urlscan.io logo urlscan.io
SecurityTrails logo

161989.xyz Open in urlscan Pro
2606:4700:3030::ac43:8021  Public Scan

Go To Rescan Add Verdict Report
URL: https://161989.xyz/
Submission: On January 20 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 1 countries across 7 domains to perform 27 HTTP transactions. The main IP is 2606:4700:3030::ac43:8021, located in United States and belongs to CLOUDFLARENET, US. The main domain is 161989.xyz.
TLS certificate: Issued by E1 on January 17th 2024. Valid for: 3 months.
This is the only time 161989.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 7 2606:4700:303... 13335 (CLOUDFLAR...)
5 2607:f8b0:400... 15169 (GOOGLE)
6 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
2 2606:4700:303... 13335 (CLOUDFLAR...)
6 2606:4700:303... 13335 (CLOUDFLAR...)
27 9
1    2606:4700:3030::ac43:8021 (United States)

ASN13335 (CLOUDFLARENET, US)
161989.xyz
1    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
7    2606:4700:3034::6815:4466 (United States)

ASN13335 (CLOUDFLARENET, US)
bitad.org
panel.bitad.org
5    2607:f8b0:4006:816::2004 (Colchester, United States)

ASN15169 (GOOGLE, US)
www.google.com
6    2607:f8b0:4006:817::2003 (Colchester, United States)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    2607:f8b0:4006:81e::2003 (Colchester, United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2606:4700:3031::6815:2eef (United States)

ASN13335 (CLOUDFLARENET, US)
earntether.com
6    2606:4700:3035::ac43:d5f3 (United States)

ASN13335 (CLOUDFLARENET, US)
cryptocoinsad.com
Apex Domain
Subdomains		 Transfer
7 gstatic.com
www.gstatic.com
fonts.gstatic.com
670 KB
7 bitad.org
bitad.org
panel.bitad.org
19 KB
6 cryptocoinsad.com
cryptocoinsad.com — Cisco Umbrella Rank: 403229
838 KB
5 google.com
www.google.com — Cisco Umbrella Rank: 2
38 KB
2 earntether.com
earntether.com
1 KB
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1019
25 KB
1 161989.xyz
161989.xyz
2 KB
27 7
Domain Requested by
6 cryptocoinsad.com earntether.com
cryptocoinsad.com
6 www.gstatic.com www.google.com
www.gstatic.com
6 panel.bitad.org 2 redirects 161989.xyz
panel.bitad.org
5 www.google.com 161989.xyz
www.gstatic.com
www.google.com
2 earntether.com panel.bitad.org
1 fonts.gstatic.com www.google.com
1 bitad.org 161989.xyz
1 maxcdn.bootstrapcdn.com 161989.xyz
1 161989.xyz
27 9

This site contains no links.

Subject Issuer Validity Valid
161989.xyz
E1		 2024-01-17 -
2024-04-16		 3 months crt.sh
bootstrapcdn.com
GTS CA 1P5		 2023-11-30 -
2024-02-28		 3 months crt.sh
bitad.org
GTS CA 1P5		 2023-11-30 -
2024-02-28		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh
earntether.com
GTS CA 1P5		 2023-12-19 -
2024-03-18		 3 months crt.sh
cryptocoinsad.com
GTS CA 1P5		 2023-12-28 -
2024-03-27		 3 months crt.sh

This page contains 9 frames:

Primary Page: https://161989.xyz/
Frame ID: 502774AD389BF09E72E67279C9055AD0
Requests: 7 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9bFQpAAAAAHZvFdGCVY63uOBvzsosBRXAcJkn&co=aHR0cHM6Ly8xNjE5ODkueHl6OjQ0Mw..&hl=en&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=normal&cb=3g3wt3lp652b
Frame ID: 5A603958B884420B1368154C5E4F5AD8
Requests: 9 HTTP requests in this frame

Frame: https://earntether.com/ads/cryptocoinsad728x90.php
Frame ID: DB1A54241A2554C14F6DE26ACE4D3489
Requests: 1 HTTP requests in this frame

Frame: https://earntether.com/ads/cryptocoinsad300x250.php
Frame ID: 87D71E8022337E3B0A5C4D9DA405A1CA
Requests: 1 HTTP requests in this frame

