urlscan.io logo urlscan.io
SecurityTrails logo

adpays.net Open in urlscan Pro
104.24.99.127  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.downanddirty.xyz/cpv.php?username=mariusmv
Effective URL: http://adpays.net/v.php?user=192
Submission: On April 16 via manual from ZA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 1 countries across 7 domains to perform 20 HTTP transactions. The main IP is 104.24.99.127, located in San Francisco, United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is adpays.net.
This is the only time adpays.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 12 199.119.78.34 53857 (OPUS-3)
2 173.214.244.10 50245 (SERVEREL-AS)
4 104.24.99.127 13335 (CLOUDFLAR...)
2 172.217.22.46 15169 (GOOGLE)
1 104.25.196.29 13335 (CLOUDFLAR...)
1 216.58.214.97 15169 (GOOGLE)
2 104.24.98.127 13335 (CLOUDFLAR...)
20 7
12    199.119.78.34 (Dallas, United States)

ASN53857 (OPUS-3 - OPUS-3, US)
PTR: 199-119-78-34.host.synial.com
www.downanddirty.xyz
downanddirty.xyz
advantagecpv.com
2    173.214.244.10 (Sunnyvale, United States)

ASN50245 (SERVEREL-AS, NL)
PTR: 173.214.244.10.serverel.net
rxrtb.bid
4    104.24.99.127 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
adpays.net
2    172.217.22.46 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s16-in-f14.1e100.net
www.google-analytics.com
1    104.25.196.29 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdn.adpixo.com
1    216.58.214.97 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s05-in-f97.1e100.net
themes.googleusercontent.com
2    104.24.98.127 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
adpays.net
Domain Requested by
8 downanddirty.xyz 4 redirects www.downanddirty.xyz
downanddirty.xyz
6 adpays.net adpays.net
3 www.downanddirty.xyz www.downanddirty.xyz
2 www.google-analytics.com adpays.net
2 rxrtb.bid downanddirty.xyz
rxrtb.bid
1 themes.googleusercontent.com adpays.net
1 cdn.adpixo.com adpays.net
1 advantagecpv.com downanddirty.xyz
20 8

This site contains links to these domains. Also see Links.

Domain
dlvr.adpixo.com
Subject Issuer Validity Valid

This page contains 8 frames:

Primary Page: http://adpays.net/v.php?user=192
Frame ID: EB3E7E6FB173B5D2EF9A18C9DB26D229
Requests: 9 HTTP requests in this frame

Frame: http://www.downanddirty.xyz/cpv.php?sc=15ij67m93i9i5dks7nf2dkp1l7&ssname=1523882024996279
Frame ID: A02D604BBABB3C253B76D7B11328EE
Requests: 1 HTTP requests in this frame

Frame: http://www.downanddirty.xyz/search.php?username=mariusmv&query=cheap+iphone+6+plus+deals
Frame ID: B71AE2723CB3750BCFF35C266DD3920D
Requests: 1 HTTP requests in this frame

Frame: http://downanddirty.xyz/adminads/page/ns01.php
Frame ID: 9FB5A3BA16128427ABB8FB24DB6D0F5
Requests: 1 HTTP requests in this frame

Frame: http://downanddirty.xyz/adminads/banner/728x90/pop.php
Frame ID: 87D0A7D447A57D25605AAD5F14F36718
Requests: 2 HTTP requests in this frame

Frame: http://downanddirty.xyz/adminads/banner/300x250/forfindrtbx.php
Frame ID: 5F5B3EDE1DE36FC55A004643E9449592
Requests: 3 HTTP requests in this frame

Frame: http://downanddirty.xyz/adminads/banner/site_banner/468x60/adsmodern.php
Frame ID: 714243066ADB3AECC14A33DE2AF0C9B8
Requests: 1 HTTP requests in this frame

Frame: http://adpays.net/serve/dlvalid.php?var1=538&var2=http%3A%2F%2Fadpays.net%2Fv.php%3Fuser%3D192&var3=ecacfacacd&var4=1523882027
Frame ID: D9A5EA04334BD206CF1BD38FCD276DF3
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://www.downanddirty.xyz/cpv.php?username=mariusmv Page URL
  2. http://adpays.net/v.php?user=192 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i

