urlscan.io logo urlscan.io
SecurityTrails logo

r.xdref.com Open in urlscan Pro
72.29.121.220  Public Scan

Go To Rescan Add Verdict Report
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Submission: On July 02 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 42 HTTP transactions. The main IP is 72.29.121.220, located in United States and belongs to AS-TIERP-30496, US. The main domain is r.xdref.com.
TLS certificate: Issued by R3 on June 1st 2021. Valid for: 3 months.
This is the only time r.xdref.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

33    72.29.121.220 (United States)

ASN30496 (AS-TIERP-30496, US)
PTR: edq8atOvzy.out.jr.proxy.exchangedefender.com
r.xdref.com
1    2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
4    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
Domain Requested by
33 r.xdref.com r.xdref.com
4 fonts.gstatic.com fonts.googleapis.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 www.googletagmanager.com r.xdref.com
1 fonts.googleapis.com r.xdref.com
42 5
Subject Issuer Validity Valid
r.xdref.com
R3		 2021-06-01 -
2021-08-30		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2021-05-31 -
2021-08-23		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-06-07 -
2021-08-30		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-06-07 -
2021-08-30		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Frame ID: 0BE1849A354AC50EE5663AB7B4FE08B5
Requests: 42 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i
  • html /<!-- (?:End )?Google Tag Manager -->/i

Page Statistics

42
Requests

100 %
HTTPS

83 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

705 kB
Transfer

1974 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

42 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
r.xdref.com/ 		23 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy / PHP/7.4.14
Resource Hash
3e7398652e1f1e21963451320ed45179ab8a2a65d2479b956ddaddd20d5055ca

Request headers

:method
GET
:authority
r.xdref.com
:scheme
https
:path
/?id=x9EJ4JJ8045486&from=h1235651
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/html; charset=UTF-8
date
Fri, 02 Jul 2021 03:03:19 GMT
server
Caddy Caddy
x-powered-by
PHP/7.4.14
css
fonts.googleapis.com/ 		8 KB
838 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700&subset=all
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
62b964c6110d2300c2b25824348217c5226ce87eb4a681bde737ed016285b2b1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://r.xdref.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 02 Jul 2021 02:56:07 GMT
server
ESF
date
Fri, 02 Jul 2021 03:03:19 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 02 Jul 2021 03:03:19 GMT
font-awesome.min.css
r.xdref.com/assets/global/plugins/font-awesome/css/ 		26 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/plugins/font-awesome/css/font-awesome.min.css
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829

Request headers

:path
/assets/global/plugins/font-awesome/css/font-awesome.min.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:19 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpgklz"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/css; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
simple-line-icons.min.css
r.xdref.com/assets/global/plugins/simple-line-icons/ 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/plugins/simple-line-icons/simple-line-icons.min.css
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
4b681a7b7a54a5f692028e2556dfc29a0e43c6e08f3e773f3daf7e3f02742bc3

Request headers

:path
/assets/global/plugins/simple-line-icons/simple-line-icons.min.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:19 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpg7dl"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/css; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
content-length
2298
bootstrap.min.css
r.xdref.com/assets/global/plugins/bootstrap/css/ 		115 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/plugins/bootstrap/css/bootstrap.min.css
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
f1d2154ad019224eaf66b73fc05b3118d16cd0b5623f811ac0048345d73ebc2c

Request headers

:path
/assets/global/plugins/bootstrap/css/bootstrap.min.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:19 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:51 GMT
server
Caddy Caddy
etag
"qtthpf2ize"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/css; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
bootstrap-switch.min.css
r.xdref.com/assets/global/plugins/bootstrap-switch/css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/plugins/bootstrap-switch/css/bootstrap-switch.min.css
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
e1ed1e8914e4eb8b509ccf619a7b4dc428399ee294e4c406feeb8267b5a07d77

