urlscan.io logo urlscan.io
SecurityTrails logo

mayfill.com Open in urlscan Pro
64.227.178.168  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://onlynews.usncnews.site/#56
Effective URL: https://mayfill.com/?utm_source=Xsparrow&utm_medium=Extra&utm_campaign=Test_1
Submission Tags: https://phish.report @phish_report Search All
Submission: On April 25 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 6 countries across 16 domains to perform 36 HTTP transactions. The main IP is 64.227.178.168, located in and belongs to . The main domain is mayfill.com.
TLS certificate: Issued by R3 on April 7th 2023. Valid for: 3 months.
This is the only time mayfill.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
11 2a02:4780:b:6... 47583 (AS-HOSTINGER)
1 2a00:1450:400... 15169 (GOOGLE)
1 142.93.150.145 14061 (DIGITALOC...)
1 1 64.227.23.114 14061 (DIGITALOC...)
3 67.212.173.77 32475 (SINGLEHOP...)
4 6 51.68.85.158 16276 (OVH)
2 2 34.147.1.177 396982 (GOOGLE-CL...)
4 2a06:98c1:312... 13335 (CLOUDFLAR...)
3 2606:4700:303... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2 174.138.122.163 14061 (DIGITALOC...)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
3 67.212.184.146 32475 (SINGLEHOP...)
1 1 34.90.46.36 396982 (GOOGLE-CL...)
1 64.227.178.168 ()
36 12
11    2a02:4780:b:658:0:28e4:e794:6 (Phoenix, United States)

ASN47583 (AS-HOSTINGER, CY)
onlynews.usncnews.site
1    2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    142.93.150.145 (Toronto, Canada)

ASN14061 (DIGITALOCEAN-ASN, US)
officialncnews.com
1    64.227.23.114 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
polo.thegadgetguru.club
3    67.212.173.77 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
www2.redirectmaster.com
6    51.68.85.158 (France)

ASN16276 (OVH, FR)
www.turbotrck.art
www.lifetrouhgby.info
2    34.147.1.177 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 177.1.147.34.bc.googleusercontent.com
admoustache.media-412.com
4    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
yeah.achelous.mobi
3    2606:4700:3030::6815:4a8d (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.addlnk.com
2    2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
2    174.138.122.163 (Bengaluru, India)

ASN14061 (DIGITALOCEAN-ASN, US)
c.adups.app
1    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
b191f85c.myofferplus.com
3    67.212.184.146 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
rezi.turetou.com
1    34.90.46.36 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 36.46.90.34.bc.googleusercontent.com
admoustache.go2affise.com
1    64.227.178.168 (None, )

ASN- ()
mayfill.com
Apex Domain
Subdomains		 Transfer
11 usncnews.site
onlynews.usncnews.site
46 KB
4 achelous.mobi
yeah.achelous.mobi
3 KB
3 lifetrouhgby.info
www.lifetrouhgby.info
6 KB
3 turetou.com
rezi.turetou.com
7 KB
3 addlnk.com
cdn.addlnk.com — Cisco Umbrella Rank: 363048
3 KB
3 turbotrck.art
www.turbotrck.art
6 KB
3 redirectmaster.com
www2.redirectmaster.com
7 KB
2 adups.app
c.adups.app
803 B
2 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 1274
14 KB
2 media-412.com
admoustache.media-412.com — Cisco Umbrella Rank: 844735
540 B
1 mayfill.com
mayfill.com
1 go2affise.com
admoustache.go2affise.com
305 B
1 myofferplus.com
b191f85c.myofferplus.com
1 KB
1 thegadgetguru.club
polo.thegadgetguru.club — Cisco Umbrella Rank: 722092
365 B
1 officialncnews.com
officialncnews.com
495 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 119
1 KB
36 16
Domain Requested by
11 onlynews.usncnews.site onlynews.usncnews.site
4 yeah.achelous.mobi www.turbotrck.art
static.cloudflareinsights.com
www.lifetrouhgby.info
3 www.lifetrouhgby.info 2 redirects rezi.turetou.com
3 rezi.turetou.com b191f85c.myofferplus.com
rezi.turetou.com
3 cdn.addlnk.com yeah.achelous.mobi
b191f85c.myofferplus.com
3 www.turbotrck.art 2 redirects www2.redirectmaster.com
3 www2.redirectmaster.com officialncnews.com
www2.redirectmaster.com
2 c.adups.app 2 redirects
2 static.cloudflareinsights.com yeah.achelous.mobi
2 admoustache.media-412.com 2 redirects
1 mayfill.com yeah.achelous.mobi
mayfill.com
1 admoustache.go2affise.com 1 redirects
1 b191f85c.myofferplus.com yeah.achelous.mobi
1 polo.thegadgetguru.club 1 redirects
1 officialncnews.com onlynews.usncnews.site
1 fonts.googleapis.com onlynews.usncnews.site
mayfill.com
36 16

This site contains no links.