Page Statistics

20
Requests

0 %
HTTPS

0 %
IPv6

7
Domains

8
Subdomains

7
IPs

1
Countries

102 kB
Transfer

231 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.downanddirty.xyz/cpv.php?username=mariusmv Page URL
  2. http://adpays.net/v.php?user=192 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • http://downanddirty.xyz/adminads/page/index.php HTTP 302
  • http://downanddirty.xyz/adminads/page/ns01.php
Request Chain 4
  • http://downanddirty.xyz/adminads/banner/728x90/index.php HTTP 302
  • http://downanddirty.xyz/adminads/banner/728x90/pop.php
Request Chain 6
  • http://downanddirty.xyz/adminads/banner/300x250/index.php HTTP 302
  • http://downanddirty.xyz/adminads/banner/300x250/forfindrtbx.php
Request Chain 7
  • http://downanddirty.xyz/adminads/banner/site_banner/468x60/index.php HTTP 302
  • http://downanddirty.xyz/adminads/banner/site_banner/468x60/adsmodern.php

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set cpv.php
www.downanddirty.xyz/ 		702 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.downanddirty.xyz/cpv.php?username=mariusmv
Protocol
HTTP/1.1
Server
199.119.78.34 Dallas, United States, ASN53857 (OPUS-3 - OPUS-3, US),
Reverse DNS
199-119-78-34.host.synial.com
Software
Web Services / PHP/5.2.17
Resource Hash
6a3dad7e1445cb097175180c68cfdfd03a7dd69fd8f2ffed0d798de895277b8f

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.downanddirty.xyz
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control
no-cache
Connection
keep-alive
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 16 Apr 2018 12:33:44 GMT
Server
Web Services
X-Powered-By
PHP/5.2.17
Content-type
text/html
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie
PHPSESSID=15ij67m93i9i5dks7nf2dkp1l7; expires=Mon, 16-Apr-2018 12:34:44 GMT; path=/
Content-Length
702
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cookie set cpv.php
www.downanddirty.xyz/ Frame A02D 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.downanddirty.xyz/cpv.php?sc=15ij67m93i9i5dks7nf2dkp1l7&ssname=1523882024996279
Requested by
Host: www.downanddirty.xyz
URL: http://www.downanddirty.xyz/cpv.php?username=mariusmv
Protocol
HTTP/1.1
Server
199.119.78.34 Dallas, United States, ASN53857 (OPUS-3 - OPUS-3, US),
Reverse DNS
199-119-78-34.host.synial.com
Software
Web Services / PHP/5.2.17
Resource Hash
18a161f26ce1583a5c1104b2a8cce5aa3a5d580f1abcecad20539ce36174a83c

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.downanddirty.xyz
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://www.downanddirty.xyz/cpv.php?username=mariusmv
Cookie
PHPSESSID=15ij67m93i9i5dks7nf2dkp1l7
Connection
keep-alive
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
Referer
http://www.downanddirty.xyz/cpv.php?username=mariusmv
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 16 Apr 2018 12:33:44 GMT
Server
Web Services
X-Powered-By
PHP/5.2.17
Content-type
text/html
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie
PHPSESSID=15ij67m93i9i5dks7nf2dkp1l7; expires=Mon, 16-Apr-2018 12:34:44 GMT; path=/
Content-Length
1764
Expires
Thu, 19 Nov 1981 08:52:00 GMT
search.php
www.downanddirty.xyz/ Frame B71A 		605 B
755 B 		Document
General
Check archive.org
Download Go to
Full URL
http://www.downanddirty.xyz/search.php?username=mariusmv&query=cheap+iphone+6+plus+deals
Requested by
Host: www.downanddirty.xyz
URL: http://www.downanddirty.xyz/cpv.php?username=mariusmv
Protocol
HTTP/1.1
Server
199.119.78.34 Dallas, United States, ASN53857 (OPUS-3 - OPUS-3, US),
Reverse DNS
199-119-78-34.host.synial.com
Software
Web Services / PHP/5.2.17
Resource Hash
5a8f4ae5b90eedd86fddb19e48ad47b9762fe1d7220e1d2efdd1b7fa52696ccb