Request headers

:path
/assets/global/plugins/bootstrap-switch/css/bootstrap-switch.min.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:19 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:51 GMT
server
Caddy Caddy
etag
"qtthpf4zd"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/css; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
content-length
1500
jquery.fancybox.css
r.xdref.com/assets/global/plugins/fancybox/source/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/plugins/fancybox/source/jquery.fancybox.css
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
968a8e56e4adaf8c135199ebd7f6cc065424ca45974d4dfbeb5607e69fe72fcd

Request headers

:path
/assets/global/plugins/fancybox/source/jquery.fancybox.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:19 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpg3rz"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/css; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
content-length
1523
sweetalert.css
r.xdref.com/assets/global/plugins/bootstrap-sweetalert/ 		13 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/plugins/bootstrap-sweetalert/sweetalert.css
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
67c4d6f91122526f73490306647e1b7d98b9d9526032a11309b3c5946441d4ff

Request headers

:path
/assets/global/plugins/bootstrap-sweetalert/sweetalert.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:19 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:51 GMT
server
Caddy Caddy
etag
"qtthpfa2j"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/css; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
content-length
2812
components.min.css
r.xdref.com/assets/global/css/ 		602 KB
85 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/css/components.min.css
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
786f05af526527020b2b80fa838aa956763aaf29696179025d5186d61720aee6

Request headers

:path
/assets/global/css/components.min.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:19 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:51 GMT
server
Caddy Caddy
etag
"qtthpfd7j5"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/css; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
plugins.min.css
r.xdref.com/assets/global/css/ 		41 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/css/plugins.min.css
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
44d6c558f0611525cb819c1b232d8b79b0b9a3e74f8f5f940188e2b3c140c61b

Request headers

:path
/assets/global/css/plugins.min.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:19 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:51 GMT
server
Caddy Caddy
etag
"qtthpfwj8"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/css; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
layout.min.css
r.xdref.com/assets/layouts/layout/css/ 		78 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/layouts/layout/css/layout.min.css
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
79e4e812e552e55b566b86b27f3937cdaf65fc22843c56b5294a949308b9318a

Request headers

:path
/assets/layouts/layout/css/layout.min.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:19 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpg1pxw"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/css; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
blue.min.css
r.xdref.com/assets/layouts/layout/css/themes/ 		32 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/layouts/layout/css/themes/blue.min.css?=1625194999
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
0fe6c0fad54ca3bb5f3b839e556db545c410540b0930056fbd07f5620335f620

Request headers

:path
/assets/layouts/layout/css/themes/blue.min.css?=1625194999
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:19 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpgp1z"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/css; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
content-length
3778
custom.css
r.xdref.com/assets/layouts/layout/css/ 		72 B
114 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/layouts/layout/css/custom.css
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
6b7baa776bc369da84a9617d83f33efc375b812284132bfa0a93ef52264b8ccd

Request headers

:path
/assets/layouts/layout/css/custom.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:19 GMT
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpg20"
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/css; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
content-length
72
js
www.googletagmanager.com/gtag/ 		91 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-143179970-1
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5ce54867f68bb57f5bfa3a31f8fbd781db4f17328ff193512e5b2841cb6468fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://r.xdref.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37014
x-xss-protection
0
expires
Fri, 02 Jul 2021 03:03:20 GMT
logo.png
r.xdref.com/images/ 		138 KB
138 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.xdref.com/images/logo.png
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
f2e6b720a0be990215dc98762c9dab5154ab7b453766dcbeb3cfc40f97aa3367

Request headers

:path
/images/logo.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpg3197"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
image/png
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
jquery.min.js
r.xdref.com/assets/global/plugins/ 		95 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/plugins/jquery.min.js
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
8c2812ded6436715279f8fd8db58de307aa39ab0296fe3cf0e879067c51e9b18

Request headers

:path
/assets/global/plugins/jquery.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpg22yy"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/javascript; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
bootstrap.min.js
r.xdref.com/assets/global/plugins/bootstrap/js/ 		36 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/plugins/bootstrap/js/bootstrap.min.js
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Request headers

