urlscan.io logo urlscan.io
SecurityTrails logo

www.dclicks.site Open in urlscan Pro
172.67.201.197  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://dclicks.site/fb9/index.php
Effective URL: https://www.dclicks.site/fb9/index.php
Submission: On December 12 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 4 countries across 7 domains to perform 25 HTTP transactions. The main IP is 172.67.201.197, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.dclicks.site.
TLS certificate: Issued by WE1 on November 4th 2024. Valid for: 3 months.
This is the only time www.dclicks.site was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 17 172.67.201.197 13335 (CLOUDFLAR...)
2 172.67.194.119 13335 (CLOUDFLAR...)
3 188.114.96.3 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 136.243.216.252 24940 (HETZNER-A...)
1 1 172.67.145.143 13335 (CLOUDFLAR...)
1 104.26.2.30 13335 (CLOUDFLAR...)
25 6
17    172.67.201.197 (United States)

ASN13335 (CLOUDFLARENET, US)
dclicks.site
www.dclicks.site
2    172.67.194.119 (United States)

ASN13335 (CLOUDFLARENET, US)
qfqbk.nxt-psh.com
nxt-psh.com
3    188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
qfqbk.ajscdn.com
2    2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    136.243.216.252 (Eitensheim, Germany)

ASN24940 (HETZNER-AS Hetzner Online GmbH, DE)
PTR: static.252.216.243.136.clients.your-server.de
bigdatajsext.com
1    172.67.145.143 (United States)

ASN13335 (CLOUDFLARENET, US)
ipptrk.trkless.com
1    104.26.2.30 (None, )

ASN13335 (CLOUDFLARENET, US)
static.imghst-de.com
Apex Domain
Subdomains		 Transfer
17 dclicks.site
dclicks.site
www.dclicks.site
4 MB
3 ajscdn.com
qfqbk.ajscdn.com
15 KB
2 gstatic.com
www.gstatic.com
19 KB
2 nxt-psh.com
qfqbk.nxt-psh.com
nxt-psh.com — Cisco Umbrella Rank: 158311
15 KB
1 imghst-de.com
static.imghst-de.com — Cisco Umbrella Rank: 13122
4 KB
1 trkless.com
ipptrk.trkless.com
805 B
1 bigdatajsext.com
bigdatajsext.com — Cisco Umbrella Rank: 161830
409 B
25 7
Domain Requested by
16 www.dclicks.site www.dclicks.site
3 qfqbk.ajscdn.com www.dclicks.site
qfqbk.ajscdn.com
2 www.gstatic.com qfqbk.nxt-psh.com
1 static.imghst-de.com
1 ipptrk.trkless.com 1 redirects
1 bigdatajsext.com www.dclicks.site
1 nxt-psh.com qfqbk.nxt-psh.com
1 qfqbk.nxt-psh.com www.dclicks.site
1 dclicks.site 1 redirects
25 9

This site contains links to these domains. Also see Links.

Domain
trk.dclicks.online
Subject Issuer Validity Valid
dclicks.site
WE1		 2024-11-04 -
2025-02-02		 3 months crt.sh
nxt-psh.com
WE1		 2024-12-08 -
2025-03-08		 3 months crt.sh
ajscdn.com
WE1		 2024-11-23 -
2025-02-21		 3 months crt.sh
*.gstatic.com
WR2		 2024-11-04 -
2025-01-27		 3 months crt.sh
bigdatajsext.com
E5		 2024-10-22 -
2025-01-20		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.dclicks.site/fb9/index.php
Frame ID: 49EA3E0711088EBF4473ECEB7E242774
Requests: 23 HTTP requests in this frame

Frame: https://static.imghst-de.com/69b864ac-bbee-42a1-88eb-9de40dd41b4d.jpg
Frame ID: 7495EBF890C042C013DDCB2CBE99D536
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Meet local girls in your area?

Page URL History Show full URLs

  1. https://dclicks.site/fb9/index.php HTTP 301
    https://www.dclicks.site/fb9/index.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /firebasejs/([\d.]+)/firebase
Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

25
Requests

96 %
HTTPS

14 %
IPv6

7
Domains

9
Subdomains

6
IPs

4
Countries

4543 kB
Transfer

4822 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://dclicks.site/fb9/index.php HTTP 301
    https://www.dclicks.site/fb9/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23
  • https://ipptrk.trkless.com/trk?s1=QgmRxgdVtwnpndW6M3bjU3ILtUD%2B3hj6kp48lKDmGLKYHt25cqLbu12eDgRxZNPZAhI1jo6Z3qPk%2BmS8hQb5gASUAb%2FMV8LNfaqPeKWCN6o81HozLopmZitthIOMTFDphngdlNT0gQHISKl7tR4wf0rM7u4sRxacXcGvh3nCEiIuoxHCQKQwk6V%2BeL5iLrd8FYZB7NESxqteBsB1OcrCLL7ijfia3A2RucMEpgdG4wfBi4VGpGlMGIRysIOsKZzRzquyfUw%2FHVyHVVGYQr2LyvAvxQm0RkBtIS0Sq%2FRVxTLKHgvcUL%2BQXj5wDzN%2B3G90HcJqc64QCxLRYXPC68mpzbT0u0%2FMejpH3Ey9ToWUuPS%2FU2TrjqHo2P%2Bux%2B8bukwmM%2BKjXQzsa95bLWgGMlEdGzx6woVvkI%2BJc1KgOeifU9hKoxzev6izQfTh64FbrRwPDjfpIRqxKn5PLTvTwfyKPY4da536hNKBtafNsMgB8UZiA3UoxE1iA60n3PANG%2Bp1x9et3c9maZPKE7zw4jwLvCGs7ME7LZWNFCeqq2frKVofZuwWYfts7nBYLqDx8FtWHO%2FjCETY%2FzEBRZ2Owz3VFhF6aHw73sQnBTA0u%2BioIukRVIsIK1FlP3VX2oi26QKlRWoxRz3kyjXmFxqQkoKcTTAASxYlUwUBQMEW900wQ0EVrcEPyYaUo4H4n4Vyn0igbjVb2ZMpYUauDM7upy15o8UWRf6WxwU0rA%3D%3D&type=1&brid=PB06-0HN8I3SC8EQQV52BD&nrid=73d18ce9c69a298ae2989f383737d6a1 HTTP 302
  • https://static.imghst-de.com/69b864ac-bbee-42a1-88eb-9de40dd41b4d.jpg

