urlscan.io logo urlscan.io
SecurityTrails logo

gamerxyt.com Open in urlscan Pro
188.114.96.3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://newsadda4u.com/dl.php?link=video-downloads.googleusercontent.com/ADGPM2kV27NS1osLmBKotNJB0mfMK2-jCwElcDmI5TC7Kv...
Effective URL: https://gamerxyt.com/dl.php?link=video-downloads.googleusercontent.com/ADGPM2kV27NS1osLmBKotNJB0mfMK2-jCwElcDmI5TC7Kv...
Submission: On October 26 via api from US — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 5 countries across 17 domains to perform 28 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is gamerxyt.com.
TLS certificate: Issued by WE1 on October 10th 2024. Valid for: 3 months.
This is the only time gamerxyt.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 4 188.114.97.3 13335 (CLOUDFLAR...)
4 188.114.96.3 13335 (CLOUDFLAR...)
1 18.245.78.155 16509 (AMAZON-02)
3 151.101.67.52 54113 (FASTLY)
1 13.32.99.57 16509 (AMAZON-02)
2 23.213.164.238 16625 (AKAMAI-AS)
1 37.19.194.81 60068 (CDN77 _)
3 178.250.1.3 44788 (ASN-CRITE...)
2 185.59.208.177 43541 (VSHOSTING)
1 178.250.1.11 44788 (ASN-CRITE...)
28 11
4    188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
newsadda4u.com
kinarilyhukelpfulin.com
4    188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
gamerxyt.com
ukankingwithea.com
1    18.245.78.155 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-78-155.fra60.r.cloudfront.net
d1vy7td57198sq.cloudfront.net
3    151.101.67.52 (San Francisco, United States)

ASN54113 (FASTLY, US)
delivery.r2b2.io
1    13.32.99.57 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-57.fra60.r.cloudfront.net
ordinghology.com
2    23.213.164.238 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-213-164-238.deploy.static.akamaitechnologies.com
ads.pubmatic.com
1    37.19.194.81 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)
PTR: 413474573.fra.cdn77.com
topics.authorizedvault.com
3    178.250.1.3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
static.criteo.net
2    185.59.208.177 (Czech Republic)

ASN43541 (VSHOSTING, CZ)
PTR: webgarden-track-lb-ha.vshosting.cz
track.us.org
1    178.250.1.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
Apex Domain
Subdomains		 Transfer
3 criteo.net
static.criteo.net — Cisco Umbrella Rank: 776
33 KB
3 kinarilyhukelpfulin.com
kinarilyhukelpfulin.com
2 KB
3 r2b2.io
delivery.r2b2.io — Cisco Umbrella Rank: 37629
253 KB
2 us.org
track.us.org — Cisco Umbrella Rank: 38661
1 KB
2 pubmatic.com
ads.pubmatic.com — Cisco Umbrella Rank: 557
89 KB
2 ukankingwithea.com
ukankingwithea.com — Cisco Umbrella Rank: 28492
101 KB
2 gamerxyt.com
gamerxyt.com
5 KB
1 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 461
1 authorizedvault.com
topics.authorizedvault.com — Cisco Umbrella Rank: 6514
1 ordinghology.com
ordinghology.com
1 cloudfront.net
d1vy7td57198sq.cloudfront.net
68 KB
1 newsadda4u.com
newsadda4u.com
750 B
0 Failed
function sub() { [native code] }. Failed
0 google.com Failed
accounts.google.com — Cisco Umbrella Rank: 18 Failed
0 facebook.com Failed
www.facebook.com Failed
0 hubcdn.vip Failed
hubcdn.vip Failed
0 arc.io Failed
arc.io Failed
28 17
Domain Requested by
3 static.criteo.net delivery.r2b2.io
gamerxyt.com
3 kinarilyhukelpfulin.com gamerxyt.com
3 delivery.r2b2.io gamerxyt.com
delivery.r2b2.io
2 track.us.org delivery.r2b2.io
2 ads.pubmatic.com delivery.r2b2.io
2 ukankingwithea.com d1vy7td57198sq.cloudfront.net
2 gamerxyt.com
1 gum.criteo.com gamerxyt.com
1 topics.authorizedvault.com delivery.r2b2.io
1 ordinghology.com d1vy7td57198sq.cloudfront.net
1 d1vy7td57198sq.cloudfront.net gamerxyt.com
1 newsadda4u.com 1 redirects
0 undefined Failed d1vy7td57198sq.cloudfront.net
0 accounts.google.com Failed gamerxyt.com
0 www.facebook.com Failed gamerxyt.com
0 hubcdn.vip Failed gamerxyt.com
0 arc.io Failed gamerxyt.com
28 17

This site contains no links.