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.downanddirty.xyz
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://www.downanddirty.xyz/cpv.php?username=mariusmv
Cookie
PHPSESSID=15ij67m93i9i5dks7nf2dkp1l7
Connection
keep-alive
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
Referer
http://www.downanddirty.xyz/cpv.php?username=mariusmv
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Mon, 16 Apr 2018 12:33:44 GMT
Server
Web Services
X-Powered-By
PHP/5.2.17
Content-Length
605
Content-type
text/html
ns01.php
downanddirty.xyz/adminads/page/ Frame 9FB5
Redirect Chain
  • http://downanddirty.xyz/adminads/page/index.php
  • http://downanddirty.xyz/adminads/page/ns01.php
5 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://downanddirty.xyz/adminads/page/ns01.php
Requested by
Host: www.downanddirty.xyz
URL: http://www.downanddirty.xyz/search.php?username=mariusmv&query=cheap+iphone+6+plus+deals
Protocol
HTTP/1.1
Server
199.119.78.34 Dallas, United States, ASN53857 (OPUS-3 - OPUS-3, US),
Reverse DNS
199-119-78-34.host.synial.com
Software
Web Services / PHP/5.2.17
Resource Hash
42432684df765ec5dfeff74d5a2ee7fd8164aa83b159695f4d2fbf32fe21bbe1

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
downanddirty.xyz
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://www.downanddirty.xyz/search.php?username=mariusmv&query=cheap+iphone+6+plus+deals
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.downanddirty.xyz/search.php?username=mariusmv&query=cheap+iphone+6+plus+deals
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Mon, 16 Apr 2018 12:33:45 GMT
Server
Web Services
X-Powered-By
PHP/5.2.17
Content-Length
5395
Content-type
text/html

Redirect headers

Location
http://downanddirty.xyz/adminads/page/ns01.php
Date
Mon, 16 Apr 2018 12:33:45 GMT
Server
Web Services
X-Powered-By
PHP/5.2.17
Content-Length
0
Content-type
text/html
pop.php
downanddirty.xyz/adminads/banner/728x90/ Frame 87D0
Redirect Chain
  • http://downanddirty.xyz/adminads/banner/728x90/index.php
  • http://downanddirty.xyz/adminads/banner/728x90/pop.php
325 B
475 B 		Document
General
Check archive.org
Download Go to
Full URL
http://downanddirty.xyz/adminads/banner/728x90/pop.php
Requested by
Host: downanddirty.xyz
URL: http://downanddirty.xyz/adminads/page/ns01.php
Protocol
HTTP/1.1
Server
199.119.78.34 Dallas, United States, ASN53857 (OPUS-3 - OPUS-3, US),
Reverse DNS
199-119-78-34.host.synial.com
Software
Web Services / PHP/5.2.17
Resource Hash
dadf9d8dfcbcdc9829d73d4b641ca9a26f24d20fe4d2e87f2ee98462fe5ce319

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
downanddirty.xyz
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://downanddirty.xyz/adminads/page/ns01.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://downanddirty.xyz/adminads/page/ns01.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Mon, 16 Apr 2018 12:33:45 GMT
Server
Web Services
X-Powered-By
PHP/5.2.17
Content-Length
325
Content-type
text/html

Redirect headers

Location
http://downanddirty.xyz/adminads/banner/728x90/pop.php
Date
Mon, 16 Apr 2018 12:33:45 GMT
Server
Web Services
X-Powered-By
PHP/5.2.17
Content-Length
0
Content-type
text/html
banner_728x90.gif
advantagecpv.com/adminads/banner/banners/ Frame 87D0 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://advantagecpv.com/adminads/banner/banners/banner_728x90.gif
Requested by
Host: downanddirty.xyz
URL: http://downanddirty.xyz/adminads/banner/728x90/pop.php
Protocol
HTTP/1.1
Server
199.119.78.34 Dallas, United States, ASN53857 (OPUS-3 - OPUS-3, US),
Reverse DNS
199-119-78-34.host.synial.com
Software
Web Services /
Resource Hash
5882b4fa48c568a171af7b0e9bff96a7e282da679addd623ebcccb39e32bc43f