Subject Issuer Validity Valid
onlynews.usncnews.site
R3		 2023-04-21 -
2023-07-20		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
officialncnews.com
R3		 2023-03-13 -
2023-06-11		 3 months crt.sh
www2.redirectmaster.com
R3		 2023-03-01 -
2023-05-30		 3 months crt.sh
www.turbotrck.art
R3		 2023-02-28 -
2023-05-29		 3 months crt.sh
achelous.mobi
GTS CA 1P5		 2023-04-16 -
2023-07-15		 3 months crt.sh
addlnk.com
GTS CA 1P5		 2023-04-15 -
2023-07-14		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-04-10 -
2024-04-09		 a year crt.sh
myofferplus.com
GTS CA 1P5		 2023-04-16 -
2023-07-15		 3 months crt.sh
rezi.turetou.com
R3		 2023-04-17 -
2023-07-16		 3 months crt.sh
www.lifetrouhgby.info
R3		 2023-04-24 -
2023-07-23		 3 months crt.sh
mayfill.com
R3		 2023-04-07 -
2023-07-06		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://mayfill.com/?utm_source=Xsparrow&utm_medium=Extra&utm_campaign=Test_1
Frame ID: E6A8BAE3EA79064FF029951372496051
Requests: 36 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://onlynews.usncnews.site/ Page URL
  2. https://polo.thegadgetguru.club/?k=f6524664061b05c904ef62753921a24f&type=mainstream&subtype=global HTTP 302
    https://www2.redirectmaster.com/?utm_medium=9c35b5222fc2ff0fe1ebd5f2cf75ff10bf245093&utm_campaign=Mainstream... Page URL
  3. https://www2.redirectmaster.com/?utm_term=7226090567808057412&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949... Page URL
  4. https://www2.redirectmaster.com/proc.php?72ed956a56fe67815ab636d3b35ab63a181c386a Page URL
  5. https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7226090567808057412&website... Page URL
  6. https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7226090567808057412&website... HTTP 302
    https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7226090567808057412&website... HTTP 302
    https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=330006038e3511d15c6e4f18d6df2876... HTTP 302
    https://yeah.achelous.mobi/rc/a91581ead4?affclick=64483b18e2e9d80001f8e9af&pubid=503 Page URL
  7. https://c.adups.app/36399?click=pubfde01b94b3454a72879d530d34c2b242&pubid=81b90edf HTTP 302
    https://b191f85c.myofferplus.com/rc/bcc83aad32?affclick=23D26021201A036399028050ZWUwn&pubid=36399 Page URL
  8. https://rezi.turetou.com/?utm_medium=089c61b50ff93f7c5ea38975b8be0830af05dd60&utm_campaign=sexy_redir... Page URL
  9. https://rezi.turetou.com/?utm_term=7226090584987926552&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949... Page URL
  10. https://rezi.turetou.com/proc.php?2fb87dbc0e95d47c0f2867388e046232b640e2f0 Page URL
  11. https://www.lifetrouhgby.info/?sl=5564926-3eb37&data1=Track1&data2=Track2&tag=M7226090584987926552&website... Page URL
  12. https://www.lifetrouhgby.info/?sl=5564926-3eb37&data1=Track1&data2=Track2&tag=M7226090584987926552&website... HTTP 302
    https://www.lifetrouhgby.info/?sl=5564926-3eb37&data1=Track1&data2=Track2&tag=M7226090584987926552&website... HTTP 302
    https://admoustache.go2affise.com/sl?id=59a83ff913943bff7e8b4571&pid=503&sub1=330001fbd5c0d5f39ea6900aaf320f37... HTTP 302
    https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=49&sub1=330001fbd5c0d5f39ea6900aaf320f376... HTTP 302
    https://yeah.achelous.mobi/rc/a91581ead4?affclick=64483b1b1b0b600001843049&pubid=49 Page URL
  13. https://c.adups.app/36399?click=pubfde01b94b3454a72879d530d34c2b242&pubid=81b90edf HTTP 302
    https://mayfill.com/?utm_source=Xsparrow&utm_medium=Extra&utm_campaign=Test_1 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Page Statistics

