31 5
Domain Requested by
16 lpmedia.servefilesonly.com promo.ad-dirtyzone.com
5 promo.ad-dirtyzone.com 1 redirects promo.ad-dirtyzone.com
3 onesignal.com cdn.onesignal.com
2 fonts.gstatic.com fonts.googleapis.com
2 cdn.onesignal.com promo.ad-dirtyzone.com
cdn.onesignal.com
1 img.onesignal.com
1 imedia.servefilesonly.com promo.ad-dirtyzone.com
1 ajax.googleapis.com promo.ad-dirtyzone.com
1 fonts.googleapis.com promo.ad-dirtyzone.com
31 9

This site contains links to these domains. Also see Links.

Domain
track.datesearch.club
Subject Issuer Validity Valid
ad-dirtyzone.com
E6		 2024-10-01 -
2024-12-30		 3 months crt.sh
servefilesonly.com
E6		 2024-10-04 -
2025-01-02		 3 months crt.sh
upload.video.google.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
*.onesignal.com
WE1		 2024-10-31 -
2025-01-29		 3 months crt.sh
*.gstatic.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
onesignal.com
WE1		 2024-10-31 -
2025-01-29		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpopunder%26auctionid%3df8f8350d-e0f8-41c4-bdde-a475494397cf%26uniqueid%3dd4cf3547bc03aa335062b63ac535ed29%26name%3dtwinred_popunder_can_desktop_%26campaig...%20311%20...10%26ur-api-fetch-hitid%3dtrue
Frame ID: CF6A7611ECDFF3B98F4FA0912F443DE9
Requests: 29 HTTP requests in this frame

Frame: https://promo.ad-dirtyzone.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/main.js
Frame ID: 364C8CC338DF7BDC79DDEDE17BE11588
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

promo.ad-dirtyzone.com

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • cdn\.onesignal\.com
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

31
Requests

97 %
HTTPS

57 %
IPv6

5
Domains

9
Subdomains

7
IPs

3
Countries

1299 kB
Transfer

2488 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13
  • https://promo.ad-dirtyzone.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://promo.ad-dirtyzone.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/main.js

31 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request jmc6100
promo.ad-dirtyzone.com/landing/ 		29 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpopunder%26auctionid%3df8f8350d-e0f8-41c4-bdde-a475494397cf%26uniqueid%3dd4cf3547bc03aa335062b63ac535ed29%26name%3dtwinred_popunder_can_desktop_%26campaig...%20311%20...10%26ur-api-fetch-hitid%3dtrue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9538 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1749e3ba4e13c609864ad847e5ecafe991d4359e9cdd854ef6d4b6355149a902

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
X-Requested-With, Content-Type, Accept, Origin, Authorization
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD
access-control-allow-origin
*
cache-control
max-age=0, private, must-revalidate no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status
DYNAMIC
cf-ray
8db79c972fb5d399-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 01 Nov 2024 00:01:41 GMT
link
<promo.ad-dirtyzone.com/landing/jmc6100?tpcampid=6bed10a3-d244-4d7c-ae2f-3d82f6504b1d>; rel="canonical"
pragma
no-cache
server
cloudflare
vary
Accept-Encoding
styles.min.css
lpmedia.servefilesonly.com/build/widgets/registrationFormBuilder/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/build/widgets/registrationFormBuilder/styles.min.css?1487460
Requested by
Host: promo.ad-dirtyzone.com
URL: https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpopunder%26auctionid%3df8f8350d-e0f8-41c4-bdde-a475494397cf%26uniqueid%3dd4cf3547bc03aa335062b63ac535ed29%26name%3dtwinred_popunder_can_desktop_%26campaig...%20311%20...10%26ur-api-fetch-hitid%3dtrue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92efabd0cc8550e8dfd323bc6ea787a2cf250f437a7f6d1349fe187d73f5c895

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://promo.ad-dirtyzone.com/

Response headers

cache-control
public, max-age=691200
content-encoding
gzip
cf-cache-status
HIT
etag
W/"6720ba88-133a"
age
220800
cf-ray
8db79c9939a99966-FRA
expires
Sat, 09 Nov 2024 00:01:41 GMT
access-control-allow-origin
*
date
Fri, 01 Nov 2024 00:01:41 GMT
content-type
text/css
last-modified
Tue, 29 Oct 2024 10:35:52 GMT
vary
Accept-Encoding
server
cloudflare
corner.css
lpmedia.servefilesonly.com/widgets/corner/ 		246 B
517 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/widgets/corner/corner.css?1487460
Requested by
Host: promo.ad-dirtyzone.com
URL: https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpopunder%26auctionid%3df8f8350d-e0f8-41c4-bdde-a475494397cf%26uniqueid%3dd4cf3547bc03aa335062b63ac535ed29%26name%3dtwinred_popunder_can_desktop_%26campaig...%20311%20...10%26ur-api-fetch-hitid%3dtrue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0dccbd3f3d3f9074ca635cc844fcf4c9d31116ae88b53867f07030918b40c88d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://promo.ad-dirtyzone.com/

