urlscan.io logo urlscan.io
SecurityTrails logo

get.thesafersearch.com Open in urlscan Pro
2606:4700:3037::6815:4966  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://nordaccountt.com/
Effective URL: https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=norda...
Submission: On March 30 via manual from DE — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 7 domains to perform 21 HTTP transactions. The main IP is 2606:4700:3037::6815:4966, located in United States and belongs to CLOUDFLARENET, US. The main domain is get.thesafersearch.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 11th 2022. Valid for: a year.
This is the only time get.thesafersearch.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 108.59.12.98 30633 (LEASEWEB-...)
1 2 192.99.158.241 16276 (OVH)
1 1 52.116.53.152 36351 (SOFTLAYER)
15 2606:4700:303... 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
21 6
2    108.59.12.98 (United States)

ASN30633 (LEASEWEB-USA-WDC, US)
nordaccountt.com
2    192.99.158.241 (Canada)

ASN16276 (OVH, FR)
PTR: ip241.ip-192-99-158.net
btpnative.com
1    52.116.53.152 (United States)

ASN36351 (SOFTLAYER, US)
PTR: 98.35.7434.ip4.static.sl-reverse.com
mevarabon.com
15    2606:4700:3037::6815:4966 (United States)

ASN13335 (CLOUDFLARENET, US)
get.thesafersearch.com
1    2607:f8b0:4006:822::200a (Nutley, United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2607:f8b0:4006:81f::2003 (Nutley, United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
15 thesafersearch.com
get.thesafersearch.com
197 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 220
82 KB
2 btpnative.com
btpnative.com — Cisco Umbrella Rank: 340648
7 KB
2 nordaccountt.com
nordaccountt.com
1 KB
1 gstatic.com
fonts.gstatic.com
126 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 47
731 B
1 mevarabon.com
mevarabon.com — Cisco Umbrella Rank: 349612
359 B
21 7
Domain Requested by
15 get.thesafersearch.com get.thesafersearch.com
2 cdnjs.cloudflare.com get.thesafersearch.com
cdnjs.cloudflare.com
2 btpnative.com 1 redirects nordaccountt.com
2 nordaccountt.com 1 redirects
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com get.thesafersearch.com
1 mevarabon.com 1 redirects
21 7

This site contains links to these domains. Also see Links.

Domain
survey.zohopublic.com
terms.thesafersearch.com
Subject Issuer Validity Valid
*.nordaccountt.com
R3		 2023-03-29 -
2023-06-27		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-05-11 -
2023-05-11		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-03-06 -
2023-05-29		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-03-06 -
2023-05-29		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
Frame ID: F92D2CC0832DB3239406F902C411FEFB
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Continue...

Page URL History Show full URLs

  1. https://nordaccountt.com/ Page URL
  2. https://nordaccountt.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MT... HTTP 302
    http://btpnative.com/click?data=MkRUMWZyWWFQeXdWdzBYTkoxNU5xeXM5eG4wSTZRVEhBb25iZFpSckFtVEoxVTNXa... Page URL
  3. http://btpnative.com/Redirect/ HTTP 302
    https://mevarabon.com/aS/feedclick?s=R40UBoveGXfR8bvtrRSPgbYUp7aBBDBgfSMU3tyux_yariJ-ra6Umbvp2Hunf... HTTP 302
    https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxy... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