Frame: https://panel.bitad.org/www/delivery/lg.php?bannerid=263&campaignid=52&zoneid=1224&source={obfs:}&loc=https%3A%2F%2F161989.xyz%2F&cb=b9a12048ab
Frame ID: CDDCAA64D1DE473D6DEFDD4E8804E316
Requests: 1 HTTP requests in this frame

Frame: https://panel.bitad.org/www/delivery/lg.php?bannerid=264&campaignid=52&zoneid=1223&source={obfs:}&loc=https%3A%2F%2F161989.xyz%2F&cb=2c713c3eac
Frame ID: DCB475C4F301C1CA45306CC94645812A
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&k=6Le9bFQpAAAAAHZvFdGCVY63uOBvzsosBRXAcJkn
Frame ID: 0109360B9A4B5FDDD2DB4B554FEBAC20
Requests: 3 HTTP requests in this frame

Frame: https://cryptocoinsad.com/ads/show.php?a=257590&b=398190
Frame ID: 8B4CB400FBBE22F64AFFDC04DC3725D9
Requests: 3 HTTP requests in this frame

Frame: https://cryptocoinsad.com/ads/show.php?a=257590&b=398189
Frame ID: 00384AECF1F41D133193D67EC6B2C3B7
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

BITAD - HUMAN VERIFICATION

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <div[^>]+class="g-recaptcha"
  • /recaptcha/api\.js

Page Statistics

27
Requests

100 %
HTTPS

100 %
IPv6

7
Domains

9
Subdomains

9
IPs

1
Countries

1591 kB
Transfer

2739 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://panel.bitad.org/www/delivery/cl.php?bannerid=263&zoneid=1224&source=%7Bobfs%3A%7D&sig=aab259f0dd144df8da175fff9c7c148cdc19ace3fda61e7fa509ba99fe5655f0&dest=https%3A%2F%2Fearntether.com%2Fads%2Fcryptocoinsad728x90.php HTTP 302
  • https://earntether.com/ads/cryptocoinsad728x90.php
Request Chain 16
  • https://panel.bitad.org/www/delivery/cl.php?bannerid=264&zoneid=1223&source=%7Bobfs%3A%7D&sig=bdd95d7305dcc88b138ba584e2a28da9157e4ef3baf1d2a3975d15e10125192d&dest=https%3A%2F%2Fearntether.com%2Fads%2Fcryptocoinsad300x250.php HTTP 302
  • https://earntether.com/ads/cryptocoinsad300x250.php

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
161989.xyz/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://161989.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:8021 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7698ef9be10b4bae685f3594d8b2ac1b62dd8f0315354ee6e8f2be1b8ce987e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

access-control-allow-origin
https://bitad.org
alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
848985080c8d4bc3-BUF
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 20 Jan 2024 18:53:20 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zbfaHa%2BCXmaTvp9z%2BfySKvDm4D5NkAzmQa13HkqUwQc%2Fq8ZmxcbVUwMCOxZcKHysTabQehPepaL2z1VQsTQV1tQFx7kfBZXxk8ntjWJlGB%2BiZq27d3hR7J%2BhgLlbEkbYtH4GdJeIdfey"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/ 		157 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css
Requested by
Host: 161989.xyz
URL: https://161989.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://161989.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 18:53:20 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
995
age
4951374
cdn-cachedat
09/25/2022 20:57:45
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:11 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
server
cloudflare
etag
W/"816af0eddd3b4822c2756227c7e7b7ee"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
71527a03f7e176ece9293b23f17efc3f
timing-allow-origin
*
cdn-requestcountrycode
US
cdn-status
200
cf-ray
84898509f9b24bc0-BUF
cdn-requestpullsuccess
True
bitadlogo.png
bitad.org/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bitad.org/bitadlogo.png
Requested by
Host: 161989.xyz
URL: https://161989.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:4466 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
054ed8a9ed1076b98e9c375da7a407443645d4cfcea838160a394ebb05c8bc7c

