urlscan.io logo urlscan.io
SecurityTrails logo

loot-link.com Open in urlscan Pro
104.21.25.219  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://jxyserr.xyz/sl?l=8e7ea5493b35afc96ae4f614040c05d9fcf6be4ead835029c1efae2a584e4a3962990c38
Effective URL: https://loot-link.com/s?0d506fc0
Submission: On December 17 via manual from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 2 countries across 11 domains to perform 18 HTTP transactions. The main IP is 104.21.25.219, located in and belongs to CLOUDFLARENET, US. The main domain is loot-link.com. The Cisco Umbrella rank of the primary domain is 342425.
TLS certificate: Issued by WE1 on November 4th 2024. Valid for: 3 months.
This is the only time loot-link.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Roblox (Gaming)

Domain & IP information

IP Address AS Autonomous System
1 1 172.67.171.141 13335 (CLOUDFLAR...)
3 104.21.25.219 13335 (CLOUDFLAR...)
1 151.101.65.229 54113 (FASTLY)
2 4 104.17.246.203 13335 (CLOUDFLAR...)
1 142.251.35.170 15169 (GOOGLE)
1 18.173.242.92 16509 (AMAZON-02)
2 142.250.65.195 15169 (GOOGLE)
1 52.217.18.104 16509 (AMAZON-02)
1 142.250.72.98 15169 (GOOGLE)
1 151.101.1.44 54113 (FASTLY)
1 3.168.65.40 16509 (AMAZON-02)
2 104.21.21.90 13335 (CLOUDFLAR...)
2 18.173.242.183 16509 (AMAZON-02)
18 13
1    172.67.171.141 (United States)

ASN13335 (CLOUDFLARENET, US)
jxyserr.xyz
3    104.21.25.219 (None, )

ASN13335 (CLOUDFLARENET, US)
loot-link.com
1    151.101.65.229 (San Francisco, United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
4    104.17.246.203 (None, )

ASN13335 (CLOUDFLARENET, US)
unpkg.com
1    142.251.35.170 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s78-in-f10.1e100.net
fonts.googleapis.com
1    18.173.242.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-242-92.jfk52.r.cloudfront.net
d1tafuajjg33f8.cloudfront.net
2    142.250.65.195 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f3.1e100.net
fonts.gstatic.com
1    52.217.18.104 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-east-1-r-w.amazonaws.com
fingerprinting36542.s3.us-east-1.amazonaws.com
1    142.250.72.98 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s32-in-f2.1e100.net
pagead2.googlesyndication.com
1    151.101.1.44 (San Francisco, United States)

ASN54113 (FASTLY, US)
api.taboola.com
1    3.168.65.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-168-65-40.jfk50.r.cloudfront.net
d3h26c51lqz4go.cloudfront.net
2    104.21.21.90 (None, )

ASN13335 (CLOUDFLARENET, US)
nerventualken.com
2    18.173.242.183 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-242-183.jfk52.r.cloudfront.net
d1wzdj81h1hubn.cloudfront.net
Apex Domain
Subdomains		 Transfer
4 cloudfront.net
d1tafuajjg33f8.cloudfront.net
d3h26c51lqz4go.cloudfront.net
d1wzdj81h1hubn.cloudfront.net
459 KB
4 unpkg.com
unpkg.com — Cisco Umbrella Rank: 740
128 KB
3 loot-link.com
loot-link.com — Cisco Umbrella Rank: 342425
33 KB
2 nerventualken.com
nerventualken.com — Cisco Umbrella Rank: 329759
1 KB
2 gstatic.com
fonts.gstatic.com
36 KB
1 taboola.com
api.taboola.com — Cisco Umbrella Rank: 4948
753 B
1 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 110
53 KB
1 amazonaws.com
fingerprinting36542.s3.us-east-1.amazonaws.com
38 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
1 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 318
7 KB
1 jxyserr.xyz
jxyserr.xyz
675 B
18 11
Domain Requested by
4 unpkg.com 2 redirects loot-link.com
3 loot-link.com loot-link.com
2 d1wzdj81h1hubn.cloudfront.net
2 nerventualken.com loot-link.com
2 fonts.gstatic.com fonts.googleapis.com
1 d3h26c51lqz4go.cloudfront.net loot-link.com
1 api.taboola.com loot-link.com
1 pagead2.googlesyndication.com loot-link.com
1 fingerprinting36542.s3.us-east-1.amazonaws.com loot-link.com
1 d1tafuajjg33f8.cloudfront.net loot-link.com
1 fonts.googleapis.com loot-link.com
1 cdn.jsdelivr.net loot-link.com
1 jxyserr.xyz 1 redirects
18 13

This site contains links to these domains. Also see Links.