:path
/assets/global/plugins/bootstrap/js/bootstrap.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:51 GMT
server
Caddy Caddy
etag
"qtthpfsl1"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/javascript; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
js.cookie.min.js
r.xdref.com/assets/global/plugins/ 		2 KB
993 B 		Script
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/plugins/js.cookie.min.js
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
7d97491a3d294629a353bacd88442498b5f4609aef01afbed6277da906b8ed7f

Request headers

:path
/assets/global/plugins/js.cookie.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpg1ca"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/javascript; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
content-length
948
jquery.slimscroll.min.js
r.xdref.com/assets/global/plugins/jquery-slimscroll/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/plugins/jquery-slimscroll/jquery.slimscroll.min.js
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
6e13ca9248b431e3be16a43100185e8e3a3311001154d73c30ddbcce1a4d5d94

Request headers

:path
/assets/global/plugins/jquery-slimscroll/jquery.slimscroll.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpg3zr"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/javascript; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
content-length
2133
jquery.blockui.min.js
r.xdref.com/assets/global/plugins/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/plugins/jquery.blockui.min.js
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
b7c5671c199df9e6bba7a2f4aea76afc96a3fe716611968a79c2091a06b7f20b

Request headers

:path
/assets/global/plugins/jquery.blockui.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpg7dg"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/javascript; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
content-length
3750
bootstrap-switch.min.js
r.xdref.com/assets/global/plugins/bootstrap-switch/js/ 		15 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/plugins/bootstrap-switch/js/bootstrap-switch.min.js
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
b009172f00c548007f4b4f4908e591be7a0e9e11980eef55a8c9db08a0213332

Request headers

:path
/assets/global/plugins/bootstrap-switch/js/bootstrap-switch.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:51 GMT
server
Caddy Caddy
etag
"qtthpfbhz"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/javascript; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
content-length
3814
jquery.fancybox.pack.js
r.xdref.com/assets/global/plugins/fancybox/source/ 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/plugins/fancybox/source/jquery.fancybox.pack.js
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
bc50bf49cbe79ee49b4ee8b56f26ff4877bc4945c16f260b1481ba2355c96347

Request headers

:path
/assets/global/plugins/fancybox/source/jquery.fancybox.pack.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpghun"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/javascript; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
jquery.validate.min.js
r.xdref.com/assets/global/plugins/jquery-validation/js/ 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/plugins/jquery-validation/js/jquery.validate.min.js
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
2e3e3b2660cbfaac5febf7a50b31d0494159989626a84102b2c3792cffe27d13

Request headers

:path
/assets/global/plugins/jquery-validation/js/jquery.validate.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpgg9u"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/javascript; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
additional-methods.min.js
r.xdref.com/assets/global/plugins/jquery-validation/js/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/plugins/jquery-validation/js/additional-methods.min.js
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
2b9a658314baccfef5f3b1d279571f0c1dbe62e6f71735828dd7606e426ba798

Request headers

:path
/assets/global/plugins/jquery-validation/js/additional-methods.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpgda2"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/javascript; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
sweetalert.min.js
r.xdref.com/assets/global/plugins/bootstrap-sweetalert/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/plugins/bootstrap-sweetalert/sweetalert.min.js
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
262ad846a6dffaacdfa95b441381844f21e501b882a42d34e720536b8ae3eb18

Request headers

:path
/assets/global/plugins/bootstrap-sweetalert/sweetalert.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:51 GMT
server
Caddy Caddy
etag
"qtthpfcuj"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/javascript; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
app.min.js
r.xdref.com/assets/global/scripts/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/scripts/app.min.js
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
0f1c504d0fae8584de0668e60ba000d124129b8555decd8c35e18e90e2d39d1e

Request headers

:path
/assets/global/scripts/app.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpgbyt"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/javascript; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
icheck.min.js
r.xdref.com/assets/global/plugins/icheck/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/plugins/icheck/icheck.min.js
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
f0718dd44766296547e2153766bdc56d31e8aac51c7ed78b6499d59aa0ffac2f