Request headers

accept-language
en-US,en;q=0.9
Referer
https://161989.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 18:53:20 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
178733
alt-svc
h3=":443"; ma=86400
content-length
12801
last-modified
Wed, 08 Feb 2023 02:51:03 GMT
server
cloudflare
etag
"3201-63e30e17-57473b4;;;"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vVSsW2fcPNwKgoJvy5cREKOmc8qmxkKd48jKsDptxniIlZ20jkFAkhGIuF%2FdT94UqjdAyHW1%2Fcxi%2B8U%2BDtgxUJHJCupoNXwvGoH6se6Nb%2FFXm3R%2BXqDkkPgSDUo8gAtLIrsAhxya%2FrY%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
8489850a2c4f6aee-BUF
expires
Thu, 25 Jan 2024 17:14:27 GMT
asyncjs.php
panel.bitad.org/www/delivery/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://panel.bitad.org/www/delivery/asyncjs.php
Requested by
Host: 161989.xyz
URL: https://161989.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:4466 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
58540a03aa73c641877c0e2114f51067c22a625eba0212f5721b8023cecf0810

Request headers

accept-language
en-US,en;q=0.9
Referer
https://161989.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 18:53:20 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WbINIoOzK97YA6m%2FVn2tYY2NLUIDUf%2FYUCdVe9qFWYyGECp4dcJuYX03Md3GC211nHyoHHNZBmyYej6sytJBB2abP4lBjzEpRVngVrCeAmvIrJFBZKy5RJVZTsIgfxByhSxsiB%2FMIfUPshcANrQ%3D"}],"group":"cf-nel","max_age":604800}
p3p
CP="CUR ADM OUR NOR STA NID"
content-type
text/javascript;charset=UTF-8
cache-control
private, max-age=3600
expire
Sat, 20 Jan 2024 19:53:20 GMT
cf-ray
8489850a1ed74bcc-BUF
alt-svc
h3=":443"; ma=86400
api.js
www.google.com/recaptcha/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: 161989.xyz
URL: https://161989.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2004 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
5fd687c2312ba529d13bff2ff2fae6392f1d30668e061731d08d59a889a67487
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://161989.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 18:53:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Sat, 20 Jan 2024 18:53:20 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/ 		503 KB
202 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2003 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
52c308157b0f273a5f4f67bb4f28ccf47c24a68fbc7d0226d49bf4eebacfdf97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://161989.xyz/
Origin
https://161989.xyz
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 12:29:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
23018
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
206076
x-xss-protection
0
last-modified
Mon, 08 Jan 2024 05:00:33 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 19 Jan 2025 12:29:42 GMT
anchor
www.google.com/recaptcha/api2/ Frame 5A60 		45 KB
28 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9bFQpAAAAAHZvFdGCVY63uOBvzsosBRXAcJkn&co=aHR0cHM6Ly8xNjE5ODkueHl6OjQ0Mw..&hl=en&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=normal&cb=3g3wt3lp652b
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2004 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
64564ca390590a8f8a5ebcd765265197a12197ed181b79eb5bcd2e0dff52d05e
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-JQWdmJcPyunVI-pih3n4yA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://161989.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-JQWdmJcPyunVI-pih3n4yA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sat, 20 Jan 2024 18:53:20 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
styles__ltr.css
www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/ Frame 5A60 		55 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9bFQpAAAAAHZvFdGCVY63uOBvzsosBRXAcJkn&co=aHR0cHM6Ly8xNjE5ODkueHl6OjQ0Mw..&hl=en&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=normal&cb=3g3wt3lp652b
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2003 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 18:46:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
392
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24606
x-xss-protection
0
last-modified
Mon, 08 Jan 2024 05:00:33 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 19 Jan 2025 18:46:48 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/ Frame 5A60 		503 KB
201 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9bFQpAAAAAHZvFdGCVY63uOBvzsosBRXAcJkn&co=aHR0cHM6Ly8xNjE5ODkueHl6OjQ0Mw..&hl=en&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=normal&cb=3g3wt3lp652b
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2003 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
52c308157b0f273a5f4f67bb4f28ccf47c24a68fbc7d0226d49bf4eebacfdf97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 12:29:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
23018
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
206076
x-xss-protection
0
last-modified
Mon, 08 Jan 2024 05:00:33 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 19 Jan 2025 12:29:42 GMT
truncated
/ Frame 5A60 		14 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 5A60 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/png
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 5A60 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/recaptcha/api2/logo_48.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2003 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 13:19:55 GMT
x-content-type-options
nosniff
age
106406
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2228
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
expires
Fri, 26 Jan 2024 13:19:55 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 5A60 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9bFQpAAAAAHZvFdGCVY63uOBvzsosBRXAcJkn&co=aHR0cHM6Ly8xNjE5ODkueHl6OjQ0Mw..&hl=en&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=normal&cb=3g3wt3lp652b
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2003 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 13:13:59 GMT
x-content-type-options
nosniff
age
106762
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 18 Jan 2025 13:13:59 GMT
W6ySMI_EbF4NJqhzNc9p1_hu4s5xL3ZDxE1cNPsDaUQ.js
www.google.com/js/bg/ Frame 5A60 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/bg/W6ySMI_EbF4NJqhzNc9p1_hu4s5xL3ZDxE1cNPsDaUQ.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2004 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5bac92308fc46c5e0d26a87335cf69d7f86ee2ce712f7643c44d5c34fb036944
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9bFQpAAAAAHZvFdGCVY63uOBvzsosBRXAcJkn&co=aHR0cHM6Ly8xNjE5ODkueHl6OjQ0Mw..&hl=en&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=normal&cb=3g3wt3lp652b
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 04:43:51 GMT
content-encoding
br
x-content-type-options
nosniff
age
137370
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6901
x-xss-protection
0
last-modified
Wed, 03 Jan 2024 11:00:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 18 Jan 2025 04:43:51 GMT
webworker.js
www.google.com/recaptcha/api2/ Frame 5A60 		102 B
135 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=Ya-Cd6PbRI5ktAHEhm9JuKEu
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9bFQpAAAAAHZvFdGCVY63uOBvzsosBRXAcJkn&co=aHR0cHM6Ly8xNjE5ODkueHl6OjQ0Mw..&hl=en&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=normal&cb=3g3wt3lp652b
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2004 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
28bd191bba13945f81b09f2df5f54b9208309f4da0e7bb202c1e61c7adf039b9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9bFQpAAAAAHZvFdGCVY63uOBvzsosBRXAcJkn&co=aHR0cHM6Ly8xNjE5ODkueHl6OjQ0Mw..&hl=en&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=normal&cb=3g3wt3lp652b
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 18:53:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
cross-origin-embedder-policy
require-corp
x-frame-options
SAMEORIGIN
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Sat, 20 Jan 2024 18:53:21 GMT
asyncspc.php
panel.bitad.org/www/delivery/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://panel.bitad.org/www/delivery/asyncspc.php?zones=1224%7C1223&prefix=revive-0-&loc=https%3A%2F%2F161989.xyz%2F
Requested by
Host: panel.bitad.org
URL: https://panel.bitad.org/www/delivery/asyncjs.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:4466 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb42509bfdfbb43f65abd81a0a45b7a4616a55a8c079608455a950793e495540

