payrolltaxrefund.co Open in urlscan Pro
2606:4700:3030::ac43:82d0 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://payrolltaxrefund.co/
Submission: On July 20 via automatic, source certstream-suspicious (July 20th 2024, 3:13:06 am UTC) — Scanned from DE

Summary HTTP 15 Redirects Links 2 Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 15 HTTP transactions. The main IP is 2606:4700:3030::ac43:82d0, located in United States and belongs to CLOUDFLARENET, US. The main domain is payrolltaxrefund.co.
TLS certificate: Issued by WE1 on July 20th 2024. Valid for: 3 months.

This is the only time payrolltaxrefund.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
13	2606:4700:303... 2606:4700:3030::ac43:82d0		13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82f::2008		15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36		15169 (GOOGLE) (GOOGLE)
15	4

13 2606:4700:3030::ac43:82d0 (United States)

ASN13335 (CLOUDFLARENET, US)

payrolltaxrefund.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	payrolltaxrefund.co payrolltaxrefund.co	568 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3123
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	102 KB
15	3

	Domain	Requested by
13	payrolltaxrefund.co	payrolltaxrefund.co
1	region1.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	payrolltaxrefund.co
15	3

This site contains links to these domains. Also see Links.

Domain
1.envato.market
www.irs.gov

Subject Issuer	Validity	Valid
payrolltaxrefund.co WE1	`2024-07-20` - `2024-10-18`	3 months	crt.sh
*.google-analytics.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://payrolltaxrefund.co/
Frame ID: 0CBFB03CBD81B12255D5D4E9D94ACF1E
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Employee Retention Credit - Up to $26,000 Per Employee

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

670 kB
Transfer

2056 kB
Size

2
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://1.envato.market/15Nrrd

Search URL Search Domain Scan URL

URL: https://www.irs.gov/coronavirus/employee-retention-credit
Title: IRS ERC

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
payrolltaxrefund.co/ 124 KB
16 KB 459ms
424ms Document
text/html 2606:4700:3030::ac43:82d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://payrolltaxrefund.co/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:82d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e481ee79f0b887b43009c7ef5279d9a463f0a82458c147bf2db68c45c078ac3d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8a5fc5d5c9b30b7c-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 20 Jul 2024 03:13:00 GMT
link: <https://payrolltaxrefund.co/wp-json/>; rel="https://api.w.org/" <https://payrolltaxrefund.co/wp-json/wp/v2/pages/2320>; rel="alternate"; title="JSON"; type="application/json" <https://payrolltaxrefund.co/>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XqUtd%2FDSbUhcZkxm6QSHpbIZx1hDhNONh9on3g50t9d7VTblgBdu87tlKQqrBZP6AmMDxYtqSxgK112byvKEn6UzvRpOUG4jBO0FoYzHBP1CdB9YHyi6j0NXgPh0qqwC0WcyfA53W18TCN3ZYaZjSwSY"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed

GET
H3 200 6e5c872beb963fd9dcb829a06d72ae57.min.css
payrolltaxrefund.co/wp-content/uploads/fusion-styles/ 930 KB
135 KB 656ms
655ms Stylesheet
text/css 2606:4700:3030::ac43:82d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://payrolltaxrefund.co/wp-content/uploads/fusion-styles/6e5c872beb963fd9dcb829a06d72ae57.min.css?ver=3.9.2
Requested by: Host: payrolltaxrefund.co
URL: https://payrolltaxrefund.co/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:82d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36d9f8c43851644782415bc28c9383438ce92e76224781e17302f161cf559197

Request headers

Referer: https://payrolltaxrefund.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 03:13:00 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 20 Mar 2023 10:48:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mvap2t9PiKTl1pK4Pq9lyhlZhttNwidKjjvBcRpWBftNvIrrAAJRWFY4nGR57GMvPH5czA4UXHIIWqFyA8NvX58FZ5WgDeOvxzhoJcLCDdQ1j7FV0pgKodfR6kburLS9xFJyh3F51qUTu3vXyFfzT853"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a5fc5d89b3f0b7c-AMS
alt-svc: h3=":443"; ma=86400
expires: Sat, 27 Jul 2024 03:13:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 305 KB
102 KB 295ms
25ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-MCFVEFVPFM

Requested by

Host: payrolltaxrefund.co
URL: https://payrolltaxrefund.co/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

afe20128e9fc41fa10644bfc6aca2307235f945669852b5963b77a0e3a46e97b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://payrolltaxrefund.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 03:13:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 103583
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 20 Jul 2024 03:13:00 GMT