Request headers

:path
/assets/global/plugins/icheck/icheck.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpg3sz"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/javascript; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
content-length
2324
main.js
r.xdref.com/js/ 		10 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/js/main.js?=1625194999
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
3fe5ba58c96d3cc87a6caa71a0bc3febd6e13aa00438336b32bd054d25330bef

Request headers

:path
/js/main.js?=1625194999
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpg7sr"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/javascript; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
content-length
2086
layout.min.js
r.xdref.com/assets/layouts/layout/scripts/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/layouts/layout/scripts/layout.min.js
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
e54bd4406123ce18a5776e5febef47933b0a3c864c181f72ab22db090b3980c7

Request headers

:path
/assets/layouts/layout/scripts/layout.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpg8xj"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/javascript; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
content-length
3221
demo.min.js
r.xdref.com/assets/layouts/layout/scripts/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/layouts/layout/scripts/demo.min.js
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
ed469848a5f783ce22cb326f349c3ebaefe85da73d9e189da6279ecb104f1868

Request headers

:path
/assets/layouts/layout/scripts/demo.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpg4yg"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/javascript; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
content-length
1734
quick-sidebar.min.js
r.xdref.com/assets/layouts/global/scripts/ 		3 KB
1019 B 		Script
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/layouts/global/scripts/quick-sidebar.min.js
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
ac9a539357da2b28e2240681309f298906309e4c9c968ced29890269b2269e79

Request headers

:path
/assets/layouts/global/scripts/quick-sidebar.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpg25f"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/javascript; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
content-length
974
quick-nav.min.js
r.xdref.com/assets/layouts/global/scripts/ 		415 B
458 B 		Script
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/layouts/global/scripts/quick-nav.min.js
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
a67562f88befda9b96ff9f0d98c7162839b8c5a0934d332e6e0c3660ebdcec4f

Request headers

:path
/assets/layouts/global/scripts/quick-nav.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpgbj"
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/javascript; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
content-length
415
jquery-ui.min.js
r.xdref.com/assets/global/plugins/jquery-ui/ 		242 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/plugins/jquery-ui/jquery-ui.min.js
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
47d6aa2efa6e3f0538577c3398a3ff5fa0ae35a777c61a9efcc25f74fa96567b

Request headers

:path
/assets/global/plugins/jquery-ui/jquery-ui.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpg5az0"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/javascript; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
bootbox.min.js
r.xdref.com/assets/global/plugins/bootbox/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/plugins/bootbox/bootbox.min.js
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
0b6bab63e3aa24b4ab6aab63765a217db5004961bab1ab7d74ffebfa33efb5c4

Request headers

:path
/assets/global/plugins/bootbox/bootbox.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
r.xdref.com
referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:51 GMT
server
Caddy Caddy
etag
"qtthpf7p0"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
content-type
text/javascript; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
content-length
3973
gtm.js
www.googletagmanager.com/ 		77 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-M6XQJNV
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/?id=x9EJ4JJ8045486&from=h1235651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
db134bccf08f11b9826a090d424502c0069286be1c42beb46aebb24c1f7a190e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://r.xdref.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31137
x-xss-protection
0
expires
Fri, 02 Jul 2021 03:03:20 GMT
fontawesome-webfont.woff2
r.xdref.com/assets/global/plugins/font-awesome/fonts/ 		63 KB
63 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://r.xdref.com/assets/global/plugins/font-awesome/fonts/fontawesome-webfont.woff2?v=4.4.0
Requested by
Host: r.xdref.com
URL: https://r.xdref.com/assets/global/plugins/font-awesome/css/font-awesome.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
72.29.121.220 , United States, ASN30496 (AS-TIERP-30496, US),
Reverse DNS
edq8atOvzy.out.jr.proxy.exchangedefender.com
Software
Caddy Caddy /
Resource Hash
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019