Request headers

accept-language
en-US,en;q=0.9
Referer
https://161989.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 18:53:21 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=86400
pragma
no-cache
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2B%2BBxJ5UEhY911z54T3XojNrzFQ%2BC61kvlK%2B3vyVF74gdOzHBJGzeEYd5pb2ytyR8RH0ZHOKVVf8t1hjR0TCbWHg4ye6B8cLVxF58tKQUEFmAFvWPvedyowR5wiuDTqUFGJHvez0Vx0F3lvG3Ho%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://161989.xyz
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
84898510ab694bcc-BUF
expires
0
cryptocoinsad728x90.php
earntether.com/ads/ Frame DB1A
Redirect Chain
  • https://panel.bitad.org/www/delivery/cl.php?bannerid=263&zoneid=1224&source=%7Bobfs%3A%7D&sig=aab259f0dd144df8da175fff9c7c148cdc19ace3fda61e7fa509ba99fe5655f0&dest=https%3A%2F%2Fearntether.com%2Fad...
  • https://earntether.com/ads/cryptocoinsad728x90.php
326 B
645 B 		Document
General
Check archive.org
Download Go to
Full URL
https://earntether.com/ads/cryptocoinsad728x90.php
Requested by
Host: panel.bitad.org
URL: https://panel.bitad.org/www/delivery/asyncjs.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:2eef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8acf629941a94c69eead3026c984753c75acbd437f053f4d826edd3160ffa6c

