urlscan.io logo urlscan.io
SecurityTrails logo

landing.jerkmate.com Open in urlscan Pro
52.204.241.238  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://edunoullaudis.ml/
Effective URL: https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
Submission: On August 31 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 15 IPs in 3 countries across 15 domains to perform 27 HTTP transactions. The main IP is 52.204.241.238, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is landing.jerkmate.com.
TLS certificate: Issued by Amazon on August 29th 2020. Valid for: a year.
This is the only time landing.jerkmate.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
2 3.120.230.228 16509 (AMAZON-02)
1 52.207.71.232 14618 (AMAZON-AES)
1 205.185.216.10 20446 (HIGHWINDS3)
1 52.204.241.238 14618 (AMAZON-AES)
9 205.185.216.42 20446 (HIGHWINDS3)
1 2a00:1450:400... 15169 (GOOGLE)
1 13.35.254.83 16509 (AMAZON-02)
1 172.217.23.162 15169 (GOOGLE)
1 3 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 34.204.253.47 14618 (AMAZON-AES)
1 151.101.114.110 54113 (FASTLY)
2 162.247.242.20 23467 (NEWRELIC-...)
27 15
1    2606:4700:3034::ac43:b137 (United States)

ASN13335 (CLOUDFLARENET, US)
edunoullaudis.ml
2    3.120.230.228 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-230-228.eu-central-1.compute.amazonaws.com
vultors-triefs.com
1    52.207.71.232 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-207-71-232.compute-1.amazonaws.com
t.grtya.com
1    205.185.216.10 (Phoenix, United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net
ckstatic.com
1    52.204.241.238 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-241-238.compute-1.amazonaws.com
landing.jerkmate.com
9    205.185.216.42 (Phoenix, United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net
static.selfpua.com
static.jerkmate.com
1    2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    13.35.254.83 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-254-83.fra6.r.cloudfront.net
cdn.freshmarketer.com
1    172.217.23.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s22-in-f162.1e100.net
www.googleadservices.com
3    2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:80b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    2a00:1450:4001:821::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    34.204.253.47 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-204-253-47.compute-1.amazonaws.com
ip.freshmarketer.com
1    151.101.114.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
2    162.247.242.20 (San Francisco, United States)

ASN23467 (NEWRELIC-AS-1, US)
PTR: bam-8.nr-data.net
bam.nr-data.net
Domain Requested by
8 static.jerkmate.com landing.jerkmate.com
static.jerkmate.com
3 www.google-analytics.com 1 redirects www.googletagmanager.com
www.google-analytics.com
2 bam.nr-data.net js-agent.newrelic.com
2 www.google.de landing.jerkmate.com
2 www.google.com 1 redirects landing.jerkmate.com
2 vultors-triefs.com
1 js-agent.newrelic.com landing.jerkmate.com
1 ip.freshmarketer.com cdn.freshmarketer.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 stats.g.doubleclick.net 1 redirects
1 www.googleadservices.com www.googletagmanager.com
1 cdn.freshmarketer.com vultors-triefs.com
1 www.googletagmanager.com landing.jerkmate.com
1 static.selfpua.com landing.jerkmate.com
1 landing.jerkmate.com t.grtya.com
1 ckstatic.com t.grtya.com
1 t.grtya.com
1 edunoullaudis.ml 1 redirects
27 18

This site contains no links.

Subject Issuer Validity Valid
vultors-triefs.com
Let's Encrypt Authority X3		 2020-07-27 -
2020-10-25		 3 months crt.sh
t.frtyh.com
Let's Encrypt Authority X3		 2020-07-30 -
2020-10-28		 3 months crt.sh
ckstatic.com
Let's Encrypt Authority X3		 2020-08-14 -
2020-11-12		 3 months crt.sh
*.thepornsurvey.com
Amazon		 2020-08-29 -
2021-09-28		 a year crt.sh
static.selfpua.com
Sectigo RSA Domain Validation Secure Server CA		 2019-06-20 -
2021-06-19		 2 years crt.sh
static.jerkmate.com
Sectigo RSA Domain Validation Secure Server CA		 2019-08-27 -
2021-08-26		 2 years crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-08-11 -
2020-11-03		 3 months crt.sh
*.freshmarketer.com
Amazon		 2020-07-27 -
2021-08-27		 a year crt.sh
www.googleadservices.com
GTS CA 1O1		 2020-08-11 -
2020-11-03		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-08-11 -
2020-11-03		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-08-11 -
2020-11-03		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-08-11 -
2020-11-03		 3 months crt.sh
*.google.de
GTS CA 1O1		 2020-08-11 -
2020-11-03		 3 months crt.sh
f4.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2020-08-24 -
2021-05-07		 8 months crt.sh
*.nr-data.net
DigiCert SHA2 Secure Server CA		 2020-02-05 -
2022-02-08		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
Frame ID: 05C5302D01E67FFF79725BA8DD49A516
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://edunoullaudis.ml/ HTTP 302
    https://vultors-triefs.com/4a0735a8-a81e-4bc1-a379-da01d012ab3b?campaignkeyword=@@CAMPAIGN-KEYWORD@@&ke... Page URL
  2. https://vultors-triefs.com/redirect?target=BASE64aHR0cHM6Ly90LmdydHlhLmNvbS9weGRmbGRyeHE4P3VybF9pZD0xOD... Page URL
  3. https://t.grtya.com/pxdfldrxq8?url_id=18710&aff_id=66056&offer_id=6224&aff_sub=Sred&bo=2779,2778... Page URL
  4. https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /cdn\.freshmarketer\.com/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<!-- (?:End )?Google Tag Manager -->/i