Response headers

cache-control
public, max-age=691200
content-encoding
gzip
cf-cache-status
HIT
etag
W/"6720ba9b-f6"
age
220801
cf-ray
8db79c9939ab9966-FRA
expires
Sat, 09 Nov 2024 00:01:41 GMT
access-control-allow-origin
*
date
Fri, 01 Nov 2024 00:01:41 GMT
content-type
text/css
last-modified
Tue, 29 Oct 2024 10:36:11 GMT
vary
Accept-Encoding
server
cloudflare
css2
fonts.googleapis.com/ 		13 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Montserrat:wght@400;700;800&family=Roboto:wght@400;700;900&display=swap
Requested by
Host: promo.ad-dirtyzone.com
URL: https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpopunder%26auctionid%3df8f8350d-e0f8-41c4-bdde-a475494397cf%26uniqueid%3dd4cf3547bc03aa335062b63ac535ed29%26name%3dtwinred_popunder_can_desktop_%26campaig...%20311%20...10%26ur-api-fetch-hitid%3dtrue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
224ab2f3a1d837ba794b398c93f1a465a370dcf42c50459b3158582897e62da3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://promo.ad-dirtyzone.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Fri, 01 Nov 2024 00:01:41 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 01 Nov 2024 00:01:41 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Thu, 31 Oct 2024 23:28:31 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
style.min.css
lpmedia.servefilesonly.com/build/templates/MB/JMobileChat/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/build/templates/MB/JMobileChat/style.min.css?1487460
Requested by
Host: promo.ad-dirtyzone.com
URL: https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpopunder%26auctionid%3df8f8350d-e0f8-41c4-bdde-a475494397cf%26uniqueid%3dd4cf3547bc03aa335062b63ac535ed29%26name%3dtwinred_popunder_can_desktop_%26campaig...%20311%20...10%26ur-api-fetch-hitid%3dtrue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
abb9665c2650167450a41f608d8d02dbe67658109c6454c51b64917ff29416c1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://promo.ad-dirtyzone.com/

Response headers

cache-control
public, max-age=691200
content-encoding
gzip
cf-cache-status
HIT
etag
W/"6720ba88-fe6"
age
220798
cf-ray
8db79c9939a89966-FRA
expires
Sat, 09 Nov 2024 00:01:41 GMT
access-control-allow-origin
*
date
Fri, 01 Nov 2024 00:01:41 GMT
content-type
text/css
last-modified
Tue, 29 Oct 2024 10:35:52 GMT
vary
Accept-Encoding
server
cloudflare
OneSignalSDK.js
cdn.onesignal.com/sdks/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by
Host: promo.ad-dirtyzone.com
URL: https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpopunder%26auctionid%3df8f8350d-e0f8-41c4-bdde-a475494397cf%26uniqueid%3dd4cf3547bc03aa335062b63ac535ed29%26name%3dtwinred_popunder_can_desktop_%26campaig...%20311%20...10%26ur-api-fetch-hitid%3dtrue
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.160.145 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ec8b1b07980996f574075e1b7e895d5d47794b9dcf345a68d60fbb17034f7bef
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://promo.ad-dirtyzone.com/

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
cache-control
public, max-age=259200
content-encoding
br
cf-cache-status
HIT
etag
W/"09282956186c8515ef0d208902803581"
age
1294
via
1.1 google
cf-ray
8db79c99fe635902-TXL
expires
Mon, 04 Nov 2024 00:01:41 GMT
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 00:01:41 GMT
content-type
application/javascript
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
OneSignal-Subscription-Id
casualdatingHeart.png
lpmedia.servefilesonly.com/img/_logos/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lpmedia.servefilesonly.com/img/_logos/casualdatingHeart.png
Requested by
Host: promo.ad-dirtyzone.com
URL: https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpopunder%26auctionid%3df8f8350d-e0f8-41c4-bdde-a475494397cf%26uniqueid%3dd4cf3547bc03aa335062b63ac535ed29%26name%3dtwinred_popunder_can_desktop_%26campaig...%20311%20...10%26ur-api-fetch-hitid%3dtrue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ad52165cc6b3c50eba82c56abb65284455ad606c29b6f134ee1e472dc4cbaa2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://promo.ad-dirtyzone.com/

Response headers

cache-control
public, max-age=691200
cf-cache-status
HIT
etag
"671f7255-1040"
age
239710
cf-ray
8db79c9949ae9966-FRA
expires
Sat, 09 Nov 2024 00:01:41 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
4160
date
Fri, 01 Nov 2024 00:01:41 GMT
content-type
image/png
last-modified
Mon, 28 Oct 2024 11:15:33 GMT
vary
Accept-Encoding
server
cloudflare
casualdatingHeart_w.png
lpmedia.servefilesonly.com/img/_logos/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lpmedia.servefilesonly.com/img/_logos/casualdatingHeart_w.png
Requested by
Host: promo.ad-dirtyzone.com
URL: https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpopunder%26auctionid%3df8f8350d-e0f8-41c4-bdde-a475494397cf%26uniqueid%3dd4cf3547bc03aa335062b63ac535ed29%26name%3dtwinred_popunder_can_desktop_%26campaig...%20311%20...10%26ur-api-fetch-hitid%3dtrue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ceb58acc54679268926472a6a05930c84036b8b1ba18be1a33d10e1838382f7b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://promo.ad-dirtyzone.com/