25 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.php
www.dclicks.site/fb9/
Redirect Chain
  • https://dclicks.site/fb9/index.php
  • https://www.dclicks.site/fb9/index.php
5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.dclicks.site/fb9/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.201.197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
85e32542a2af140bc387043124d1a6d33ba1325f99970b74748c243a16b1f58d
Security Headers
Name Value
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8f0b786c4ae8dc96-FRA
content-encoding
zstd
content-type
text/html; charset=UTF-8
date
Thu, 12 Dec 2024 05:56:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
referrer-policy
same-origin same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jFiNcqJWjX%2FaHk9f4ET2KAd%2FiRkkLwAvbMmu3cuFQnwiK88BPMan%2BBbuMlrTNzHeSSOiGQnBiGOBYJokPTiZoKsXoGrWitWcQYqmeAIaBy8h3MUxX1SlbV2FPSwAIVF8QEcX"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=6694&min_rtt=6411&rtt_var=1228&sent=16&recv=12&lost=0&retrans=0&sent_bytes=5161&recv_bytes=4933&delivery_rate=33987&cwnd=12000&unsent_bytes=0&cid=c2a2fffdc6bc7b75&ts=144&x=1" cfExtPri cfHdrFlush;dur=0
vary
Accept-Encoding
x-content-type-options
nosniff nosniff
x-frame-options
SAMEORIGIN SAMEORIGIN
x-permitted-cross-domain-policies
master-only master-only
x-xss-protection
1; mode=block 1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8f0b786bda23dc96-FRA
content-type
text/html
date
Thu, 12 Dec 2024 05:56:17 GMT
location
https://www.dclicks.site/fb9/index.php
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aoiJgtDh8tfmalv413IaQoiV7A0MuPLy05d4nhtOUA9jrU7ec9URuXXRs9gPw02LVwjIPWYd8k57jYePIfvvMTdt9qBB%2FFZfEUrRvEETePB1%2FznO0rYm%2FLgGqx1u%2F0A%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=6710&min_rtt=6411&rtt_var=1595&sent=13&recv=9&lost=0&retrans=0&sent_bytes=4185&recv_bytes=4448&delivery_rate=89994&cwnd=12000&unsent_bytes=0&cid=c2a2fffdc6bc7b75&ts=40&x=1" cfExtPri cfHdrFlush;dur=0
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
master-only
x-xss-protection
1; mode=block
style.css
www.dclicks.site/fb9/css/ 		23 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dclicks.site/fb9/css/style.css
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/fb9/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.201.197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37ca6ee37ab3c72ae84b6e5c4a8234246c2ed070f2c0edfb93228eb148ae5ba5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.dclicks.site/fb9/index.php

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"670d2d06-5ad8"
age
335482
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8a%2F4OKyNgszvsuIf48PJSDZ6BwyEdgeecxmLpW7c3BKBOLj8hJxoFNfmMqarDazy8pSFJseeAEqO9YFwxE5GbHwKOB1rKAL%2BmYRdNu8VLUR9wKCCw1RN5TyP4KMGyaLNOM4b"}],"group":"cf-nel","max_age":604800}
expires
Thu, 31 Dec 2037 23:55:55 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=7371&min_rtt=6411&rtt_var=1864&sent=23&recv=19&lost=0&retrans=0&sent_bytes=10771&recv_bytes=6959&delivery_rate=20992&cwnd=12000&unsent_bytes=0&cid=c2a2fffdc6bc7b75&ts=169&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 12 Dec 2024 05:56:18 GMT
content-type
text/css
last-modified
Mon, 14 Oct 2024 14:39:02 GMT
vary
Accept-Encoding
priority
u=0,i=?0
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f0b786cbb78dc96-FRA
access-control-allow-origin
*
server
cloudflare
notifications.js
www.dclicks.site/fb9/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dclicks.site/fb9/js/notifications.js
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/fb9/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.201.197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6474835e5bac748d76d75ce0fd5da7c97d047f55e6c02c5a3fe2daee351671ab

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.dclicks.site/fb9/index.php

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"674ab45a-62a"
age
335482
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8QzzAdO7KrHMCNsQKfF50e1uA0CxmEeHtMtXWo2GlD9cPmxksz645CCOaCUB5mdEcTRf1Px2xtliL3RVwXVGZdythp%2FryUz2kHfdvqdnC7QvLgKbk%2FDXUZQ0yaduDBLe%2FIR7"}],"group":"cf-nel","max_age":604800}
expires
Thu, 31 Dec 2037 23:55:55 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=7371&min_rtt=6411&rtt_var=1864&sent=29&recv=19&lost=0&retrans=0&sent_bytes=17258&recv_bytes=6959&delivery_rate=20992&cwnd=12000&unsent_bytes=0&cid=c2a2fffdc6bc7b75&ts=169&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 12 Dec 2024 05:56:18 GMT
content-type
application/javascript
last-modified
Sat, 30 Nov 2024 06:44:42 GMT
vary
Accept-Encoding
priority
u=1,i=?0
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f0b786cbb7adc96-FRA
access-control-allow-origin
*
server
cloudflare
utils.js
www.dclicks.site/fb9/js/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dclicks.site/fb9/js/utils.js
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/fb9/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.201.197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c221ddb4ca7bc9ed561bc05aa71b470d0e4f9e17cd9f90cdb0e1fea6ffae77b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.dclicks.site/fb9/index.php