Domain
www.tiktok.com
www.youtube.com
lootlabs.gg
Subject Issuer Validity Valid
loot-link.com
WE1		 2024-11-04 -
2025-02-02		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2024 Q3		 2024-07-30 -
2025-08-31		 a year crt.sh
upload.video.google.com
WR2		 2024-11-04 -
2025-01-27		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2024-07-30 -
2025-07-03		 a year crt.sh
*.gstatic.com
WR2		 2024-11-04 -
2025-01-27		 3 months crt.sh
s3.amazonaws.com
Amazon RSA 2048 M01		 2024-11-18 -
2025-11-07		 a year crt.sh
*.g.doubleclick.net
WR2		 2024-11-04 -
2025-01-27		 3 months crt.sh
*.taboola.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-12-01 -
2025-12-31		 a year crt.sh
nerventualken.com
WE1		 2024-11-28 -
2025-02-26		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://loot-link.com/s?0d506fc0
Frame ID: 179C0774B9E2AAEE4236D9E6C6CE7BF0
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

roblox auto condos game

Page URL History Show full URLs

  1. https://jxyserr.xyz/sl?l=8e7ea5493b35afc96ae4f614040c05d9fcf6be4ead835029c1efae2a584e4a3962990c38 HTTP 307
    https://loot-link.com/s?0d506fc0 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • fingerprint(\d)?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

18
Requests

89 %
HTTPS

0 %
IPv6

11
Domains

13
Subdomains

13
IPs

2
Countries

755 kB
Transfer

1197 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://jxyserr.xyz/sl?l=8e7ea5493b35afc96ae4f614040c05d9fcf6be4ead835029c1efae2a584e4a3962990c38 HTTP 307
    https://loot-link.com/s?0d506fc0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://unpkg.com/detect-gpu@latest/dist/detect-gpu.umd.js HTTP 302
  • https://unpkg.com/detect-gpu@5.0.61/dist/detect-gpu.umd.js
Request Chain 13
  • https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js HTTP 302
  • https://unpkg.com/@lottiefiles/lottie-player@2.0.12/dist/lottie-player.js

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request s
loot-link.com/
Redirect Chain
  • https://jxyserr.xyz/sl?l=8e7ea5493b35afc96ae4f614040c05d9fcf6be4ead835029c1efae2a584e4a3962990c38
  • https://loot-link.com/s?0d506fc0
21 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://loot-link.com/s?0d506fc0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.25.219 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8787f9642bd30ad920d22fd18d02f987026cc3b5bb70a578ede85a3ff083376d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST, GET, OPTIONS, HEAD
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8f39ce396c6543eb-EWR
content-encoding
zstd
content-type
text/html
date
Tue, 17 Dec 2024 20:53:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UKs0DKwVB8CRP2EGwi9KtwhAiAGXKfKV3BwA2ju%2BSrrDC50xxekcuWDfNfkLdsV%2BSijP8yAO1XUqXYdtKmbpRh%2BYj2YryPitFuSwpgeVea2pkSYtl0kKKR%2Fo6PsmKlNM"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=23706&min_rtt=22882&rtt_var=5490&sent=12&recv=9&lost=0&retrans=0&sent_bytes=4169&recv_bytes=4447&delivery_rate=25434&cwnd=12000&unsent_bytes=0&cid=cb4ae33adc98939a&ts=69&x=1" cfExtPri cfHdrFlush;dur=0