GET
H3 200 pt1.png
payrolltaxrefund.co/wp-content/uploads/2023/02/ 7 KB
7 KB 286ms
285ms Image
image/png 2606:4700:3030::ac43:82d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payrolltaxrefund.co/wp-content/uploads/2023/02/pt1.png
Requested by: Host: payrolltaxrefund.co
URL: https://payrolltaxrefund.co/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:82d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5a7cc6921cbf21c72a9f905c5109aae4f856b579904888ab6cb505735f52f659

Request headers

Referer: https://payrolltaxrefund.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 03:13:01 GMT
cf-cache-status: MISS
last-modified: Mon, 27 Feb 2023 11:10:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VdiD%2B5la46R2VKO4352TMorR%2FIIlesAMP2C%2FjVsq%2FCO%2FDACNwSZcfoMIzhGhlPQ9T9oKu5Z7Mp%2BneunnjecW5FD6V24T%2FewfC5sz3exPrPj5vRy9kJcGpyJYYAOsdJSN9RQ930hO6EshlqKpRHve3NWc"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8a5fc5dd2dca0b7c-AMS
alt-svc: h3=":443"; ma=86400
content-length: 6752
expires: Sat, 27 Jul 2024 03:13:01 GMT

GET
H3 200 pt2.png
payrolltaxrefund.co/wp-content/uploads/2023/02/ 9 KB
10 KB 291ms
289ms Image
image/png 2606:4700:3030::ac43:82d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payrolltaxrefund.co/wp-content/uploads/2023/02/pt2.png
Requested by: Host: payrolltaxrefund.co
URL: https://payrolltaxrefund.co/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:82d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df2aa23c65d73e4841b089f3f49dbcdb17da12e159071ffaa83be7708afbc9ed

Request headers

Referer: https://payrolltaxrefund.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 03:13:00 GMT
cf-cache-status: MISS
last-modified: Mon, 27 Feb 2023 11:10:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b5OPGZ1M25CFF9JL4qawUQkKOjzKiq1rmW1AFw%2F8ma1bUAakLDWj2jDMj6Xzp%2BceIR%2Fp4P%2FtnlImrOvuwzPp7gROX8pMLxhd587KeWFPXC8fpgGRRDpUgA7YABxAxZtM96Qn4iuLDHGMwm5ZEiXGvbtd"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8a5fc5d8cb5b0b7c-AMS
alt-svc: h3=":443"; ma=86400
content-length: 9317
expires: Sat, 27 Jul 2024 03:13:00 GMT

GET
H3 200 email-decode.min.js Show response
payrolltaxrefund.co/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 23ms
22ms Script
application/javascript 2606:4700:3030::ac43:82d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://payrolltaxrefund.co/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: payrolltaxrefund.co
URL: https://payrolltaxrefund.co/

Protocol

H3

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:82d0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://payrolltaxrefund.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 03:13:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Jul 2024 17:12:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6696a9e8-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vqVuubuhvF7NoL41A3uhsMZW%2Bv80ZRsCb8g%2FTUIrNmm7HprnsY63zAf7lGydaF073Ziqva15ob2TuzItmJ4OSQLb64snqIKJx5xlQdiwpez182ccRAxBaN2sqLz%2FhOw0pO3rIif41mE5TSQa865gOy%2Fv"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 8a5fc5da0c0a0b7c-AMS
expires: Mon, 22 Jul 2024 03:13:00 GMT

GET
H3 200 jquery.min.js Show response
payrolltaxrefund.co/wp-includes/js/jquery/ 86 KB
31 KB 439ms
438ms Script
application/javascript 2606:4700:3030::ac43:82d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://payrolltaxrefund.co/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by: Host: payrolltaxrefund.co
URL: https://payrolltaxrefund.co/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:82d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Request headers

Referer: https://payrolltaxrefund.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 03:13:00 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 08 Nov 2023 00:02:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=45bJbWTPSKQMMRxlzC9CR6Vns%2BNcNpN8J6rhqFPFsgBWGSgvWxMMS0qRc1nR9mNaAX7Xassr6Yd7bafOg5Y3McnqVinL0rsSoS9Mjnrj8zCOZ8nshMs7rE0a7Du8v2ipRga4QcEP1gMvTnE393h0xDQX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a5fc5da3c290b7c-AMS
alt-svc: h3=":443"; ma=86400
expires: Sat, 27 Jul 2024 03:13:00 GMT