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"670d3b65-18ef"
age
335482
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7N7VMBDRpE6De%2FjZ7WvhX4vIJJettpvW8PwWxRwvstwZH9kF2w0bAm2UMrg%2Bo0r%2Bg4OntPdxY97L7v4EkEqw7ZW7K%2BVOJ1v%2FoLZVkKnA%2BLNTJq%2Frsr4Vh76UTr8YZ1zOmaQt"}],"group":"cf-nel","max_age":604800}
expires
Thu, 31 Dec 2037 23:55:55 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=7371&min_rtt=6411&rtt_var=1864&sent=20&recv=19&lost=0&retrans=0&sent_bytes=7418&recv_bytes=6959&delivery_rate=20992&cwnd=12000&unsent_bytes=0&cid=c2a2fffdc6bc7b75&ts=168&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 12 Dec 2024 05:56:18 GMT
content-type
application/javascript
last-modified
Mon, 14 Oct 2024 15:40:21 GMT
vary
Accept-Encoding
priority
u=1,i=?0
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f0b786cbb7bdc96-FRA
access-control-allow-origin
*
server
cloudflare
flag-icon.css
www.dclicks.site/fb9/css/ 		40 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dclicks.site/fb9/css/flag-icon.css
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/fb9/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.201.197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6afd8d9abc2967f29ad396854cd05b1a12dcf9b7084f944c136ca6f540c5a39

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.dclicks.site/fb9/index.php

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"670d2ece-9eb3"
age
335482
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tXacZ0M2QuoXwuYnzU9G5OiLz46tpMJzeQEawkLkZtlHAZa46kPW619oYTbt29vJjorGrRT4va%2FahG3DU1m4d%2B%2FmYGKTbwacl7PtxnX17%2FqpWof2IWdeS3d8j6KRsx3edPKt"}],"group":"cf-nel","max_age":604800}
expires
Thu, 31 Dec 2037 23:55:55 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=7371&min_rtt=6411&rtt_var=1864&sent=31&recv=19&lost=0&retrans=0&sent_bytes=18680&recv_bytes=6959&delivery_rate=20992&cwnd=12000&unsent_bytes=0&cid=c2a2fffdc6bc7b75&ts=170&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 12 Dec 2024 05:56:18 GMT
content-type
text/css
last-modified
Mon, 14 Oct 2024 14:46:38 GMT
vary
Accept-Encoding
priority
u=0,i=?0
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f0b786cbb7cdc96-FRA
access-control-allow-origin
*
server
cloudflare
ps.js
qfqbk.nxt-psh.com/ps/ 		35 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qfqbk.nxt-psh.com/ps/ps.js?id=_a0WO2NuH0OdNMIFmxiUCA
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/fb9/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.194.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b5680e9b625c2960d659ef6dddd001e4a2004b9970eee871bda38f95a0ed94a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
BYPASS
accept-ch
Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FgMK1uUDhHbrlEghFDiNdm0azBuMF%2FWB%2BHNZcIzpI%2BdX4m0bIikntvH1Pd2Jd0QvtfEsJKhXbCaVYQExeamEYYadffDzx3iTOWuIxnq6ag7TI6ppagpK6%2BXRYul%2BaOeAVWx2TQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8f0b786d0f295d3d-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=7268&min_rtt=6481&rtt_var=2548&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4262&recv_bytes=4372&delivery_rate=62360&cwnd=12000&unsent_bytes=0&cid=713dabe268448a41&ts=49&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 12 Dec 2024 05:56:18 GMT
content-type
application/javascript
vary
Accept-Encoding
server
cloudflare
priority
u=3,i=?0
ipp.js
qfqbk.ajscdn.com/ 		38 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qfqbk.ajscdn.com/ipp.js?id=FUhK9rt3fUaO3oKNWF7fOQ
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/fb9/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
24e58435a15d57bd088669dba825cf659bb654d5ebdbe6c099801c197d51596a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
BYPASS
accept-ch
Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XeMfnlln3QWTNy3isxDv7IoGqHWN2MuuTX0HJDd9hJHhgOvD%2F%2BA5AzNjnfBdOfKHaQXuNQDhwzFmeBEgSmwlr8gJTHxdUYCkl04gaGJFzB9lQqlUrwRtHkB%2F%2BBoVBuDDlwxs"}],"group":"cf-nel","max_age":604800}
cf-ray
8f0b786d1c2dd26d-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=8845&min_rtt=8506&rtt_var=2066&sent=13&recv=9&lost=0&retrans=0&sent_bytes=4252&recv_bytes=4320&delivery_rate=67827&cwnd=12000&unsent_bytes=0&cid=f3d31f4c8ddd4261&ts=36&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 12 Dec 2024 05:56:18 GMT
content-type
application/javascript
vary
Accept-Encoding
server
cloudflare
priority
u=3,i=?0
pin.png
www.dclicks.site/fb9/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dclicks.site/fb9/images/pin.png
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/fb9/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.201.197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c56545379b30a70c1dfe55be86f5bbe4503ba049da977da0dc6995c35ddb576