Request headers

Referer
https://161989.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8489851339694bd3-BUF
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 20 Jan 2024 18:53:22 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=seayIjTt98Rsy61wJt0Fgvk762AVae1fNTNRCBBdcbPWSBpwcrs68i67IzWcNEXY9V5R0bWxNqQd7IvzP%2F6X4fI1DO6BeWv228HRd8zvfAO%2B88mJxMoSXYGRwR1ypH3DQAhp0BJIAAKDjqp5hQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
84898511abf24bcc-BUF
content-type
text/html; charset=UTF-8
date
Sat, 20 Jan 2024 18:53:21 GMT
expires
0
location
https://earntether.com/ads/cryptocoinsad728x90.php
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VauSk9lRkA5MdNRQo6DUC%2FEwUCXvO%2Bw%2BnxVUjRXQ27eY%2FiG4JzBchD2IHh5GeV0NpgJUEwOnSNOqKhmvuphl3Y2Rh5lXVDcXVSI1bucYoYIxFRwXA%2FTOftmEQDgKD%2BwOV5q%2FaRYiAv6vWDnfyq4%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
cryptocoinsad300x250.php
earntether.com/ads/ Frame 87D7
Redirect Chain
  • https://panel.bitad.org/www/delivery/cl.php?bannerid=264&zoneid=1223&source=%7Bobfs%3A%7D&sig=bdd95d7305dcc88b138ba584e2a28da9157e4ef3baf1d2a3975d15e10125192d&dest=https%3A%2F%2Fearntether.com%2Fad...
  • https://earntether.com/ads/cryptocoinsad300x250.php
329 B
486 B 		Document
General
Check archive.org
Download Go to
Full URL
https://earntether.com/ads/cryptocoinsad300x250.php
Requested by
Host: panel.bitad.org
URL: https://panel.bitad.org/www/delivery/asyncjs.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:2eef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32018ce99706a4ecbc103f7339bfda8e51816ab49b53c881cbd35676081411eb