36
Requests

89 %
HTTPS

40 %
IPv6

16
Domains

16
Subdomains

12
IPs

6
Countries

93 kB
Transfer

434 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://onlynews.usncnews.site/ Page URL
  2. https://polo.thegadgetguru.club/?k=f6524664061b05c904ef62753921a24f&type=mainstream&subtype=global HTTP 302
    https://www2.redirectmaster.com/?utm_medium=9c35b5222fc2ff0fe1ebd5f2cf75ff10bf245093&utm_campaign=Mainstream_agress&cid=1445c47b9f74daa1e5948ef58c18bb92&data4=185.204.1.185&1=562 Page URL
  3. https://www2.redirectmaster.com/?utm_term=7226090567808057412&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074 Page URL
  4. https://www2.redirectmaster.com/proc.php?72ed956a56fe67815ab636d3b35ab63a181c386a Page URL
  5. https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7226090567808057412&website=4400-50232121&placement=4400&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074 Page URL
  6. https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7226090567808057412&website=4400-50232121&placement=4400&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074&eyeg=497fda079e13ca9c75bfaafb70db8542&eyer=0.2905982418985078&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=www2.redirectmaster.com HTTP 302
    https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7226090567808057412&website=4400-50232121&placement=4400&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074&eyeg=3&eyer=0.2905982418985078&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=www2.redirectmaster.com HTTP 302
    https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=330006038e3511d15c6e4f18d6df2876a547f0425-202304-flb*5564921-b2be6*M7226090567808057412*sl_5564921-b2be6*d29278df57e47cd44bbbb3365e1d056ed3241815*4400-50232121*4400 HTTP 302
    https://yeah.achelous.mobi/rc/a91581ead4?affclick=64483b18e2e9d80001f8e9af&pubid=503 Page URL
  7. https://c.adups.app/36399?click=pubfde01b94b3454a72879d530d34c2b242&pubid=81b90edf HTTP 302
    https://b191f85c.myofferplus.com/rc/bcc83aad32?affclick=23D26021201A036399028050ZWUwn&pubid=36399 Page URL
  8. https://rezi.turetou.com/?utm_medium=089c61b50ff93f7c5ea38975b8be0830af05dd60&utm_campaign=sexy_redirect&1=f0fc7601&cid=pub49f29887f5a041ac8b2fbdbda35381fb&2=36399 Page URL
  9. https://rezi.turetou.com/?utm_term=7226090584987926552&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074 Page URL
  10. https://rezi.turetou.com/proc.php?2fb87dbc0e95d47c0f2867388e046232b640e2f0 Page URL
  11. https://www.lifetrouhgby.info/?sl=5564926-3eb37&data1=Track1&data2=Track2&tag=M7226090584987926552&website=20961-845b943f-8f35ebcd&placement=20961&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074 Page URL
  12. https://www.lifetrouhgby.info/?sl=5564926-3eb37&data1=Track1&data2=Track2&tag=M7226090584987926552&website=20961-845b943f-8f35ebcd&placement=20961&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074&eyeg=2473e33f0e6410b23ca6528238973939&eyer=0.14446914754611706&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=rezi.turetou.com HTTP 302
    https://www.lifetrouhgby.info/?sl=5564926-3eb37&data1=Track1&data2=Track2&tag=M7226090584987926552&website=20961-845b943f-8f35ebcd&placement=20961&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074&eyeg=3&eyer=0.14446914754611706&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=rezi.turetou.com HTTP 302
    https://admoustache.go2affise.com/sl?id=59a83ff913943bff7e8b4571&pid=503&sub1=330001fbd5c0d5f39ea6900aaf320f376562c0425-202304-flb*5564926-3eb37*M7226090584987926552*sl_5564926-3eb37*7a0680273c14c1a086b33ccc1823b5fa82346012*20961-845b943f-8f35ebcd*20961 HTTP 302
    https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=49&sub1=330001fbd5c0d5f39ea6900aaf320f376562c0425-202304-flb*5564926-3eb37*M7226090584987926552*sl_5564926-3eb37*7a0680273c14c1a086b33ccc1823b5fa82346012*20961-845b943f-8f35ebcd*20961&sub2=&sub3=&sub4=0&sub5=503 HTTP 302
    https://yeah.achelous.mobi/rc/a91581ead4?affclick=64483b1b1b0b600001843049&pubid=49 Page URL
  13. https://c.adups.app/36399?click=pubfde01b94b3454a72879d530d34c2b242&pubid=81b90edf HTTP 302
    https://mayfill.com/?utm_source=Xsparrow&utm_medium=Extra&utm_campaign=Test_1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13
  • https://polo.thegadgetguru.club/?k=f6524664061b05c904ef62753921a24f&type=mainstream&subtype=global HTTP 302
  • https://www2.redirectmaster.com/?utm_medium=9c35b5222fc2ff0fe1ebd5f2cf75ff10bf245093&utm_campaign=Mainstream_agress&cid=1445c47b9f74daa1e5948ef58c18bb92&data4=185.204.1.185&1=562
Request Chain 17
  • https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7226090567808057412&website=4400-50232121&placement=4400&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074&eyeg=497fda079e13ca9c75bfaafb70db8542&eyer=0.2905982418985078&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=www2.redirectmaster.com HTTP 302
  • https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7226090567808057412&website=4400-50232121&placement=4400&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074&eyeg=3&eyer=0.2905982418985078&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=www2.redirectmaster.com HTTP 302
  • https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=330006038e3511d15c6e4f18d6df2876a547f0425-202304-flb*5564921-b2be6*M7226090567808057412*sl_5564921-b2be6*d29278df57e47cd44bbbb3365e1d056ed3241815*4400-50232121*4400 HTTP 302
  • https://yeah.achelous.mobi/rc/a91581ead4?affclick=64483b18e2e9d80001f8e9af&pubid=503
Request Chain 21
  • https://c.adups.app/36399?click=pubfde01b94b3454a72879d530d34c2b242&pubid=81b90edf HTTP 302
  • https://b191f85c.myofferplus.com/rc/bcc83aad32?affclick=23D26021201A036399028050ZWUwn&pubid=36399
Request Chain 28
  • https://www.lifetrouhgby.info/?sl=5564926-3eb37&data1=Track1&data2=Track2&tag=M7226090584987926552&website=20961-845b943f-8f35ebcd&placement=20961&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074&eyeg=2473e33f0e6410b23ca6528238973939&eyer=0.14446914754611706&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=rezi.turetou.com HTTP 302
  • https://www.lifetrouhgby.info/?sl=5564926-3eb37&data1=Track1&data2=Track2&tag=M7226090584987926552&website=20961-845b943f-8f35ebcd&placement=20961&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074&eyeg=3&eyer=0.14446914754611706&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=rezi.turetou.com HTTP 302
  • https://admoustache.go2affise.com/sl?id=59a83ff913943bff7e8b4571&pid=503&sub1=330001fbd5c0d5f39ea6900aaf320f376562c0425-202304-flb*5564926-3eb37*M7226090584987926552*sl_5564926-3eb37*7a0680273c14c1a086b33ccc1823b5fa82346012*20961-845b943f-8f35ebcd*20961 HTTP 302
  • https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=49&sub1=330001fbd5c0d5f39ea6900aaf320f376562c0425-202304-flb*5564926-3eb37*M7226090584987926552*sl_5564926-3eb37*7a0680273c14c1a086b33ccc1823b5fa82346012*20961-845b943f-8f35ebcd*20961&sub2=&sub3=&sub4=0&sub5=503 HTTP 302
  • https://yeah.achelous.mobi/rc/a91581ead4?affclick=64483b1b1b0b600001843049&pubid=49