Request headers

Referer
http://downanddirty.xyz/adminads/banner/728x90/pop.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Mon, 16 Apr 2018 12:33:46 GMT
Last-Modified
Sun, 02 Apr 2017 20:31:43 GMT
Server
Web Services
Accept-Ranges
bytes
ETag
"694222540"
Content-Length
13371
Content-Type
image/gif
forfindrtbx.php
downanddirty.xyz/adminads/banner/300x250/ Frame 5F5B
Redirect Chain
  • http://downanddirty.xyz/adminads/banner/300x250/index.php
  • http://downanddirty.xyz/adminads/banner/300x250/forfindrtbx.php
572 B
722 B 		Document
General
Check archive.org
Download Go to
Full URL
http://downanddirty.xyz/adminads/banner/300x250/forfindrtbx.php
Requested by
Host: downanddirty.xyz
URL: http://downanddirty.xyz/adminads/page/ns01.php
Protocol
HTTP/1.1
Server
199.119.78.34 Dallas, United States, ASN53857 (OPUS-3 - OPUS-3, US),
Reverse DNS
199-119-78-34.host.synial.com
Software
Web Services / PHP/5.2.17
Resource Hash
40044d7826b91eef1aa102005e641d2762996f3de767c6372a9c04fc9e72ec71

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
downanddirty.xyz
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://downanddirty.xyz/adminads/page/ns01.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://downanddirty.xyz/adminads/page/ns01.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Mon, 16 Apr 2018 12:33:45 GMT
Server
Web Services
X-Powered-By
PHP/5.2.17
Content-Length
572
Content-type
text/html

Redirect headers

Location
http://downanddirty.xyz/adminads/banner/300x250/forfindrtbx.php
Date
Mon, 16 Apr 2018 12:33:45 GMT
Server
Web Services
X-Powered-By
PHP/5.2.17
Content-Length
0
Content-type
text/html
adsmodern.php
downanddirty.xyz/adminads/banner/site_banner/468x60/ Frame 7142
Redirect Chain
  • http://downanddirty.xyz/adminads/banner/site_banner/468x60/index.php
  • http://downanddirty.xyz/adminads/banner/site_banner/468x60/adsmodern.php
307 B
457 B 		Document
General
Check archive.org
Download Go to
Full URL
http://downanddirty.xyz/adminads/banner/site_banner/468x60/adsmodern.php
Requested by
Host: downanddirty.xyz
URL: http://downanddirty.xyz/adminads/page/ns01.php
Protocol
HTTP/1.1
Server
199.119.78.34 Dallas, United States, ASN53857 (OPUS-3 - OPUS-3, US),
Reverse DNS
199-119-78-34.host.synial.com
Software
Web Services / PHP/5.2.17
Resource Hash
481242895aa0ffd07ccb16391c8c7eb5b33151fbac4fa16c7750bdfd12d33033

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
downanddirty.xyz
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://downanddirty.xyz/adminads/page/ns01.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://downanddirty.xyz/adminads/page/ns01.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Mon, 16 Apr 2018 12:33:45 GMT
Server
Web Services
X-Powered-By
PHP/5.2.17
Content-Length
307
Content-type
text/html

Redirect headers

Location
http://downanddirty.xyz/adminads/banner/site_banner/468x60/adsmodern.php
Date
Mon, 16 Apr 2018 12:33:45 GMT
Server
Web Services
X-Powered-By
PHP/5.2.17
Content-Length
0
Content-type
text/html
getjs
rxrtb.bid/ Frame 5F5B 		7 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://rxrtb.bid/getjs?r=0.982523550930116
Requested by
Host: downanddirty.xyz
URL: http://downanddirty.xyz/adminads/banner/300x250/forfindrtbx.php
Protocol
HTTP/1.1
Server
173.214.244.10 Sunnyvale, United States, ASN50245 (SERVEREL-AS, NL),
Reverse DNS
173.214.244.10.serverel.net
Software
nginx /
Resource Hash
c2284b3253a10847d8ee8c5550ca264bb009b099653dfd7e69d74b57b9dbd51c