Request headers

:path
/assets/global/plugins/font-awesome/fonts/fontawesome-webfont.woff2?v=4.4.0
pragma
no-cache
origin
https://r.xdref.com
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
r.xdref.com
referer
https://r.xdref.com/assets/global/plugins/font-awesome/css/font-awesome.min.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://r.xdref.com
Referer
https://r.xdref.com/assets/global/plugins/font-awesome/css/font-awesome.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 02 Jul 2021 03:03:20 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 12:36:52 GMT
server
Caddy Caddy
etag
"qtthpg1dqo"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS, POST, PUT
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
mem5YaGs126MiZpBA-UN_r8OUuhp.woff2
fonts.gstatic.com/s/opensans/v20/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN_r8OUuhp.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700&subset=all
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9f7216d2f53a731d9749077c22e15cfb38bcdc40806511ccf736f440c7569d64
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://r.xdref.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 10:05:12 GMT
x-content-type-options
nosniff
age
147488
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14992
x-xss-protection
0
last-modified
Tue, 18 May 2021 21:21:24 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 30 Jun 2022 10:05:12 GMT
mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v20/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700&subset=all
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://r.xdref.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 16:31:16 GMT
x-content-type-options
nosniff
age
210724
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15112
x-xss-protection
0
last-modified
Tue, 18 May 2021 21:21:50 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 29 Jun 2022 16:31:16 GMT
mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v20/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v20/mem8YaGs126MiZpBA-UFVZ0b.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700&subset=all
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://r.xdref.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 13:09:35 GMT
x-content-type-options
nosniff
age
136425
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14440
x-xss-protection
0
last-modified
Tue, 18 May 2021 21:21:19 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 30 Jun 2022 13:09:35 GMT
mem5YaGs126MiZpBA-UNirkOUuhp.woff2
fonts.gstatic.com/s/opensans/v20/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UNirkOUuhp.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700&subset=all
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c298433cc9eb86f4c0be0a447b0faf398dee9186d2bcf26683297de2758cddc7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://r.xdref.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 21:40:02 GMT
x-content-type-options
nosniff
age
192198
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14956
x-xss-protection
0
last-modified
Tue, 18 May 2021 21:21:26 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 29 Jun 2022 21:40:02 GMT
analytics.js
www.google-analytics.com/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-143179970-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://r.xdref.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Jun 2021 17:36:57 GMT
server
Golfe2
age
4915
date
Fri, 02 Jul 2021 01:41:25 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19661
expires
Fri, 02 Jul 2021 03:41:25 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j91&a=1977804980&t=pageview&_s=1&dl=https%3A%2F%2Fr.xdref.com%2F%3Fid%3Dx9EJ4JJ8045486%26from%3Dh1235651&ul=en-us&de=UTF-8&dt=ExchangeDefender&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1212642488&gjid=1804631212&cid=1114535424.1625195001&tid=UA-143179970-1&_gid=1844782873.1625195001&_r=1&gtm=2ou6u0&z=526839324
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://r.xdref.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 02 Jul 2021 03:03:21 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://r.xdref.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

51 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| gtag object| dataLayer object| google_tag_manager function| $ function| jQuery object| jQuery112408567525559470421 function| Cookies object| google_tag_data string| GoogleAnalyticsObject function| ga function| swal function| sweetAlert object| App string| _determinate string| _indeterminate string| _update string| _type string| _click string| _touch string| _add string| _remove string| _callback string| _label string| _cursor boolean| _mobile function| setCookie function| clearCookies function| getCookie function| displayModal object| Validations function| displayModalReport object| ReportValidations object| Layout object| Demo object| QuickSidebar object| QuickNav object| bootbox object| gaplugins object| gaGlobal object| gaData

3 Cookies

Domain/Path Name / Value
.xdref.com/ Name: _gat_gtag_UA_143179970_1
Value: 1
.xdref.com/ Name: _gid
Value: GA1.2.1844782873.1625195001
.xdref.com/ Name: _ga
Value: GA1.2.1114535424.1625195001