36 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
onlynews.usncnews.site/ 		26 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://onlynews.usncnews.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:b:658:0:28e4:e794:6 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed / PHP/8.0.26
Resource Hash
34b2f3f0269b70ad66739fa47ec82d2e41bfeb443b26e3fd250ad6ec8c87c0d1
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control
no-store, no-cache, must-revalidate
content-encoding
br
content-length
6533
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Tue, 25 Apr 2023 20:41:57 GMT
etag
"166-1682110136;br"
expires
Thu, 19 Nov 1981 08:52:00 GMT
link
<https://onlynews.usncnews.site/wp-json/>; rel="https://api.w.org/"
platform
hostinger
pragma
no-cache
server
LiteSpeed
vary
Accept-Encoding
x-litespeed-cache
hit
x-powered-by
PHP/8.0.26
style.min.css
onlynews.usncnews.site/wp-includes/css/dist/block-library/ 		95 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://onlynews.usncnews.site/wp-includes/css/dist/block-library/style.min.css?ver=6.2
Requested by
Host: onlynews.usncnews.site
URL: https://onlynews.usncnews.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:b:658:0:28e4:e794:6 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://onlynews.usncnews.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 20:41:57 GMT
content-encoding
br
content-security-policy
upgrade-insecure-requests
last-modified
Fri, 21 Apr 2023 20:40:34 GMT
server
LiteSpeed
etag
"17ced-6442f4c2-7101f18415ade9bb;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
11505
expires
Tue, 02 May 2023 20:41:57 GMT
classic-themes.min.css
onlynews.usncnews.site/wp-includes/css/ 		291 B
426 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://onlynews.usncnews.site/wp-includes/css/classic-themes.min.css?ver=6.2
Requested by
Host: onlynews.usncnews.site
URL: https://onlynews.usncnews.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:b:658:0:28e4:e794:6 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://onlynews.usncnews.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 20:41:57 GMT
content-security-policy
upgrade-insecure-requests
last-modified
Fri, 21 Apr 2023 20:40:34 GMT
server
LiteSpeed
etag
"123-6442f4c2-4ea0aa9b11260a97;;;"
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
291
expires
Tue, 02 May 2023 20:41:57 GMT
css
fonts.googleapis.com/ 		11 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Fira+Sans%3Aital%2Cwght%400%2C400%3B0%2C500%3B1%2C400%7CPlayfair+Display%3Aital%2Cwght%400%2C400%3B0%2C700%3B1%2C400&subset=latin%2Clatin-ext
Requested by
Host: onlynews.usncnews.site
URL: https://onlynews.usncnews.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8476489ef014cc971dffdf5eb093b64e8495736f53bc36416c06d56f72121c6c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://onlynews.usncnews.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 25 Apr 2023 20:41:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 25 Apr 2023 20:41:57 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 25 Apr 2023 20:41:57 GMT
style.css
onlynews.usncnews.site/wp-content/themes/seedlet/ 		125 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://onlynews.usncnews.site/wp-content/themes/seedlet/style.css?ver=1.2.9
Requested by
Host: onlynews.usncnews.site
URL: https://onlynews.usncnews.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:b:658:0:28e4:e794:6 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
22de361e31bec450eaa151c54f51a0e8bcbafae957f45bb3a091e4ffec28b18a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://onlynews.usncnews.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 20:41:57 GMT
content-encoding
br
content-security-policy
upgrade-insecure-requests
last-modified
Fri, 21 Apr 2023 20:47:48 GMT
server
LiteSpeed
etag
"1f4c4-6442f674-15819c28d6fc04bf;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
16661
expires
Tue, 02 May 2023 20:41:57 GMT
style-navigation.css
onlynews.usncnews.site/wp-content/themes/seedlet/assets/css/ 		14 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://onlynews.usncnews.site/wp-content/themes/seedlet/assets/css/style-navigation.css?ver=1.2.9
Requested by
Host: onlynews.usncnews.site
URL: https://onlynews.usncnews.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:b:658:0:28e4:e794:6 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
85a8ac26c1c67cba683166f1e6f92c83e89e97a6896c4e13dee61e0e2a764ef6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://onlynews.usncnews.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 20:41:57 GMT
content-encoding
br
content-security-policy
upgrade-insecure-requests
last-modified
Fri, 21 Apr 2023 20:47:48 GMT
server
LiteSpeed
etag
"393d-6442f674-831a6a8353ae9f01;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
1957
expires
Tue, 02 May 2023 20:41:57 GMT
custom-color-overrides.css
onlynews.usncnews.site/wp-content/themes/seedlet/assets/css/ 		130 B
190 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://onlynews.usncnews.site/wp-content/themes/seedlet/assets/css/custom-color-overrides.css?ver=1.2.9
Requested by
Host: onlynews.usncnews.site
URL: https://onlynews.usncnews.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:b:658:0:28e4:e794:6 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
e212ec2b294bfae67dcddd889f27749ae9c12437a7080b9caec6260d58ca6b56
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://onlynews.usncnews.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 20:41:57 GMT
content-security-policy
upgrade-insecure-requests
last-modified
Fri, 21 Apr 2023 20:47:48 GMT
server
LiteSpeed
etag
"82-6442f674-c89bb87c28a9cee7;;;"
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
130
expires
Tue, 02 May 2023 20:41:57 GMT
style.css
onlynews.usncnews.site/wp-content/themes/blank-canvas/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://onlynews.usncnews.site/wp-content/themes/blank-canvas/style.css?ver=6.2
Requested by
Host: onlynews.usncnews.site
URL: https://onlynews.usncnews.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:b:658:0:28e4:e794:6 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
f4c6fa45936c20be3465ff69e94f87cda7ed0ef768c3b2be4ea13c307b34e1db
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://onlynews.usncnews.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 20:41:57 GMT
content-encoding
br
content-security-policy
upgrade-insecure-requests
last-modified
Fri, 21 Apr 2023 20:47:47 GMT
server
LiteSpeed
etag
"12d7-6442f673-decb7547a6fd8f7d;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
1598
expires
Tue, 02 May 2023 20:41:57 GMT
/
officialncnews.com/ 		117 B
495 B 		Script
General
Check archive.org
Download Go to
Full URL
https://officialncnews.com/?api=1&lan=elcompacc&ht=2&counter0=jade1991
Requested by
Host: onlynews.usncnews.site
URL: https://onlynews.usncnews.site/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
142.93.150.145 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://onlynews.usncnews.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 25 Apr 2023 20:41:57 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Length
124
Expires
Thu, 19 Nov 1981 08:52:00 GMT
primary-navigation.js
onlynews.usncnews.site/wp-content/themes/seedlet/assets/js/ 		2 KB
881 B 		Script
General
Check archive.org
Download Go to
Full URL
https://onlynews.usncnews.site/wp-content/themes/seedlet/assets/js/primary-navigation.js?ver=1.2.9
Requested by
Host: onlynews.usncnews.site
URL: https://onlynews.usncnews.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:b:658:0:28e4:e794:6 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
0bfa82d5587480be027ac8c96cccd9302e59a0868ea7e952fa1656388fa2761c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://onlynews.usncnews.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 20:41:57 GMT
content-encoding
br
content-security-policy
upgrade-insecure-requests
last-modified
Fri, 21 Apr 2023 20:47:48 GMT
server
LiteSpeed
etag
"95e-6442f674-4bde20ce10ba64c5;br"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
801
expires
Tue, 02 May 2023 20:41:57 GMT
wp-emoji-release.min.js
onlynews.usncnews.site/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onlynews.usncnews.site/wp-includes/js/wp-emoji-release.min.js?ver=6.2
Requested by
Host: onlynews.usncnews.site
URL: https://onlynews.usncnews.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:b:658:0:28e4:e794:6 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://onlynews.usncnews.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 20:41:57 GMT
content-encoding
br
content-security-policy
upgrade-insecure-requests
last-modified
Fri, 21 Apr 2023 20:40:34 GMT
server
LiteSpeed
etag
"4904-6442f4c2-21c3cf88efb93063;br"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
4605
expires
Tue, 02 May 2023 20:41:57 GMT
print.css
onlynews.usncnews.site/wp-content/themes/seedlet/assets/css/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://onlynews.usncnews.site/wp-content/themes/seedlet/assets/css/print.css?ver=1.2.9
Requested by
Host: onlynews.usncnews.site
URL: https://onlynews.usncnews.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:b:658:0:28e4:e794:6 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
96f2da12c025e217eabfa01ae7ccbc6d77b593da8795b4a266d35280d89215d9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://onlynews.usncnews.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 20:41:57 GMT
content-encoding
br
content-security-policy
upgrade-insecure-requests
last-modified
Fri, 21 Apr 2023 20:47:48 GMT
server
LiteSpeed
etag
"f34-6442f674-c016e3fe533c7bcf;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
1116
expires
Tue, 02 May 2023 20:41:57 GMT
variables.css
onlynews.usncnews.site/wp-content/themes/blank-canvas/ 		716 B
392 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://onlynews.usncnews.site/wp-content/themes/blank-canvas/variables.css
Requested by
Host: onlynews.usncnews.site
URL: https://onlynews.usncnews.site/wp-content/themes/blank-canvas/style.css?ver=6.2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:b:658:0:28e4:e794:6 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://onlynews.usncnews.site/wp-content/themes/blank-canvas/style.css?ver=6.2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 20:41:57 GMT
content-encoding
br
content-security-policy
upgrade-insecure-requests
last-modified
Fri, 21 Apr 2023 20:47:47 GMT
server
LiteSpeed
etag
"2cc-6442f673-58dc222eae1a363c;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
330
expires
Tue, 02 May 2023 20:41:57 GMT
/
www2.redirectmaster.com/
Redirect Chain
  • https://polo.thegadgetguru.club/?k=f6524664061b05c904ef62753921a24f&type=mainstream&subtype=global
  • https://www2.redirectmaster.com/?utm_medium=9c35b5222fc2ff0fe1ebd5f2cf75ff10bf245093&utm_campaign=Mainstream_agress&cid=1445c47b9f74daa1e5948ef58c18bb92&data4=185.204.1.185&1=562
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www2.redirectmaster.com/?utm_medium=9c35b5222fc2ff0fe1ebd5f2cf75ff10bf245093&utm_campaign=Mainstream_agress&cid=1445c47b9f74daa1e5948ef58c18bb92&data4=185.204.1.185&1=562
Requested by
Host: officialncnews.com
URL: https://officialncnews.com/?api=1&lan=elcompacc&ht=2&counter0=jade1991
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.212.173.77 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash