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.dclicks.site/fb9/index.php

Response headers

cf-cache-status
HIT
etag
W/"670d2d46-5e0"
age
335482
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=85n5x9KEF1kisg2yqGOZzsNIgFa9UbPpj1deQdDzK9NV2goO17vl%2BrQ%2FjO0vKrEHznVjgeJB%2BePuGJDa6yNE2yhbMkqqcwH1D1i%2FDfO1Hqqwd7EPsnUX8QuRbnrlptV6nZeF"}],"group":"cf-nel","max_age":604800}
expires
Thu, 31 Dec 2037 23:55:55 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=7371&min_rtt=6411&rtt_var=1864&sent=27&recv=19&lost=0&retrans=0&sent_bytes=15006&recv_bytes=6959&delivery_rate=20992&cwnd=12000&unsent_bytes=0&cid=c2a2fffdc6bc7b75&ts=169&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 12 Dec 2024 05:56:18 GMT
content-type
image/png
last-modified
Mon, 14 Oct 2024 14:40:06 GMT
vary
Accept-Encoding
priority
u=2,i
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f0b786cbb7fdc96-FRA
access-control-allow-origin
*
server
cloudflare
smile.gif
www.dclicks.site/fb9/images/ 		848 KB
849 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dclicks.site/fb9/images/smile.gif
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/fb9/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.201.197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dce12e3762cd99b06b36c1dc5da30643ce68787bcc8f894c0e783f8321620f72

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.dclicks.site/fb9/index.php

Response headers

cf-cache-status
HIT
etag
W/"670d2d5a-d3fdc"
age
335482
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L6G3m5UDsUmaAUjgG%2BKTNkqfcRzI%2FPGJXL3%2FWHA50IwFGMVCdpN3HjhJIahP4mqZrmbfTxo8LwSGF3BG5Nxuk90CGCsXYlRBje1I2q5CRYgMqvRowizGlRKCwkLMb5%2B%2BwAyI"}],"group":"cf-nel","max_age":604800}
expires
Thu, 31 Dec 2037 23:55:55 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=7371&min_rtt=6411&rtt_var=1864&sent=32&recv=19&lost=0&retrans=0&sent_bytes=19418&recv_bytes=6959&delivery_rate=20992&cwnd=12000&unsent_bytes=0&cid=c2a2fffdc6bc7b75&ts=174&x=1", cfExtPri, cfHdrFlush;dur=2
date
Thu, 12 Dec 2024 05:56:18 GMT
content-type
image/gif
last-modified
Mon, 14 Oct 2024 14:40:26 GMT
vary
Accept-Encoding
priority
u=2,i
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f0b786cbb80dc96-FRA
access-control-allow-origin
*
server
cloudflare
binocul.svg
www.dclicks.site/fb9/images/ 		14 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dclicks.site/fb9/images/binocul.svg
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/fb9/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.201.197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
054437e2e364bea368f256b1a67d188a5d8fc72bc169af6f12d92dc6c6234eda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.dclicks.site/fb9/index.php

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"670d2d42-3642"
age
335482
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=91azIsb45Ro2hdWpc4s2eEpVgBmOBr%2B4QA9BbczjCWcQl6DefS9N2nq6iMWvNV5vQn9yAYEm6eiJQRawXNx%2BQHhkkZzMXDVQiCktVSZJZHhWeXvWqTv31Dr6o8ZnMBuDMmKP"}],"group":"cf-nel","max_age":604800}
expires
Thu, 31 Dec 2037 23:55:55 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=10592&min_rtt=6411&rtt_var=1737&sent=95&recv=39&lost=0&retrans=0&sent_bytes=87080&recv_bytes=8925&delivery_rate=1289047&cwnd=45600&unsent_bytes=0&cid=c2a2fffdc6bc7b75&ts=192&x=1", cfExtPri, cfHdrFlush;dur=1
date
Thu, 12 Dec 2024 05:56:18 GMT
content-type
image/svg+xml
last-modified
Mon, 14 Oct 2024 14:40:02 GMT
vary
Accept-Encoding
priority
u=3,i
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f0b786cebe4dc96-FRA
access-control-allow-origin
*
server
cloudflare
jquery.min.js
www.dclicks.site/fb9/js/ 		94 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dclicks.site/fb9/js/jquery.min.js
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/fb9/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.201.197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce32707c0d679b8ed56b5dc8c498e1b1667e5b1905b8aeff42151e3f6667d73d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.dclicks.site/fb9/index.php

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"670d2daa-176d8"
age
335482
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A5D6n4F6mMsVSanxd6qeJZaaUPIVWmuSY7%2BNQxn6xYzxGdw6G0EZH7tPwhABoYhl4rCVSK1XU8jpvD7SxXqcK8MeT7oWkaAOk7FSowWgcJbhocemixDaDMnNNCRjDJ%2Bhi4Zh"}],"group":"cf-nel","max_age":604800}
expires
Thu, 31 Dec 2037 23:55:55 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=10274&min_rtt=6411&rtt_var=2113&sent=78&recv=34&lost=0&retrans=0&sent_bytes=68073&recv_bytes=8710&delivery_rate=1307333&cwnd=36000&unsent_bytes=0&cid=c2a2fffdc6bc7b75&ts=188&x=1", cfExtPri, cfHdrFlush;dur=1
date
Thu, 12 Dec 2024 05:56:18 GMT
content-type
application/javascript
last-modified
Mon, 14 Oct 2024 14:41:46 GMT
vary
Accept-Encoding
priority
u=2,i=?0
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f0b786cdbdadc96-FRA
access-control-allow-origin
*
server
cloudflare
trls.js
www.dclicks.site/fb9/js/ 		23 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dclicks.site/fb9/js/trls.js
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/fb9/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.201.197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
190aeb9fade48016d0e40e16a92830b3c53565c293af92d88b52b7cab989ddbe