21
Requests

95 %
HTTPS

57 %
IPv6

7
Domains

7
Subdomains

6
IPs

2
Countries

412 kB
Transfer

743 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://nordaccountt.com/ Page URL
  2. https://nordaccountt.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY4MDE4MTU4OSwiaWF0IjoxNjgwMTc0Mzg5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydDhpcmQ0YWYyaWthMmVnbTQwNjJoZTkiLCJuYmYiOjE2ODAxNzQzODksInRzIjoxNjgwMTc0Mzg5NDI2MzgzfQ.bKSJ4iPLHxos1yzEmEz2I2HIU5Lj5BtQ934LenT_3Qk&sid=ebecf7fe-ceea-11ed-adf8-42533ea46478 HTTP 302
    http://btpnative.com/click?data=MkRUMWZyWWFQeXdWdzBYTkoxNU5xeXM5eG4wSTZRVEhBb25iZFpSckFtVEoxVTNXaVNNU2x5bk9RV29Rd185ZzFxWF9KZjFkZEROYjRtT0tETV8zZzkzckJtYXAyVzItbUZnZnJGWFRrSlN5OFROaEo5VFlGZ08zRDBHYU15aG5saVJteEdGcHl2dXBrbHFObThrQkRRMg2&id=b9fc2b48-ad7a-4d96-b308-926f56be0c4c Page URL
  3. http://btpnative.com/Redirect/ HTTP 302
    https://mevarabon.com/aS/feedclick?s=R40UBoveGXfR8bvtrRSPgbYUp7aBBDBgfSMU3tyux_yariJ-ra6Umbvp2HunfmJ7HPSltSyn7JLOO_4C8lwdTBGlHuwO5-Of4j5Sh8kD3GZvkvgQ54hqeOLpAfJV4Cl65RRnaodKi7SNZWH4y33sSt6hPnjD2RiVQjoRVYiQUu-RGM2W9AuMXxtlMnOH8q7TzGsIh3aY0iQ6w7ilKQCN5hIHx6YBcpUwpXMAENfKfZ9xPSTZZdNv0eSzsLgJpyoFkTG2XhbGdXAtJ0DO-FWF13PTDjO9htCyXLWhQXl7HXMFzHqF-YZuHhDkoNaM_UaA_Oci6M_2GnTtXrmjwZglF3Rlnrh9XJPNmbP7NkgsL3Emi_nIUEBSWLRCYJ1e2VWezD50shh_bCB5ItPnXh2S7hJu50rmQFIbSVGe-3pt9E3zEHAm6Vt1NxehD5dm-1DCR3prQOfp40mLNgrB5e6Mb4nsmcyzsRpYPMkT_pfZOLh04Bp2cbLc2aITMG6Y5C3AevSLSejahJb7lLoCH5dQ7hPV9wGELAqQBJ96XZxkqEKR0wOys_X6PeJip01C8trXkIE3rD_YYcRg0R1huLlliKTEOj30cz8ZHWldkt0z7OHSrsNLB5Czz_u2YK7QUauuON-4B6IyEf2LT0OceZD9hQ19bfMkOyzDuMrukBsotqn5qUvVLW1MfWGKtkyD3Tx4m1hl8_Ug5AeSNJKVWJKrO4Y1JvyxuZU1v_NyYuYuE_LgvaWDR6iNUXkn35VXPoA7T1j93BkXyM_OnjLr9hEoSEwqYWsZbBsAsqbd-9dheCkZf3ZiamJ8z7365vpnKUeYoyEOp_uQSubrpYTF8xFxt_mpS9UtbUx9bU1gmGsb8DadVYOqUxnzpYC7K2dvK-XbgZaLPTypAJos3FREMfAIbHnaMzr4fK_SU6exezgffDMJBScqF6b-dyxyhmrKzq97D9nqesyeHg67me1ACOr56N0Azp-j8QGh HTTP 302
    https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://nordaccountt.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY4MDE4MTU4OSwiaWF0IjoxNjgwMTc0Mzg5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydDhpcmQ0YWYyaWthMmVnbTQwNjJoZTkiLCJuYmYiOjE2ODAxNzQzODksInRzIjoxNjgwMTc0Mzg5NDI2MzgzfQ.bKSJ4iPLHxos1yzEmEz2I2HIU5Lj5BtQ934LenT_3Qk&sid=ebecf7fe-ceea-11ed-adf8-42533ea46478 HTTP 302
  • http://btpnative.com/click?data=MkRUMWZyWWFQeXdWdzBYTkoxNU5xeXM5eG4wSTZRVEhBb25iZFpSckFtVEoxVTNXaVNNU2x5bk9RV29Rd185ZzFxWF9KZjFkZEROYjRtT0tETV8zZzkzckJtYXAyVzItbUZnZnJGWFRrSlN5OFROaEo5VFlGZ08zRDBHYU15aG5saVJteEdGcHl2dXBrbHFObThrQkRRMg2&id=b9fc2b48-ad7a-4d96-b308-926f56be0c4c

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
nordaccountt.com/ 		478 B
759 B 		Document
General
Check archive.org
Download Go to
Full URL
https://nordaccountt.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.59.12.98 , United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
Cowboy /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
accept-language
en-US,en;q=0.9

Response headers

accept-ch
Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control
max-age=0, private, must-revalidate
content-length
478
content-type
text/html; charset=utf-8
date
Thu, 30 Mar 2023 11:06:28 GMT
server
Cowboy
click
btpnative.com/
Redirect Chain
  • https://nordaccountt.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY4MDE4MTU4OSwiaWF0IjoxNjgwMTc0Mzg5LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydDhpcmQ0YWYyaWthMmVnbT...
  • http://btpnative.com/click?data=MkRUMWZyWWFQeXdWdzBYTkoxNU5xeXM5eG4wSTZRVEhBb25iZFpSckFtVEoxVTNXaVNNU2x5bk9RV29Rd185ZzFxWF9KZjFkZEROYjRtT0tETV8zZzkzckJtYXAyVzItbUZnZnJGWFRrSlN5OFROaEo5VFlGZ08zRDBHY...
5 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://btpnative.com/click?data=MkRUMWZyWWFQeXdWdzBYTkoxNU5xeXM5eG4wSTZRVEhBb25iZFpSckFtVEoxVTNXaVNNU2x5bk9RV29Rd185ZzFxWF9KZjFkZEROYjRtT0tETV8zZzkzckJtYXAyVzItbUZnZnJGWFRrSlN5OFROaEo5VFlGZ08zRDBHYU15aG5saVJteEdGcHl2dXBrbHFObThrQkRRMg2&id=b9fc2b48-ad7a-4d96-b308-926f56be0c4c
Requested by
Host: nordaccountt.com
URL: https://nordaccountt.com/
Protocol
HTTP/1.1
Server
192.99.158.241 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ip241.ip-192-99-158.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e17ffc0e720ba1b2aab52fdad2ba742ea7d531e01a2286cd16c88f7c25f7d9b2