Request headers

Referer
https://onlynews.usncnews.site/#56
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 25 Apr 2023 20:41:58 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://www2.redirectmaster.com/?utm_term=7226090567808057412&ver=4viyaptcjo
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.2.0

Redirect headers

Connection
keep-alive
Content-Length
453
Content-Type
text/html; charset=UTF-8
Date
Tue, 25 Apr 2023 20:41:58 GMT
Location
https://www2.redirectmaster.com/?utm_medium=9c35b5222fc2ff0fe1ebd5f2cf75ff10bf245093&utm_campaign=Mainstream_agress&cid=1445c47b9f74daa1e5948ef58c18bb92&data4=185.204.1.185&1=562
Server
nginx/1.16.1 (Ubuntu)
/
www2.redirectmaster.com/ 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www2.redirectmaster.com/?utm_term=7226090567808057412&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
Requested by
Host: www2.redirectmaster.com
URL: https://www2.redirectmaster.com/?utm_medium=9c35b5222fc2ff0fe1ebd5f2cf75ff10bf245093&utm_campaign=Mainstream_agress&cid=1445c47b9f74daa1e5948ef58c18bb92&data4=185.204.1.185&1=562
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.212.173.77 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash
36519694df37d9aa5dc67942ccb5ad6901d6fba192647bca85d2b333e047afcf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

Referer
https://www2.redirectmaster.com/?utm_medium=9c35b5222fc2ff0fe1ebd5f2cf75ff10bf245093&utm_campaign=Mainstream_agress&cid=1445c47b9f74daa1e5948ef58c18bb92&data4=185.204.1.185&1=562
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 25 Apr 2023 20:41:59 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
proc.php
www2.redirectmaster.com/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www2.redirectmaster.com/proc.php?72ed956a56fe67815ab636d3b35ab63a181c386a
Requested by
Host: www2.redirectmaster.com
URL: https://www2.redirectmaster.com/?utm_term=7226090567808057412&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.212.173.77 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

Referer
https://www2.redirectmaster.com/?utm_term=7226090567808057412&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 25 Apr 2023 20:41:59 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7226090567808057412&website=4400-50232121&placement=4400
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
/
www.turbotrck.art/ 		5 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7226090567808057412&website=4400-50232121&placement=4400&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
Requested by
Host: www2.redirectmaster.com
URL: https://www2.redirectmaster.com/proc.php?72ed956a56fe67815ab636d3b35ab63a181c386a
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.68.85.158 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www2.redirectmaster.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

Accept-CH
Sec-CH-UA-Platform-Version
Cache-Control
no-transform
Connection
keep-alive
Content-Type
text/html
Date
Tue, 25 Apr 2023 20:41:59 GMT
Transfer-Encoding
chunked
a91581ead4
yeah.achelous.mobi/rc/
Redirect Chain
  • https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7226090567808057412&website=4400-50232121&placement=4400&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858...
  • https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7226090567808057412&website=4400-50232121&placement=4400&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858...
  • https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=330006038e3511d15c6e4f18d6df2876a547f0425-202304-flb*5564921-b2be6*M7226090567808057412*sl_5564921-b2be6*d29278df57e47c...
  • https://yeah.achelous.mobi/rc/a91581ead4?affclick=64483b18e2e9d80001f8e9af&pubid=503
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://yeah.achelous.mobi/rc/a91581ead4?affclick=64483b18e2e9d80001f8e9af&pubid=503
Requested by
Host: www.turbotrck.art
URL: https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7226090567808057412&website=4400-50232121&placement=4400&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e2d98f9d673f4bc37cf18f28052654bad167977d8c941f17348d560a00a5955

Request headers

Referer
https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7226090567808057412&website=4400-50232121&placement=4400&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7bd968f74d26d977-HEL
content-encoding
br
content-language
en-us
content-type
text/html; charset=utf-8
date
Tue, 25 Apr 2023 20:42:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c5l6mYZ6KwndJt4ALRBIpm9fdX84O6%2BcJZjN28tJ8lyrvgtQtwJXBe0CJCUSj70e%2BkrVg1LqcxGc%2F6AbpuJcKsVwBvQKr%2BZFFgdzJLFpCdJB%2FHGCJlISf%2BGeA4ze1goLLXx%2FktSjfRKuSRWuvdt73qE%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Accept-Language, Cookie