Response headers

cache-control
public, max-age=691200
cf-cache-status
HIT
etag
"6720ba89-dec"
age
16004
cf-ray
8db79c9939ac9966-FRA
expires
Sat, 09 Nov 2024 00:01:41 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
3564
date
Fri, 01 Nov 2024 00:01:41 GMT
content-type
image/png
last-modified
Tue, 29 Oct 2024 10:35:53 GMT
vary
Accept-Encoding
server
cloudflare
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: promo.ad-dirtyzone.com
URL: https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpopunder%26auctionid%3df8f8350d-e0f8-41c4-bdde-a475494397cf%26uniqueid%3dd4cf3547bc03aa335062b63ac535ed29%26name%3dtwinred_popunder_can_desktop_%26campaig...%20311%20...10%26ur-api-fetch-hitid%3dtrue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://promo.ad-dirtyzone.com/

Response headers

content-encoding
gzip
age
34256
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Fri, 31 Oct 2025 14:30:45 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 31 Oct 2024 14:30:45 GMT
last-modified
Wed, 10 Mar 2021 14:28:09 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
31017
x-xss-protection
0
server
sffe
scripts.min.js
lpmedia.servefilesonly.com/build/widgets/registrationFormBuilder/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/build/widgets/registrationFormBuilder/scripts.min.js?1487460
Requested by
Host: promo.ad-dirtyzone.com
URL: https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpopunder%26auctionid%3df8f8350d-e0f8-41c4-bdde-a475494397cf%26uniqueid%3dd4cf3547bc03aa335062b63ac535ed29%26name%3dtwinred_popunder_can_desktop_%26campaig...%20311%20...10%26ur-api-fetch-hitid%3dtrue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4722954ecc836fc6c7a33cb9165028311707de6a881f263cca72db7308053d04

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://promo.ad-dirtyzone.com/

Response headers

cache-control
public, max-age=691200
content-encoding
gzip
cf-cache-status
HIT
etag
W/"6720ba88-541a"
age
220800
cf-ray
8db79c99a9c99966-FRA
expires
Sat, 09 Nov 2024 00:01:41 GMT
access-control-allow-origin
*
date
Fri, 01 Nov 2024 00:01:41 GMT
content-type
application/javascript
last-modified
Tue, 29 Oct 2024 10:35:52 GMT
vary
Accept-Encoding
server
cloudflare
popwin.js
lpmedia.servefilesonly.com/js/ 		1 KB
637 B 		Script
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/js/popwin.js?1487460
Requested by
Host: promo.ad-dirtyzone.com
URL: https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpopunder%26auctionid%3df8f8350d-e0f8-41c4-bdde-a475494397cf%26uniqueid%3dd4cf3547bc03aa335062b63ac535ed29%26name%3dtwinred_popunder_can_desktop_%26campaig...%20311%20...10%26ur-api-fetch-hitid%3dtrue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
80c43823e625ee5e54008f00ff89c66020c614dae397401177a790fee8c950a0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://promo.ad-dirtyzone.com/

Response headers

cache-control
public, max-age=691200
content-encoding
gzip
cf-cache-status
HIT
etag
W/"6720ba9a-499"
age
220801
cf-ray
8db79c99a9ca9966-FRA
expires
Sat, 09 Nov 2024 00:01:41 GMT
access-control-allow-origin
*
date
Fri, 01 Nov 2024 00:01:41 GMT
content-type
application/javascript
last-modified
Tue, 29 Oct 2024 10:36:10 GMT
vary
Accept-Encoding
server
cloudflare
dcdddee3-dca0-4a95-b1e9-cb4fc033e0f0.jpg
imedia.servefilesonly.com/ 		215 KB
215 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imedia.servefilesonly.com/dcdddee3-dca0-4a95-b1e9-cb4fc033e0f0.jpg
Requested by
Host: promo.ad-dirtyzone.com
URL: https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpopunder%26auctionid%3df8f8350d-e0f8-41c4-bdde-a475494397cf%26uniqueid%3dd4cf3547bc03aa335062b63ac535ed29%26name%3dtwinred_popunder_can_desktop_%26campaig...%20311%20...10%26ur-api-fetch-hitid%3dtrue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7cab4be0e7fe939d22c5ea3167b1d8378988494642ca8d6fd41ce84f1e03d623

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://promo.ad-dirtyzone.com/

Response headers

cf-bgj
h2pri
etag
"3026493a3fc98169ea6680f5aa23a8e3"
age
325040
cf-cache-status
HIT
expires
Sat, 09 Nov 2024 00:01:41 GMT
x-cache
RefreshHit from cloudfront
x-amz-cf-id
9jGaA5puZs3y1W0_EK78LMQtllnHkhUMlCuMYLomdBeL5IbOj8HeYQ==
date
Fri, 01 Nov 2024 00:01:41 GMT
content-type
image/jpeg
last-modified
Thu, 23 Dec 2021 18:04:45 GMT
vary
Accept-Encoding
cache-control
public, max-age=691200
via
1.1 4bf44796811ecea5881c6668d3aa9226.cloudfront.net (CloudFront)
cf-ray
8db79c99e9d99966-FRA
accept-ranges
bytes
content-length
219871
x-amz-cf-pop
FRA56-P8
server
cloudflare
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v26/ 		32 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@400;700;800&family=Roboto:wght@400;700;900&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f3.1e100.net
Software
sffe /
Resource Hash
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://promo.ad-dirtyzone.com
Referer
https://fonts.googleapis.com/