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8f39ce33e8bb4405-EWR
content-encoding
gzip
content-length
20
date
Tue, 17 Dec 2024 20:53:57 GMT
location
https://loot-link.com/s?0d506fc0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Se0gDpjSeYob8b4v2roGFOD6snAyN%2BIqIDJvLnG0ebHi1BGzreIL40aDgmmZRMNcYd026aAW7YhvNdMMVk20nPJu2yceKoZNz9VEe%2FzHKA7qcArb0lq4ENVO34o7UA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=TCP&rtt=9362&min_rtt=8866&rtt_var=2829&sent=7&recv=8&lost=0&retrans=0&sent_bytes=3944&recv_bytes=2343&delivery_rate=488730&cwnd=251&unsent_bytes=0&cid=095a859a52bd8499&ts=840&x=0"
vary
accept-encoding
runtime.js
cdn.jsdelivr.net/npm/babel-regenerator-runtime@6.5.0/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/babel-regenerator-runtime@6.5.0/runtime.js
Requested by
Host: loot-link.com
URL: https://loot-link.com/s?0d506fc0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b9258540f48bff83be38e2952dfa01f6bb5c6ccbc13baccf3e26995299f59d07
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loot-link.com/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"53cd-XOwSN/ws1IIGTvt4xVCWVg/9RBk"
age
3247776
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Tue, 17 Dec 2024 20:53:57 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-eddf8230078-FRA, cache-ewr-kewr1740078-EWR
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
6589
x-jsd-version
6.5.0
detect-gpu.umd.js
unpkg.com/detect-gpu@5.0.61/dist/
Redirect Chain
  • https://unpkg.com/detect-gpu@latest/dist/detect-gpu.umd.js
  • https://unpkg.com/detect-gpu@5.0.61/dist/detect-gpu.umd.js
9 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/detect-gpu@5.0.61/dist/detect-gpu.umd.js
Requested by
Host: loot-link.com
URL: https://loot-link.com/s?0d506fc0
Protocol
H2
Server
104.17.246.203 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
076c2a401cadf303a28028777f193e647e28327259bfca265be844295def88f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loot-link.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
"25c3-KtJzcBj/8/tO4BdiF9gIm5zErRg"
age
242828
x-content-type-options
nosniff
date
Tue, 17 Dec 2024 20:53:57 GMT
content-type
application/javascript; charset=utf-8
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01JF3YSQCXQPAAJGR9Z75GJ9NK-lga
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000
via
1.1 fly.io
cf-ray
8f39ce3d1c538cad-EWR
access-control-allow-origin
*
server
cloudflare

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, s-maxage=600, max-age=60
location
/detect-gpu@5.0.61/dist/detect-gpu.umd.js
content-encoding
br
cf-cache-status
HIT
age
520
x-content-type-options
nosniff
via
1.1 fly.io
cf-ray
8f39ce3c8bae8cad-EWR
access-control-allow-origin
*
date
Tue, 17 Dec 2024 20:53:57 GMT
content-type
text/plain; charset=utf-8
vary
Accept, Accept-Encoding
fly-request-id
01JFB5WBRREPE8RKJTMY2JA2QQ-lga
server
cloudflare
css2
fonts.googleapis.com/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Play:wght@400;700&display=swap
Requested by
Host: loot-link.com
URL: https://loot-link.com/s?0d506fc0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.35.170 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s78-in-f10.1e100.net
Software
ESF /
Resource Hash
6cbdc009197e1afacfbc903823a6557d3b34b86d9d6bb6c3594184fde99e35d2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loot-link.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Tue, 17 Dec 2024 20:53:57 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 17 Dec 2024 20:53:57 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Tue, 17 Dec 2024 19:03:41 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
6.js
loot-link.com/ 		80 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://loot-link.com/6.js
Requested by
Host: loot-link.com
URL: https://loot-link.com/s?0d506fc0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.25.219 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
019353847c1d85ff4f2cbad0937c9fba08fa9c8fafa3a62e2826b912b6c5634a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loot-link.com/s?0d506fc0

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"676191f1-13eb9"
age
5382
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dPFmYu7tuSj0fxvJOFsMYvXtboTTIjXvx4y3yNOLF86TMxf8OSYy0HJWGaMbyciat5ct566ubN9NmReaKy1U9L4sKsHrvwSqBcjB2SH6nWfLbXaEK2MnTM85OuGg7n%2Bz"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=30725&min_rtt=22882&rtt_var=8059&sent=24&recv=16&lost=0&retrans=0&sent_bytes=14429&recv_bytes=5024&delivery_rate=284987&cwnd=12000&unsent_bytes=0&cid=cb4ae33adc98939a&ts=143&x=1", cfExtPri, cfHdrFlush;dur=0
date
Tue, 17 Dec 2024 20:53:57 GMT
content-type
application/javascript
last-modified
Tue, 17 Dec 2024 15:00:01 GMT
vary
Accept-Encoding
priority
u=1,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f39ce3a0d1d43eb-EWR
server
cloudflare
/
d1tafuajjg33f8.cloudfront.net/ 		595 B
728 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://d1tafuajjg33f8.cloudfront.net/?tid=1038222&params_only=1
Requested by
Host: loot-link.com
URL: https://loot-link.com/6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.242.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-242-92.jfk52.r.cloudfront.net
Software
/
Resource Hash
b843f705041744e398d6ae334a692be493edbd7b2e4277b86575d1590de8672b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loot-link.com/