GET
H3 200 0f160b1ae1ed19a097131233d56da1f7.min.js Show response
payrolltaxrefund.co/wp-content/uploads/fusion-scripts/ 313 KB
88 KB 550ms
549ms Script
application/javascript 2606:4700:3030::ac43:82d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://payrolltaxrefund.co/wp-content/uploads/fusion-scripts/0f160b1ae1ed19a097131233d56da1f7.min.js?ver=3.9.2
Requested by: Host: payrolltaxrefund.co
URL: https://payrolltaxrefund.co/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:82d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba99a221de8eb86aae92b17b900f36a9e6ad8da8f1958442591e4fe61fdbac27

Request headers

Referer: https://payrolltaxrefund.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 03:13:01 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 05 Mar 2023 14:15:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BZHRLbYqXZcpyXrjp9BArgph%2FWYFAmggqX3GfMCQV4yzQXytbffkD6PgnXeyl%2Brle0vyUlSerHn7bMFu2HXED9hGuIcRASBTULs5Hins3bVt7D5NcksjNehV6icyDApnHyiwPZxqEvVTf0ocVloc5Anx"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a5fc5daac6a0b7c-AMS
alt-svc: h3=":443"; ma=86400
expires: Sat, 27 Jul 2024 03:13:00 GMT

GET
DATA 200
OK truncated
/ 148 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a905ce68b0561c98c7ca1946312acdfc31c74a8c180a5ad4b7516f47232c7e48

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 148 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a196581fabecf6f7177d7457273dc30c0ff176632122e9873aa4442412c95135

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 142 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67feeea29bdc95ef8a48cb0bec12ab799c5094cfb3eed64c65e19bbf9c458c0a

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 148 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 075cac2edebea085d916e6989c7c9b239c79fe89caf3f1d034dd28282e659049

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 139 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0d3c3dec826fa72ed68aa327b9168a361ba7e195c9b92aafa60a8177d24e4536

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 142 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6141a97912a7d797943100bd14d27767d8cd409daf3da6e2c42d662672632fbc

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 139 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 07da12fa97496bfffdc68eabe0d221cec0316f68813e78bbfa18bcf004d1624b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 142 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55f6460c7f9c43c15623c939dabd59282f11be00d71b67308d0c362009b443b0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 145 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3643f721ac03dca3b3618dda08ad81bfd35da55904555a70f2b54a2cc0adca91

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 139 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c430393c0199a7afcb2abc92380991f797b17870d5b4f6cb192054f4e227039a

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 xn7gYHE41ni1AdIRggexSg.woff2
payrolltaxrefund.co/wp-content/uploads/fusion-gfonts/ 24 KB
24 KB 415ms
414ms Font
font/woff2 2606:4700:3030::ac43:82d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://payrolltaxrefund.co/wp-content/uploads/fusion-gfonts/xn7gYHE41ni1AdIRggexSg.woff2
Requested by: Host: payrolltaxrefund.co
URL: https://payrolltaxrefund.co/wp-content/uploads/fusion-styles/6e5c872beb963fd9dcb829a06d72ae57.min.css?ver=3.9.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:82d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3c9bb0126992129d561e6615234943f04520c69bdba33205c935ca70414c2ef

Request headers

Referer: https://payrolltaxrefund.co/wp-content/uploads/fusion-styles/6e5c872beb963fd9dcb829a06d72ae57.min.css?ver=3.9.2
Origin: https://payrolltaxrefund.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 03:13:01 GMT
cf-cache-status: MISS
last-modified: Sun, 05 Mar 2023 13:56:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6qu0ENY6kch6soYwI0nvQL2uq61lvBhkCEmIx%2BVEGM3IcEydP%2BnfNS8C%2Bb4QijeTVFv8bh7JvlraZ1If%2FyLtRWEyh82pqhXJLYfHXK96hZFDjoV%2F0UIRrrCNfet2vBZh96uaeEHgqVQcldnFfiLrPW9s"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8a5fc5ddce250b7c-AMS
alt-svc: h3=":443"; ma=86400
content-length: 24328
expires: Sat, 27 Jul 2024 03:13:01 GMT

GET
H3 200 Accountant-Pro.ttf
payrolltaxrefund.co/wp-content/uploads/fusion-icons/Accountant-Pro-v2.0/fonts/ 7 KB
5 KB 275ms
274ms Font
font/ttf 2606:4700:3030::ac43:82d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://payrolltaxrefund.co/wp-content/uploads/fusion-icons/Accountant-Pro-v2.0/fonts/Accountant-Pro.ttf?ym7fev
Requested by: Host: payrolltaxrefund.co
URL: https://payrolltaxrefund.co/wp-content/uploads/fusion-styles/6e5c872beb963fd9dcb829a06d72ae57.min.css?ver=3.9.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:82d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 240d5e3812ab8e6e75533336f3afc26da97dac68e1d331ba70b6ec747bae55e1