Response headers

age
228751
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 29 Oct 2025 08:29:10 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 29 Oct 2024 08:29:10 GMT
last-modified
Wed, 13 Sep 2023 22:51:58 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
33092
x-xss-protection
0
server
sffe
OneSignalPageSDKES6.js
cdn.onesignal.com/sdks/ 		284 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151606
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.160.145 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
785d3e9ea187b7242e1a4365a48c3fd95dd7a469245d24c6769b8d46c4ef4b81
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://promo.ad-dirtyzone.com/

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
cache-control
public, max-age=259200
content-encoding
br
cf-cache-status
HIT
etag
W/"7e91359b46e1da637080a03b759164fa"
age
1322
via
1.1 google
cf-ray
8db79c9a4eaf5902-TXL
expires
Mon, 04 Nov 2024 00:01:41 GMT
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 00:01:41 GMT
content-type
application/javascript
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
OneSignal-Subscription-Id
main.js
promo.ad-dirtyzone.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/ Frame 364C
Redirect Chain
  • https://promo.ad-dirtyzone.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://promo.ad-dirtyzone.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/main.js?
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://promo.ad-dirtyzone.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/main.js?
Requested by
Host: promo.ad-dirtyzone.com
URL: https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpopunder%26auctionid%3df8f8350d-e0f8-41c4-bdde-a475494397cf%26uniqueid%3dd4cf3547bc03aa335062b63ac535ed29%26name%3dtwinred_popunder_can_desktop_%26campaig...%20311%20...10%26ur-api-fetch-hitid%3dtrue
Protocol
H2
Server
2606:4700:4400::ac40:9538 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
51aa6b06fc813829cb5fba47324d7e9744aab4cc0f9e2ba12c353d76709efb7a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
content-encoding
gzip
x-content-type-options
nosniff
cf-ray
8db79c9b8d5ed399-FRA
date
Fri, 01 Nov 2024 00:01:41 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare

Redirect headers

cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/main.js?
cf-ray
8db79c9b1cc6d399-FRA
access-control-allow-origin
*
content-length
0
date
Fri, 01 Nov 2024 00:01:41 GMT
vary
Accept-Encoding
server
cloudflare
jmc6100-1.mp4
lpmedia.servefilesonly.com/img/_pictures/fsk16/videos/ 		85 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/img/_pictures/fsk16/videos/jmc6100-1.mp4?1487460
Requested by
Host: promo.ad-dirtyzone.com
URL: https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpopunder%26auctionid%3df8f8350d-e0f8-41c4-bdde-a475494397cf%26uniqueid%3dd4cf3547bc03aa335062b63ac535ed29%26name%3dtwinred_popunder_can_desktop_%26campaig...%20311%20...10%26ur-api-fetch-hitid%3dtrue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://promo.ad-dirtyzone.com/
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=0-

Response headers

cache-control
public, max-age=691200
cf-cache-status
HIT
etag
"6720ba90-9a024"
age
220798
Content-Range
bytes 0-630819/630820
cf-ray
8db79c9b1a349966-FRA
expires
Sat, 09 Nov 2024 00:01:41 GMT
access-control-allow-origin
*
Content-Length
630820
date
Fri, 01 Nov 2024 00:01:41 GMT
content-type
video/mp4
last-modified
Tue, 29 Oct 2024 10:36:00 GMT
vary
Accept-Encoding
server
cloudflare
jmc6100-2.mp4
lpmedia.servefilesonly.com/img/_pictures/fsk16/videos/ 		44 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/img/_pictures/fsk16/videos/jmc6100-2.mp4?1487460
Requested by
Host: promo.ad-dirtyzone.com
URL: https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpopunder%26auctionid%3df8f8350d-e0f8-41c4-bdde-a475494397cf%26uniqueid%3dd4cf3547bc03aa335062b63ac535ed29%26name%3dtwinred_popunder_can_desktop_%26campaig...%20311%20...10%26ur-api-fetch-hitid%3dtrue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://promo.ad-dirtyzone.com/
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=0-

Response headers

cache-control
public, max-age=691200
cf-cache-status
HIT
etag
"6720ba90-5ec60"
age
220781
Content-Range
bytes 0-388191/388192
cf-ray
8db79c9b1a359966-FRA
expires
Sat, 09 Nov 2024 00:01:41 GMT
access-control-allow-origin
*
Content-Length
388192
date
Fri, 01 Nov 2024 00:01:41 GMT
content-type
video/mp4
last-modified
Tue, 29 Oct 2024 10:36:00 GMT
vary
Accept-Encoding
server
cloudflare
web
onesignal.com/api/v1/sync/6dadc7c5-b7c8-4ab9-b56e-d14f7c785e16/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/api/v1/sync/6dadc7c5-b7c8-4ab9-b56e-d14f7c785e16/web?callback=__jp0
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151606
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.111.223 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a57072f27f9754963d76453142230a77923020ab13c3b101d131cf7e61a071a7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://promo.ad-dirtyzone.com/