Request headers

Referer
http://downanddirty.xyz/adminads/banner/300x250/forfindrtbx.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Mon, 16 Apr 2018 12:33:46 GMT
Last-Modified
Sat, 24 Mar 2018 14:18:46 GMT
Server
nginx
ETag
"5ab65e46-1a05"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6661
ssp
rxrtb.bid/ Frame 5F5B 		171 B
467 B 		Script
General
Check archive.org
Download Go to
Full URL
http://rxrtb.bid/ssp?id=1446&rnd=178225&jsp=JTdCJTIyanNfYnJvd3Nlcl9sZWZ0X3RvcF9wb3NpdGlvbl94JTIyJTNBMCUyQyUyMmpzX2Jyb3dzZXJfbGVmdF90b3BfcG9zaXRpb25feSUyMiUzQTAlMkMlMjJqc19icm93c2VyX3dpbmRvd193aWR0aCUyMiUzQTMwMCUyQyUyMmpzX2Jyb3dzZXJfd2luZG93X2hlaWdodCUyMiUzQTI2NiUyQyUyMmpzX2RldmljZV9zY3JlZW5fd2lkdGglMjIlM0ExNjAwJTJDJTIyanNfZGV2aWNlX3NjcmVlbl9oZWlnaHQlMjIlM0ExMjAwJTJDJTIyanNfY29sb3JfZGVwdGglMjIlM0EyNCUyQyUyMmpzX3N1cHBvcnRfZmxhc2glMjIlM0EwJTJDJTIyanNfZmxhc2hfdmVyc2lvbiUyMiUzQSUyMnVua25vd24lMjIlMkMlMjJqc19zdXBwb3J0X2phdmElMjIlM0EwJTJDJTIyanNfdGltZXpvbmUlMjIlM0EwJTJDJTIyanNfaHRtbDUlMjIlM0ExJTJDJTIyanNfanNvbiUyMiUzQTElMkMlMjJqc190b3VjaCUyMiUzQTAlMkMlMjJqc192ZXJzaW9uJTIyJTNBJTIyMS43JTIyJTJDJTIyanNfYWRCbG9jayUyMiUzQTAlMkMlMjJyZWYlMjIlM0ElMjJodHRwJTI1M0ElMjUyRiUyNTJGZG93bmFuZGRpcnR5Lnh5eiUyNTJGYWRtaW5hZHMlMjUyRnBhZ2UlMjUyRm5zMDEucGhwJTIyJTdE
Requested by
Host: rxrtb.bid
URL: http://rxrtb.bid/getjs?r=0.982523550930116
Protocol
HTTP/1.1
Server
173.214.244.10 Sunnyvale, United States, ASN50245 (SERVEREL-AS, NL),
Reverse DNS
173.214.244.10.serverel.net
Software
nginx /
Resource Hash

Request headers

Referer
http://downanddirty.xyz/adminads/banner/300x250/forfindrtbx.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Mon, 16 Apr 2018 12:33:46 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
application/javascript
Primary Request v.php
adpays.net/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://adpays.net/v.php?user=192
Protocol
HTTP/1.1
Server
104.24.99.127 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / PHP/5.6.31
Resource Hash
d1233df7bfc2d0e0f8aaf874325eed54da0eca2e1dce6c0a4fb13c9e56920ec8

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
adpays.net
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://adpays.net/v.php?user=192
Cookie
_ga=GA1.2.1617316636.1523882026; _gid=GA1.2.1542822202.1523882026; _gat=1; __cfduid=dafd21a19108f01700e645e89a3c562051523882025
Connection
keep-alive
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
Referer
http://adpays.net/v.php?user=192
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Mon, 16 Apr 2018 12:33:47 GMT
Content-Encoding
gzip
Server
cloudflare
X-Powered-By
PHP/5.6.31
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
40c6aeaad61796ac-FRA
style_ptp.css
adpays.net/serve/ 		114 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://adpays.net/serve/style_ptp.css
Requested by
Host: adpays.net
URL: http://adpays.net/v.php?user=192
Protocol
HTTP/1.1
Server
104.24.99.127 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c997305439047d753737db92c66895797da5ae52c6256290392ac66f51efe85