Subject Issuer Validity Valid
gamerxyt.com
WE1		 2024-10-10 -
2025-01-08		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2024-07-30 -
2025-07-03		 a year crt.sh
delivery.r2b2.io
R10		 2024-10-07 -
2025-01-05		 3 months crt.sh
ukankingwithea.com
WE1		 2024-09-05 -
2024-12-04		 3 months crt.sh
kinarilyhukelpfulin.com
WE1		 2024-09-06 -
2024-12-05		 3 months crt.sh
ordinghology.com
Amazon RSA 2048 M03		 2024-10-08 -
2025-11-06		 a year crt.sh
*.pubmatic.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-11-26 -
2024-11-26		 a year crt.sh
1657490710.rsc.cdn77.org
E5		 2024-08-20 -
2024-11-18		 3 months crt.sh
*.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-09-24 -
2024-12-21		 3 months crt.sh
track.us.org
E5		 2024-10-13 -
2025-01-11		 3 months crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-09-24 -
2024-12-25		 3 months crt.sh

This page contains 7 frames:

Primary Page: https://gamerxyt.com/dl.php?link=video-downloads.googleusercontent.com/ADGPM2kV27NS1osLmBKotNJB0mfMK2-jCwElcDmI5TC7KvjWfu6ZpctZguk3BWtL73ybFjmuljEPdUIq4yr4YWu7SsbUMcmtd_oz7XWIqOC1HgsvkLImS3Iq3nol4V3n02ogHtnCmVMZGqMO-mdWVZD8lo9NB-l8d80ECZkYvQCRUyt10iVLVf9DQs3HN5l73sg_Ymp24K7M0...%20312%20...SjqKyvwROSLyC7YAIsRSPl4FEm4zde
Frame ID: 9F2EA586A0B4875DEB1BACAD29FCFC68
Requests: 21 HTTP requests in this frame

Frame: https://ordinghology.com/Nk9zM2tXLRBeVFdyERUeRCNOFllwakF1Dwc5CgQfUnpEAlIOPAIdCFogBlcNRCAdR0VYKgcWWXAIIUk5ei4ragBhNiZjOGIBF39aZAcXVDlMGBh5TgQJNlkYVAoKdiF6DhRRIl0WCXYqfD8lSjpzGjACI3wOEHQOWwpFawJzDBZiCE4KQXUqex5Cfw9kBh1wKVEoMGRbewgwYiFTJEtrIgcVQWs9dzUhcDp1HAkKCmY4BHYmYHscdBN0JyJgG2MIClskfygmUiFeCUZ/W3g/MXReVB0eCiZTIxtnD34VBmRbbz0rYD5VCx56LFM3NXwIYTtKaz0PJjFdRkUGMVkPbwMbBz98GUtaI2ABQlAFAy4iZAB+KSZLLlI3BFQqZwYCZCwDLT1kInEqBGYNegk1RjwGFhRmOFEMNGRfZColWD16fypYKXQBGnEMBxYhawhXKkNXLFceIUY8BhZDZTgGBjFwX2QqIAovUg49XzxdDRtiM2wWVVkYWSEDDj5HeCR2JnoXFg
Frame ID: CE3F7B39A737CD6BDC4DEA3B8D5BCED0
Requests: 1 HTTP requests in this frame