Page Statistics

27
Requests

100 %
HTTPS

41 %
IPv6

15
Domains

18
Subdomains

15
IPs

3
Countries

1060 kB
Transfer

1661 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://edunoullaudis.ml/ HTTP 302
    https://vultors-triefs.com/4a0735a8-a81e-4bc1-a379-da01d012ab3b?campaignkeyword=@@CAMPAIGN-KEYWORD@@&keyword=@@KEYWORD@@&geo=@@GEO@@&campaignname=@@CAMPAIGN_NAME@@&device=@@DEVICE@@&os=@@OS@@&browser=@@BROWSER@@&carrier=@@CARRIER@@&source=@@SOURCE@@&bid=@@BID@@&clickid=@@CLICK-ID@@ Page URL
  2. https://vultors-triefs.com/redirect?target=BASE64aHR0cHM6Ly90LmdydHlhLmNvbS9weGRmbGRyeHE4P3VybF9pZD0xODcxMCZhZmZfaWQ9NjYwNTYmb2ZmZXJfaWQ9NjIyNCZhZmZfc3ViPVNyZWQmYm89Mjc3OSwyNzc4LDI3NzcsMjc3NiwyNzc1JnBvPTY1MzMmYWZmX2NsaWNrX2lkPXc4MHQ5NWg3OWNwbDZjajFpdjkxMWgzMA&ts=1598847103600&hash=5RSRLObBS6TxDmEkeISFuLUFhlRN54nXDBrFhU-Q_Us&rm=D Page URL
  3. https://t.grtya.com/pxdfldrxq8?url_id=18710&aff_id=66056&offer_id=6224&aff_sub=Sred&bo=2779,2778,2777,2776,2775&po=6533&aff_click_id=w80t95h79cpl6cj1iv911h30 Page URL
  4. https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://edunoullaudis.ml/ HTTP 302
  • https://vultors-triefs.com/4a0735a8-a81e-4bc1-a379-da01d012ab3b?campaignkeyword=@@CAMPAIGN-KEYWORD@@&keyword=@@KEYWORD@@&geo=@@GEO@@&campaignname=@@CAMPAIGN_NAME@@&device=@@DEVICE@@&os=@@OS@@&browser=@@BROWSER@@&carrier=@@CARRIER@@&source=@@SOURCE@@&bid=@@BID@@&clickid=@@CLICK-ID@@
Request Chain 18
  • https://www.google-analytics.com/r/collect?v=1&_v=j83&a=2144830329&t=pageview&_s=1&dl=https%3A%2F%2Flanding.jerkmate.com%2F28651%2F%3Fs2%3D102030fe1f296437fb5982729886f4%26s3%3DSred%26s4%3D66056%26po%3D6533%26img%3Di2K9Ey%26url%3D11&dr=https%3A%2F%2Ft.grtya.com%2F66056%2F2779%3Fpo%3D6533%26aff_click_id%3Dw80t95h79cpl6cj1iv911h30%26nopop%3D1%26boSequence%3D4%26bo%3D2778%252C2777%252C2776%252C2775%26aff_sub%3DSred&ul=en-us&de=UTF-8&dt=Jerkmate%20%7C%20Never%20jerk%20off%20alone%20again&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAEADQ~&jid=884694009&gjid=1476299351&cid=1811542920.1598847105&tid=UA-118335291-9&_gid=684198405.1598847105&_r=1&gtm=2wg8j2MH37XZ2&cd1=102030fe1f296437fb5982729886f4&cd2=Sred&cd3=66056&cd4=i2K9Ey&z=1467546462 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-118335291-9&cid=1811542920.1598847105&jid=884694009&_gid=684198405.1598847105&gjid=1476299351&_v=j83&z=1467546462 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-118335291-9&cid=1811542920.1598847105&jid=884694009&_v=j83&z=1467546462 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-118335291-9&cid=1811542920.1598847105&jid=884694009&_v=j83&z=1467546462&slf_rd=1&random=522839549

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set 4a0735a8-a81e-4bc1-a379-da01d012ab3b
vultors-triefs.com/
Redirect Chain
  • https://edunoullaudis.ml/
  • https://vultors-triefs.com/4a0735a8-a81e-4bc1-a379-da01d012ab3b?campaignkeyword=@@CAMPAIGN-KEYWORD@@&keyword=@@KEYWORD@@&geo=@@GEO@@&campaignname=@@CAMPAIGN_NAME@@&device=@@DEVICE@@&os=@@OS@@&brows...
546 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vultors-triefs.com/4a0735a8-a81e-4bc1-a379-da01d012ab3b?campaignkeyword=@@CAMPAIGN-KEYWORD@@&keyword=@@KEYWORD@@&geo=@@GEO@@&campaignname=@@CAMPAIGN_NAME@@&device=@@DEVICE@@&os=@@OS@@&browser=@@BROWSER@@&carrier=@@CARRIER@@&source=@@SOURCE@@&bid=@@BID@@&clickid=@@CLICK-ID@@
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.120.230.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-120-230-228.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
76c420e23f12e95621ab8f4ab5f9006d8dd654dffeab9235f82b508d750e9b1b

Request headers

Host
vultors-triefs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Mon, 31 Aug 2020 04:11:43 GMT
Content-Type
text/html;charset=UTF-8
Content-Length
546
Connection
keep-alive
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Set-Cookie
4a0735a8-a81e-4bc1-a379-da01d012ab3b-v4=4a0735a8-a81e-4bc1-a379-da01d012ab3b; Max-Age=86400; Expires=Tue, 01-Sep-2020 04:11:43 GMT; Domain=vultors-triefs.com; Path=/; Secure; HttpOnly;SameSite=None cc-v4=OgEudkrYo0lDVa38kf9BV%2FIl8CkpPciNsps5F1Fp4ZDoe52AElUR%2B8p%2Bo7vWVe791BDbC3Cxj8l%2BNTQ2VTHsxKEcU%2B5i0GNHb0%2FyyGCVFytiouoYn7JYMItdnG%2BHJj%2BhBOiSuLAWdcZQkhIgfQ40Pw%3D%3D; Max-Age=31536000; Expires=Tue, 31-Aug-2021 04:11:43 GMT; Domain=vultors-triefs.com; Path=/; Secure; HttpOnly;SameSite=None