Response headers

cache-control
no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
via
1.1 686217785c5aa257660a5a0c173f7be8.cloudfront.net (CloudFront)
access-control-allow-origin
https://loot-link.com
x-cache
Miss from cloudfront
content-length
351
x-amz-cf-id
CYfGq_eZvY19NBic69KPK6NhJTJmQArSPiUTb0yZi7-ZouotPfzL0w==
date
Tue, 17 Dec 2024 20:53:58 GMT
x-amz-cf-pop
JFK52-P1
6ae84K2oVqwItm4TCpAy2g.woff2
fonts.gstatic.com/s/play/v19/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/play/v19/6ae84K2oVqwItm4TCpAy2g.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Play:wght@400;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.195 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f3.1e100.net
Software
sffe /
Resource Hash
42d25e75823f99564c199e3dc486ff8562ce77625ea50ee07385df687296f69f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://loot-link.com
Referer
https://fonts.googleapis.com/

Response headers

age
416424
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sat, 13 Dec 2025 01:13:34 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 13 Dec 2024 01:13:34 GMT
last-modified
Thu, 24 Aug 2023 19:54:08 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18100
x-xss-protection
0
server
sffe
fingerprint.js
fingerprinting36542.s3.us-east-1.amazonaws.com/ 		37 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fingerprinting36542.s3.us-east-1.amazonaws.com/fingerprint.js
Requested by
Host: loot-link.com
URL: https://loot-link.com/6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
52.217.18.104 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-east-1-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
6cf24eed847d975853348f50d95b192ac37a4c49e96d8888af6dd2e15631a1fd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://loot-link.com
Referer
https://loot-link.com/

Response headers

x-amz-server-side-encryption
AES256
ETag
"9ac06ba71cc5803c7515b3e8c3a2854d"
Access-Control-Allow-Methods
GET, PUT, POST, DELETE
x-amz-request-id
2ADDE3BN8Z9SG261
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
38143
Date
Tue, 17 Dec 2024 20:53:59 GMT
Last-Modified
Mon, 09 Dec 2024 12:08:59 GMT
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Server
AmazonS3
Content-Type
application/javascript
x-amz-id-2
ouh8VKiGSqbYQHjbKz7OYjNX2icEsrUhzW8kC3AdLQQDzYDrUj5hEAry8oJd3lal4HjmZrVm3F8=
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		156 KB
53 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: loot-link.com
URL: https://loot-link.com/6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.72.98 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
3bb9f591ef13c142028105cbb0620d286e73407b98be74d5349961879b99a2ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loot-link.com/

Response headers

content-encoding
br
etag
3240218264868001052
x-content-type-options
nosniff
expires
Tue, 17 Dec 2024 20:53:59 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Tue, 17 Dec 2024 20:53:59 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
53251
x-xss-protection
0
server
cafe
user.sync
api.taboola.com/2.0/json/lootlabs-roblox/ 		83 B
753 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.taboola.com/2.0/json/lootlabs-roblox/user.sync?app.apikey=cdb5e8d81c24e09c97db19a61b14ffdead0deac8&app.type=desktop
Requested by
Host: loot-link.com
URL: https://loot-link.com/6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3e387f35ed76f67910a6291a16d67d0ece6b52ef036026d822f5060ccb1078df