Frame: https://undefined/TmQzNHovBlBZRS9ZURIPPAgOEUgIQQFyHn8SSgMOKlEEBUN2F0IaGSILRlAcPAtdQFQgAUcRSAhQV3wzfDd2UyIGMlRBHjklUWEUGFFhYTcJAnsNPxghagI2HC5jYSklCHZlOAEpZ0wbCzJYWBgmUHFjKRdQYGYoIDRKDAIeMXURSAghYUcWDAoKQTsPDGBQIj43e1gZIygDWC8bHWpGKRspYn8pOTNnQzA7NGFiKhkdUE0yHFFSfy1/I311NCMBdXI7DAlyQygbKWdRDT42YnUjJS1hWzIaCQICKA8LfFISKidhXEM6AVhlLhwOVF8/HzJnfxMDAHFcVwBSd188DCVkbk0fCFBxHwklVXMRBwh5cjwPAGQFTBwmBlIzN1VhZTsXEn9mGRQzZHIOHA95YjMKC1F8SwAQVl4wCiZrXBccIkRzICAMYWU7F1N4ZjMaNnByDhwOYnAffV1SZSsMEWNhFgpCWUcVIBQOUis5A3Z7DXk9XGNKeQ
Frame ID: B09CA07DAD7D17E8FDFAC5EBEE62CF01
Requests: 1 HTTP requests in this frame

Frame: https://topics.authorizedvault.com/topicsapi.html?bidder=rtbhouse
Frame ID: 00CB633EE9EBD94C18573FE4BF87B839
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/topics/topics_frame.html?bidder=pubmatic
Frame ID: 67C6C619E1C296BB46C32EB2C12FA726
Requests: 1 HTTP requests in this frame

Frame: https://delivery.r2b2.io/static/topics/topics_frame.html?bidder=r2b2
Frame ID: 0B171141349FE7E15DF08C77B90AA81A
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=gamerxyt.com
Frame ID: 5D7AEC681443F7E813BC80D3EABC6FE5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

GamerXyt

Page URL History Show full URLs

  1. https://newsadda4u.com/dl.php?link=video-downloads.googleusercontent.com/ADGPM2kV27NS1osLmBKotNJB0m... HTTP 302
    https://gamerxyt.com/dl.php?link=video-downloads.googleusercontent.com/ADGPM2kV27NS1osLmBKotNJB0m... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Page Statistics

28
Requests

75 %
HTTPS

0 %
IPv6

17
Domains

17
Subdomains

11
IPs

5
Countries

552 kB
Transfer

1475 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://newsadda4u.com/dl.php?link=video-downloads.googleusercontent.com/ADGPM2kV27NS1osLmBKotNJB0mfMK2-jCwElcDmI5TC7KvjWfu6ZpctZguk3BWtL73ybFjmuljEPdUIq4yr4YWu7SsbUMcmtd_oz7XWIqOC1HgsvkLImS3Iq3nol4V3n02ogHtnCmVMZGqMO-mdWVZD8lo9NB-l8d80ECZkYvQCRUyt10iVLVf9DQs3HN5l73sg_Ymp24K7M0...%20312%20...SjqKyvwROSLyC7YAIsRSPl4FEm4zde HTTP 302
    https://gamerxyt.com/dl.php?link=video-downloads.googleusercontent.com/ADGPM2kV27NS1osLmBKotNJB0mfMK2-jCwElcDmI5TC7KvjWfu6ZpctZguk3BWtL73ybFjmuljEPdUIq4yr4YWu7SsbUMcmtd_oz7XWIqOC1HgsvkLImS3Iq3nol4V3n02ogHtnCmVMZGqMO-mdWVZD8lo9NB-l8d80ECZkYvQCRUyt10iVLVf9DQs3HN5l73sg_Ymp24K7M0...%20312%20...SjqKyvwROSLyC7YAIsRSPl4FEm4zde Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://hubcdn.cc/css/dl.min.css HTTP 301
  • https://hubcdn.site/css/dl.min.css HTTP 301
  • https://hubcdn.vip/css/dl.min.css
Request Chain 2
  • https://hubcdn.cc/css/dlstyle.css HTTP 301
  • https://hubcdn.site/css/dlstyle.css HTTP 301
  • https://hubcdn.vip/css/dlstyle.css
Request Chain 9
  • https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP 302
  • https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AcMMx-dm66g6cFfaBt5R2IQEYh7StokZVEKhLCTXUd-GXb0vTyH6nSUsHVNhrUkHLSbIKgoXWssb-Q HTTP 302
  • https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AcMMx-eKJP54Hf2W_Af_f5U8TwKYx2c54CXdzZjPo00zIN8EL5d_9pkqVz0xCTKPNDoMfSuB945xjg&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2127508086%3A1729964551386998&ddm=0
Request Chain 10
  • https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
  • https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AcMMx-eDAnr2QHIqs13Zbp8SyyiP5OQUJFBx8cu9vaBTIQ2ZXGTRik1knwuwWAqd6uzJmJJYFsyMFQ HTTP 302
  • https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AcMMx-c5kuLzXZT6_oHf5PjFixrWdi_m9HlytGo5nkwVTnGmkRv9lvFOBhaEE9TYdyyVGWHD37OhLQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1295606229%3A1729964551389339&ddm=0