Redirect headers

status
302
date
Mon, 31 Aug 2020 04:11:43 GMT
content-type
text/html;charset=UTF-8
set-cookie
__cfduid=d825f011000e00f74d48d551956fbdf681598847103; expires=Wed, 30-Sep-20 04:11:43 GMT; path=/; domain=.edunoullaudis.ml; HttpOnly; SameSite=Lax
location
https://vultors-triefs.com/4a0735a8-a81e-4bc1-a379-da01d012ab3b?campaignkeyword=@@CAMPAIGN-KEYWORD@@&keyword=@@KEYWORD@@&geo=@@GEO@@&campaignname=@@CAMPAIGN_NAME@@&device=@@DEVICE@@&os=@@OS@@&browser=@@BROWSER@@&carrier=@@CARRIER@@&source=@@SOURCE@@&bid=@@BID@@&clickid=@@CLICK-ID@@
cf-cache-status
DYNAMIC
cf-request-id
04e44fca0500003248ee2a3200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5cb3e8bcd8d13248-FRA
redirect
vultors-triefs.com/ 		369 B
642 B 		Document
General
Check archive.org
Download Go to
Full URL
https://vultors-triefs.com/redirect?target=BASE64aHR0cHM6Ly90LmdydHlhLmNvbS9weGRmbGRyeHE4P3VybF9pZD0xODcxMCZhZmZfaWQ9NjYwNTYmb2ZmZXJfaWQ9NjIyNCZhZmZfc3ViPVNyZWQmYm89Mjc3OSwyNzc4LDI3NzcsMjc3NiwyNzc1JnBvPTY1MzMmYWZmX2NsaWNrX2lkPXc4MHQ5NWg3OWNwbDZjajFpdjkxMWgzMA&ts=1598847103600&hash=5RSRLObBS6TxDmEkeISFuLUFhlRN54nXDBrFhU-Q_Us&rm=D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.120.230.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-120-230-228.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
b89031ba3baadc933177ec8d1e4e92b5e30198ba12f668293e5f3c464cc3e2e3

Request headers

Host
vultors-triefs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://vultors-triefs.com/4a0735a8-a81e-4bc1-a379-da01d012ab3b?campaignkeyword=@@CAMPAIGN-KEYWORD@@&keyword=@@KEYWORD@@&geo=@@GEO@@&campaignname=@@CAMPAIGN_NAME@@&device=@@DEVICE@@&os=@@OS@@&browser=@@BROWSER@@&carrier=@@CARRIER@@&source=@@SOURCE@@&bid=@@BID@@&clickid=@@CLICK-ID@@
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
4a0735a8-a81e-4bc1-a379-da01d012ab3b-v4=4a0735a8-a81e-4bc1-a379-da01d012ab3b; cc-v4=OgEudkrYo0lDVa38kf9BV%2FIl8CkpPciNsps5F1Fp4ZDoe52AElUR%2B8p%2Bo7vWVe791BDbC3Cxj8l%2BNTQ2VTHsxKEcU%2B5i0GNHb0%2FyyGCVFytiouoYn7JYMItdnG%2BHJj%2BhBOiSuLAWdcZQkhIgfQ40Pw%3D%3D
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://vultors-triefs.com/4a0735a8-a81e-4bc1-a379-da01d012ab3b?campaignkeyword=@@CAMPAIGN-KEYWORD@@&keyword=@@KEYWORD@@&geo=@@GEO@@&campaignname=@@CAMPAIGN_NAME@@&device=@@DEVICE@@&os=@@OS@@&browser=@@BROWSER@@&carrier=@@CARRIER@@&source=@@SOURCE@@&bid=@@BID@@&clickid=@@CLICK-ID@@

Response headers

Server
nginx
Date
Mon, 31 Aug 2020 04:11:43 GMT
Content-Type
text/html;charset=UTF-8
Content-Length
369
Connection
keep-alive
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
pxdfldrxq8
t.grtya.com/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://t.grtya.com/pxdfldrxq8?url_id=18710&aff_id=66056&offer_id=6224&aff_sub=Sred&bo=2779,2778,2777,2776,2775&po=6533&aff_click_id=w80t95h79cpl6cj1iv911h30
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.207.71.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-207-71-232.compute-1.amazonaws.com
Software
nginx/1.17.10 / Express
Resource Hash
c705715c648c7a8d16d5124b3534abf2eab55e9d0586818ba97eda6a31857c6a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:method
GET
:authority
t.grtya.com
:scheme
https
:path
/pxdfldrxq8?url_id=18710&aff_id=66056&offer_id=6224&aff_sub=Sred&bo=2779,2778,2777,2776,2775&po=6533&aff_click_id=w80t95h79cpl6cj1iv911h30
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://vultors-triefs.com/redirect?target=BASE64aHR0cHM6Ly90LmdydHlhLmNvbS9weGRmbGRyeHE4P3VybF9pZD0xODcxMCZhZmZfaWQ9NjYwNTYmb2ZmZXJfaWQ9NjIyNCZhZmZfc3ViPVNyZWQmYm89Mjc3OSwyNzc4LDI3NzcsMjc3NiwyNzc1JnBvPTY1MzMmYWZmX2NsaWNrX2lkPXc4MHQ5NWg3OWNwbDZjajFpdjkxMWgzMA&ts=1598847103600&hash=5RSRLObBS6TxDmEkeISFuLUFhlRN54nXDBrFhU-Q_Us&rm=D
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://vultors-triefs.com/redirect?target=BASE64aHR0cHM6Ly90LmdydHlhLmNvbS9weGRmbGRyeHE4P3VybF9pZD0xODcxMCZhZmZfaWQ9NjYwNTYmb2ZmZXJfaWQ9NjIyNCZhZmZfc3ViPVNyZWQmYm89Mjc3OSwyNzc4LDI3NzcsMjc3NiwyNzc1JnBvPTY1MzMmYWZmX2NsaWNrX2lkPXc4MHQ5NWg3OWNwbDZjajFpdjkxMWgzMA&ts=1598847103600&hash=5RSRLObBS6TxDmEkeISFuLUFhlRN54nXDBrFhU-Q_Us&rm=D