Request headers

Referer
https://nordaccountt.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
accept-language
en-US,en;q=0.9

Response headers

Access-Control-Allow-Headers
Content-Type
Access-Control-Allow-Origin
*
Cache-Control
private
Content-Length
5470
Content-Type
text/html; charset=utf-8
Date
Thu, 30 Mar 2023 11:06:29 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-AspNetMvc-Version
5.2
X-Powered-By
ASP.NET

Redirect headers

cache-control
max-age=0, private, must-revalidate
content-length
11
date
Thu, 30 Mar 2023 11:06:29 GMT
location
http://btpnative.com/click?data=MkRUMWZyWWFQeXdWdzBYTkoxNU5xeXM5eG4wSTZRVEhBb25iZFpSckFtVEoxVTNXaVNNU2x5bk9RV29Rd185ZzFxWF9KZjFkZEROYjRtT0tETV8zZzkzckJtYXAyVzItbUZnZnJGWFRrSlN5OFROaEo5VFlGZ08zRDBHYU15aG5saVJteEdGcHl2dXBrbHFObThrQkRRMg2&id=b9fc2b48-ad7a-4d96-b308-926f56be0c4c
server
Cowboy
Primary Request offer
get.thesafersearch.com/
Redirect Chain
  • http://btpnative.com/Redirect/
  • https://mevarabon.com/aS/feedclick?s=R40UBoveGXfR8bvtrRSPgbYUp7aBBDBgfSMU3tyux_yariJ-ra6Umbvp2HunfmJ7HPSltSyn7JLOO_4C8lwdTBGlHuwO5-Of4j5Sh8kD3GZvkvgQ54hqeOLpAfJV4Cl65RRnaodKi7SNZWH4y33sSt6hPnjD2RiV...
  • https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
73 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4966 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
a1fa4e1af1f37caf8fb9fd3c9a5f8ffdf9353fef407e65673e31f300f6d3507d

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
http://btpnative.com
Referer
http://btpnative.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7affe2375e84b3bf-MIA
content-encoding
br
content-type
text/html; charset=utf-8
date
Thu, 30 Mar 2023 11:06:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mz1HPPreQ1VASyx0kLXv7Axi28og0zMGlAewTKgW%2FOtKGEm2shtKStNYg5QDiDDrRNTN9YVEOban9dy0FmoJsemTFvWLWg0aNwJinERUgYjyFi%2FNmXkGk%2BLNYpMHS7NclJKaohfX0wnh%2FxDT6TyvfgfRNwiC"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
via
1.1 google
x-powered-by
Express

Redirect headers

content-length
0
date
Thu, 30 Mar 2023 11:06:30 GMT
location
https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
server
nginx
jquery-3.3.1.min.js
get.thesafersearch.com/public/assets/jquery/ 		85 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://get.thesafersearch.com/public/assets/jquery/jquery-3.3.1.min.js
Requested by
Host: get.thesafersearch.com
URL: https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4966 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

accept-language
en-US,en;q=0.9
Referer
https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date
Thu, 30 Mar 2023 11:06:31 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
72572
x-powered-by
Express
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 28 Mar 2023 17:56:09 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9UZKKICRJuZMukOAjp31ghXPtlxAyO%2Bs%2FiuxleGgNe0nfZXo0nRpCbDCNpQ9ybUqjdrDPXO50dJm20PUlG0mXQyHp%2B8FWLYMlUWMove%2F2fzkNns8wDE8frj2amyqERGDsyhA5%2F%2Fdmx2%2FlLN1xoh8KATjwsCe"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
s-maxage
86400
cache-control
public, max-age=86400
cf-ray
7affe239a8d1b3bf-MIA
expires
Thu, 30 Mar 2023 08:13:47 GMT
slickModal.min.css
get.thesafersearch.com/public/assets/slick-modal/ 		19 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://get.thesafersearch.com/public/assets/slick-modal/slickModal.min.css
Requested by
Host: get.thesafersearch.com
URL: https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4966 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
3475f0f670a303d4746c51e9c6f4a6c3d0f44c6ba3d30c5195ea9eb38333c56a

Request headers

accept-language
en-US,en;q=0.9
Referer
https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date
Thu, 30 Mar 2023 11:06:31 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
72572
x-powered-by
Express
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 28 Mar 2023 17:56:09 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aHwok33ph1qC5qwekKKwD0KwvUAZybM9nj5r8A4GuzkPayj7GkDfW440l7abNR%2BT8O7f2N%2BsE%2BQZuRgSXQ4MmH2Ssj1%2FI0QCwICj0qsSuu0EI%2BTLhffOBT5MqiYRsyX94rBHFXqc6sqswaoCWMwXoddaeMy1"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
s-maxage
86400
cache-control
public, max-age=86400
cf-ray
7affe239a8d3b3bf-MIA
expires
Thu, 30 Mar 2023 08:13:47 GMT
slickModal.min.js
get.thesafersearch.com/public/assets/slick-modal/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://get.thesafersearch.com/public/assets/slick-modal/slickModal.min.js
Requested by
Host: get.thesafersearch.com
URL: https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4966 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
ae32741ea1b43fb7ecc130ab025e51d89bfde3e1fbc74fd813e2b3f5406a6fdc