Request headers

Referer
https://161989.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8489851359754bd3-BUF
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 20 Jan 2024 18:53:22 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=msce%2BgeH1Z7VwamzChvufeJW9eDduI%2FpsG7Gs5Z%2BX7PPUkysRte27SYp5fk%2FmMr0FVdAgpEm31dFbObSGkvppJYpBSt4RGYIYmAWXnlNm7KBHijBlV0E%2FbinG3lVfwYZtZJJ5nq1%2BnkMe6XQhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
84898511bbfb4bcc-BUF
content-type
text/html; charset=UTF-8
date
Sat, 20 Jan 2024 18:53:21 GMT
expires
0
location
https://earntether.com/ads/cryptocoinsad300x250.php
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YtI87KoUdWnhQ%2Bn2MQ%2F2ec2soBVl2MHIy%2BJNgZHenatavchRzzPdaeiMdyOzGtFkjaA61MFLKegynDQwVMPqEXadjfkiv1%2FqOHf%2FpgMlkdEqS5T8ALvTCBoB7dlFesHGZ7KDxgv%2F6N%2FhdALcH6c%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
lg.php
panel.bitad.org/www/delivery/ Frame CDDC 		43 B
614 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://panel.bitad.org/www/delivery/lg.php?bannerid=263&campaignid=52&zoneid=1224&source={obfs:}&loc=https%3A%2F%2F161989.xyz%2F&cb=b9a12048ab
Requested by
Host: 161989.xyz
URL: https://161989.xyz/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:4466 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-US,en;q=0.9
Referer
https://161989.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Jan 2024 18:53:21 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ciiAZ7hIUaMIYIJtQArouFixs6JJF09JP9VcNFSXkp7z6Eh4CRzCnfjFSMj%2FYY2fSuxvgMGDaQkoOlupNS%2B1lKY7w%2F7Bt%2FLjLZfWJKHy6SHoMzEuQG%2Ft%2B6NjTWNgvOehVIP1UQarnh6FntsvrvI%3D"}],"group":"cf-nel","max_age":604800}
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
*
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cf-ray
84898511bbf94bcc-BUF
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0
lg.php
panel.bitad.org/www/delivery/ Frame DCB4 		43 B
614 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://panel.bitad.org/www/delivery/lg.php?bannerid=264&campaignid=52&zoneid=1223&source={obfs:}&loc=https%3A%2F%2F161989.xyz%2F&cb=2c713c3eac
Requested by
Host: 161989.xyz
URL: https://161989.xyz/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:4466 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-US,en;q=0.9
Referer
https://161989.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Jan 2024 18:53:21 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jp%2FjHzXpuxSBcQM8VQBqaWfPbhk8MVXUloxYxlNMFT07y2W0HfmXRhQFS%2BwbAx8pLq5%2BaFUzL8X9iD7%2BGkXoQstb1WIdy54Wfj4DG123l06KAOqwlbmD%2BhIVfY8TcsiWEWbd6HLuo%2Bj4bKadFMg%3D"}],"group":"cf-nel","max_age":604800}
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
*
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cf-ray
84898511bbfa4bcc-BUF
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0
bframe
www.google.com/recaptcha/api2/ Frame 0109 		7 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&k=6Le9bFQpAAAAAHZvFdGCVY63uOBvzsosBRXAcJkn
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2004 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
2481f769f8eac8090fa7c21029dc8e467a1e1ec4607de7e4a31002c4efa3f042
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-aHlWS9ldiNtQ262c99TuDA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://161989.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-aHlWS9ldiNtQ262c99TuDA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sat, 20 Jan 2024 18:53:21 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
styles__ltr.css
www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/ Frame 0109 		55 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&k=6Le9bFQpAAAAAHZvFdGCVY63uOBvzsosBRXAcJkn
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2003 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 18:46:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
393
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24606
x-xss-protection
0
last-modified
Mon, 08 Jan 2024 05:00:33 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 19 Jan 2025 18:46:48 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/ Frame 0109 		503 KB
201 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&k=6Le9bFQpAAAAAHZvFdGCVY63uOBvzsosBRXAcJkn
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2003 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
52c308157b0f273a5f4f67bb4f28ccf47c24a68fbc7d0226d49bf4eebacfdf97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 12:29:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
23019
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
206076
x-xss-protection
0
last-modified
Mon, 08 Jan 2024 05:00:33 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 19 Jan 2025 12:29:42 GMT
show.php
cryptocoinsad.com/ads/ Frame 8B4C 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cryptocoinsad.com/ads/show.php?a=257590&b=398190
Requested by
Host: earntether.com
URL: https://earntether.com/ads/cryptocoinsad728x90.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d5f3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.2.24-0ubuntu0.18.04.17
Resource Hash
0770fd1a835dcdcf8908da9a292ccf5257edc1abeb57fa3bb844e6741ad86a53

Request headers

Referer
https://earntether.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
848985158e144bc9-BUF
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 20 Jan 2024 18:53:22 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3xwG4YAo6IJCbqeFSMduPHREPeYWG1S8hmAjuSXyKox62WLp%2Ft9dezFTvjkTl8Sy9RhqLMroC4T0MQJ5mZKEgVzacqTrNC6OM76AuYHMBcExCvg6g29qFXmQAWwhiv2U9RqFIUC5modL4aSffgiAlw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.2.24-0ubuntu0.18.04.17
show.php
cryptocoinsad.com/ads/ Frame 0038 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cryptocoinsad.com/ads/show.php?a=257590&b=398189
Requested by
Host: earntether.com
URL: https://earntether.com/ads/cryptocoinsad300x250.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d5f3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.2.24-0ubuntu0.18.04.17
Resource Hash
e4111b84c7e1a7a7deecec5e2f756a83cea71189f07a92fc0449c12355c5b07d