Response headers

status
200
server
nginx/1.17.10
date
Mon, 31 Aug 2020 04:11:44 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
x-powered-by
Express
set-cookie
aff_ran_url_6224=18710; Path=/; Expires=Tue, 01 Sep 2020 04:11:44 GMT; Secure enc_aff_session_6224=ENC03b35bc34b76684ee07961ff6405e9c83f2e080f29b1796d973b1ae35b4a752f20f6656b78116d43a2f30dd8bf3fc2cf5eb3479bfaad49e9b61ddd5e0f876c861734e2e2e19d33510184fce11a3823a2ebe4126e0e6c7255928ba9aa119719502aff79c84d112c17e80ebb47e13c60604d5b90c2e8b5d8e6a847ee9b72d7547db4c7dd8293699ffe3fdf01b753e02889ec1e09d0c1fe83dda28b3ca95bf3b9b0a6f59cf8a26c54c729fc3932c5eec4de0b12f6502bf94412aaca4c1b4b7d26755145029c27f1a2932e069a3cccb987955d435dfc3d396a5268999e81c88a918d446121e5c51e30c4cdc0214c72d5325574afa4cedab254dfcc6bdc7d26b5b00d5878c58d95163db0a646bec0d7e5277022e3a8fe584ba51472621459fe1274e2d32aecd1fd109eb2030e014fbc302c3764d6c3defaf415cc608cdfeccc0cc852db2b93031f9a5680382c7e41e22c82248727ec6bb66cdc8469fc4a04cd1f26f9c43fdbb3ba766136f45b86b7346337a7e6debb51ca6d2cba11bfa753a0acd5845e95488baeebc8c34dd023db05f0b7e0ffe86381a1e3f9534f466e99262780a1fc37044d36; Path=/; Expires=Fri, 19 Aug 2022 22:11:44 GMT; Secure ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiI4My4wIiwibW9iaWxlX2NhcnJpZXIiOiI%2FIiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwXzE0XzUpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIExpa2UgR2Vja28pIENocm9tZS84My4wLjQxMDMuNjEgU2FmYXJpLzUzNy4zNiIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ%3D%3D; Path=/; Expires=Wed, 26 Jul 2023 14:51:44 GMT; Secure
tracking_id
102030fe1f296437fb5982729886f4
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
history.js
ckstatic.com/js/historyjs/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ckstatic.com/js/historyjs/history.js
Requested by
Host: t.grtya.com
URL: https://t.grtya.com/pxdfldrxq8?url_id=18710&aff_id=66056&offer_id=6224&aff_sub=Sred&bo=2779,2778,2777,2776,2775&po=6533&aff_click_id=w80t95h79cpl6cj1iv911h30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
2324fa2acc1382ed8b1306e981e5c2273e57a0532efd1d6a5a0a4a0aab22d045

Request headers

Referer
https://t.grtya.com/pxdfldrxq8?url_id=18710&aff_id=66056&offer_id=6224&aff_sub=Sred&bo=2779,2778,2777,2776,2775&po=6533&aff_click_id=w80t95h79cpl6cj1iv911h30
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 31 Aug 2020 04:11:44 GMT
Content-Encoding
gzip
Last-Modified
Thu, 04 Dec 2014 21:06:56 GMT
ETag
"1417727216"
X-HW
1598847104.dop029.pa1.t,1598847104.cds015.pa1.shn,1598847104.cds015.pa1.c
Content-Type
text/javascript
Cache-Control
max-age=63639
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
6880
Primary Request /
landing.jerkmate.com/28651/ 		21 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
Requested by
Host: t.grtya.com
URL: https://t.grtya.com/pxdfldrxq8?url_id=18710&aff_id=66056&offer_id=6224&aff_sub=Sred&bo=2779,2778,2777,2776,2775&po=6533&aff_click_id=w80t95h79cpl6cj1iv911h30
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.204.241.238 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-204-241-238.compute-1.amazonaws.com
Software
nginx/1.15.7 /
Resource Hash
0e378609e731f8d6ff57e75ed9ad15f536eb0212760dd86b95caf891a6935b6e

Request headers

:method
GET
:authority
landing.jerkmate.com
:scheme
https
:path
/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://t.grtya.com/66056/2779?po=6533&aff_click_id=w80t95h79cpl6cj1iv911h30&nopop=1&boSequence=4&bo=2778%2C2777%2C2776%2C2775&aff_sub=Sred
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://t.grtya.com/66056/2779?po=6533&aff_click_id=w80t95h79cpl6cj1iv911h30&nopop=1&boSequence=4&bo=2778%2C2777%2C2776%2C2775&aff_sub=Sred

Response headers

status
200
date
Mon, 31 Aug 2020 04:11:44 GMT
content-type
text/html; charset=UTF-8
server
nginx/1.15.7
vary
Accept-Encoding
cache-control
no-cache
x-robots-tag
noindex, nofollow
tracker
1.7812.GB.28651.typein_referral_Aug2020
outlinksenabled
0
usevarnish
0
set-cookie
tracking=%7B%22aff%22%3A%221%22%2C%22subId1%22%3A%22%22%2C%22subId2%22%3A%22102030fe1f296437fb5982729886f4%22%2C%22subId3%22%3A%22Sred%22%2C%22subId4%22%3A%2266056%22%2C%22typeInUrl%22%3A%22%22%2C%22urlParam%22%3A%2211%22%2C%22tourId%22%3A%2228651%22%2C%22mirrorId%22%3A%22%22%7D; expires=Mon, 07-Sep-2020 04:11:44 GMT; path=/ hash=2b21b164b6b72310d9820e7a9e6938f52f63a9ff; expires=Mon, 07-Sep-2020 04:11:44 GMT; path=/ crak=%7B%227812%22%3A%7B%22aff%22%3A%221%22%2C%22track%22%3A%22%22%2C%22subid2%22%3A%22102030fe1f296437fb5982729886f4%22%2C%22subid3%22%3A%22Sred%22%2C%22subid4%22%3A%2266056%22%2C%22typein_url%22%3A%22%22%2C%22url_id%22%3A%2211%22%2C%22exp%22%3A%221599451904%22%2C%22click%22%3A%22%22%7D%7D; expires=Mon, 07-Sep-2020 04:11:44 GMT; path=/; httponly regional=%5B%22Westminster%22%2C%22Charing+Cross%22%2C%22Highbury%22%2C%22Camberwell%22%2C%22East+Dulwich%22%2C%22Lambeth%22%2C%22Westminster%22%2C%22Saint+Johns+Wood%22%2C%22Upper+Holloway%22%2C%22Walworth%22%5D; expires=Thu, 01-Oct-2020 04:11:44 GMT; path=/; httponly locale=en_US; expires=Tue, 01-Sep-2020 04:11:44 GMT; path=/; httponly
content-encoding
gzip
access-control-allow-origin
*
access-control-allow-methods
GET, POST, OPTIONS
x-cache-layer-request
disabled
x-original-host
landing.jerkmate.com
x-uncacheable
1
x-varnish
84225619
age
0
via
1.1 varnish-v4
x-cache
MISS
x-cache-hits
0
accept-ranges
bytes
mnpw.js
static.selfpua.com/ 		102 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.selfpua.com/mnpw.js
Requested by
Host: landing.jerkmate.com
URL: https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
Apache /
Resource Hash
f5c53a0a93a258d7885b2fcec49a12869017606d70efd36f1496ee2612ad0c7c