Redirect headers

access-control-allow-origin
*
content-length
0
date
Tue, 25 Apr 2023 20:42:00 GMT
location
https://yeah.achelous.mobi/rc/a91581ead4?affclick=64483b18e2e9d80001f8e9af&pubid=503
referer
referrer-policy
no-referrer
server
nginx
x-adjust-use-original-forwarded-for
1
redirect.css
cdn.addlnk.com/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.addlnk.com/redirect.css
Requested by
Host: yeah.achelous.mobi
URL: https://yeah.achelous.mobi/rc/a91581ead4?affclick=64483b18e2e9d80001f8e9af&pubid=503
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:4a8d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 20:42:00 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
R99JPRDZG6C5H4NP
age
5893
cf-polished
origSize=1680
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
8pBsz/qvsuclmeulxva7rY4sEgwFqGw+Epo8J8lDeZYgX4AzPqTqrpvNYAM6yQX6z3iP8EjoTiI=
cf-bgj
minify
last-modified
Wed, 13 Mar 2019 00:03:12 GMT
server
cloudflare
etag
W/"3ae56d32551602b41f9046c14d1cfde2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZCiwXcv4ln1v6fMFnh673PH97P6uymeoXNqwoB5hG%2F2eg%2Bw%2BfeKpwTbIEJ1ioBLWU%2BAJlAKS4KfWAvbrKMy1U5%2BzYytNj6ZsykGIjzR9M85Du4JYCVy9E53XuwyNpF3ewTrsviUcXiGx1WqcnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cf-ray
7bd968f918e2376d-HEL
v52afc6f149f6479b8c77fa569edb01181681764108816
static.cloudflareinsights.com/beacon.min.js/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816
Requested by
Host: yeah.achelous.mobi
URL: https://yeah.achelous.mobi/rc/a91581ead4?affclick=64483b18e2e9d80001f8e9af&pubid=503
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b

Request headers

Referer
Origin
https://yeah.achelous.mobi
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 20:42:00 GMT
content-encoding
gzip
last-modified
Mon, 17 Apr 2023 20:41:48 GMT
server
cloudflare
etag
W/2023.4.2
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
7bd968f90eded926-HEL
rum
yeah.achelous.mobi/cdn-cgi/ 		0
185 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://yeah.achelous.mobi/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
content-type
application/json

Response headers

date
Tue, 25 Apr 2023 20:42:00 GMT
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://yeah.achelous.mobi
x-frame-options
DENY
access-control-allow-credentials
true
cf-ray
7bd968f98b09d977-HEL
bcc83aad32
b191f85c.myofferplus.com/rc/
Redirect Chain
  • https://c.adups.app/36399?click=pubfde01b94b3454a72879d530d34c2b242&pubid=81b90edf
  • https://b191f85c.myofferplus.com/rc/bcc83aad32?affclick=23D26021201A036399028050ZWUwn&pubid=36399
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://b191f85c.myofferplus.com/rc/bcc83aad32?affclick=23D26021201A036399028050ZWUwn&pubid=36399
Requested by
Host: yeah.achelous.mobi
URL: https://yeah.achelous.mobi/rc/a91581ead4?affclick=64483b18e2e9d80001f8e9af&pubid=503
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ebe7ca92798a80ee3516d17438808e74d015f344c1b3c6cc2d2c6113a69057f2

Request headers

Referer
https://yeah.achelous.mobi/rc/a91581ead4?affclick=64483b18e2e9d80001f8e9af&pubid=503
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7bd968fe9fb7d973-HEL
content-encoding
br
content-language
en-us
content-type
text/html; charset=utf-8
date
Tue, 25 Apr 2023 20:42:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bdN9MNm9MwcZq1uItM1xzW%2BSm9CQ8K%2FZVhBbKVpwhOX3DqVarig%2FuzJidjfjBjTktR3RrNeh%2BomfvNIAd5UAMyjxdCG2DsoHWsUCMZsG6W9hGik7xCxc3O7QBZgY702ppcK3Xr1eSlbhJH9MLuKrIwGl8z4KdJE%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Accept-Language, Cookie

Redirect headers

cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-length
246
content-type
text/html; charset=utf-8
date
Tue, 25 Apr 2023 20:42:01 GMT
expires
0
location
https://b191f85c.myofferplus.com/rc/bcc83aad32?affclick=23D26021201A036399028050ZWUwn&pubid=36399
pragma
no-cache
surrogate-control
no-store
vary
Accept, Accept-Encoding
x-powered-by
Express
rum
yeah.achelous.mobi/cdn-cgi/ 		0
0
redirect.css
cdn.addlnk.com/ 		1 KB
714 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.addlnk.com/redirect.css
Requested by
Host: b191f85c.myofferplus.com
URL: https://b191f85c.myofferplus.com/rc/bcc83aad32?affclick=23D26021201A036399028050ZWUwn&pubid=36399
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:4a8d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 20:42:01 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
R99JPRDZG6C5H4NP
age
5894
cf-polished
origSize=1680
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
8pBsz/qvsuclmeulxva7rY4sEgwFqGw+Epo8J8lDeZYgX4AzPqTqrpvNYAM6yQX6z3iP8EjoTiI=
cf-bgj
minify
last-modified
Wed, 13 Mar 2019 00:03:12 GMT
server
cloudflare
etag
W/"3ae56d32551602b41f9046c14d1cfde2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v496wveGNLpxW1Lt4%2FcXEt7z6lmyzxRBa87hl11l0Fxz1v6NiO3QgkweF0wF2VRQkrzZuCxS0pFhhok4ZDbicIZ8zoqmoATqsRdMSNXJyFQ6qE%2BSGS5kzFceic%2B2CDnlqHJ%2Fv%2BLcEkvDklcnwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cf-ray
7bd968ffdd5f376d-HEL
/
rezi.turetou.com/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rezi.turetou.com/?utm_medium=089c61b50ff93f7c5ea38975b8be0830af05dd60&utm_campaign=sexy_redirect&1=f0fc7601&cid=pub49f29887f5a041ac8b2fbdbda35381fb&2=36399
Requested by
Host: b191f85c.myofferplus.com
URL: https://b191f85c.myofferplus.com/rc/bcc83aad32?affclick=23D26021201A036399028050ZWUwn&pubid=36399
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.212.184.146 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 25 Apr 2023 20:42:02 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://rezi.turetou.com/?utm_term=7226090584987926552&ver=4viyaptcjo
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
/
rezi.turetou.com/ 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rezi.turetou.com/?utm_term=7226090584987926552&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
Requested by
Host: rezi.turetou.com
URL: https://rezi.turetou.com/?utm_medium=089c61b50ff93f7c5ea38975b8be0830af05dd60&utm_campaign=sexy_redirect&1=f0fc7601&cid=pub49f29887f5a041ac8b2fbdbda35381fb&2=36399
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.212.184.146 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash
1808cbd03742155ae89ad7cbd333a87513ab4c2d6b997ac979f383d1bce2bc19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