Request headers

Referer
https://earntether.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
848985158e154bc9-BUF
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 20 Jan 2024 18:53:22 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PvHoVKEymQZNi5vZg6aG40XR9C2pGX4rQj3wRZLTpjlpZXNQJG1FWjWbvbR9Pmq7pPYNMuAPRuBSPlKy2WFCIzhbaXMHWGOlvkWop49039sDt%2Ffs%2FDPp8GG9JEgovzVOPuOtbA2sDugsujxO1tI%2B%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.2.24-0ubuntu0.18.04.17
27433.gif
cryptocoinsad.com/banner/ads_banner/ Frame 0038 		562 KB
563 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cryptocoinsad.com/banner/ads_banner/27433.gif
Requested by
Host: cryptocoinsad.com
URL: https://cryptocoinsad.com/ads/show.php?a=257590&b=398189
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d5f3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ed070c2e3c1f8470ce2033dbecd07597d2ce8e6282b7fae6269ef09f4bd976d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cryptocoinsad.com/ads/show.php?a=257590&b=398189
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 18:53:22 GMT
cf-cache-status
HIT
last-modified
Sat, 20 Jan 2024 07:48:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
6342
etag
"65ab7ace-8c760"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rm2k7CHsQ%2Bl4eNZFLdhRgGt%2Bn%2Bn6xQakpCV8V9%2BoFV44TpRcy4tRKtKqmtr9BEJRo%2Fa3fvoFzT04uqT8tBK65WXTMaXE3%2BFaHvVWB2eqlx4OAXhhwsXgFGrzJaz9vORdstLTED0WYQ6OGMdDM2D1xA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=10800
accept-ranges
bytes
cf-ray
8489851978ad4bc9-BUF
alt-svc
h3=":443"; ma=86400
content-length
575328
icon.png
cryptocoinsad.com/ads/show/img/ Frame 0038 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cryptocoinsad.com/ads/show/img/icon.png
Requested by
Host: cryptocoinsad.com
URL: https://cryptocoinsad.com/ads/show.php?a=257590&b=398189
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d5f3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b14ef09e5d084f7cb785998d54d37e486619c9b9527e72776a7c9d2b7e85c828

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cryptocoinsad.com/ads/show.php?a=257590&b=398189
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 18:53:22 GMT
cf-cache-status
HIT
last-modified
Sat, 29 Jan 2022 11:54:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4128
etag
"61f52b0c-ced"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zQDTeg7P9NjtzOnsc0gKCPW0MhOLVlBpgFtGAi18iCF2cXeyaSk8LzshEIVcC0zCSNIMc4sGQBGeAsCu3iN%2Fbm6dIjpgj9haA%2BcJzLCeU0DSvcPYbNRHA8%2FZRltmFiBkhNgoG%2FA8DYqjxQtY8AdmyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=10800
accept-ranges
bytes
cf-ray
8489851978af4bc9-BUF
alt-svc
h3=":443"; ma=86400
content-length
3309
27289.gif
cryptocoinsad.com/banner/ads_banner/ Frame 8B4C 		265 KB
266 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cryptocoinsad.com/banner/ads_banner/27289.gif
Requested by
Host: cryptocoinsad.com
URL: https://cryptocoinsad.com/ads/show.php?a=257590&b=398190
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d5f3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d69f29182f6a4ac0c90a8dabaee6047dace78ce6d229536b8766c1692cfaa854

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cryptocoinsad.com/ads/show.php?a=257590&b=398190
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 18:53:22 GMT
cf-cache-status
HIT
last-modified
Wed, 13 Dec 2023 10:17:44 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
940
etag
"657984c8-4247a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QdAONGiNMmT0sa6fzZOt2k%2FDL59ACEtn9HLVmLCEbKnaRXem7PJniJGGmSrUlsshP4pHK0hMbF5tYApIbiSjmNUuUER%2FKoxxc8DM0TifbvOY1kHMv%2FzVjLgYH32NXvNI%2B8VbgqJnNgR%2FVZXm6GpfDw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=10800
accept-ranges
bytes
cf-ray
8489851998e34bc9-BUF
alt-svc
h3=":443"; ma=86400
content-length
271482
icon.png
cryptocoinsad.com/ads/show/img/ Frame 8B4C 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cryptocoinsad.com/ads/show/img/icon.png
Requested by
Host: cryptocoinsad.com
URL: https://cryptocoinsad.com/ads/show.php?a=257590&b=398190
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d5f3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b14ef09e5d084f7cb785998d54d37e486619c9b9527e72776a7c9d2b7e85c828