Request headers

Referer: https://payrolltaxrefund.co/wp-content/uploads/fusion-styles/6e5c872beb963fd9dcb829a06d72ae57.min.css?ver=3.9.2
Origin: https://payrolltaxrefund.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 03:13:01 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 24 Feb 2023 11:30:43 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IKEgxdemsJLDff3Fx8gHWrUlhtNV7a8ek6uZmvTd%2Bqvakv6lSNZLO0qTKJS56BvfZVLNdHMR1cWqMdewKFqgfvH4jifexyBVzHNAindI05VTRS45bp3Bv2bnpOsHsPsSqpq2l9Vmxo5E1zJB%2Bp19q6Yc"}],"group":"cf-nel","max_age":604800}
content-type: font/ttf
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a5fc5ddce280b7c-AMS
alt-svc: h3=":443"; ma=86400
expires: Sat, 27 Jul 2024 03:13:01 GMT

GET
H3 200 fa-solid-900.woff2
payrolltaxrefund.co/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/ 76 KB
77 KB 543ms
542ms Font
font/woff2 2606:4700:3030::ac43:82d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://payrolltaxrefund.co/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-solid-900.woff2
Requested by: Host: payrolltaxrefund.co
URL: https://payrolltaxrefund.co/wp-content/uploads/fusion-styles/6e5c872beb963fd9dcb829a06d72ae57.min.css?ver=3.9.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:82d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef2369c82b6ec19bcf4fe76799d94edc43604e164c0f73978059536159845441

Request headers

Referer: https://payrolltaxrefund.co/wp-content/uploads/fusion-styles/6e5c872beb963fd9dcb829a06d72ae57.min.css?ver=3.9.2
Origin: https://payrolltaxrefund.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 03:13:01 GMT
cf-cache-status: MISS
last-modified: Tue, 17 Jan 2023 12:48:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vh4c1Mueo57LI3nAYJCtpLQgpgAdkOAiRBAIjvBz5AXZ4ztaTDhX3L0lL%2FF05FTmZKQTiIgE9l5rFzuFGAMSRzi7LdIHLUlJGd9uFOFvg74OiHLK7y6GioDWiwDVSVNieZCsQXwNs8c3PRRJuRbUC0fD"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8a5fc5ddce290b7c-AMS
alt-svc: h3=":443"; ma=86400
content-length: 78212
expires: Sat, 27 Jul 2024 03:13:01 GMT

GET
H3 200 awb-icons.woff
payrolltaxrefund.co/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/ 21 KB
21 KB 410ms
409ms Font
font/woff 2606:4700:3030::ac43:82d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://payrolltaxrefund.co/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/awb-icons.woff
Requested by: Host: payrolltaxrefund.co
URL: https://payrolltaxrefund.co/wp-content/uploads/fusion-styles/6e5c872beb963fd9dcb829a06d72ae57.min.css?ver=3.9.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:82d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 288d156b63cea15974f8ced0963ccc03ca9688a0e2da4af409339c065faab72f

Request headers

Referer: https://payrolltaxrefund.co/wp-content/uploads/fusion-styles/6e5c872beb963fd9dcb829a06d72ae57.min.css?ver=3.9.2
Origin: https://payrolltaxrefund.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 03:13:01 GMT
cf-cache-status: MISS
last-modified: Tue, 17 Jan 2023 12:48:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zeSPyrdVigqMYKffHfToHuO%2FBHr0QEjZJEXAQu2B431bsahgFOm2b%2FA61hA%2FUIxgnz3DkiT2zNEPN1TY65ohQI0NFPhlsK%2B54182S0Mto8Wm3GTdyFh3p7uNzlAxJtvoVJV4akX0bIPsFy8AgpDDyyw0"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8a5fc5ddce2a0b7c-AMS
alt-svc: h3=":443"; ma=86400
content-length: 21028
expires: Sat, 27 Jul 2024 03:13:01 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 44ms
16ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-MCFVEFVPFM&gtm=45je47h0v9103870066za200&_p=1721445180976&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=1656803929.1721445181&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1721445181&sct=1&seg=0&dl=https%3A%2F%2Fpayrolltaxrefund.co%2F&dt=Employee%20Retention%20Credit%20-%20Up%20to%20%2426%2C000%20Per%20Employee&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1394&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MCFVEFVPFM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://payrolltaxrefund.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jul 2024 03:13:01 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://payrolltaxrefund.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 hero-women-accountant.jpg
payrolltaxrefund.co/wp-content/uploads/2020/08/ 145 KB
146 KB 540ms
540ms Image
image/jpeg 2606:4700:3030::ac43:82d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payrolltaxrefund.co/wp-content/uploads/2020/08/hero-women-accountant.jpg
Requested by: Host: payrolltaxrefund.co
URL: https://payrolltaxrefund.co/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:82d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66681551d19fba987d306b3e1bc7ef14c8d1e2b5fab078748835205f740475c8