Response headers

x-request-id
b035e874-00c4-4789-9847-e1906e3f359e
content-encoding
br
cf-cache-status
HIT
etag
W/"a57072f27f9754963d76453142230a77"
age
629
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Fri, 01 Nov 2024 01:01:41 GMT
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 00:01:41 GMT
content-type
text/javascript; charset=utf-8
vary
Origin, Accept-Encoding
x-runtime
0.032727
access-control-allow-headers
SDK-Version
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains
cache-control
public, max-age=3600
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
via
1.1 google
cf-ray
8db79c9c081caca9-TXL
access-control-allow-origin
*
x-xss-protection
1; mode=block
server
cloudflare
jmc6100-1.mp4
lpmedia.servefilesonly.com/img/_pictures/fsk16/videos/ 		8 KB
8 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/img/_pictures/fsk16/videos/jmc6100-1.mp4?1487460
Requested by
Host: promo.ad-dirtyzone.com
URL: https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpopunder%26auctionid%3df8f8350d-e0f8-41c4-bdde-a475494397cf%26uniqueid%3dd4cf3547bc03aa335062b63ac535ed29%26name%3dtwinred_popunder_can_desktop_%26campaig...%20311%20...10%26ur-api-fetch-hitid%3dtrue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7fea82fe2adfc37eba8bc5f85a421f48c1c00c467d253dbd07fd8107b8c39620

Request headers

Referer
https://promo.ad-dirtyzone.com/
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=622592-

Response headers

cache-control
public, max-age=691200
cf-cache-status
HIT
etag
"6720ba90-9a024"
age
220798
Content-Range
bytes 622592-630819/630820
cf-ray
8db79c9b9a649966-FRA
expires
Sat, 09 Nov 2024 00:01:41 GMT
access-control-allow-origin
*
Content-Length
8228
date
Fri, 01 Nov 2024 00:01:41 GMT
last-modified
Tue, 29 Oct 2024 10:36:00 GMT
vary
Accept-Encoding
server
cloudflare
content-type
video/mp4
jmc6100-2.mp4
lpmedia.servefilesonly.com/img/_pictures/fsk16/videos/ 		27 KB
27 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/img/_pictures/fsk16/videos/jmc6100-2.mp4?1487460
Requested by
Host: promo.ad-dirtyzone.com
URL: https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpopunder%26auctionid%3df8f8350d-e0f8-41c4-bdde-a475494397cf%26uniqueid%3dd4cf3547bc03aa335062b63ac535ed29%26name%3dtwinred_popunder_can_desktop_%26campaig...%20311%20...10%26ur-api-fetch-hitid%3dtrue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3f8b95b5b14094945598842bd5e4877c8a7a37733975e0d809e41cc53f999587

Request headers

Referer
https://promo.ad-dirtyzone.com/
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=360448-

Response headers

cache-control
public, max-age=691200
cf-cache-status
HIT
etag
"6720ba90-5ec60"
age
220781
Content-Range
bytes 360448-388191/388192
cf-ray
8db79c9b9a659966-FRA
expires
Sat, 09 Nov 2024 00:01:41 GMT
access-control-allow-origin
*
Content-Length
27744
date
Fri, 01 Nov 2024 00:01:41 GMT
last-modified
Tue, 29 Oct 2024 10:36:00 GMT
vary
Accept-Encoding
server
cloudflare
content-type
video/mp4
8db79c972fb5d399
promo.ad-dirtyzone.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 364C 		0
621 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://promo.ad-dirtyzone.com/cdn-cgi/challenge-platform/h/b/jsd/r/8db79c972fb5d399
Requested by
Host: promo.ad-dirtyzone.com
URL: https://promo.ad-dirtyzone.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9538 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/json
Referer

Response headers

cf-ray
8db79c9c9eafd399-FRA
content-length
0
date
Fri, 01 Nov 2024 00:01:41 GMT
content-type
text/plain; charset=UTF-8
server
cloudflare
jmc6100-2.mp4
lpmedia.servefilesonly.com/img/_pictures/fsk16/videos/ 		347 KB
308 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/img/_pictures/fsk16/videos/jmc6100-2.mp4?1487460
Requested by
Host: promo.ad-dirtyzone.com
URL: https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpopunder%26auctionid%3df8f8350d-e0f8-41c4-bdde-a475494397cf%26uniqueid%3dd4cf3547bc03aa335062b63ac535ed29%26name%3dtwinred_popunder_can_desktop_%26campaig...%20311%20...10%26ur-api-fetch-hitid%3dtrue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
abeffa5127d3179716cc258c856e1a456e6f854a1f9d2edd02842579ed737e5a

Request headers

Referer
https://promo.ad-dirtyzone.com/
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=32768-