Request headers

accept-language
en-US,en;q=0.9
Referer
https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date
Thu, 30 Mar 2023 11:06:31 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
72572
x-powered-by
Express
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 28 Mar 2023 17:56:09 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=24DnhNKlr%2FpIOGQJzxiB2mFLDdIsUrPHpBaL%2BH6zXrDS6aDOyrMQyRw8z5Is0OulnLhGZimW3VwW2HwKPd2WiPdD3wI0LfX%2FFNxjUisvyfr6jG2hcbxn8QOLneLBZ2FXRqxsTnU8YZVXd1X9%2BGnAPp44%2F98w"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
s-maxage
86400
cache-control
public, max-age=86400
cf-ray
7affe239a8d4b3bf-MIA
expires
Thu, 30 Mar 2023 08:13:47 GMT
info.png
get.thesafersearch.com/public/images/ 		655 B
1009 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://get.thesafersearch.com/public/images/info.png
Requested by
Host: get.thesafersearch.com
URL: https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4966 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
55d9d30ea1887c21d5ea8a2edbbdddb3c837604dbb8e3d1e1cc13bdf100482d9

Request headers

accept-language
en-US,en;q=0.9
Referer
https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date
Thu, 30 Mar 2023 11:06:31 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
72572
x-powered-by
Express
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
655
last-modified
Tue, 28 Mar 2023 17:56:09 GMT
server
cloudflare
etag
3.0.87
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LCx2I5OtK3BLULW1nG9bq4ow%2FFrA9AYMyiva%2FMFZpm14mDBI%2BMV2NEJ%2B1bh5fbh33yTAdzY4yn407tpZubWflACMGwzLEw1g%2FJOLiX0rAZlLXzDIR2GX8nGp%2BOm06Sj252SA7sTA6KynMF9bStInDCLSogyW"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
s-maxage
86400
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
7affe23a194cb3bf-MIA
expires
Thu, 30 Mar 2023 08:13:47 GMT
hand.png
get.thesafersearch.com/public/components/587/imgs/ 		30 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://get.thesafersearch.com/public/components/587/imgs/hand.png
Requested by
Host: get.thesafersearch.com
URL: https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4966 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
513c14724a25ceaac61a313b74bf5b6a1eba3dbcb7d965f0795a4411627d2f32

Request headers

accept-language
en-US,en;q=0.9
Referer
https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date
Thu, 30 Mar 2023 11:06:31 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
72572
x-powered-by
Express
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
31058
last-modified
Tue, 28 Mar 2023 17:56:09 GMT
server
cloudflare
etag
3.0.87
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dlVbWhfXxwj7PNCg8PwsTPio6NrGBndHtd8LDGo6327891Q1mzaEUfbMHQCuaBb5NTu3ZCP6FTgAbqMWmOfQd4yyZUSl64uie4%2FNJS7jOg2y2C3%2FJ5O4gt6CG%2FcEgPX6ng%2F1fdt%2BD1Z42jDT8eSvWuocFuCG"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
s-maxage
86400
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
7affe23a194db3bf-MIA
expires
Thu, 30 Mar 2023 08:13:47 GMT
ff-add-ons.png
get.thesafersearch.com/public/components/587/imgs/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://get.thesafersearch.com/public/components/587/imgs/ff-add-ons.png
Requested by
Host: get.thesafersearch.com
URL: https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4966 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
7c88868756aa55017d33d5481f62f33f22ca1f09425f34efb4f76dea7c5a40f4

Request headers

accept-language
en-US,en;q=0.9
Referer
https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date
Thu, 30 Mar 2023 11:06:31 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
72572
x-powered-by
Express
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
29607
last-modified
Tue, 28 Mar 2023 17:56:09 GMT
server
cloudflare
etag
3.0.87
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w06hRUPp%2Fo2CY4pcWji9wE6H%2F714x548bsqMavznNJ%2FG79QZnTEOnSXhGq0jf1PDzxfkhmwSFgHZOUWhxIYApyi%2FvFGJaXK%2Bbs2kPRmriNV1KsCJUuc2fs9dcQ9btE%2Fn4SOPCG5VStGvXAHD1gkAMbZDtlEN"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
s-maxage
86400
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
7affe23a194eb3bf-MIA
expires
Thu, 30 Mar 2023 08:13:47 GMT
hint2.png
get.thesafersearch.com/public/components/587/imgs/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://get.thesafersearch.com/public/components/587/imgs/hint2.png
Requested by
Host: get.thesafersearch.com
URL: https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4966 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
76d3daab2ad84de7af016b058d7f6b6547553d0dc3c9da400d60354b361b8450