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loot-link.com/

Response headers

content-encoding
gzip
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-log-content-encoding
gzip
date
Tue, 17 Dec 2024 20:53:58 GMT
content-type
application/json;charset=utf-8
vary
Accept-Encoding
x-cache-hits
0
x-served-by
cache-ewr-kewr1740027-EWR
x-timer
S1734468839.716010,VS0,VE4
x-vcl-time-ms
4
access-control-allow-credentials
true
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
https://loot-link.com
x-service-version
v1
server
nginx
rbx.jpg
d3h26c51lqz4go.cloudfront.net/loot-sources/ 		435 KB
436 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d3h26c51lqz4go.cloudfront.net/loot-sources/rbx.jpg
Requested by
Host: loot-link.com
URL: https://loot-link.com/s?0d506fc0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.65.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-65-40.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c45388c0937dde58151ba6f3d2225751b8b89ac001be1ef1f40134c61d391b8e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loot-link.com/

Response headers

etag
"782b7fc18a24ee997efd9a7f02fa4bf9"
age
11857
via
1.1 b3d00204fa2a73465702838ab0f52746.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
content-length
445602
x-amz-cf-id
j4eXLwCjgdmYrnXvE4ITtNtzDaq_EAys6J5xpZsnWeP3WJkEbpNdZg==
date
Tue, 17 Dec 2024 17:36:23 GMT
content-type
image/jpeg
last-modified
Tue, 12 Nov 2024 11:54:52 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P9
vary
Accept-Encoding
tc
nerventualken.com/ 		572 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://nerventualken.com/tc
Requested by
Host: loot-link.com
URL: https://loot-link.com/6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.21.90 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a041b78214ccaa5208144c7ed137cab2abd2c7efef7f0bf80f3394e6981282bb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://loot-link.com/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
DYNAMIC
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS, HEAD
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=whmNhywyQYXrBi37wg3uo7lN%2BSL75T3gzcJWlCJLRKGOVq5lc5ycyLqeXL3DwPB58DZxK8ya%2BHKHUk2fZOfmmtbQkdwGGjRPSE5LvFEVz2L5nviuusm5gn%2FKFF%2FZOf32xS8CFA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8f39ce475ca18c4d-EWR
access-control-allow-origin
https://loot-link.com
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=24145&min_rtt=22026&rtt_var=6256&sent=11&recv=10&lost=0&retrans=0&sent_bytes=2208&recv_bytes=4496&delivery_rate=567&cwnd=12000&unsent_bytes=0&cid=592e605fe7020518&ts=231&x=1", cfExtPri, cfHdrFlush;dur=0
date
Tue, 17 Dec 2024 20:53:59 GMT
content-type
application/json
server
cloudflare
priority
u=1,i
access-control-allow-headers
Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
tc
nerventualken.com/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://nerventualken.com/tc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.21.90 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://loot-link.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST, GET, OPTIONS, HEAD
access-control-allow-origin
https://loot-link.com
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8f39ce42b83fc440-EWR
content-length
0
content-type
application/json
date
Tue, 17 Dec 2024 20:53:59 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=1,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hGVWhCzFB54%2FhUK3LeX0dtMU%2BhmcF3l4dtnoqyfD%2Bqb3nbTp1%2BxojEiJskt0zIn56eZNw4Jv8sKX4F9TdAotIIhEYW288Ssgr2kO4OuqAJ4%2FrygBbTqGQvJH9gs9AHNgDkGXUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=22797&min_rtt=22038&rtt_var=4307&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4140&recv_bytes=4415&delivery_rate=564&cwnd=12000&unsent_bytes=0&cid=7e6988bfef7e325b&ts=676&x=1" cfExtPri cfHdrFlush;dur=0
6aez4K2oVqwIvtU2Hw.woff2
fonts.gstatic.com/s/play/v19/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/play/v19/6aez4K2oVqwIvtU2Hw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Play:wght@400;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.195 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f3.1e100.net
Software
sffe /
Resource Hash
d0964aee1973c5818130723f3bf5b8e0b51bf775a5074949c91d815d91f2924f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://loot-link.com
Referer
https://fonts.googleapis.com/