Response headers

cache-control
public, max-age=691200
cf-cache-status
HIT
etag
"6720ba90-5ec60"
age
220781
Content-Range
bytes 32768-388191/388192
cf-ray
8db79c9b9a659966-FRA
expires
Sat, 09 Nov 2024 00:01:41 GMT
access-control-allow-origin
*
Content-Length
355424
date
Fri, 01 Nov 2024 00:01:41 GMT
last-modified
Tue, 29 Oct 2024 10:36:00 GMT
vary
Accept-Encoding
server
cloudflare
content-type
video/mp4
jmc6100-1.mp4
lpmedia.servefilesonly.com/img/_pictures/fsk16/videos/ 		552 KB
524 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/img/_pictures/fsk16/videos/jmc6100-1.mp4?1487460
Requested by
Host: promo.ad-dirtyzone.com
URL: https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpopunder%26auctionid%3df8f8350d-e0f8-41c4-bdde-a475494397cf%26uniqueid%3dd4cf3547bc03aa335062b63ac535ed29%26name%3dtwinred_popunder_can_desktop_%26campaig...%20311%20...10%26ur-api-fetch-hitid%3dtrue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5658f67ebbf3fa42a9f6a2c55c27b2c5097afe1723b0af3f806e000b8f32db3

Request headers

Referer
https://promo.ad-dirtyzone.com/
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=65536-

Response headers

cache-control
public, max-age=691200
cf-cache-status
HIT
etag
"6720ba90-9a024"
age
220798
Content-Range
bytes 65536-630819/630820
cf-ray
8db79c9b9a649966-FRA
expires
Sat, 09 Nov 2024 00:01:41 GMT
access-control-allow-origin
*
Content-Length
565284
date
Fri, 01 Nov 2024 00:01:41 GMT
last-modified
Tue, 29 Oct 2024 10:36:00 GMT
vary
Accept-Encoding
server
cloudflare
content-type
video/mp4
casualdatingHeart_fav.png
promo.ad-dirtyzone.com/assets/img/_favicons/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://promo.ad-dirtyzone.com/assets/img/_favicons/casualdatingHeart_fav.png?1487460
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9538 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e18486908bfa209ac16eb30755e51b4c93f7629bbafc5aae6be0428efd8fa6c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://promo.ad-dirtyzone.com/landing/jmc6100?subPublisher%3dpopunder:zbporn.com%26zone%3dpopunder:zbporn.com%26adformat%3dpopunder%26auctionid%3df8f8350d-e0f8-41c4-bdde-a475494397cf%26uniqueid%3dd4cf3547bc03aa335062b63ac535ed29%26name%3dtwinred_popunder_can_desktop_%26campaig...%20311%20...10%26ur-api-fetch-hitid%3dtrue

Response headers

cache-control
public, max-age=172800
cf-cache-status
HIT
etag
"6720ba89-4c5"
age
47864
cf-ray
8db79c9df81fd399-FRA
expires
Sun, 03 Nov 2024 00:01:42 GMT
accept-ranges
bytes
content-length
1221
date
Fri, 01 Nov 2024 00:01:42 GMT
content-type
image/png
last-modified
Tue, 29 Oct 2024 10:35:53 GMT
vary
Accept-Encoding
server
cloudflare
OneSignalSDKStyles.css
onesignal.com/sdks/ 		82 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151606
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.111.223 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://promo.ad-dirtyzone.com/

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
cache-control
public, max-age=2592000
content-encoding
br
cf-cache-status
HIT
etag
W/"4e9aaefffd5f8ae7dc83361aa2294190"
age
1889
via
1.1 google
cf-ray
8db79c9e8a76aca9-TXL
expires
Sun, 01 Dec 2024 00:01:42 GMT
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 00:01:42 GMT
content-type
text/css
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
OneSignal-Subscription-Id
icon
onesignal.com/api/v1/apps/6dadc7c5-b7c8-4ab9-b56e-d14f7c785e16/ 		308 B
818 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/api/v1/apps/6dadc7c5-b7c8-4ab9-b56e-d14f7c785e16/icon
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151606
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.111.223 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dfec3bd28449708594e2253ebee5cb35412d39c107614414bb27fd791df5d1d1
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://promo.ad-dirtyzone.com/

Response headers

x-request-id
407485fb-df9b-4a9d-bbfb-fc257ee489cf
content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"dfec3bd28449708594e2253ebee5cb35"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 00:01:42 GMT
content-type
application/json; charset=utf-8
vary
Accept, Origin, Accept-Encoding
x-runtime
0.019824
access-control-allow-headers
SDK-Version
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains
cache-control
max-age=0, private, must-revalidate
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
via
1.1 google
cf-ray
8db79c9f1aa1e512-TXL
access-control-allow-origin
*
x-xss-protection
1; mode=block
server
cloudflare
2acKGqR3e39WYb5DwK0g_4ee73a6a-cef9-4190-ad47-9baa8278f6ee.png
img.onesignal.com/permanent/5766b610-4d06-45bb-bf00-54d8840015e2/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.onesignal.com/permanent/5766b610-4d06-45bb-bf00-54d8840015e2/2acKGqR3e39WYb5DwK0g_4ee73a6a-cef9-4190-ad47-9baa8278f6ee.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.160.145 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2830fdd2d01b47bb7e6da2b93acea49c3ca8ab3c088c37e9c260636a6f4acf9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://promo.ad-dirtyzone.com/