Request headers

Referer
https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 31 Aug 2020 04:11:44 GMT
Content-Encoding
gzip
Last-Modified
Wed, 30 Oct 2019 19:06:32 GMT
Server
Apache
ETag
"11634005-19843-596256e5b036a"
X-HW
1598847104.dop003.pa1.t,1598847104.cds037.pa1.shn,1598847104.cds037.pa1.c
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=22965102
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
35441
app.9cf3e7f4.css
static.jerkmate.com/cr2//landing.jerkmate.com-28365/assets/styles/ 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.jerkmate.com/cr2//landing.jerkmate.com-28365/assets/styles/app.9cf3e7f4.css
Requested by
Host: landing.jerkmate.com
URL: https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
Apache /
Resource Hash
447c39b3e0c088176da7df18b59f69f5c824bb98723e011730a114632515f333

Request headers

Referer
https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 31 Aug 2020 04:11:44 GMT
Content-Encoding
gzip
Last-Modified
Wed, 31 Jul 2019 17:48:54 GMT
Server
Apache
ETag
"1169b82d-2a48-58efdbd1f79d0"
X-HW
1598847104.dop039.pa1.t,1598847104.cds036.pa1.shn,1598847104.cds036.pa1.c
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=22966630
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
3151
modernizr-custom.js
static.jerkmate.com/cr2/assets/scripts/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.jerkmate.com/cr2/assets/scripts/modernizr-custom.js
Requested by
Host: landing.jerkmate.com
URL: https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
Apache /
Resource Hash
cea3e58d7a90dbcf85d6fe63bd88b8bf9a0da6b8df8409260738229c8ddc6b86

Request headers

Referer
https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 31 Aug 2020 04:11:44 GMT
Content-Encoding
gzip
Last-Modified
Wed, 19 Sep 2018 17:45:41 GMT
Server
Apache
ETag
"115bf023-29e5-5763cf9a2f311"
X-HW
1598847104.dop022.pa1.t,1598847104.cds213.pa1.shn,1598847104.dop022.pa1.t,1598847104.cds002.pa1.c
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=27600194
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
4285
logo-tm.svg
static.jerkmate.com/cr2/landing.jerkmate.com-28365/landing.jerkmate.com/28365/assets/images/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.jerkmate.com/cr2/landing.jerkmate.com-28365/landing.jerkmate.com/28365/assets/images/logo-tm.svg
Requested by
Host: landing.jerkmate.com
URL: https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
Apache /
Resource Hash
5ce9948a4ec87e4e217422dd803e73603153e0eb924cd89e5e4c361f2ee0dad2

Request headers

Referer
https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 31 Aug 2020 04:11:45 GMT
Last-Modified
Wed, 31 Jul 2019 17:48:54 GMT
Server
Apache
ETag
"1169b834-17a1-58efdbd278027"
X-HW
1598847104.dop039.pa1.t,1598847105.cds036.pa1.shn,1598847105.dop039.pa1.t,1598847105.cds228.pa1.c
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
max-age=28802649
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
6049
app.b603e1ed.js
static.jerkmate.com/cr2//landing.jerkmate.com-28365/assets/scripts/ 		140 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.jerkmate.com/cr2//landing.jerkmate.com-28365/assets/scripts/app.b603e1ed.js
Requested by
Host: landing.jerkmate.com
URL: https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
Apache /
Resource Hash
92443fa08c41ca1055c1887edb0a6a9f7941f84e26b92afb3bfeffb8c0bb5deb

Request headers

Referer
https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 31 Aug 2020 04:11:45 GMT
Content-Encoding
gzip
Last-Modified
Wed, 31 Jul 2019 17:48:54 GMT
Server
Apache
ETag
"1169b82b-22fc8-58efdbd1dfb11"
X-HW
1598847104.dop022.pa1.t,1598847104.cds213.pa1.shn,1598847105.dop022.pa1.t,1598847105.cds225.pa1.c
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=28634640
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
49381
tracking-hasoffers-4-12-194.min.js
static.jerkmate.com/cr2/assets/scripts/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.jerkmate.com/cr2/assets/scripts/tracking-hasoffers-4-12-194.min.js
Requested by
Host: landing.jerkmate.com
URL: https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
Apache /
Resource Hash
3aafa3cd287da6cee8e81556c4aeb958229b9205bf802a3669a05c162cd9916a

Request headers

Referer
https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 31 Aug 2020 04:11:45 GMT
Content-Encoding
gzip
Last-Modified
Thu, 21 Mar 2019 19:18:48 GMT
Server
Apache
ETag
"1138d8aa-17ca-5849f9b9abc66"
X-HW
1598847104.dop039.pa1.t,1598847105.cds036.pa1.shn,1598847105.cds036.pa1.c
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=22965169
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
2660
gtm.js
www.googletagmanager.com/ 		109 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MH37XZ2
Requested by
Host: landing.jerkmate.com
URL: https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2f125fd4a3c03cbda8bca385420ccc15f4d889f9dbf53dc6e2afa98f651f0328
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 31 Aug 2020 04:11:45 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37298
x-xss-protection
0
last-modified
Mon, 31 Aug 2020 03:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 31 Aug 2020 04:11:45 GMT
ea2958ac26bbee764f2ed7636a57ec28503acdf4.jpg
static.jerkmate.com/cr2/global/profiles/i2K9Ey/128247/ 		713 KB
713 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.jerkmate.com/cr2/global/profiles/i2K9Ey/128247/ea2958ac26bbee764f2ed7636a57ec28503acdf4.jpg
Requested by
Host: landing.jerkmate.com
URL: https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
Apache /
Resource Hash
d052ef6a086aeab0a12bb2f97d9ff98bd45ad321d53b70a385849e6c3e36710a