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
adpays.net
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://adpays.net/v.php?user=192
Cookie
_ga=GA1.2.1617316636.1523882026; _gid=GA1.2.1542822202.1523882026; _gat=1; __cfduid=dafd21a19108f01700e645e89a3c562051523882025
Connection
keep-alive
Cache-Control
no-cache
Referer
http://adpays.net/v.php?user=192
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Mon, 16 Apr 2018 12:33:47 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
Last-Modified
Sat, 02 Sep 2017 13:34:37 GMT
Server
cloudflare
Etag
W/"59aab36d-24687"
Vary
Accept-Encoding
Content-Type
text/css
Cf-Bgj
minify
Cache-Control
public, max-age=14400
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
40c6aeada4de9774-FRA
Expires
Mon, 16 Apr 2018 16:33:47 GMT
ads_show.js
adpays.net/serve/ 		234 B
604 B 		Script
General
Check archive.org
Download Go to
Full URL
http://adpays.net/serve/ads_show.js
Requested by
Host: adpays.net
URL: http://adpays.net/v.php?user=192
Protocol
HTTP/1.1
Server
104.24.99.127 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
597f331d06dd9fc93f45c4ba20b0e24af778d442e512b1a915abf6946fc8dab6

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
adpays.net
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
*/*
Referer
http://adpays.net/v.php?user=192
Cookie
_ga=GA1.2.1617316636.1523882026; _gid=GA1.2.1542822202.1523882026; _gat=1; __cfduid=dafd21a19108f01700e645e89a3c562051523882025
Connection
keep-alive
Cache-Control
no-cache
Referer
http://adpays.net/v.php?user=192
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Mon, 16 Apr 2018 12:33:47 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
Last-Modified
Sat, 02 Sep 2017 13:34:35 GMT
Server
cloudflare
Etag
W/"59aab36b-10c"
Vary
Accept-Encoding
Content-Type
application/javascript
Cf-Bgj
minify
Cache-Control
public, max-age=14400
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
40c6aeada4dd9774-FRA
Expires
Mon, 16 Apr 2018 16:33:47 GMT
Cookie set ptp.php
adpays.net/serve/ 		35 B
346 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://adpays.net/serve/ptp.php?var1=192&var2=http%3A%2F%2Fadpays.net%2Fv.php%3Fuser%3D192&var3=ebbabdafeaefdcc&var4=1523882026
Requested by
Host: adpays.net
URL: http://adpays.net/v.php?user=192
Protocol
HTTP/1.1
Server
104.24.99.127 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / PHP/5.6.31
Resource Hash
6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
adpays.net
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://adpays.net/v.php?user=192
Cookie
_ga=GA1.2.1617316636.1523882026; _gid=GA1.2.1542822202.1523882026; _gat=1; __cfduid=dafd21a19108f01700e645e89a3c562051523882025
Connection
keep-alive
Cache-Control
no-cache
Referer
http://adpays.net/v.php?user=192
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Mon, 16 Apr 2018 12:33:47 GMT
Server
cloudflare
X-Powered-By
PHP/5.6.31
Transfer-Encoding
chunked
Content-Type
image/gif
Set-Cookie
ptp=1523882027; expires=Wed, 18-Apr-2018 12:33:47 GMT; Max-Age=172800; path=/
Connection
keep-alive
CF-RAY
40c6aeadd4f59774-FRA
analytics.js
www.google-analytics.com/ 		35 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: adpays.net
URL: http://adpays.net/v.php?user=192
Protocol
SPDY
Server
172.217.22.46 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s16-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
f8ef655ef916e39713ede9c6db56d7ca5618bd82cf5ac991dcd013f05e0fdfc7
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://adpays.net/v.php?user=192
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 13 Nov 2017 20:19:12 GMT
server
Golfe2
age
5985
date
Mon, 16 Apr 2018 10:54:02 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35"
content-length
14597
expires
Mon, 16 Apr 2018 12:54:02 GMT
go.js
cdn.adpixo.com/s/ 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://cdn.adpixo.com/s/go.js
Requested by
Host: adpays.net
URL: http://adpays.net/v.php?user=192
Protocol
HTTP/1.1
Server
104.25.196.29 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5e22bbc3b33e499dfaf3ccbb33404adbf277c175757fb39abc1638e1b675aa6