28 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request dl.php
gamerxyt.com/
Redirect Chain
  • https://newsadda4u.com/dl.php?link=video-downloads.googleusercontent.com/ADGPM2kV27NS1osLmBKotNJB0mfMK2-jCwElcDmI5TC7KvjWfu6ZpctZguk3BWtL73ybFjmuljEPdUIq4yr4YWu7SsbUMcmtd_oz7XWIqOC1HgsvkLImS3Iq3nol...
  • https://gamerxyt.com/dl.php?link=video-downloads.googleusercontent.com/ADGPM2kV27NS1osLmBKotNJB0mfMK2-jCwElcDmI5TC7KvjWfu6ZpctZguk3BWtL73ybFjmuljEPdUIq4yr4YWu7SsbUMcmtd_oz7XWIqOC1HgsvkLImS3Iq3nol4V...
8 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gamerxyt.com/dl.php?link=video-downloads.googleusercontent.com/ADGPM2kV27NS1osLmBKotNJB0mfMK2-jCwElcDmI5TC7KvjWfu6ZpctZguk3BWtL73ybFjmuljEPdUIq4yr4YWu7SsbUMcmtd_oz7XWIqOC1HgsvkLImS3Iq3nol4V3n02ogHtnCmVMZGqMO-mdWVZD8lo9NB-l8d80ECZkYvQCRUyt10iVLVf9DQs3HN5l73sg_Ymp24K7M0...%20312%20...SjqKyvwROSLyC7YAIsRSPl4FEm4zde
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2631c948ecd71dfe840eddedf65c6a31c82e8106298b18e09e06cca592a13781

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

age
5545
alt-svc
h3=":443"; ma=86400
cache-control
max-age=14400
cf-cache-status
HIT
cf-ray
8d8c3e4b9a860c38-AMS
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 26 Oct 2024 17:42:30 GMT
last-modified
Sat, 26 Oct 2024 16:10:05 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wqke8Tt1IHh1g0h7Z2e%2B69eHGckdYwtUaRjncznIlgT6XWwSX1Tb8rQd948vMnKm%2Fdh940g03t5KmkDpLlbC6MP6jeEVNbWSfzIAM1Rgk03nLXd9TxEmRMJ2lFzUFLQ%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=14007&sent=13&recv=10&lost=0&retrans=0&sent_bytes=4223&recv_bytes=4729&delivery_rate=40911&cwnd=12000&unsent_bytes=0&cid=9c231873d8d56c1d&ts=47&x=1" cfExtPri cfHdrFlush;dur=0
vary
Accept-Encoding
x-turbo-charged-by
LiteSpeed