Request headers

Referer
https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 31 Aug 2020 04:11:45 GMT
Last-Modified
Wed, 31 Jul 2019 15:26:52 GMT
Server
Apache
ETag
"116ac05c-b2220-58efbc1324c39"
X-HW
1598847104.dop022.pa1.t,1598847104.cds213.pa1.shn,1598847105.dop022.pa1.t,1598847105.cds229.pa1.c
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=28651656
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
729632
400-normal.woff2
static.jerkmate.com/cr2//landing.jerkmate.com-28365/assets/fonts/proximanovaalt/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.jerkmate.com/cr2//landing.jerkmate.com-28365/assets/fonts/proximanovaalt/400-normal.woff2
Requested by
Host: static.jerkmate.com
URL: https://static.jerkmate.com/cr2//landing.jerkmate.com-28365/assets/styles/app.9cf3e7f4.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
Apache /
Resource Hash
5d49dfa18825db70e4c9148dd6ed97cbad6a916d914519f1262f5b22226e67b9

Request headers

Origin
https://landing.jerkmate.com
Referer
https://static.jerkmate.com/cr2//landing.jerkmate.com-28365/assets/styles/app.9cf3e7f4.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 31 Aug 2020 04:11:45 GMT
Content-Encoding
gzip
Last-Modified
Wed, 31 Jul 2019 17:48:53 GMT
Server
Apache
ETag
"1169b822-3c54-58efdbd131e4a"
X-HW
1598847105.dop028.pa1.t,1598847105.cds019.pa1.shn,1598847105.dop028.pa1.t,1598847105.cds207.pa1.c
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=28214183
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
15467
700-normal.woff2
static.jerkmate.com/cr2//landing.jerkmate.com-28365/assets/fonts/proximanovaalt/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.jerkmate.com/cr2//landing.jerkmate.com-28365/assets/fonts/proximanovaalt/700-normal.woff2
Requested by
Host: static.jerkmate.com
URL: https://static.jerkmate.com/cr2//landing.jerkmate.com-28365/assets/styles/app.9cf3e7f4.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
Apache /
Resource Hash
79c572229a90f9c2a0e46697f8cdd4488c6bd2afafc1e5c8ef5e3498085e1b0d

Request headers

Origin
https://landing.jerkmate.com
Referer
https://static.jerkmate.com/cr2//landing.jerkmate.com-28365/assets/styles/app.9cf3e7f4.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 31 Aug 2020 04:11:45 GMT
Content-Encoding
gzip
Last-Modified
Wed, 31 Jul 2019 17:48:53 GMT
Server
Apache
ETag
"1169b825-3c30-58efdbd17737a"
X-HW
1598847105.dop036.pa1.t,1598847105.cds231.pa1.shn,1598847105.dop036.pa1.t,1598847105.cds001.pa1.c
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=25889029
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
15431
455132.js
cdn.freshmarketer.com/175300/ 		308 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.freshmarketer.com/175300/455132.js
Requested by
Host: vultors-triefs.com
URL: https://vultors-triefs.com/4a0735a8-a81e-4bc1-a379-da01d012ab3b?campaignkeyword=@@CAMPAIGN-KEYWORD@@&keyword=@@KEYWORD@@&geo=@@GEO@@&campaignname=@@CAMPAIGN_NAME@@&device=@@DEVICE@@&os=@@OS@@&browser=@@BROWSER@@&carrier=@@CARRIER@@&source=@@SOURCE@@&bid=@@BID@@&clickid=@@CLICK-ID@@
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.254.83 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-254-83.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cc803eea6c1150490bd2e5c177635a2451beec7ac0616be8b3b088db35c44872

Request headers

Referer
https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
nCmIDfcFMon3X9.IjGXNT6GlcCX.Mu97
content-encoding
gzip
etag
"095c53b7092bb6d69d27bd67ac8c96a3"
last-modified
Fri, 29 May 2020 18:19:53 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
status
200
cache-control
max-age=120
date
Mon, 31 Aug 2020 04:11:45 GMT
x-amz-cf-id
v61ANZFdH_T8dxr4H0KbeVy2fveri3s0khNM0WWFAQmc7BAGcBJW4A==
via
1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
conversion_async.js
www.googleadservices.com/pagead/ 		29 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MH37XZ2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s22-in-f162.1e100.net
Software
cafe /
Resource Hash
509bc86c3091dae312dbaa4d1f3aa0d23d1e36658c4c740f133979e943467f87
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 31 Aug 2020 04:11:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
11322
x-xss-protection
0
server
cafe
etag
12800975097695341278
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 31 Aug 2020 04:11:45 GMT
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MH37XZ2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 04 Jun 2020 23:38:14 GMT
server
Golfe2
age
3365
date
Mon, 31 Aug 2020 03:15:40 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18469
expires
Mon, 31 Aug 2020 05:15:40 GMT
js
www.google-analytics.com/gtm/ 		75 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-M7J246H&t=gtm5&cid=1811542920.1598847105
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1eae378d985f86b3975d93405ba365e602a215f7cbf9e16da9ff95d1236bfda5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 31 Aug 2020 04:11:45 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29882
x-xss-protection
0
last-modified
Mon, 31 Aug 2020 03:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 31 Aug 2020 04:11:45 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j83&a=2144830329&t=pageview&_s=1&dl=https%3A%2F%2Flanding.jerkmate.com%2F28651%2F%3Fs2%3D102030fe1f296437fb5982729886f4%26s3%3DSred%26s4%3D66056%26...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-118335291-9&cid=1811542920.1598847105&jid=884694009&_gid=684198405.1598847105&gjid=1476299351&_v=j83&z=1467546462
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-118335291-9&cid=1811542920.1598847105&jid=884694009&_v=j83&z=1467546462
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-118335291-9&cid=1811542920.1598847105&jid=884694009&_v=j83&z=1467546462&slf_rd=1&random=522839549
42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-118335291-9&cid=1811542920.1598847105&jid=884694009&_v=j83&z=1467546462&slf_rd=1&random=522839549
Requested by
Host: landing.jerkmate.com
URL: https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 31 Aug 2020 04:11:45 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 31 Aug 2020 04:11:45 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-118335291-9&cid=1811542920.1598847105&jid=884694009&_v=j83&z=1467546462&slf_rd=1&random=522839549
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/747171646/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/747171646/?random=1598847105222&cv=9&fst=1598847105222&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8j2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Flanding.jerkmate.com%2F28651%2F%3Fs2%3D102030fe1f296437fb5982729886f4%26s3%3DSred%26s4%3D66056%26po%3D6533%26img%3Di2K9Ey%26url%3D11&ref=https%3A%2F%2Ft.grtya.com%2F66056%2F2779%3Fpo%3D6533%26aff_click_id%3Dw80t95h79cpl6cj1iv911h30%26nopop%3D1%26boSequence%3D4%26bo%3D2778%252C2777%252C2776%252C2775%26aff_sub%3DSred&tiba=Jerkmate%20%7C%20Never%20jerk%20off%20alone%20again&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c6e651a50c5d488c553244c57b12af29f2e4cc33fe169dd66c3aac86f38083e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 31 Aug 2020 04:11:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1188
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
ip.freshmarketer.com/json/ 		257 B
380 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ip.freshmarketer.com/json/?callback=setGeoTargeting
Requested by
Host: cdn.freshmarketer.com
URL: https://cdn.freshmarketer.com/175300/455132.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.204.253.47 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-204-253-47.compute-1.amazonaws.com
Software
/
Resource Hash
5bea3a77ac30f32f8a170b60d52f447fd1a3cac18b098abc6a41fcd81dd088f2