Request headers

Referer
http://adpays.net/v.php?user=192
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Mon, 16 Apr 2018 12:33:47 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
Last-Modified
Fri, 13 Apr 2018 05:12:21 GMT
Server
cloudflare
ETag
W/"54b9-569b3eabc3ad6"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=2592000
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
40c6aeade6a5980a-FRA
Expires
Wed, 16 May 2018 12:33:47 GMT
ODelI1aHBYDBqgeIAH2zlBM0YzuT7MdOe03otPbuUS0.woff
themes.googleusercontent.com/static/fonts/sourcesanspro/v7/ 		27 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://themes.googleusercontent.com/static/fonts/sourcesanspro/v7/ODelI1aHBYDBqgeIAH2zlBM0YzuT7MdOe03otPbuUS0.woff
Requested by
Host: adpays.net
URL: http://adpays.net/v.php?user=192
Protocol
HTTP/1.1
Server
216.58.214.97 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s05-in-f97.1e100.net
Software
sffe /
Resource Hash
13ae7e5a59de6cef3c3cedeaa348b17157b3cbc2b1bc9607c6d84ced4d137269
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer
http://adpays.net/serve/style_ptp.css
Origin
http://adpays.net

Response headers

Date
Mon, 09 Apr 2018 21:08:56 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 21 Apr 2016 03:17:22 GMT
Server
sffe
Age
573891
Vary
Accept-Encoding
Content-Type
font/woff
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
25703
X-XSS-Protection
1; mode=block
Expires
Tue, 09 Apr 2019 21:08:56 GMT
collect
www.google-analytics.com/ 		35 B
100 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j66&a=1377161433&t=pageview&_s=1&dl=http%3A%2F%2Fadpays.net%2Fv.php%3Fuser%3D192&ul=en-us&de=UTF-8&dt=AdPays.net&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=AACAAEAB~&jid=&gjid=&cid=1617316636.1523882026&tid=UA-76086645-1&_gid=1542822202.1523882026&z=1958869888
Requested by
Host: adpays.net
URL: http://adpays.net/v.php?user=192
Protocol
SPDY
Server
172.217.22.46 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s16-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://adpays.net/v.php?user=192
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 03 Apr 2018 09:08:59 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
1135488
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
dl.php
adpays.net/serve/ Frame D9A5 		796 B
735 B 		Document
General
Check archive.org
Download Go to
Full URL
http://adpays.net/serve/dl.php?user=538
Requested by
Host: adpays.net
URL: http://adpays.net/v.php?user=192
Protocol
HTTP/1.1
Server
104.24.98.127 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / PHP/5.6.31
Resource Hash
2f622c3bb097c054c14aa8587dc832e16586ffaab4e830e30c63b906caa78b5e

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
adpays.net
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://adpays.net/v.php?user=192
Cookie
_ga=GA1.2.1617316636.1523882026; _gid=GA1.2.1542822202.1523882026; _gat=1; __cfduid=dafd21a19108f01700e645e89a3c562051523882025
Connection
keep-alive
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
Referer
http://adpays.net/v.php?user=192
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Mon, 16 Apr 2018 12:33:47 GMT
Content-Encoding
gzip
Server
cloudflare
X-Powered-By
PHP/5.6.31
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
40c6aeafd5752780-FRA
dlvalid.php
adpays.net/serve/ Frame D9A5 		389 B
547 B 		Document
General
Check archive.org
Download Go to
Full URL
http://adpays.net/serve/dlvalid.php?var1=538&var2=http%3A%2F%2Fadpays.net%2Fv.php%3Fuser%3D192&var3=ecacfacacd&var4=1523882027
Requested by
Host: adpays.net
URL: http://adpays.net/serve/dl.php?user=538
Protocol
HTTP/1.1
Server
104.24.98.127 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / PHP/5.6.31
Resource Hash
c44bf286b27d1791c547e8202c9ca62bb3fa7cf1ba2a7c8a0731ed3cbe8852f3