Request headers

Referer: https://payrolltaxrefund.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 03:13:01 GMT
cf-cache-status: MISS
last-modified: Fri, 24 Feb 2023 11:30:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FIg1cu98%2Ba2RBtvvHysJceN9Mcl8xIGjDm4quZwTgIpnsu6JJWZVRpgLXMG8%2FXcpJiqsbMJQO8knoI1aATy7j0F23B6b3b84H%2BRbnGWlxaj1cn2tuaLjsBkFRVZDYb3Plrr5UloQJ7S6lIz0%2B10odh5%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8a5fc5deceb50b7c-AMS
alt-svc: h3=":443"; ma=86400
content-length: 148458
expires: Sat, 27 Jul 2024 03:13:01 GMT

GET
H3 200 Payroll-Tax-Refund-web-icon.png
payrolltaxrefund.co/wp-content/uploads/2023/02/ 7 KB
7 KB 284ms
284ms Other
image/png 2606:4700:3030::ac43:82d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://payrolltaxrefund.co/wp-content/uploads/2023/02/Payroll-Tax-Refund-web-icon.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:82d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2b5da7f2989ea9f4c811b7dbb5bbebb92b47d180585a8187b79103ef591e761

Request headers

Referer: https://payrolltaxrefund.co/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 03:13:02 GMT
cf-cache-status: MISS
last-modified: Mon, 27 Feb 2023 12:46:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OT1YrV3kOKCX78R5zcqT7sQk4MGGKsaTHjLvaO0sWgmLJbvctccNzWm4ekdSBN07O3z6wNiRJKKCzh8HkVN0sapKpVUCl7NN78Rmb2ElvlZmF9SeN1RRjmE0AcR241okzj7figSDPvyf%2B0dZauTW9OIO"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8a5fc5e359390b7c-AMS
alt-svc: h3=":443"; ma=86400
content-length: 7090
expires: Sat, 27 Jul 2024 03:13:02 GMT

Verdicts & Comments Add Verdict or Comment

109 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| doc function| gtag object| dataLayer object| google_tag_manager object| google_tag_data function| fusionNavIsCollapsed function| fusionRunNavIsCollapsed function| avadaGetScrollBarWidth function| jQuery function| onYouTubeIframeAPIReady object| gaGlobal object| cssua object| fusionJSVars object| fusion object| fusionLightboxVideoVars object| fusionEqualHeightVars function| _fusionRefreshScroll function| _fusionParallaxAll function| _fusionRefreshWindow object| fusionVideoGeneralVars function| playVideoAndPauseOthers object| fusionVideoBgVars object| $youtubeBGVideos function| _fbRowGetAllElementsWithAttribute function| _fbRowOnPlayerReady function| _fbRowOnPlayerStateChange function| resizeVideo function| vimeoReady function| fusionInitVimeoPlayers object| fusionLightboxVars function| avadaLightBoxInitializeLightbox function| fusionInitTooltips object| fusionTimeout function| registerYoutubePlayers function| onPlayerReady function| loadYoutubeIframeAPI function| onYouTubePlayerAPIReadyCallback function| onPlayerStateChange function| ytVidId function| insertParam function| fusionYouTubeTimeout function| avadaAddQuantityBoxes function| compositeAddQuantityBoxes function| fusionResizeCrossfadeImagesContainer function| calcSelectArrowDimensions object| avadaLiveSearchVars function| avadaLiveSearch object| fusionAnimationsVars function| fusionSetAnimationData object| fusionMenuVars function| fusionNavClickExpandBtn function| fusionNavClickExpandSubmenuBtn function| fusionNavMobilePosition function| fusionNavSubmenuDirection function| fusionNavSearchOverlay function| fusionNavCloseFlyoutSub function| fusionNavAltArrowsClass function| fusionNavRunAll function| fusionAdjustNavMobilePosition function| fusionVerticalSubmenuDirection function| awbMegamenuPosition object| fusionFlexSliderVars function| fusionInitPostFlexSlider function| fusionDestroyPostFlexSlider function| fusionFlexSliderStrToBool object| fusionContainerVars function| fusionInitStickyContainers function| fusionInitSticky function| fusionGetStickyOffset function| initSwiperScrollingSection function| initScrollingSections function| setCorrectResizeValuesForScrollSections function| scrollToCurrentScrollSection function| getScrollSectionPositionValues function| fusionDisableStickyHeader function| fusionInitStickyHeader function| getStickyHeaderHeight function| moveSideHeaderStylingDivs function| fusionSideHeaderScroll function| fusionGetScrollOffset object| fusionTypographyVars function| fusionCalculateResponsiveTypeValues function| fusionSetOriginalTypographyData function| fusionInitTypography object| fusionScrollToAnchorVars function| checkHoverTouchState object| fusionVideoVars function| fusionInitStickyColumns object| html5 object| Modernizr object| browserPrefixes object| _fusionImageParallaxImages object| avadaLightBox object| $ilInstances function| onYouTubePlayerAPIReady function| YTReady object| Vimeo boolean| VimeoPlayerResizeEmbeds_ object| lazySizes object| awb_oc_timeouts object| awbOffCanvas object| awbAnimationObservers function| awbScrollSpy string| responsiveTypeElements string| fusionBaseFontSize function| overlap number| _fusionWindowHeight number| _fusionWindowWidth object| fusionVimeoPlayers