Request headers

accept-language
en-US,en;q=0.9
Referer
https://cryptocoinsad.com/ads/show.php?a=257590&b=398190
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sat, 20 Jan 2024 18:53:22 GMT
cf-cache-status
HIT
last-modified
Sat, 29 Jan 2022 11:54:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4128
etag
"61f52b0c-ced"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KYHb1Lvp7xca8ytlbEEAXj2vZYinKe9wrBv9%2FyOiIEVbBSQd1enacyYz8CbOrb9f6kzliA1jMxYHxAIF%2B0uhraYsSFrsRq%2B26nzO8IUI1Aa7MpfzUh1%2FU3zyPFIQng1PMN3I%2FKa%2FKa%2FM2Bp2oe%2BhbA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=10800
accept-ranges
bytes
cf-ray
8489851998e44bc9-BUF
alt-svc
h3=":443"; ma=86400
content-length
3309

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client function| closeAd object| reviveAsync object| recaptcha object| closure_lm_719155

5 Cookies

Domain/Path Name / Value
161989.xyz/ Name: PHPSESSID
Value: kdvjc8032hc60spucfok9bhar6
panel.bitad.org/ Name: OAGEO
Value: 2%7CJP%7CAS%7C%7COsaka%7C543-0062%7C34.6946%7C135.5021%7C20%7CAsia%2FTokyo%7C%7C27%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C
panel.bitad.org/ Name: OAID
Value: 01000111010001000101000001010010
panel.bitad.org/ Name: _OXBLC[263]
Value: s7kpsx
panel.bitad.org/ Name: _OXBLC[264]
Value: s7kpsx

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

161989.xyz
bitad.org
cryptocoinsad.com
earntether.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
panel.bitad.org
www.google.com
www.gstatic.com
2606:4700:3030::ac43:8021
2606:4700:3031::6815:2eef
2606:4700:3034::6815:4466
2606:4700:3035::ac43:d5f3
2606:4700::6812:acf
2607:f8b0:4006:816::2004
2607:f8b0:4006:817::2003
2607:f8b0:4006:81e::2003
054ed8a9ed1076b98e9c375da7a407443645d4cfcea838160a394ebb05c8bc7c
0770fd1a835dcdcf8908da9a292ccf5257edc1abeb57fa3bb844e6741ad86a53
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
2481f769f8eac8090fa7c21029dc8e467a1e1ec4607de7e4a31002c4efa3f042
28bd191bba13945f81b09f2df5f54b9208309f4da0e7bb202c1e61c7adf039b9
32018ce99706a4ecbc103f7339bfda8e51816ab49b53c881cbd35676081411eb
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ed070c2e3c1f8470ce2033dbecd07597d2ce8e6282b7fae6269ef09f4bd976d
52c308157b0f273a5f4f67bb4f28ccf47c24a68fbc7d0226d49bf4eebacfdf97
58540a03aa73c641877c0e2114f51067c22a625eba0212f5721b8023cecf0810
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
5bac92308fc46c5e0d26a87335cf69d7f86ee2ce712f7643c44d5c34fb036944
5fd687c2312ba529d13bff2ff2fae6392f1d30668e061731d08d59a889a67487
64564ca390590a8f8a5ebcd765265197a12197ed181b79eb5bcd2e0dff52d05e
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
b14ef09e5d084f7cb785998d54d37e486619c9b9527e72776a7c9d2b7e85c828
d69f29182f6a4ac0c90a8dabaee6047dace78ce6d229536b8766c1692cfaa854
d7698ef9be10b4bae685f3594d8b2ac1b62dd8f0315354ee6e8f2be1b8ce987e
d8acf629941a94c69eead3026c984753c75acbd437f053f4d826edd3160ffa6c
e4111b84c7e1a7a7deecec5e2f756a83cea71189f07a92fc0449c12355c5b07d
eb42509bfdfbb43f65abd81a0a45b7a4616a55a8c079608455a950793e495540