Referer
https://rezi.turetou.com/?utm_medium=089c61b50ff93f7c5ea38975b8be0830af05dd60&utm_campaign=sexy_redirect&1=f0fc7601&cid=pub49f29887f5a041ac8b2fbdbda35381fb&2=36399
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 25 Apr 2023 20:42:02 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
proc.php
rezi.turetou.com/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rezi.turetou.com/proc.php?2fb87dbc0e95d47c0f2867388e046232b640e2f0
Requested by
Host: rezi.turetou.com
URL: https://rezi.turetou.com/?utm_term=7226090584987926552&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.212.184.146 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

Referer
https://rezi.turetou.com/?utm_term=7226090584987926552&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 25 Apr 2023 20:42:02 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://www.lifetrouhgby.info/?sl=5564926-3eb37&data1=Track1&data2=Track2&tag=M7226090584987926552&website=20961-845b943f-8f35ebcd&placement=20961
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
/
www.lifetrouhgby.info/ 		5 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.lifetrouhgby.info/?sl=5564926-3eb37&data1=Track1&data2=Track2&tag=M7226090584987926552&website=20961-845b943f-8f35ebcd&placement=20961&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
Requested by
Host: rezi.turetou.com
URL: https://rezi.turetou.com/proc.php?2fb87dbc0e95d47c0f2867388e046232b640e2f0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.68.85.158 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://rezi.turetou.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

Accept-CH
Sec-CH-UA-Platform-Version
Cache-Control
no-transform
Connection
keep-alive
Content-Type
text/html
Date
Tue, 25 Apr 2023 20:42:03 GMT
Transfer-Encoding
chunked
a91581ead4
yeah.achelous.mobi/rc/
Redirect Chain
  • https://www.lifetrouhgby.info/?sl=5564926-3eb37&data1=Track1&data2=Track2&tag=M7226090584987926552&website=20961-845b943f-8f35ebcd&placement=20961&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8...
  • https://www.lifetrouhgby.info/?sl=5564926-3eb37&data1=Track1&data2=Track2&tag=M7226090584987926552&website=20961-845b943f-8f35ebcd&placement=20961&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8...
  • https://admoustache.go2affise.com/sl?id=59a83ff913943bff7e8b4571&pid=503&sub1=330001fbd5c0d5f39ea6900aaf320f376562c0425-202304-flb*5564926-3eb37*M7226090584987926552*sl_5564926-3eb37*7a0680273c14c1...
  • https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=49&sub1=330001fbd5c0d5f39ea6900aaf320f376562c0425-202304-flb*5564926-3eb37*M7226090584987926552*sl_5564926-3eb37*7a0680273c14c1a...
  • https://yeah.achelous.mobi/rc/a91581ead4?affclick=64483b1b1b0b600001843049&pubid=49
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://yeah.achelous.mobi/rc/a91581ead4?affclick=64483b1b1b0b600001843049&pubid=49
Requested by
Host: www.lifetrouhgby.info
URL: https://www.lifetrouhgby.info/?sl=5564926-3eb37&data1=Track1&data2=Track2&tag=M7226090584987926552&website=20961-845b943f-8f35ebcd&placement=20961&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e9284443c128ded050f4703934957a06999142b8fe3592cd472e353ef4ab38da

Request headers

Referer
https://www.lifetrouhgby.info/?sl=5564926-3eb37&data1=Track1&data2=Track2&tag=M7226090584987926552&website=20961-845b943f-8f35ebcd&placement=20961&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7bd9690c1a69fe30-HEL
content-encoding
br
content-language
en-us
content-type
text/html; charset=utf-8
date
Tue, 25 Apr 2023 20:42:03 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ix836Gm6%2FlSomJ4uD2HvC6tXOmWsu3aoKOHe84Day%2Be1aoR8lObeDiqZFyrgRqIXAKtryR2z58J2sugUxkwCHW8Zjk8ZU76%2FW9TMdjsP32CrRscV534hYRVdfLFu7e4yjdxVcbVPKcc%2F77woqqk6RMI%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Accept-Language, Cookie

Redirect headers

access-control-allow-origin
*
content-length
0
date
Tue, 25 Apr 2023 20:42:03 GMT
location
https://yeah.achelous.mobi/rc/a91581ead4?affclick=64483b1b1b0b600001843049&pubid=49
referer
referrer-policy
no-referrer
server
nginx
x-adjust-use-original-forwarded-for
1
redirect.css
cdn.addlnk.com/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.addlnk.com/redirect.css
Requested by
Host: yeah.achelous.mobi
URL: https://yeah.achelous.mobi/rc/a91581ead4?affclick=64483b1b1b0b600001843049&pubid=49
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:4a8d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 20:42:03 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
R99JPRDZG6C5H4NP
age
5896
cf-polished
origSize=1680
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
8pBsz/qvsuclmeulxva7rY4sEgwFqGw+Epo8J8lDeZYgX4AzPqTqrpvNYAM6yQX6z3iP8EjoTiI=
cf-bgj
minify
last-modified
Wed, 13 Mar 2019 00:03:12 GMT
server
cloudflare
etag
W/"3ae56d32551602b41f9046c14d1cfde2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M96BMN3WKMiUoHRW%2Fm3tq%2BchnnAull7Mtovx4gaO5VCcjQ5bgAxg5ikhFAH354NdznldCrK2CDyRAu%2FE1261dbubuzkBHsxoQp%2B%2FUN5AXLYc9loFdrjZSkUL5bOhwsV2urjLQiLUOftaSUAwnA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cf-ray
7bd9690d0a23d91e-HEL
v52afc6f149f6479b8c77fa569edb01181681764108816
static.cloudflareinsights.com/beacon.min.js/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816
Requested by
Host: yeah.achelous.mobi
URL: https://yeah.achelous.mobi/rc/a91581ead4?affclick=64483b1b1b0b600001843049&pubid=49
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b