Request headers

accept-language
en-US,en;q=0.9
Referer
https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date
Thu, 30 Mar 2023 11:06:31 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
72572
x-powered-by
Express
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
20419
last-modified
Tue, 28 Mar 2023 17:56:09 GMT
server
cloudflare
etag
3.0.87
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TE34AmZbbLfVUzNgjIMwJ8e2vt5JnC42TdiJgPY89hKdDlZiKDLxiyDFjZ9yXY9RnAymjehLJeeyMRfRGbW4oHJHAUA743jaeR4wtVpXhOBmJD5B7m9Z7so6iehoXZVad1J7yz4A8sDBE0L2GOy2r8tNYjHT"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
s-maxage
86400
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
7affe23a194fb3bf-MIA
expires
Thu, 30 Mar 2023 08:13:47 GMT
icon
fonts.googleapis.com/ 		565 B
731 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: get.thesafersearch.com
URL: https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::200a Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3bc9eb45e54675f062678c8f05798879ca1a6419f6dd3079279d25d3726fc076
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://get.thesafersearch.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

strict-transport-security
max-age=31536000
date
Thu, 30 Mar 2023 11:06:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 30 Mar 2023 11:06:31 GMT
materialize.min.css
cdnjs.cloudflare.com/ajax/libs/materialize/0.99.0/css/ 		128 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/materialize/0.99.0/css/materialize.min.css
Requested by
Host: get.thesafersearch.com
URL: https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a225638dde45ba8b7d7ff7e0c07e480418ec380ed30dd71f48ae48d84674cccc
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://get.thesafersearch.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date
Thu, 30 Mar 2023 11:06:31 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
26550665
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
17541
last-modified
Mon, 04 May 2020 16:12:46 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03efe-20198"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xoZRk9fCEq%2B1y8JEzF8gW3KX1sbnsWhAkkrCUun%2BJTUa1bx6Pbpe0zKe5M6ouyHwZSVKW67B0A8nWbIy3ZpXnPvo1WtnoAjf9IMYvkVhM9ubaoQxvyPllbxb8Iaek%2BGySompI7J%2F5Ja0yrkz3l%2F%2Bf%2Btx"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7affe23a7f798db8-MIA
expires
Tue, 19 Mar 2024 11:06:31 GMT
style.css
get.thesafersearch.com/public/lps/privateSearch/dm.seccheck.improved/css/ 		10 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://get.thesafersearch.com/public/lps/privateSearch/dm.seccheck.improved/css/style.css
Requested by
Host: get.thesafersearch.com
URL: https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4966 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
541d0df7ca999bdc78caa39fbad3ae128e776d6f73ddc5df29eee1c0251138ab

Request headers

accept-language
en-US,en;q=0.9
Referer
https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date
Thu, 30 Mar 2023 11:06:31 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
72572
x-powered-by
Express
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 28 Mar 2023 17:56:09 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FAsqFPOrxtG1txBkfJa4JHO77zc2haoyaZsRaLI27ZJwmVnn6F0g6HohoJu%2BFGl4cEPGMlJDd%2FlOZBocldISwrhOIub%2FOtmj2PrebiasJhsemwE%2BHGFU1EpVxzk9LXzUOCXCpE8F15sj0uJ5euCMkSRMXs%2Bd"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
s-maxage
86400
cache-control
public, max-age=86400
cf-ray
7affe23a194bb3bf-MIA
expires
Thu, 30 Mar 2023 08:13:47 GMT
Firefox.png
get.thesafersearch.com/public/lps/privateSearch/dm.seccheck.improved/imgs/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://get.thesafersearch.com/public/lps/privateSearch/dm.seccheck.improved/imgs/Firefox.png
Requested by
Host: get.thesafersearch.com
URL: https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4966 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
19045f6a5cd21b467ae1b1346526d2316ab713246656943f979af7b4dac98add

Request headers

accept-language
en-US,en;q=0.9
Referer
https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date
Thu, 30 Mar 2023 11:06:31 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
72572
x-powered-by
Express
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
12970
last-modified
Tue, 28 Mar 2023 17:56:09 GMT
server
cloudflare
etag
3.0.87
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eBSTf7fl%2FZpYHKoHgj3V7mSibNFDBSJowEzWp6FeSgrHRrABiSynu%2BSAFqlAFaQlu9%2F2xL3S3DDv6FYC9y5X7J05pFaARNQi3YVBODZ1b%2BExT7y82kDvYqioM955MH4RyxEMI5NJiM7G4bOwEHaT0sE4PjkM"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
s-maxage
86400
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
7affe23a1950b3bf-MIA
expires
Thu, 30 Mar 2023 08:13:47 GMT
bundle.min.js
get.thesafersearch.com/public/ 		116 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://get.thesafersearch.com/public/bundle.min.js?t=1680174391072
Requested by
Host: get.thesafersearch.com
URL: https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4966 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
aff00fb35412d948bff1153ae36bc8d3dc18689a10f380fa624850098da42355

Request headers

Referer
https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
Origin
https://get.thesafersearch.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date
Thu, 30 Mar 2023 11:06:31 GMT
via
1.1 google
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 28 Mar 2023 17:56:09 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QcxRYMMQdQvV%2BS%2Fe3neFQbDMq2qPRwU8SdUOfodW1iXCx4UluaiTAaPxnegQsot2BNCI4h8Lfm96wLEeqcuPDCHcW31vucV0rbgu2fOj1gINSq8DhH2B1s%2B%2BGMdkxW0NdaOoUCnjDN0v2J4aQa2%2BZmHJkrLv"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
s-maxage
86400
cache-control
public, max-age=86400
cf-ray
7affe23b6ab6b3bf-MIA
expires
Fri, 31 Mar 2023 04:23:19 GMT
page.png
get.thesafersearch.com/public/lps/privateSearch/dm.seccheck.improved/imgs/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://get.thesafersearch.com/public/lps/privateSearch/dm.seccheck.improved/imgs/page.png
Requested by
Host: get.thesafersearch.com
URL: https://get.thesafersearch.com/public/lps/privateSearch/dm.seccheck.improved/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4966 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
65460f10b9f2022ad931fe2b97a99d5845adf2d69ffb691a999fd9b7173be323