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.dclicks.site/fb9/index.php

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"670d2db2-5c88"
age
335482
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JFPGhVyCDsJEmcqSn%2Fi50DhIQGisxYnRAxkuVOs6H5n9CqBoSdkZri4Snf9NUX4NpTp6v2yqisVZA22JFL4Vt9qw9Qh1DJcVXkCFHCNZiWsIN4YyxSfGBYilvGOz7G6Zad5c"}],"group":"cf-nel","max_age":604800}
expires
Thu, 31 Dec 2037 23:55:55 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=10592&min_rtt=6411&rtt_var=1737&sent=95&recv=39&lost=0&retrans=0&sent_bytes=87080&recv_bytes=8925&delivery_rate=1289047&cwnd=45600&unsent_bytes=0&cid=c2a2fffdc6bc7b75&ts=192&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 12 Dec 2024 05:56:18 GMT
content-type
application/javascript
last-modified
Mon, 14 Oct 2024 14:41:54 GMT
vary
Accept-Encoding
priority
u=2,i=?0
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f0b786cebe1dc96-FRA
access-control-allow-origin
*
server
cloudflare
main.js
www.dclicks.site/fb9/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dclicks.site/fb9/js/main.js
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/fb9/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.201.197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f72c1227ef06a3fc4f73500111fda92811427146e2404f456ec1cf2f0e5b292c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.dclicks.site/fb9/index.php

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"670d2dae-c07"
age
19392
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kv19e1GiFQE7Q6p2wO%2FDwW7WojCn%2BSS4MnbpQ1Mi1gBXk0p0BZMwgCn4ZI9K1kFeocggeh0B0Prh7%2BsvloZWqlxvHxd4WhurvMvkEBFjozkaZx6kNy9826cMUbkxpb%2Bw7kmJ"}],"group":"cf-nel","max_age":604800}
expires
Thu, 31 Dec 2037 23:55:55 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=9597&min_rtt=6411&rtt_var=1062&sent=119&recv=45&lost=0&retrans=0&sent_bytes=113325&recv_bytes=9183&delivery_rate=3455384&cwnd=58800&unsent_bytes=0&cid=c2a2fffdc6bc7b75&ts=194&x=1", cfExtPri, cfHdrFlush;dur=1
date
Thu, 12 Dec 2024 05:56:18 GMT
content-type
application/javascript
last-modified
Mon, 14 Oct 2024 14:41:50 GMT
vary
Accept-Encoding
priority
u=2,i=?0
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f0b786cebe3dc96-FRA
access-control-allow-origin
*
server
cloudflare
1.jpg
www.dclicks.site/fb9/images/ 		3 MB
3 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dclicks.site/fb9/images/1.jpg
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/fb9/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.201.197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f488075a542bef6746a9cc50e9d294d20650aeeb5d702b1db3e36fc81c8a4860

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.dclicks.site/fb9/index.php

Response headers

cf-cache-status
HIT
etag
W/"67555291-35966d"
age
335482
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jZOxwHBnH4CCnBc83R%2FqxjQT%2Bwq0n8u6GiLl9E6z3%2F5M9ljgPGbUqMNChOTb%2BWmUqjV8VzsExNFeWFyHujyYhS%2Fn0Lbeim8aRb5fJyr9LRDDa%2B9jZwC9OTduT9XOtKB5L5We"}],"group":"cf-nel","max_age":604800}
expires
Thu, 31 Dec 2037 23:55:55 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=7428&min_rtt=6386&rtt_var=615&sent=304&recv=73&lost=0&retrans=0&sent_bytes=328771&recv_bytes=11654&delivery_rate=8876551&cwnd=164400&unsent_bytes=0&cid=c2a2fffdc6bc7b75&ts=204&x=1", cfExtPri, cfHdrFlush;dur=2
date
Thu, 12 Dec 2024 05:56:18 GMT
content-type
image/jpeg
last-modified
Sun, 08 Dec 2024 08:02:25 GMT
vary
Accept-Encoding
priority
u=3,i
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f0b786cfbfddc96-FRA
access-control-allow-origin
*
server
cloudflare
2.jpg
www.dclicks.site/fb9/images/ 		72 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dclicks.site/fb9/images/2.jpg
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/fb9/css/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.201.197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c90a9b6e2076c5408ad93084e592509b58217dbc034f44512642e0d4fac30a9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.dclicks.site/fb9/css/style.css

Response headers

cf-cache-status
HIT
etag
W/"675553f0-11eb3"
age
335482
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7C9zCqcwsIpyjzE55trQPZ9xmSYUYzGxCDZPDkcPaQjjdh%2BVqCVhZPvj2RsizF0UueBbAl7MTgFBOabbGbB9wOGxma%2F1259qHfTw%2FeCmtpJTfYvisXhaz%2BgS7%2F%2BoyUdd5jtE"}],"group":"cf-nel","max_age":604800}
expires
Thu, 31 Dec 2037 23:55:55 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=7425&min_rtt=6386&rtt_var=468&sent=319&recv=74&lost=0&retrans=0&sent_bytes=346280&recv_bytes=11699&delivery_rate=8798764&cwnd=172800&unsent_bytes=0&cid=c2a2fffdc6bc7b75&ts=206&x=1", cfExtPri, cfHdrFlush;dur=1
date
Thu, 12 Dec 2024 05:56:18 GMT
content-type
image/jpeg
last-modified
Sun, 08 Dec 2024 08:08:16 GMT
vary
Accept-Encoding
priority
u=3,i
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f0b786cfbffdc96-FRA
access-control-allow-origin
*
server
cloudflare
URWFormSemiCond-ExtraBold.woff2
www.dclicks.site/fb9/fonts/ 		39 KB
40 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.dclicks.site/fb9/fonts/URWFormSemiCond-ExtraBold.woff2
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/fb9/css/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.201.197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70629610bf6bfcb6ecc7af82a5b8bd64b74f0a2e461455e3f7dd48f9ba682a21

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.dclicks.site
Referer
https://www.dclicks.site/fb9/css/style.css