Request headers

Referer
Origin
https://yeah.achelous.mobi
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 20:42:03 GMT
content-encoding
gzip
last-modified
Mon, 17 Apr 2023 20:41:48 GMT
server
cloudflare
etag
W/2023.4.2
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
7bd9690d0809d926-HEL
rum
yeah.achelous.mobi/cdn-cgi/ 		0
143 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://yeah.achelous.mobi/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
content-type
application/json

Response headers

date
Tue, 25 Apr 2023 20:42:03 GMT
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://yeah.achelous.mobi
x-frame-options
DENY
access-control-allow-credentials
true
cf-ray
7bd9690d8c96fe30-HEL
Primary Request /
mayfill.com/
Redirect Chain
  • https://c.adups.app/36399?click=pubfde01b94b3454a72879d530d34c2b242&pubid=81b90edf
  • https://mayfill.com/?utm_source=Xsparrow&utm_medium=Extra&utm_campaign=Test_1
45 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://mayfill.com/?utm_source=Xsparrow&utm_medium=Extra&utm_campaign=Test_1
Requested by
Host: yeah.achelous.mobi
URL: https://yeah.achelous.mobi/rc/a91581ead4?affclick=64483b1b1b0b600001843049&pubid=49
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
64.227.178.168 -, , ASN (),
Reverse DNS
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash

Request headers

Referer
https://yeah.achelous.mobi/rc/a91581ead4?affclick=64483b1b1b0b600001843049&pubid=49
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Tue, 25 Apr 2023 20:42:04 GMT
Keep-Alive
timeout=5, max=100
Last-Modified
Sun, 02 Apr 2023 06:40:05 GMT
Server
Apache/2.4.41 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding

Redirect headers

cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-length
212
content-type
text/html; charset=utf-8
date
Tue, 25 Apr 2023 20:42:03 GMT
expires
0
location
https://mayfill.com?utm_source=Xsparrow&utm_medium=Extra&utm_campaign=Test_1
pragma
no-cache
surrogate-control
no-store
vary
Accept, Accept-Encoding
x-powered-by
Express
rum
yeah.achelous.mobi/cdn-cgi/ 		0
0
css
fonts.googleapis.com/ 		0
0
classic-themes.min.css
mayfill.com/wp-includes/css/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
yeah.achelous.mobi
URL
https://yeah.achelous.mobi/cdn-cgi/rum?
Domain
yeah.achelous.mobi
URL
https://yeah.achelous.mobi/cdn-cgi/rum?
Domain
fonts.googleapis.com
URL
https://fonts.googleapis.com/css?family=Oswald%3A400%7CRoboto%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7COpen%20Sans%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%26amp%3Bsubset%3Dlatin%2Ccyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext%7CAudiowide%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CUbuntu%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%26amp%3Bsubset%3Dlatin%2Ccyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext%7CInter%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CMontserrat%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CAudiowide%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=swap
Domain
mayfill.com
URL
https://mayfill.com/wp-includes/css/classic-themes.min.css?ver=6.2

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

7 Cookies

Domain/Path Name / Value
www2.redirectmaster.com/ Name: u
Value: 4fc9a8ed9709d95e684c3761b99d9580
www2.redirectmaster.com/ Name: split
Value: b
b191f85c.myofferplus.com/ Name: AWSALB
Value: LoRZerwUHkys32TtJl2qibPkUcEnjTL0Us8yVcmws+GXpa95jGCYx0RQjicktQitr5Hx3VvTiboDTKTYOynmbr+iKRbCArU8+m8DpLNJShKOazbmPFRASAWlPPy6
rezi.turetou.com/ Name: u
Value: e18b8b80a43a1ab3d6ad3af468a29471
rezi.turetou.com/ Name: split
Value: a
admoustache.media-412.com/ Name: afclick
Value: 64483b1b1b0b600001843049
yeah.achelous.mobi/ Name: AWSALB
Value: NUDdcsjl5+xKpHFj/UCJQGHpOOk5E2OlkGDixYpjLHapuW/9YUV7BfoZ5UpreirL+JhoUTgqtVejAjoIeWZP10VYzvnfRbCltC6M4U6RN4O9/X58v4r0jhw+fOnc

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

admoustache.go2affise.com
admoustache.media-412.com
b191f85c.myofferplus.com
c.adups.app
cdn.addlnk.com
fonts.googleapis.com
mayfill.com
officialncnews.com
onlynews.usncnews.site
polo.thegadgetguru.club
rezi.turetou.com
static.cloudflareinsights.com
www.lifetrouhgby.info
www.turbotrck.art
www2.redirectmaster.com
yeah.achelous.mobi
fonts.googleapis.com
mayfill.com
yeah.achelous.mobi
142.93.150.145
174.138.122.163
2606:4700:3030::6815:4a8d
2606:4700::6810:3865
2a00:1450:4001:82b::200a
2a02:4780:b:658:0:28e4:e794:6
2a06:98c1:3120::3
2a06:98c1:3121::3
34.147.1.177
34.90.46.36
51.68.85.158
64.227.178.168
64.227.23.114
67.212.173.77
67.212.184.146
0bfa82d5587480be027ac8c96cccd9302e59a0868ea7e952fa1656388fa2761c
13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b
1808cbd03742155ae89ad7cbd333a87513ab4c2d6b997ac979f383d1bce2bc19
22de361e31bec450eaa151c54f51a0e8bcbafae957f45bb3a091e4ffec28b18a
34b2f3f0269b70ad66739fa47ec82d2e41bfeb443b26e3fd250ad6ec8c87c0d1
36519694df37d9aa5dc67942ccb5ad6901d6fba192647bca85d2b333e047afcf
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1
8476489ef014cc971dffdf5eb093b64e8495736f53bc36416c06d56f72121c6c
85a8ac26c1c67cba683166f1e6f92c83e89e97a6896c4e13dee61e0e2a764ef6
8e2d98f9d673f4bc37cf18f28052654bad167977d8c941f17348d560a00a5955
96f2da12c025e217eabfa01ae7ccbc6d77b593da8795b4a266d35280d89215d9
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
e212ec2b294bfae67dcddd889f27749ae9c12437a7080b9caec6260d58ca6b56
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9284443c128ded050f4703934957a06999142b8fe3592cd472e353ef4ab38da
ebe7ca92798a80ee3516d17438808e74d015f344c1b3c6cc2d2c6113a69057f2
f4c6fa45936c20be3465ff69e94f87cda7ed0ef768c3b2be4ea13c307b34e1db