Response headers

age
375482
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sat, 13 Dec 2025 12:35:57 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 13 Dec 2024 12:35:57 GMT
last-modified
Thu, 24 Aug 2023 20:26:25 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18088
x-xss-protection
0
server
sffe
lottie-player.js
unpkg.com/@lottiefiles/lottie-player@2.0.12/dist/
Redirect Chain
  • https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js
  • https://unpkg.com/@lottiefiles/lottie-player@2.0.12/dist/lottie-player.js
375 KB
122 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/@lottiefiles/lottie-player@2.0.12/dist/lottie-player.js
Protocol
H2
Server
104.17.246.203 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b396c6847f916f93b353dddc9245b056ad900d115cfb589e7909ba996eaf70af
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loot-link.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
"5dbed-iuWY+SuF72GOkOASnVf7lMj2w7g"
age
422400
x-content-type-options
nosniff
date
Tue, 17 Dec 2024 20:54:00 GMT
content-type
application/javascript; charset=utf-8
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01JEYKHPRY6PRXGCJHP0XSBBTG-lga
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000
via
1.1 fly.io
cf-ray
8f39ce4f0fc98cad-EWR
access-control-allow-origin
*
server
cloudflare

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, s-maxage=600, max-age=60
location
/@lottiefiles/lottie-player@2.0.12/dist/lottie-player.js
content-encoding
br
cf-cache-status
HIT
age
297
x-content-type-options
nosniff
via
1.1 fly.io
cf-ray
8f39ce48d90d8cad-EWR
access-control-allow-origin
*
date
Tue, 17 Dec 2024 20:53:59 GMT
content-type
text/plain; charset=utf-8
vary
Accept, Accept-Encoding
fly-request-id
01JFB637NQB3WYRGAH9Y591RSN-lga
server
cloudflare
e227a7bf54a0df21.jpeg
d1wzdj81h1hubn.cloudfront.net/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d1wzdj81h1hubn.cloudfront.net/e227a7bf54a0df21.jpeg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.242.183 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-242-183.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8139fdb8c0ef28776454eed8aceba2e023a52889a88326834c6a4121d729aaca

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loot-link.com/

Response headers

etag
"e53ed5b8ca4c577cfd56fab4be2b73ad"
via
1.1 46a179b8ac401f1f1def1c8690577c3e.cloudfront.net (CloudFront)
x-amz-meta-timestamp
2024-03-27T15:11:04.542271
accept-ranges
bytes
x-cache
Miss from cloudfront
content-length
19308
x-amz-cf-id
-kpcvjjWq_6KA-QUQoLmQ6EN6V9O6Bn5HkLiv8QlQJHBsDdeWPdbEQ==
date
Tue, 17 Dec 2024 20:54:01 GMT
content-type
image/jpeg
last-modified
Wed, 27 Mar 2024 15:17:09 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P1
x-amz-server-side-encryption
AES256
survey.png
d1wzdj81h1hubn.cloudfront.net/icons/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d1wzdj81h1hubn.cloudfront.net/icons/survey.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.242.183 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-242-183.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
520d2326fed0145cf32bcb9361b36a635cd33af02115e42037cdee469c9f9bcb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loot-link.com/

Response headers

vary
accept-encoding
etag
"a44f6784c60906620ea27bf4ce4cccd6"
age
59104
via
1.1 46a179b8ac401f1f1def1c8690577c3e.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
2424
x-amz-cf-id
FJaGR3OXaR6jNPtuQ4E-vg6Xhj7I_AKdTppPmmlv57TmJwb3MLSGzg==
date
Tue, 17 Dec 2024 04:28:57 GMT
content-type
image/png
last-modified
Tue, 07 Feb 2023 09:32:38 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P1
x-amz-server-side-encryption
AES256
truncated
/ 		326 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8a9f46789b7a46abcd5c65ed7eccb8234b968cb1c5f5ee662bd5be13b678a6fc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		577 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
09b553621c6fd216ff515d5eb24b92bb61923d118961fb8ad5de6e8fff43ef03

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
favicon.ico
loot-link.com/ 		159 B
758 B 		Other
General
Check archive.org
Download Go to
Full URL
https://loot-link.com/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.25.219 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
20703cc00e86bed52bb9af00fac1cbd8c3dc16c2866b7251288325f1501c8755