Request headers

Referer
https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Mon, 31 Aug 2020 04:11:45 GMT
x-database-date
Thu, 05 Sep 2019 07:15:19 GMT
content-length
257
vary
Origin
content-type
application/javascript
/
www.google.com/pagead/1p-user-list/747171646/ 		42 B
538 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/747171646/?random=1598847105222&cv=9&fst=1598846400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8j2&sendb=1&frm=0&url=https%3A%2F%2Flanding.jerkmate.com%2F28651%2F%3Fs2%3D102030fe1f296437fb5982729886f4%26s3%3DSred%26s4%3D66056%26po%3D6533%26img%3Di2K9Ey%26url%3D11&ref=https%3A%2F%2Ft.grtya.com%2F66056%2F2779%3Fpo%3D6533%26aff_click_id%3Dw80t95h79cpl6cj1iv911h30%26nopop%3D1%26boSequence%3D4%26bo%3D2778%252C2777%252C2776%252C2775%26aff_sub%3DSred&tiba=Jerkmate%20%7C%20Never%20jerk%20off%20alone%20again&async=1&fmt=3&is_vtc=1&random=1413079612&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: landing.jerkmate.com
URL: https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 31 Aug 2020 04:11:45 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/747171646/ 		42 B
538 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/747171646/?random=1598847105222&cv=9&fst=1598846400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8j2&sendb=1&frm=0&url=https%3A%2F%2Flanding.jerkmate.com%2F28651%2F%3Fs2%3D102030fe1f296437fb5982729886f4%26s3%3DSred%26s4%3D66056%26po%3D6533%26img%3Di2K9Ey%26url%3D11&ref=https%3A%2F%2Ft.grtya.com%2F66056%2F2779%3Fpo%3D6533%26aff_click_id%3Dw80t95h79cpl6cj1iv911h30%26nopop%3D1%26boSequence%3D4%26bo%3D2778%252C2777%252C2776%252C2775%26aff_sub%3DSred&tiba=Jerkmate%20%7C%20Never%20jerk%20off%20alone%20again&async=1&fmt=3&is_vtc=1&random=1413079612&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: landing.jerkmate.com
URL: https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 31 Aug 2020 04:11:45 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
nr-1177.min.js
js-agent.newrelic.com/ 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1177.min.js
Requested by
Host: landing.jerkmate.com
URL: https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
67f243af83cf56b2fd0fb502ab9f7a8533500e2571b4459d5bf6f6481a2da4ca

Request headers

Referer
https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 31 Aug 2020 04:11:45 GMT
content-encoding
gzip
x-amz-request-id
4F930AF2622C2177
x-cache
HIT
status
200
content-length
10405
x-amz-id-2
U7tObmI036MTRpBI0DMqANsZED0ff6ySLFb6J6xUAvrjeydJkzxfcOtpUXwF34MJgKtcfhq4e+o=
x-served-by
cache-hhn4027-HHN
last-modified
Tue, 18 Aug 2020 17:23:32 GMT
server
AmazonS3
x-timer
S1598847106.656410,VS0,VE0
etag
"97c8d5802b0de603104986846cdc509a"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
10363
91e9769ef2
bam.nr-data.net/1/ 		57 B
275 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/1/91e9769ef2?a=196502656&v=1177.96a4d39&to=ZAcBYEQHDUtSBkRfWF1NIldCDwxWHAZCV1xsDgJaUg8NXx0DQllZRwcNUBgODFVWOkRZQkE%3D&rst=1335&ck=1&ref=https://landing.jerkmate.com/28651/&ap=140&be=472&fe=1184&dc=680&perf=%7B%22timing%22:%7B%22of%22:1598847104422,%22n%22:0,%22f%22:1,%22dn%22:2,%22dne%22:8,%22c%22:8,%22s%22:22,%22ce%22:212,%22rq%22:213,%22rp%22:460,%22rpe%22:461,%22dl%22:463,%22di%22:679,%22ds%22:679,%22de%22:681,%22dc%22:1184,%22l%22:1184,%22le%22:1185%7D,%22navigation%22:%7B%7D%7D&fp=664&fcp=664&at=SEAWFgwdHhQRBBIMTE4f&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1177.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.247.242.20 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
bam-8.nr-data.net
Software
/
Resource Hash
d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1

Request headers

Referer
https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
57
Content-Type
text/javascript;charset=ISO-8859-1
91e9769ef2
bam.nr-data.net/events/1/ 		24 B
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/events/1/91e9769ef2?a=196502656&v=1177.96a4d39&to=ZAcBYEQHDUtSBkRfWF1NIldCDwxWHAZCV1xsDgJaUg8NXx0DQllZRwcNUBgODFVWOkRZQkE%3D&rst=11335&ck=1&ref=https://landing.jerkmate.com/28651/
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1177.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.247.242.20 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
bam-8.nr-data.net
Software
/
Resource Hash
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer
https://landing.jerkmate.com/28651/?s2=102030fe1f296437fb5982729886f4&s3=Sred&s4=66056&po=6533&img=i2K9Ey&url=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type
text/plain

Response headers

Access-Control-Allow-Origin
https://landing.jerkmate.com
Access-Control-Allow-Credentials
true
Content-Length
24
Content-Type
image/gif