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
r.xdref.com
www.google-analytics.com
www.googletagmanager.com
2a00:1450:4001:802::200a
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2008
2a00:1450:4001:827::2003
2a00:1450:4001:829::200e
72.29.121.220
0b6bab63e3aa24b4ab6aab63765a217db5004961bab1ab7d74ffebfa33efb5c4
0f1c504d0fae8584de0668e60ba000d124129b8555decd8c35e18e90e2d39d1e
0fe6c0fad54ca3bb5f3b839e556db545c410540b0930056fbd07f5620335f620
262ad846a6dffaacdfa95b441381844f21e501b882a42d34e720536b8ae3eb18
2b9a658314baccfef5f3b1d279571f0c1dbe62e6f71735828dd7606e426ba798
2e3e3b2660cbfaac5febf7a50b31d0494159989626a84102b2c3792cffe27d13
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019
3e7398652e1f1e21963451320ed45179ab8a2a65d2479b956ddaddd20d5055ca
3fe5ba58c96d3cc87a6caa71a0bc3febd6e13aa00438336b32bd054d25330bef
44d6c558f0611525cb819c1b232d8b79b0b9a3e74f8f5f940188e2b3c140c61b
47d6aa2efa6e3f0538577c3398a3ff5fa0ae35a777c61a9efcc25f74fa96567b
4b681a7b7a54a5f692028e2556dfc29a0e43c6e08f3e773f3daf7e3f02742bc3
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
5ce54867f68bb57f5bfa3a31f8fbd781db4f17328ff193512e5b2841cb6468fb
62b964c6110d2300c2b25824348217c5226ce87eb4a681bde737ed016285b2b1
67c4d6f91122526f73490306647e1b7d98b9d9526032a11309b3c5946441d4ff
6b7baa776bc369da84a9617d83f33efc375b812284132bfa0a93ef52264b8ccd
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e13ca9248b431e3be16a43100185e8e3a3311001154d73c30ddbcce1a4d5d94
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
786f05af526527020b2b80fa838aa956763aaf29696179025d5186d61720aee6
79e4e812e552e55b566b86b27f3937cdaf65fc22843c56b5294a949308b9318a
7d97491a3d294629a353bacd88442498b5f4609aef01afbed6277da906b8ed7f
8c2812ded6436715279f8fd8db58de307aa39ab0296fe3cf0e879067c51e9b18
936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829
968a8e56e4adaf8c135199ebd7f6cc065424ca45974d4dfbeb5607e69fe72fcd
9f7216d2f53a731d9749077c22e15cfb38bcdc40806511ccf736f440c7569d64
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
a67562f88befda9b96ff9f0d98c7162839b8c5a0934d332e6e0c3660ebdcec4f
ac9a539357da2b28e2240681309f298906309e4c9c968ced29890269b2269e79
b009172f00c548007f4b4f4908e591be7a0e9e11980eef55a8c9db08a0213332
b7c5671c199df9e6bba7a2f4aea76afc96a3fe716611968a79c2091a06b7f20b
bc50bf49cbe79ee49b4ee8b56f26ff4877bc4945c16f260b1481ba2355c96347
c298433cc9eb86f4c0be0a447b0faf398dee9186d2bcf26683297de2758cddc7
c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c
db134bccf08f11b9826a090d424502c0069286be1c42beb46aebb24c1f7a190e
e1ed1e8914e4eb8b509ccf619a7b4dc428399ee294e4c406feeb8267b5a07d77
e54bd4406123ce18a5776e5febef47933b0a3c864c181f72ab22db090b3980c7
ed469848a5f783ce22cb326f349c3ebaefe85da73d9e189da6279ecb104f1868
f0718dd44766296547e2153766bdc56d31e8aac51c7ed78b6499d59aa0ffac2f
f1d2154ad019224eaf66b73fc05b3118d16cd0b5623f811ac0048345d73ebc2c
f2e6b720a0be990215dc98762c9dab5154ab7b453766dcbeb3cfc40f97aa3367