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loot-link.com/s?0d506fc0

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
HIT
age
21
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wr2nCV5y9kxWWdlUEnTWOJUWKT8vlA6P8bsguFG2CRN%2FVxeCDGw62TpBS2O3uY7mjecL0%2Bek8cZUEL9xEOGhQibQTudGDpZ7i7mIwtK1TWSqWx52r%2FlD0cdRelEZKzTj"}],"group":"cf-nel","max_age":604800}
cf-ray
8f39ce4f38a443eb-EWR
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=27429&min_rtt=22691&rtt_var=6199&sent=47&recv=28&lost=0&retrans=0&sent_bytes=38253&recv_bytes=5877&delivery_rate=488792&cwnd=18000&unsent_bytes=0&cid=cb4ae33adc98939a&ts=3530&x=1", cfExtPri, cfHdrFlush;dur=0
date
Tue, 17 Dec 2024 20:54:00 GMT
content-type
text/html
vary
Accept-Encoding
server
cloudflare
priority
u=1,i

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Roblox (Gaming)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| regeneratorRuntime object| DetectGPU function| a0_0x3cf244 function| a0_0x43321a function| a0_0x4101f2 function| a0_0x12eb function| a0_0x36d7 function| sendRequest object| textsArr object| loadingText function| getRandomText function| updateLoadingText string| line boolean| ALLOW_UNLOCKER string| INCENTIVE_BACKGROUND object| lottie-player object| reactiveElementVersions object| litHtmlVersions object| litElementVersions

3 Cookies

Domain/Path Name / Value
jxyserr.xyz/ Name: l
Value: 8e7ea5493b35afc96ae4f614040c05d9fcf6be4ead835029c1efae2a584e4a3962990c38
loot-link.com/ Name: uid
Value: Mr4WbcGRJx4KFzhFiZXjIudI2UYEbLUr
nerventualken.com/ Name: ci
Value: 2212221375290794

2 Console Messages

Source Level URL
Text
rendering warning URL: https://loot-link.com/s?0d506fc0
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0301D00BC130000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
network error URL: https://loot-link.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.taboola.com
cdn.jsdelivr.net
d1tafuajjg33f8.cloudfront.net
d1wzdj81h1hubn.cloudfront.net
d3h26c51lqz4go.cloudfront.net
fingerprinting36542.s3.us-east-1.amazonaws.com
fonts.googleapis.com
fonts.gstatic.com
jxyserr.xyz
loot-link.com
nerventualken.com
pagead2.googlesyndication.com
unpkg.com
104.17.246.203
104.21.21.90
104.21.25.219
142.250.65.195
142.250.72.98
142.251.35.170
151.101.1.44
151.101.65.229
172.67.171.141
18.173.242.183
18.173.242.92
3.168.65.40
52.217.18.104
019353847c1d85ff4f2cbad0937c9fba08fa9c8fafa3a62e2826b912b6c5634a
076c2a401cadf303a28028777f193e647e28327259bfca265be844295def88f8
09b553621c6fd216ff515d5eb24b92bb61923d118961fb8ad5de6e8fff43ef03
20703cc00e86bed52bb9af00fac1cbd8c3dc16c2866b7251288325f1501c8755
3bb9f591ef13c142028105cbb0620d286e73407b98be74d5349961879b99a2ef
3e387f35ed76f67910a6291a16d67d0ece6b52ef036026d822f5060ccb1078df
42d25e75823f99564c199e3dc486ff8562ce77625ea50ee07385df687296f69f
520d2326fed0145cf32bcb9361b36a635cd33af02115e42037cdee469c9f9bcb
6cbdc009197e1afacfbc903823a6557d3b34b86d9d6bb6c3594184fde99e35d2
6cf24eed847d975853348f50d95b192ac37a4c49e96d8888af6dd2e15631a1fd
8139fdb8c0ef28776454eed8aceba2e023a52889a88326834c6a4121d729aaca
8787f9642bd30ad920d22fd18d02f987026cc3b5bb70a578ede85a3ff083376d
8a9f46789b7a46abcd5c65ed7eccb8234b968cb1c5f5ee662bd5be13b678a6fc
a041b78214ccaa5208144c7ed137cab2abd2c7efef7f0bf80f3394e6981282bb
b396c6847f916f93b353dddc9245b056ad900d115cfb589e7909ba996eaf70af
b843f705041744e398d6ae334a692be493edbd7b2e4277b86575d1590de8672b
b9258540f48bff83be38e2952dfa01f6bb5c6ccbc13baccf3e26995299f59d07
c45388c0937dde58151ba6f3d2225751b8b89ac001be1ef1f40134c61d391b8e
d0964aee1973c5818130723f3bf5b8e0b51bf775a5074949c91d815d91f2924f