Response headers

cf-cache-status
HIT
etag
"670d2d7e-9c88"
age
335481
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yjBCoWlQxtwxmJAt7wrbMsBmIgwUS3%2F%2FCb5GymKR0Sl0krWHOsVVdJaBgafwMWx5FIJeNc0HjscGIaZXG5N%2BMVQuJ%2F6EuFI4ZM6xoriXbO9TjGAk%2FGo4Txi095rp5C1g6vVV"}],"group":"cf-nel","max_age":604800}
expires
Thu, 31 Dec 2037 23:55:55 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=7509&min_rtt=6386&rtt_var=375&sent=398&recv=78&lost=0&retrans=0&sent_bytes=439725&recv_bytes=11879&delivery_rate=11565522&cwnd=219600&unsent_bytes=0&cid=c2a2fffdc6bc7b75&ts=209&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 12 Dec 2024 05:56:18 GMT
content-type
application/octet-stream
last-modified
Mon, 14 Oct 2024 14:41:02 GMT
vary
Accept-Encoding
priority
u=0,i=?0
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f0b786d0c08dc96-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
40072
server
cloudflare
HelveticaNeue-CondensedBold.woff2
www.dclicks.site/fb9/fonts/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.dclicks.site/fb9/fonts/HelveticaNeue-CondensedBold.woff2
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/fb9/css/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.201.197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d247e85bc59c1d489e5f11a6608db6e3b67f37e494ad01ae038b43ae1e9d204

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.dclicks.site
Referer
https://www.dclicks.site/fb9/css/style.css

Response headers

cf-cache-status
HIT
etag
"670d2d74-52f4"
age
335481
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bk07qMS9R0%2BF9%2FAyK%2BZKg2oyAHw47s%2Bcq%2ByaIHSp0sytfmjBkfW6QUmqtxfITCLErC1XQsfych17fs2GNNiqeV5ut%2BQskqIkMKA602qKwPWtbQj%2BR9zO2eHVa8JzG6EkO4yh"}],"group":"cf-nel","max_age":604800}
expires
Thu, 31 Dec 2037 23:55:55 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=7557&min_rtt=6386&rtt_var=297&sent=439&recv=80&lost=0&retrans=0&sent_bytes=487725&recv_bytes=11969&delivery_rate=14661633&cwnd=243600&unsent_bytes=0&cid=c2a2fffdc6bc7b75&ts=210&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 12 Dec 2024 05:56:18 GMT
content-type
application/octet-stream
last-modified
Mon, 14 Oct 2024 14:40:52 GMT
vary
Accept-Encoding
priority
u=0,i=?0
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f0b786d0c09dc96-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
21236
server
cloudflare
config.js
nxt-psh.com/ps/ 		364 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nxt-psh.com/ps/config.js?id=_a0WO2NuH0OdNMIFmxiUCA
Requested by
Host: qfqbk.nxt-psh.com
URL: https://qfqbk.nxt-psh.com/ps/ps.js?id=_a0WO2NuH0OdNMIFmxiUCA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.194.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af0bb8b7a4d64839b86f8ee7fd4c1e9e0cd914e00e73006921ebace3cdc24047

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
BYPASS
accept-ch
Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0q%2FFQ5XYh%2FDIub19buwgSWJKEGibPEMgkKRIC%2Br5Nt9S9BgGljqGEhb0EZfZUg%2BkMN7gmilYsxVLgF1i6cG8m7rsAoYFCaa5WGri9bCt%2Bn%2F34Zr34xQ2wix5hGAFxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8f0b786d7f615d3d-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=8034&min_rtt=6481&rtt_var=810&sent=26&recv=18&lost=0&retrans=0&sent_bytes=19169&recv_bytes=4941&delivery_rate=341960&cwnd=24000&unsent_bytes=0&cid=713dabe268448a41&ts=117&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 12 Dec 2024 05:56:18 GMT
content-type
application/javascript
vary
Accept-Encoding
server
cloudflare
priority
u=3,i=?0
firebase-app-compat.js
www.gstatic.com/firebasejs/10.3.1/ 		28 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
Requested by
Host: qfqbk.nxt-psh.com
URL: https://qfqbk.nxt-psh.com/ps/ps.js?id=_a0WO2NuH0OdNMIFmxiUCA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
age
161162
report-to
{"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
x-content-type-options
nosniff
expires
Wed, 10 Dec 2025 09:10:16 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 10 Dec 2024 09:10:16 GMT
last-modified
Thu, 31 Aug 2023 15:20:38 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-opener-policy
same-origin-allow-popups; report-to="firebase-js"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
accept-ranges
bytes
access-control-allow-origin
*
content-length
9308
x-xss-protection
0
server
sffe
firebase-messaging-compat.js
www.gstatic.com/firebasejs/10.3.1/ 		37 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
Requested by
Host: qfqbk.nxt-psh.com
URL: https://qfqbk.nxt-psh.com/ps/ps.js?id=_a0WO2NuH0OdNMIFmxiUCA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
age
82308
report-to
{"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
x-content-type-options
nosniff
expires
Thu, 11 Dec 2025 07:04:30 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 11 Dec 2024 07:04:30 GMT
last-modified
Thu, 31 Aug 2023 15:20:50 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-opener-policy
same-origin-allow-popups; report-to="firebase-js"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
accept-ranges
bytes
access-control-allow-origin
*
content-length
9934
x-xss-protection
0
server
sffe
favicon.ico
www.dclicks.site/fb9/ 		57 KB
9 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.dclicks.site/fb9/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.201.197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6aa09ad2e3ea240fe631769cee394e6623dcee75f09821c61da022310586992e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.dclicks.site/fb9/index.php