Verdicts & Comments Add Verdict or Comment

73 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes object| dataLayer boolean| dntStatus object| macroFunctions object| pageLoadTracking object| pageLoadCallbacks object| NREUM object| newrelic function| __nr_require function| a3NN function| C1KK function| L233 function| q699 function| M7AA function| H499 function| v2jj function| V499 function| S2jj function| h2RR string| bd443 boolean| C1 object| mnpw function| getmnpw string| s2mnpw boolean| affidmnpw string| mnpwparam object| html5 object| Modernizr object| robot function| playHappy number| currentIndex function| $ function| jQuery function| anime function| Robot function| pageLoadCallback object| rawTrackingData function| EvtHandler object| evtHandler object| trackingRedirectHandler object| google_tag_manager function| zargetTimeout boolean| zarget number| zargetTimer object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData object| google_optimize function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO number| zargetMain object| ZargetUrlChangeTrigger function| beforeunload boolean| zg_is_new_visitor boolean| zargetCookie function| runZGHeatmap function| runZGPausedExp object| expEvt function| zarget$ function| fm_$ object| zargetAPI object| FMApi object| triggerHeatmapExperiment object| bulkDetails object| jQuery111308582796271639943 number| zarget_geo_requestedtime function| setGeoTargeting object| FM object| zarget_geoDetails

9 Cookies

Domain/Path Name / Value
.jerkmate.com/ Name: _gid
Value: GA1.2.684198405.1598847105
.jerkmate.com/ Name: _ga
Value: GA1.2.1811542920.1598847105
landing.jerkmate.com/ Name: hash
Value: 2b21b164b6b72310d9820e7a9e6938f52f63a9ff
landing.jerkmate.com/ Name: regional
Value: %5B%22Westminster%22%2C%22Charing+Cross%22%2C%22Highbury%22%2C%22Camberwell%22%2C%22East+Dulwich%22%2C%22Lambeth%22%2C%22Westminster%22%2C%22Saint+Johns+Wood%22%2C%22Upper+Holloway%22%2C%22Walworth%22%5D
landing.jerkmate.com/ Name: locale
Value: en_US
landing.jerkmate.com/ Name: tracking
Value: %7B%22aff%22%3A1%2C%22subId1%22%3A%22%22%2C%22subId2%22%3A%22102030fe1f296437fb5982729886f4%22%2C%22subId3%22%3A%22Sred%22%2C%22subId4%22%3A%2266056%22%2C%22typeInUrl%22%3A%22%22%2C%22urlParam%22%3A%2211%22%2C%22tourId%22%3A28651%2C%22mirrorId%22%3Anull%7D
.jerkmate.com/ Name: zarget_visitor_info
Value: %7B%7D
.jerkmate.com/ Name: _gat_UA-118335291-9
Value: 1
landing.jerkmate.com/ Name: crak
Value: %7B%227812%22%3A%7B%22aff%22%3A%221%22%2C%22track%22%3A%22%22%2C%22subid2%22%3A%22102030fe1f296437fb5982729886f4%22%2C%22subid3%22%3A%22Sred%22%2C%22subid4%22%3A%2266056%22%2C%22typein_url%22%3A%22%22%2C%22url_id%22%3A%2211%22%2C%22exp%22%3A%221599451904%22%2C%22click%22%3A%22%22%7D%7D

56 Console Messages

Source Level URL
Text
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://static.selfpua.com/mnpw.js(Line 2)
Message:
console.clear

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bam.nr-data.net
cdn.freshmarketer.com
ckstatic.com
edunoullaudis.ml
googleads.g.doubleclick.net
ip.freshmarketer.com
js-agent.newrelic.com
landing.jerkmate.com
static.jerkmate.com
static.selfpua.com
stats.g.doubleclick.net
t.grtya.com
vultors-triefs.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
13.35.254.83
151.101.114.110
162.247.242.20
172.217.23.162
205.185.216.10
205.185.216.42
2606:4700:3034::ac43:b137
2a00:1450:4001:800::2008
2a00:1450:4001:800::200e
2a00:1450:4001:80b::2004
2a00:1450:4001:81f::2003
2a00:1450:4001:821::2002
2a00:1450:400c:c0c::9a
3.120.230.228
34.204.253.47
52.204.241.238
52.207.71.232
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0e378609e731f8d6ff57e75ed9ad15f536eb0212760dd86b95caf891a6935b6e
1eae378d985f86b3975d93405ba365e602a215f7cbf9e16da9ff95d1236bfda5
2324fa2acc1382ed8b1306e981e5c2273e57a0532efd1d6a5a0a4a0aab22d045
2f125fd4a3c03cbda8bca385420ccc15f4d889f9dbf53dc6e2afa98f651f0328
3aafa3cd287da6cee8e81556c4aeb958229b9205bf802a3669a05c162cd9916a
447c39b3e0c088176da7df18b59f69f5c824bb98723e011730a114632515f333
509bc86c3091dae312dbaa4d1f3aa0d23d1e36658c4c740f133979e943467f87
5bea3a77ac30f32f8a170b60d52f447fd1a3cac18b098abc6a41fcd81dd088f2
5ce9948a4ec87e4e217422dd803e73603153e0eb924cd89e5e4c361f2ee0dad2
5d49dfa18825db70e4c9148dd6ed97cbad6a916d914519f1262f5b22226e67b9
67f243af83cf56b2fd0fb502ab9f7a8533500e2571b4459d5bf6f6481a2da4ca
76c420e23f12e95621ab8f4ab5f9006d8dd654dffeab9235f82b508d750e9b1b
79c572229a90f9c2a0e46697f8cdd4488c6bd2afafc1e5c8ef5e3498085e1b0d
92443fa08c41ca1055c1887edb0a6a9f7941f84e26b92afb3bfeffb8c0bb5deb
b89031ba3baadc933177ec8d1e4e92b5e30198ba12f668293e5f3c464cc3e2e3
c6e651a50c5d488c553244c57b12af29f2e4cc33fe169dd66c3aac86f38083e2
c705715c648c7a8d16d5124b3534abf2eab55e9d0586818ba97eda6a31857c6a
cc803eea6c1150490bd2e5c177635a2451beec7ac0616be8b3b088db35c44872
cea3e58d7a90dbcf85d6fe63bd88b8bf9a0da6b8df8409260738229c8ddc6b86
d052ef6a086aeab0a12bb2f97d9ff98bd45ad321d53b70a385849e6c3e36710a
d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5c53a0a93a258d7885b2fcec49a12869017606d70efd36f1496ee2612ad0c7c
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955