Request headers

Pragma
no-cache
Origin
http://adpays.net
Accept-Encoding
gzip, deflate
Host
adpays.net
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control
no-cache
Referer
http://adpays.net/serve/dl.php?user=538
Cookie
_ga=GA1.2.1617316636.1523882026; _gid=GA1.2.1542822202.1523882026; _gat=1; __cfduid=dafd21a19108f01700e645e89a3c562051523882025; ptp=1523882027
Connection
keep-alive
Content-Length
3
Referer
http://adpays.net/serve/dl.php?user=538
Origin
http://adpays.net
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Mon, 16 Apr 2018 12:33:47 GMT
Content-Encoding
gzip
Server
cloudflare
X-Powered-By
PHP/5.6.31
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
40c6aeb0f5cb2780-FRA

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| var1 string| var2 string| var3 string| var4 function| delayer number| onLoad string| GoogleAnalyticsObject function| ga object| apxo object| gaplugins object| gaGlobal object| gaData number| rte number| cp object| LieDetector

2 Cookies

Domain/Path Name / Value
www.safeofferz.com/ Name: AWSALB
Value: FtJSKKe0w4ZPataPjYs0Vlu15wFu1E4TVJrAOlEUypsD/GCZZwOMro258O6mx3RKAJPXF7ogNqrslJNC4nrXn3ruH5OprBmgI2uoTmkUDX6CkHAlrA7vsr9PhLuQ
adpays.net/ Name: apxo_main_6595ace55b5462a3524
Value: 1

2 Console Messages

Source Level URL
Text
console-api log URL: http://cdn.adpixo.com/s/go.js(Line 1)
Message:
[object HTMLImageElement]
console-api log URL: http://cdn.adpixo.com/s/go.js(Line 1)
Message:
console.clear

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adpays.net
advantagecpv.com
cdn.adpixo.com
downanddirty.xyz
rxrtb.bid
themes.googleusercontent.com
www.downanddirty.xyz
www.google-analytics.com
104.24.98.127
104.24.99.127
104.25.196.29
172.217.22.46
173.214.244.10
199.119.78.34
216.58.214.97
13ae7e5a59de6cef3c3cedeaa348b17157b3cbc2b1bc9607c6d84ced4d137269
18a161f26ce1583a5c1104b2a8cce5aa3a5d580f1abcecad20539ce36174a83c
1c997305439047d753737db92c66895797da5ae52c6256290392ac66f51efe85
2f622c3bb097c054c14aa8587dc832e16586ffaab4e830e30c63b906caa78b5e
40044d7826b91eef1aa102005e641d2762996f3de767c6372a9c04fc9e72ec71
42432684df765ec5dfeff74d5a2ee7fd8164aa83b159695f4d2fbf32fe21bbe1
481242895aa0ffd07ccb16391c8c7eb5b33151fbac4fa16c7750bdfd12d33033
5882b4fa48c568a171af7b0e9bff96a7e282da679addd623ebcccb39e32bc43f
597f331d06dd9fc93f45c4ba20b0e24af778d442e512b1a915abf6946fc8dab6
5a8f4ae5b90eedd86fddb19e48ad47b9762fe1d7220e1d2efdd1b7fa52696ccb
6a3dad7e1445cb097175180c68cfdfd03a7dd69fd8f2ffed0d798de895277b8f
6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
c2284b3253a10847d8ee8c5550ca264bb009b099653dfd7e69d74b57b9dbd51c
c44bf286b27d1791c547e8202c9ca62bb3fa7cf1ba2a7c8a0731ed3cbe8852f3
d1233df7bfc2d0e0f8aaf874325eed54da0eca2e1dce6c0a4fb13c9e56920ec8
dadf9d8dfcbcdc9829d73d4b641ca9a26f24d20fe4d2e87f2ee98462fe5ce319
e5e22bbc3b33e499dfaf3ccbb33404adbf277c175757fb39abc1638e1b675aa6
f8ef655ef916e39713ede9c6db56d7ca5618bd82cf5ac991dcd013f05e0fdfc7