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"63c13af5-e31e"
age
312493
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ra907J2DIUch6lMeUOQIZkT4ww4oXHjGbapErUhxM35ugelBBkv0dOO%2FSo8cQK6MqZ0Aesx626qlqD5mxT5kyxAaw5Zhxom9HuqWadFpyggmBdIGHr7aAQJZ89r%2FaThjvDqM"}],"group":"cf-nel","max_age":604800}
expires
Thu, 31 Dec 2037 23:55:55 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=10766&min_rtt=6386&rtt_var=1566&sent=4007&recv=463&lost=21&retrans=21&sent_bytes=4725478&recv_bytes=30461&delivery_rate=57607&cwnd=771000&unsent_bytes=0&cid=c2a2fffdc6bc7b75&ts=729&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 12 Dec 2024 05:56:18 GMT
content-type
image/x-icon
last-modified
Fri, 13 Jan 2023 11:05:25 GMT
vary
Accept-Encoding
priority
u=1,i
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f0b787038ecdc96-FRA
access-control-allow-origin
*
server
cloudflare
getextparams
bigdatajsext.com/ExtService.svc/ 		446 B
409 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bigdatajsext.com/ExtService.svc/getextparams
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/fb9/js/trls.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
136.243.216.252 Eitensheim, Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
static.252.216.243.136.clients.your-server.de
Software
nginx /
Resource Hash
f6f124df634290c5402c8a0cbc4396bd50908d85491a8f3d7ff757893aed3ebc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-allow-origin
*
content-encoding
gzip
date
Thu, 12 Dec 2024 05:56:18 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
server
nginx
ippfeed2
qfqbk.ajscdn.com/ 		2 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://qfqbk.ajscdn.com/ippfeed2?id=FUhK9rt3fUaO3oKNWF7fOQ&p=https%3A//www.dclicks.site/fb9/index.php&nrid=f343ce5dee063029a1e051d296f0cc35
Requested by
Host: qfqbk.ajscdn.com
URL: https://qfqbk.ajscdn.com/ipp.js?id=FUhK9rt3fUaO3oKNWF7fOQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
640fb800f888eea2fdd4abcc3cb39828df2c3750709502fcd7bdde94bfbcfa54

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
inppu
835b50ea-2e5d-4183-a4dc-19d6271b00fa
Referer

Response headers

content-encoding
gzip
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rHiy9tMD5W6%2FmGWwHzi9w6vtlax1qkcDPIisDFy5IND8rGNxU1oYw5YSslbvyGuaYK3NfCgsGCHV%2BK5E1XmKf7BYvTPLNSCQ4aGSydSVhB8zVrqDlA2VJiImss3UknVTkI05"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=9621&min_rtt=8506&rtt_var=1173&sent=25&recv=16&lost=0&retrans=0&sent_bytes=16840&recv_bytes=5013&delivery_rate=75207&cwnd=22800&unsent_bytes=0&cid=f3d31f4c8ddd4261&ts=2243&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 12 Dec 2024 05:56:20 GMT
content-type
application/json; charset=utf-8
vary
Origin
priority
u=1,i
cache-control
max-age=0, no-cache, no-store, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ch
Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
referrer-policy
no-referrer
cf-ray
8f0b787a2a14d26d-FRA
access-control-allow-origin
https://www.dclicks.site
server
cloudflare
ippfeed2
qfqbk.ajscdn.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://qfqbk.ajscdn.com/ippfeed2?id=FUhK9rt3fUaO3oKNWF7fOQ&p=https%3A//www.dclicks.site/fb9/index.php&nrid=f343ce5dee063029a1e051d296f0cc35
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
inppu
Access-Control-Request-Method
GET
Origin
https://www.dclicks.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
inppu
access-control-allow-methods
GET
access-control-allow-origin
https://www.dclicks.site
access-control-max-age
86400
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8f0b7879fa85d2e7-FRA
date
Thu, 12 Dec 2024 05:56:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=1,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RoIDrnmtadte8PJ9aAmpCM32kfn6WlYWyaz2ax1A4VPZC0CY2Fk7ykNcY%2FAdolq1XSEYixv82nNbNgwL5COjw%2BRZK3WsogCKdd%2FCl9%2Bu0IyO49JwOxkCXs5tDTX2b4Cbaq%2Bi"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=7032&min_rtt=6389&rtt_var=1753&sent=10&recv=8&lost=0&retrans=0&sent_bytes=2260&recv_bytes=4222&delivery_rate=91247&cwnd=12000&unsent_bytes=0&cid=318c555791368074&ts=37&x=1" cfExtPri cfHdrFlush;dur=0
x-nginx
filtered
69b864ac-bbee-42a1-88eb-9de40dd41b4d.jpg
static.imghst-de.com/ Frame 7495
Redirect Chain
  • https://ipptrk.trkless.com/trk?s1=QgmRxgdVtwnpndW6M3bjU3ILtUD%2B3hj6kp48lKDmGLKYHt25cqLbu12eDgRxZNPZAhI1jo6Z3qPk%2BmS8hQb5gASUAb%2FMV8LNfaqPeKWCN6o81HozLopmZitthIOMTFDphngdlNT0gQHISKl7tR4wf0rM7u4sR...
  • https://static.imghst-de.com/69b864ac-bbee-42a1-88eb-9de40dd41b4d.jpg
3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.imghst-de.com/69b864ac-bbee-42a1-88eb-9de40dd41b4d.jpg
Protocol
H2
Server
104.26.2.30 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56bca43d2d566052f0a4bab37e1c484fe2bf7d35c6a1af1ed216c8d0eaa054a6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-bgj
h2pri
etag
"672cd3e6-dec"
age
6029
cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m39u4ssWZKW%2BRGxBGgfV771iVk3HD7HWVR3fYN2RG54hNTtpapn1PXYsPgBQPAo8AWpVKRtei%2Fp4up3%2Bh4a5saStM7UAnBec04e7l4HnWdsRJJBiM5PbupN8E7GewR%2BfHJdH6fMJ"}],"group":"cf-nel","max_age":604800}
server-timing
cfL4;desc="?proto=TCP&rtt=6385&min_rtt=6233&rtt_var=1129&sent=6&recv=12&lost=0&retrans=0&sent_bytes=3990&recv_bytes=2332&delivery_rate=626148&cwnd=251&unsent_bytes=0&cid=455b293942e1e249&ts=82&x=0"
date
Thu, 12 Dec 2024 05:56:20 GMT
content-type
image/jpeg
last-modified
Thu, 07 Nov 2024 14:51:18 GMT
vary
Accept-Encoding
cache-control
max-age=691200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f0b787c1f9aa064-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
3564
server
cloudflare