Request headers

accept-language
en-US,en;q=0.9
Referer
https://get.thesafersearch.com/public/lps/privateSearch/dm.seccheck.improved/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date
Thu, 30 Mar 2023 11:06:31 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
72572
x-powered-by
Express
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
12577
last-modified
Tue, 28 Mar 2023 17:56:09 GMT
server
cloudflare
etag
3.0.87
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eoNmjBqE5L%2B4YiOYcA%2FG1kDRqQTbd3eT1x0oMfM1zMU4XdP%2BxvKirJTtVD5es1Jia4u7elIowC1xMZYor3d%2B0wWx9Cg0tH4nQkAVCXYS5DkWZnrCRdNy25g1GPGi9vs5vUnH8Qj%2FBv0tfwWXd53gKrmkL4FQ"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
s-maxage
86400
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
7affe23c7bbab3bf-MIA
expires
Thu, 30 Mar 2023 08:13:47 GMT
Roboto-Regular.woff2
cdnjs.cloudflare.com/ajax/libs/materialize/0.99.0/fonts/roboto/ 		63 KB
64 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/materialize/0.99.0/fonts/roboto/Roboto-Regular.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/materialize/0.99.0/css/materialize.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d54ffd1f9a406d1b947fe4f29dc8f1a693fc3543d92bab830cc90543f46c118
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/materialize/0.99.0/css/materialize.min.css
Origin
https://get.thesafersearch.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date
Thu, 30 Mar 2023 11:06:31 GMT
strict-transport-security
max-age=15780000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
608570
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
64832
last-modified
Mon, 04 May 2020 16:12:46 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03efe-fd40"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0v0V1gAEaAR3qd2NNQFwBCp%2Bro5rRqvEBFZHMuA9bZzJC7i1SLRI%2BhsVu5T8PlUOpKm0Gwb7YOLNuRercWoss6MTOAxDUXFYJx7xLvFExM7oQAc7An5%2B40pS9SLpKuhw4oFENC%2F%2FUMRrPwqVvq%2F5n7eR"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7affe23cba228df1-MIA
expires
Tue, 19 Mar 2024 11:06:31 GMT
flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v140/ 		125 KB
126 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/icon?family=Material+Icons
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2003 Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://get.thesafersearch.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date
Thu, 30 Mar 2023 10:14:03 GMT
x-content-type-options
nosniff
age
3148
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
128352
x-xss-protection
0
last-modified
Tue, 07 Mar 2023 19:51:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 29 Mar 2024 10:14:03 GMT
inc
get.thesafersearch.com/event/ 		2 B
345 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://get.thesafersearch.com/event/inc?reportParams=%22xa2CeSAVfwEA3zBXlr8Bifp5mZf75BmEJC6cBxRM0alGkY5mUjlWhWDu2AZaObTKrF%2BQByXKwWdWEJs8c2ZyrX7bD26KtJi8JvQcN8UulYOMwKIewUITDN1gCynmMY%2B9uQMKJqyvC0pn3yUUxuffGXzDhp%2BVayvebGYxj8gz8oDokK1NbxeG08iBRas88YzljKgc%2FuUZhqf%2BAeJk%2FgqiZpBHBpAYfavtvsxwqwEYO78VNgjF0roOUPhJWjvlHKSXDC65XZOZIOoZIphO%2F5M4U%2Baph81R7ow0NTzRt62q9CK0ccClWyJKLKJyYLVgnBJ0Tv2NUTx9TRmZ1joE02BA4QXRWiggSkiJzcLvOq%2FOEcMyvUhmXNnstcAnAWT%2BBVsVc24cPy2oid5EBBa2E9wS8oOEmMZkyRLol8c2LoIedBAXxgGiSCStzG7%2BWZgj%2Bl%2BElr%2B%2BezzX53XFiI389D7soZc7GvqOJnrDTg02SZeb4qPKxSJWb0E4Yz2xnwp7U2rUH%2B5IwQoOTruhJup84vAVGlQ%2B28co5uYAC953vAzDMpDwRCk7ni9FMHQ7FuUT1Ojo32TFCn43M8JOUq5zxzXRrrcg2o8LxzX49RYteIrnOmsjzDqZAU7X38QxLBK6C7joTW%2BqaVZYxAow1%2Frarfpt94U9Nd71W%2BUi5nr%2FqXEHXsy0d8az%2B6%2BnNEz7nequC2mprrf1DxTvYrO%2FlSEWJXomyiHvHwzbgCIKfYLsqA0p9%2FLkt8PixqygQkv4DqG%2FFQdQFAeDiBFszvEfd6SqcowqUnkA%2F9c22jM71KjCxopEbrwZf6CEXmTPbQymyZDZeN6jd5DPQ4je5az1ejFOOrPqjHLDGsvAhK4xmFc9Y6H4145Dsg%2BUkhMnjMLG2tgq34NsYVEp%2FOAq0Xrgpj5Wc1be4g%3D%3D%22&extraData=%7B%22inc%22%3Afalse%7D
Requested by
Host: get.thesafersearch.com
URL: https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4966 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date
Thu, 30 Mar 2023 11:06:31 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A4QInecQ7xXhoNFZdbhxjaBSbwqCPnN07Svn2GdPmGoVQlyondlRVxqxa2vIHs7pwHDJqUYvtPWNJFwcXaQ0wFSDD%2BHRgJ1mp92c95dpe%2BIsQhxw44NykLEZRcpnGSgy3ZiyKoBr89IEh75WNv7FbHeS2ncr"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=utf-8