Response headers

x-goog-metageneration
1
x-goog-hash
crc32c=VV2vcw==, md5=Vf8W8/VpBV8jju6vbxR1XQ==
cf-bgj
imgq:85,h2pri
etag
"-CIH5pvrjiocDEAE="
age
2272
cf-cache-status
HIT
x-goog-stored-content-encoding
identity
expires
Mon, 02 Dec 2024 00:01:42 GMT
cf-polished
origSize=10407, status=vary_header_present
alt-svc
h3=":443"; ma=86400
x-goog-stored-content-length
10407
date
Fri, 01 Nov 2024 00:01:42 GMT
content-type
image/png
last-modified
Wed, 03 Jul 2024 11:36:54 GMT
vary
Origin, Accept-Encoding
x-guploader-uploadid
AD-8ljsuc0rauq04KRuzmMzafxOmSPaPsgHB5tMKBKYLsJav1gvVQLa7Tkxj5yQJlCeO-FXYkEUXLVm0eA
strict-transport-security
max-age=15552000; includeSubDomains
cache-control
public, max-age=2678400
pragma
no-cache
x-goog-storage-class
STANDARD
cf-ray
8db79ca02ce15902-TXL
x-goog-encryption-kms-key-name
projects/core-infra-onesignal/locations/europe-west4/keyRings/keyring-kms-onesignal/cryptoKeys/img-persistence-bucket-onesignal/cryptoKeyVersions/1
accept-ranges
bytes
x-goog-generation
1720006614826113
content-length
6226
server
cloudflare
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@400;700;800&family=Roboto:wght@400;700;900&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f3.1e100.net
Software
sffe /
Resource Hash
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://promo.ad-dirtyzone.com
Referer
https://fonts.googleapis.com/

Response headers

age
211380
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 29 Oct 2025 13:18:42 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 29 Oct 2024 13:18:42 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18536
x-xss-protection
0
server
sffe
jmc6100-3.mp4
lpmedia.servefilesonly.com/img/_pictures/fsk16/videos/ 		75 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/img/_pictures/fsk16/videos/jmc6100-3.mp4?1487460
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://promo.ad-dirtyzone.com/
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=0-

Response headers

cache-control
public, max-age=691200
cf-cache-status
HIT
etag
"6720ba90-92daf"
age
220797
Content-Range
bytes 0-601518/601519
cf-ray
8db79cba5fd99966-FRA
expires
Sat, 09 Nov 2024 00:01:46 GMT
access-control-allow-origin
*
Content-Length
601519
date
Fri, 01 Nov 2024 00:01:46 GMT
content-type
video/mp4
last-modified
Tue, 29 Oct 2024 10:36:00 GMT
vary
Accept-Encoding
server
cloudflare
jmc6100-3.mp4
lpmedia.servefilesonly.com/img/_pictures/fsk16/videos/ 		11 KB
12 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/img/_pictures/fsk16/videos/jmc6100-3.mp4?1487460
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f0a503b8a23dd6b7fc6c57e296ad31f4208d1ad7e71a90d58232cccb99fac6d2

Request headers

Referer
https://promo.ad-dirtyzone.com/
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=589824-

Response headers

cache-control
public, max-age=691200
cf-cache-status
HIT
etag
"6720ba90-92daf"
age
220797
Content-Range
bytes 589824-601518/601519
cf-ray
8db79cbacffb9966-FRA
expires
Sat, 09 Nov 2024 00:01:46 GMT
access-control-allow-origin
*
Content-Length
11695
date
Fri, 01 Nov 2024 00:01:46 GMT
last-modified
Tue, 29 Oct 2024 10:36:00 GMT
vary
Accept-Encoding
server
cloudflare
content-type
video/mp4
jmc6100-3.mp4
lpmedia.servefilesonly.com/img/_pictures/fsk16/videos/ 		512 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/img/_pictures/fsk16/videos/jmc6100-3.mp4?1487460
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://promo.ad-dirtyzone.com/
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=65536-

Response headers

cache-control
public, max-age=691200
cf-cache-status
HIT
etag
"6720ba90-92daf"
age
220797
Content-Range
bytes 65536-601518/601519
cf-ray
8db79cbacffb9966-FRA
expires
Sat, 09 Nov 2024 00:01:46 GMT
access-control-allow-origin
*
Content-Length
535983
date
Fri, 01 Nov 2024 00:01:46 GMT
last-modified
Tue, 29 Oct 2024 10:36:00 GMT
vary
Accept-Encoding
server
cloudflare
content-type
video/mp4

Verdicts & Comments Add Verdict or Comment

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| OneSignal function| $ function| jQuery object| x function| closeAllSelect object| dataCountries number| doneTyping object| countries function| _eventClickAutocomplete function| findCountryCode function| displayCountry function| findCountryName function| buildAutocomplete function| getCurentLocation function| getCurentLocationByIp function| sendCurrentLocation function| sendValidateLocation function| fillLocationValidated function| validateLocation function| validateLocationMessage function| getCurrentLink function| goToStep function| countdownToNextStep function| activeProgressBar function| Validator object| Popwin function| populateLinks function| deeplinkQueryStringToArray function| deeplinkAddParametersToURL function| rotateImg function| LoadVideo number| __oneSignalSdkLoadCount function| __jp0