Redirect headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
location
https://static.imghst-de.com/69b864ac-bbee-42a1-88eb-9de40dd41b4d.jpg
cf-cache-status
DYNAMIC
accept-ch
Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KZFGBcL0GGBuH7vUB7T7EmboxGO%2F6S2qrSLCWK4zwXphfff2WVVi1r0MkVHg3eiLL1Bqg2f2EwU8eMm46STCKbg0mQBlP3KYmDpA2RtZu6FeaOZKjdLwhFpMD0h7ByEy6xwJ7%2FQ%3D"}],"group":"cf-nel","max_age":604800}
referrer-policy
no-referrer
cf-ray
8f0b787b5d2f1a86-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=7105&min_rtt=6906&rtt_var=1794&sent=11&recv=9&lost=0&retrans=0&sent_bytes=4223&recv_bytes=5059&delivery_rate=76084&cwnd=12000&unsent_bytes=0&cid=c73f42ccb79b5bb9&ts=32&x=1", cfExtPri, cfHdrFlush;dur=0
content-length
0
date
Thu, 12 Dec 2024 05:56:20 GMT
server
cloudflare
priority
u=1,i

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| getURLParameter function| replaceCustomParams function| getParameterByName function| hideUnsub function| languageDetection function| writeLocation function| showLocation function| getCookie function| getBackendParamsByName function| addSessionId function| docReady function| $ function| jQuery function| initTranslations function| replace_text function| translation_available function| detect_language string| browserLang function| changeCity function| contentHeight object| jQuery1113001571890547823429 function| __showPush function| a0_0x291a object| config object| firebase

6 Cookies

Domain/Path Name / Value
qfqbk.ajscdn.com/ Name: __inppu
Value: 835b50ea-2e5d-4183-a4dc-19d6271b00fa
qfqbk.nxt-psh.com/ Name: __psu
Value: bef70c0c-61b2-4862-9f08-90c8f631db9f
www.dclicks.site/ Name: __inppu
Value: 835b50ea-2e5d-4183-a4dc-19d6271b00fa
nxt-psh.com/ Name: __psu
Value: 65b7f3f3-dfcc-4f99-968f-496643ca4445
www.dclicks.site/ Name: inpp_DGS4_EXH2
Value: 1
www.dclicks.site/ Name: inpp_DGS4_EXH2_cap
Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bigdatajsext.com
dclicks.site
ipptrk.trkless.com
nxt-psh.com
qfqbk.ajscdn.com
qfqbk.nxt-psh.com
static.imghst-de.com
www.dclicks.site
www.gstatic.com
104.26.2.30
136.243.216.252
172.67.145.143
172.67.194.119
172.67.201.197
188.114.96.3
2a00:1450:4001:810::2003
054437e2e364bea368f256b1a67d188a5d8fc72bc169af6f12d92dc6c6234eda
0b5680e9b625c2960d659ef6dddd001e4a2004b9970eee871bda38f95a0ed94a
0d247e85bc59c1d489e5f11a6608db6e3b67f37e494ad01ae038b43ae1e9d204
190aeb9fade48016d0e40e16a92830b3c53565c293af92d88b52b7cab989ddbe
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522
24e58435a15d57bd088669dba825cf659bb654d5ebdbe6c099801c197d51596a
2c221ddb4ca7bc9ed561bc05aa71b470d0e4f9e17cd9f90cdb0e1fea6ffae77b
37ca6ee37ab3c72ae84b6e5c4a8234246c2ed070f2c0edfb93228eb148ae5ba5
56bca43d2d566052f0a4bab37e1c484fe2bf7d35c6a1af1ed216c8d0eaa054a6
640fb800f888eea2fdd4abcc3cb39828df2c3750709502fcd7bdde94bfbcfa54
6474835e5bac748d76d75ce0fd5da7c97d047f55e6c02c5a3fe2daee351671ab
6aa09ad2e3ea240fe631769cee394e6623dcee75f09821c61da022310586992e
70629610bf6bfcb6ecc7af82a5b8bd64b74f0a2e461455e3f7dd48f9ba682a21
85e32542a2af140bc387043124d1a6d33ba1325f99970b74748c243a16b1f58d
8c56545379b30a70c1dfe55be86f5bbe4503ba049da977da0dc6995c35ddb576
8c90a9b6e2076c5408ad93084e592509b58217dbc034f44512642e0d4fac30a9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5
af0bb8b7a4d64839b86f8ee7fd4c1e9e0cd914e00e73006921ebace3cdc24047
ce32707c0d679b8ed56b5dc8c498e1b1667e5b1905b8aeff42151e3f6667d73d
d6afd8d9abc2967f29ad396854cd05b1a12dcf9b7084f944c136ca6f540c5a39
dce12e3762cd99b06b36c1dc5da30643ce68787bcc8f894c0e783f8321620f72
f488075a542bef6746a9cc50e9d294d20650aeeb5d702b1db3e36fc81c8a4860
f6f124df634290c5402c8a0cbc4396bd50908d85491a8f3d7ff757893aed3ebc
f72c1227ef06a3fc4f73500111fda92811427146e2404f456ec1cf2f0e5b292c