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.payrolltaxrefund.co/	1970-01-21 07:46:45	Name: _ga_MCFVEFVPFM Value: GS1.1.1721445181.1.0.1721445181.0.0.0
			.payrolltaxrefund.co/	1970-01-21 07:46:45	Name: _ga Value: GA1.1.1656803929.1721445181

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

payrolltaxrefund.co
region1.google-analytics.com
www.googletagmanager.com
2001:4860:4802:32::36
2606:4700:3030::ac43:82d0
2a00:1450:4001:82f::2008
075cac2edebea085d916e6989c7c9b239c79fe89caf3f1d034dd28282e659049
07da12fa97496bfffdc68eabe0d221cec0316f68813e78bbfa18bcf004d1624b
0d3c3dec826fa72ed68aa327b9168a361ba7e195c9b92aafa60a8177d24e4536
240d5e3812ab8e6e75533336f3afc26da97dac68e1d331ba70b6ec747bae55e1
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
288d156b63cea15974f8ced0963ccc03ca9688a0e2da4af409339c065faab72f
3643f721ac03dca3b3618dda08ad81bfd35da55904555a70f2b54a2cc0adca91
36d9f8c43851644782415bc28c9383438ce92e76224781e17302f161cf559197
55f6460c7f9c43c15623c939dabd59282f11be00d71b67308d0c362009b443b0
5a7cc6921cbf21c72a9f905c5109aae4f856b579904888ab6cb505735f52f659
6141a97912a7d797943100bd14d27767d8cd409daf3da6e2c42d662672632fbc
66681551d19fba987d306b3e1bc7ef14c8d1e2b5fab078748835205f740475c8
67feeea29bdc95ef8a48cb0bec12ab799c5094cfb3eed64c65e19bbf9c458c0a
a196581fabecf6f7177d7457273dc30c0ff176632122e9873aa4442412c95135
a3c9bb0126992129d561e6615234943f04520c69bdba33205c935ca70414c2ef
a905ce68b0561c98c7ca1946312acdfc31c74a8c180a5ad4b7516f47232c7e48
afe20128e9fc41fa10644bfc6aca2307235f945669852b5963b77a0e3a46e97b
ba99a221de8eb86aae92b17b900f36a9e6ad8da8f1958442591e4fe61fdbac27
c430393c0199a7afcb2abc92380991f797b17870d5b4f6cb192054f4e227039a
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
df2aa23c65d73e4841b089f3f49dbcdb17da12e159071ffaa83be7708afbc9ed
e2b5da7f2989ea9f4c811b7dbb5bbebb92b47d180585a8187b79103ef591e761
e481ee79f0b887b43009c7ef5279d9a463f0a82458c147bf2db68c45c078ac3d
ef2369c82b6ec19bcf4fe76799d94edc43604e164c0f73978059536159845441