cf-ray
7affe23c8bcbb3bf-MIA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2
pageload
get.thesafersearch.com/event/ 		2 B
286 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://get.thesafersearch.com/event/pageload?reportParams=%22xa2CeSAVfwEA3zBXlr8Bifp5mZf75BmEJC6cBxRM0alGkY5mUjlWhWDu2AZaObTKrF%2BQByXKwWdWEJs8c2ZyrX7bD26KtJi8JvQcN8UulYOMwKIewUITDN1gCynmMY%2B9uQMKJqyvC0pn3yUUxuffGXzDhp%2BVayvebGYxj8gz8oDokK1NbxeG08iBRas88YzljKgc%2FuUZhqf%2BAeJk%2FgqiZpBHBpAYfavtvsxwqwEYO78VNgjF0roOUPhJWjvlHKSXDC65XZOZIOoZIphO%2F5M4U%2Baph81R7ow0NTzRt62q9CK0ccClWyJKLKJyYLVgnBJ0Tv2NUTx9TRmZ1joE02BA4QXRWiggSkiJzcLvOq%2FOEcMyvUhmXNnstcAnAWT%2BBVsVc24cPy2oid5EBBa2E9wS8oOEmMZkyRLol8c2LoIedBAXxgGiSCStzG7%2BWZgj%2Bl%2BElr%2B%2BezzX53XFiI389D7soZc7GvqOJnrDTg02SZeb4qPKxSJWb0E4Yz2xnwp7U2rUH%2B5IwQoOTruhJup84vAVGlQ%2B28co5uYAC953vAzDMpDwRCk7ni9FMHQ7FuUT1Ojo32TFCn43M8JOUq5zxzXRrrcg2o8LxzX49RYteIrnOmsjzDqZAU7X38QxLBK6C7joTW%2BqaVZYxAow1%2Frarfpt94U9Nd71W%2BUi5nr%2FqXEHXsy0d8az%2B6%2BnNEz7nequC2mprrf1DxTvYrO%2FlSEWJXomyiHvHwzbgCIKfYLsqA0p9%2FLkt8PixqygQkv4DqG%2FFQdQFAeDiBFszvEfd6SqcowqUnkA%2F9c22jM71KjCxopEbrwZf6CEXmTPbQymyZDZeN6jd5DPQ4je5az1ejFOOrPqjHLDGsvAhK4xmFc9Y6H4145Dsg%2BUkhMnjMLG2tgq34NsYVEp%2FOAq0Xrgpj5Wc1be4g%3D%3D%22&extraData=%7B%22extraString1%22%3A%220.0%22%7D
Requested by
Host: get.thesafersearch.com
URL: https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4966 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date
Thu, 30 Mar 2023 11:06:31 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hD7MbSUWlYshFLdkGTxtpkFLwbw957SvniO3oMyprCHq45AGDA5hOmCMbfRTox6M78NIogCjL5LYtZk2qI9pg%2Fp3ndMZ1B9yeV47c%2BBwaRWieY9F0137EFJDoM1AV2f0n0wBOGBfmOZfPbbtqtUscvHWXWKD"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=utf-8
cf-ray
7affe23c8bcfb3bf-MIA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2
timezone_diff
get.thesafersearch.com/event/ 		2 B
290 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://get.thesafersearch.com/event/timezone_diff?reportParams=%22xa2CeSAVfwEA3zBXlr8Bifp5mZf75BmEJC6cBxRM0alGkY5mUjlWhWDu2AZaObTKrF%2BQByXKwWdWEJs8c2ZyrX7bD26KtJi8JvQcN8UulYOMwKIewUITDN1gCynmMY%2B9uQMKJqyvC0pn3yUUxuffGXzDhp%2BVayvebGYxj8gz8oDokK1NbxeG08iBRas88YzljKgc%2FuUZhqf%2BAeJk%2FgqiZpBHBpAYfavtvsxwqwEYO78VNgjF0roOUPhJWjvlHKSXDC65XZOZIOoZIphO%2F5M4U%2Baph81R7ow0NTzRt62q9CK0ccClWyJKLKJyYLVgnBJ0Tv2NUTx9TRmZ1joE02BA4QXRWiggSkiJzcLvOq%2FOEcMyvUhmXNnstcAnAWT%2BBVsVc24cPy2oid5EBBa2E9wS8oOEmMZkyRLol8c2LoIedBAXxgGiSCStzG7%2BWZgj%2Bl%2BElr%2B%2BezzX53XFiI389D7soZc7GvqOJnrDTg02SZeb4qPKxSJWb0E4Yz2xnwp7U2rUH%2B5IwQoOTruhJup84vAVGlQ%2B28co5uYAC953vAzDMpDwRCk7ni9FMHQ7FuUT1Ojo32TFCn43M8JOUq5zxzXRrrcg2o8LxzX49RYteIrnOmsjzDqZAU7X38QxLBK6C7joTW%2BqaVZYxAow1%2Frarfpt94U9Nd71W%2BUi5nr%2FqXEHXsy0d8az%2B6%2BnNEz7nequC2mprrf1DxTvYrO%2FlSEWJXomyiHvHwzbgCIKfYLsqA0p9%2FLkt8PixqygQkv4DqG%2FFQdQFAeDiBFszvEfd6SqcowqUnkA%2F9c22jM71KjCxopEbrwZf6CEXmTPbQymyZDZeN6jd5DPQ4je5az1ejFOOrPqjHLDGsvAhK4xmFc9Y6H4145Dsg%2BUkhMnjMLG2tgq34NsYVEp%2FOAq0Xrgpj5Wc1be4g%3D%3D%22&extraData=%7B%22extraString1%22%3A%22%5B%5C%22America%2FNew_York%5C%22%2C%5C%22Etc%2FUnknown%5C%22%5D%22%7D
Requested by
Host: get.thesafersearch.com
URL: https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4966 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://get.thesafersearch.com/offer?gnum=6&t1=1&cid=10019&clickid=90170258118&cachecode=ox81LJVEcBfNkHwZxywplQ%3D%3D&dkw=nordaccountt.com&rhi=db252ac0-6661-4fd6-8787-a22858e89c29
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date
Thu, 30 Mar 2023 11:06:31 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RAwYOBy6ILvnMv11FNMhT%2B1FK5UH%2FHppNkpMuq%2BkiYjm5gRD2HMgeeSubdpqV506KX%2FaA1wWlljPKglpmNfRyEZN98Qk8hsnpNGiRcCAi7omnZmfVUattRbUHyX8tB8aqCKXBhbzVC1ElXgi3LyVVG2SF06x"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=utf-8
cf-ray
7affe23c8bd0b3bf-MIA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| $ function| jQuery object| appData object| reportParams string| tgroup string| clickid object| appBeforeInitFunctions object| appInitFunctions object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| getApplication boolean| appJsLoaded boolean| directOfferP2 string| fullhref