5 Cookies

Domain/Path Name / Value
promo.ad-dirtyzone.com/ Name: PHPSESSID
Value: 05bvhk6et3v59adh37djbr44ln
.ad-dirtyzone.com/ Name: __cf_bm
Value: a.RG8pfHnfA3jNiygTh4kS0nNEr9rfEkP4vxqdbKLrw-1730419301-1.0.1.1-f49RigaRslBapofmnY65E5BxEr9Vflcfp3S6fDJ6CsqW5s84VfckJgRe..DqcGtiRJtLXfhBfAJGJd.V1n5S7g
.servefilesonly.com/ Name: __cf_bm
Value: Cj4xnJaJS5aDgXuhg8gpwoKwH7yIhvz28s9HvCFvt0M-1730419301-1.0.1.1-YHZ7oZlhvPYJWBP5KsnqpoGgeiBttzm1TQRZkpg5o3x7p6OiCdW0WU7kDLcemS5IGbF2oI1DjdvoSCVIpv6MSQ
.onesignal.com/ Name: __cf_bm
Value: xLTxYqNKQzAVjrh_Dey_mhv4Dd3VgalszUi7t6EDKh0-1730419301-1.0.1.1-gYUMHBsCnte2snqSaFlnBkG87jZ2B3enjJ898af1D2e8sS.YJ6XaBZ2hKq9X6vkWGrYOsQBa5GYtUbOayQMHuA
.ad-dirtyzone.com/ Name: cf_clearance
Value: 8V850shRTjsU3odAshmCrW9ydZgkW7Lbk9mqAciT8M0-1730419301-1.2.1.1-bZg480_4X4iUZNZZ0yVMqUXKL88x2yxIFNwThQ1JnyzyWrjHA45P__4f6yuyh_Oubznltn5WaoMRlJmZ7lbRD3XdsHyoTgyCXycKQWKixsvYH3lOsnNgsGphMlL8YUHSLCO9lChze0zcwzWkPjFbpSxzJH_4mHugGEXFgRUlL0RoGjgG9hnyVeyToXs9FxeIXZs9bl.EHur5X_QGNV.yiG8dEq5pqiejxn3IFydkKT8l_7NviRbXyEvZklD1WleyLuWdCv_MVKlrjTy0NS_beP7_y_9.FyqzmjR8cTCQhjHu2h1v_n_1VNd50vLMpvA8XOJEpfFTO6syapM0Pb6ARJkA99WkK.vLlslofY2mkewnkgkNjCEYXqjlo0OUl4pd

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.onesignal.com
fonts.googleapis.com
fonts.gstatic.com
imedia.servefilesonly.com
img.onesignal.com
lpmedia.servefilesonly.com
onesignal.com
promo.ad-dirtyzone.com
104.16.160.145
104.17.111.223
142.250.185.227
2606:4700:4400::ac40:9538
2606:4700:4400::ac40:9819
2a00:1450:4001:813::200a
2a00:1450:4001:828::200a
0ad52165cc6b3c50eba82c56abb65284455ad606c29b6f134ee1e472dc4cbaa2
0dccbd3f3d3f9074ca635cc844fcf4c9d31116ae88b53867f07030918b40c88d
1749e3ba4e13c609864ad847e5ecafe991d4359e9cdd854ef6d4b6355149a902
1e18486908bfa209ac16eb30755e51b4c93f7629bbafc5aae6be0428efd8fa6c
224ab2f3a1d837ba794b398c93f1a465a370dcf42c50459b3158582897e62da3
3f8b95b5b14094945598842bd5e4877c8a7a37733975e0d809e41cc53f999587
4722954ecc836fc6c7a33cb9165028311707de6a881f263cca72db7308053d04
51aa6b06fc813829cb5fba47324d7e9744aab4cc0f9e2ba12c353d76709efb7a
785d3e9ea187b7242e1a4365a48c3fd95dd7a469245d24c6769b8d46c4ef4b81
7cab4be0e7fe939d22c5ea3167b1d8378988494642ca8d6fd41ce84f1e03d623
7fea82fe2adfc37eba8bc5f85a421f48c1c00c467d253dbd07fd8107b8c39620
80c43823e625ee5e54008f00ff89c66020c614dae397401177a790fee8c950a0
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
92efabd0cc8550e8dfd323bc6ea787a2cf250f437a7f6d1349fe187d73f5c895
a57072f27f9754963d76453142230a77923020ab13c3b101d131cf7e61a071a7
abb9665c2650167450a41f608d8d02dbe67658109c6454c51b64917ff29416c1
abeffa5127d3179716cc258c856e1a456e6f854a1f9d2edd02842579ed737e5a
b5658f67ebbf3fa42a9f6a2c55c27b2c5097afe1723b0af3f806e000b8f32db3
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
ceb58acc54679268926472a6a05930c84036b8b1ba18be1a33d10e1838382f7b
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
dfec3bd28449708594e2253ebee5cb35412d39c107614414bb27fd791df5d1d1
e2830fdd2d01b47bb7e6da2b93acea49c3ca8ab3c088c37e9c260636a6f4acf9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec8b1b07980996f574075e1b7e895d5d47794b9dcf345a68d60fbb17034f7bef
f0a503b8a23dd6b7fc6c57e296ad31f4208d1ad7e71a90d58232cccb99fac6d2
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e