5 Cookies

Domain/Path Name / Value
.nordaccountt.com/ Name: sid
Value: ebecf7fe-ceea-11ed-adf8-42533ea46478
btpnative.com/ Name: RFKhLqQfirZbNYz
Value: RFKhLqQfirZbNYz
mevarabon.com/ Name: rhid
Value: 83040795894
mevarabon.com/ Name: efd
Value: 487983626
.thesafersearch.com/ Name: visitCounter
Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

btpnative.com
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
get.thesafersearch.com
mevarabon.com
nordaccountt.com
108.59.12.98
192.99.158.241
2606:4700:3037::6815:4966
2606:4700::6811:190e
2607:f8b0:4006:81f::2003
2607:f8b0:4006:822::200a
52.116.53.152
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
19045f6a5cd21b467ae1b1346526d2316ab713246656943f979af7b4dac98add
1d54ffd1f9a406d1b947fe4f29dc8f1a693fc3543d92bab830cc90543f46c118
3475f0f670a303d4746c51e9c6f4a6c3d0f44c6ba3d30c5195ea9eb38333c56a
3bc9eb45e54675f062678c8f05798879ca1a6419f6dd3079279d25d3726fc076
513c14724a25ceaac61a313b74bf5b6a1eba3dbcb7d965f0795a4411627d2f32
541d0df7ca999bdc78caa39fbad3ae128e776d6f73ddc5df29eee1c0251138ab
55d9d30ea1887c21d5ea8a2edbbdddb3c837604dbb8e3d1e1cc13bdf100482d9
65460f10b9f2022ad931fe2b97a99d5845adf2d69ffb691a999fd9b7173be323
76d3daab2ad84de7af016b058d7f6b6547553d0dc3c9da400d60354b361b8450
7c88868756aa55017d33d5481f62f33f22ca1f09425f34efb4f76dea7c5a40f4
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
a1fa4e1af1f37caf8fb9fd3c9a5f8ffdf9353fef407e65673e31f300f6d3507d
a225638dde45ba8b7d7ff7e0c07e480418ec380ed30dd71f48ae48d84674cccc
ae32741ea1b43fb7ecc130ab025e51d89bfde3e1fbc74fd813e2b3f5406a6fdc
aff00fb35412d948bff1153ae36bc8d3dc18689a10f380fa624850098da42355
e17ffc0e720ba1b2aab52fdad2ba742ea7d531e01a2286cd16c88f7c25f7d9b2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855