Redirect headers

cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
8d8c3e4b2db50c75-AMS
content-length
143
content-type
text/html
date
Sat, 26 Oct 2024 17:42:30 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
location
https://gamerxyt.com/dl.php?link=video-downloads.googleusercontent.com/ADGPM2kV27NS1osLmBKotNJB0mfMK2-jCwElcDmI5TC7KvjWfu6ZpctZguk3BWtL73ybFjmuljEPdUIq4yr4YWu7SsbUMcmtd_oz7XWIqOC1HgsvkLImS3Iq3nol4V3n02ogHtnCmVMZGqMO-mdWVZD8lo9NB-l8d80ECZkYvQCRUyt10iVLVf9DQs3HN5l73sg_Ymp24K7M0...%20312%20...SjqKyvwROSLyC7YAIsRSPl4FEm4zde
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5w2WzJQzTMZo0L5i3JM%2BdkI2dGv5DDeQBUWQeCq1NGNBjCSPL76s8z7x%2Fztj1QP1ltZrB53pkGqscnb0DqfMu2TdWqfnDMQzK3AbmFOlQxJa3%2BQxeTMkxG5kRzmxsqOv2g%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
widget.min.js
arc.io/ 		0
0
dl.min.css
hubcdn.vip/css/
Redirect Chain
  • https://hubcdn.cc/css/dl.min.css
  • https://hubcdn.site/css/dl.min.css
  • https://hubcdn.vip/css/dl.min.css
0
0
dlstyle.css
hubcdn.vip/css/
Redirect Chain
  • https://hubcdn.cc/css/dlstyle.css
  • https://hubcdn.site/css/dlstyle.css
  • https://hubcdn.vip/css/dlstyle.css
0
0
/
d1vy7td57198sq.cloudfront.net/ 		205 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d1vy7td57198sq.cloudfront.net/?dtyvd=1108348
Requested by
Host: gamerxyt.com
URL: https://gamerxyt.com/dl.php?link=video-downloads.googleusercontent.com/ADGPM2kV27NS1osLmBKotNJB0mfMK2-jCwElcDmI5TC7KvjWfu6ZpctZguk3BWtL73ybFjmuljEPdUIq4yr4YWu7SsbUMcmtd_oz7XWIqOC1HgsvkLImS3Iq3nol4V3n02ogHtnCmVMZGqMO-mdWVZD8lo9NB-l8d80ECZkYvQCRUyt10iVLVf9DQs3HN5l73sg_Ymp24K7M0...%20312%20...SjqKyvwROSLyC7YAIsRSPl4FEm4zde
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.78.155 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-78-155.fra60.r.cloudfront.net
Software
/
Resource Hash
1fdc2c7a9511b9f8c8814f9bdec6eaa73bdde3fe0e4fc5525d18298ca29a4215

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control
no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding
gzip
pragma
no-cache
age
422
via
1.1 337ce1d1833905a0473cbaec913a354c.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
content-length
69379
x-amz-cf-id
rGKS8fNaK2BauVlY5VRz7s8XNGcR3xtAqdDVtnmW37WbCi4YwoYM1w==
date
Sat, 26 Oct 2024 17:35:29 GMT
x-amz-cf-pop
FRA60-P6
mobile
delivery.r2b2.io/get/gamerxyt.com/generic/sticky/ 		48 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://delivery.r2b2.io/get/gamerxyt.com/generic/sticky/mobile
Requested by
Host: gamerxyt.com
URL: https://gamerxyt.com/dl.php?link=video-downloads.googleusercontent.com/ADGPM2kV27NS1osLmBKotNJB0mfMK2-jCwElcDmI5TC7KvjWfu6ZpctZguk3BWtL73ybFjmuljEPdUIq4yr4YWu7SsbUMcmtd_oz7XWIqOC1HgsvkLImS3Iq3nol4V3n02ogHtnCmVMZGqMO-mdWVZD8lo9NB-l8d80ECZkYvQCRUyt10iVLVf9DQs3HN5l73sg_Ymp24K7M0...%20312%20...SjqKyvwROSLyC7YAIsRSPl4FEm4zde
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.67.52 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9c528f83c570d313a157513a350e7a8358f0bdccdf821a0843e5708043e49222

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

x-execution-time
7
content-encoding
br
accept-ranges
none
x-cache
HIT
date
Sat, 26 Oct 2024 17:42:30 GMT
content-type
text/javascript
x-served-by
cache-ams21051-AMS
vary
accept-encoding
asd100.bin
ukankingwithea.com/ 		100 KB
101 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ukankingwithea.com/asd100.bin
Requested by
Host: d1vy7td57198sq.cloudfront.net
URL: https://d1vy7td57198sq.cloudfront.net/?dtyvd=1108348
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
age
1570
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WNpIBjylam%2BDAo8HHoegJQ3S0BG6A2fbw4f4gwXfKmB3YNepZRpWSyuQddr1dqRZw1oBb%2F56jBs%2B2dBNY70EL37XWhoxUqi089aHZDmChsbWeyfhasCYVJaYVwDySjwh6UiTobA%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=12470&sent=12&recv=9&lost=0&retrans=0&sent_bytes=4191&recv_bytes=4590&delivery_rate=219606&cwnd=12000&unsent_bytes=0&cid=d11a39dc08da4df5&ts=46&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sat, 26 Oct 2024 17:42:31 GMT
content-type
binary/octet-stream
last-modified
Sat, 26 Oct 2024 17:16:21 GMT
vary
Accept-Encoding
priority
u=1,i
access-control-allow-headers
X-Requested-With, content-type
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
8d8c3e4d9e8fb92a-AMS
access-control-allow-origin
https://gamerxyt.com
server
cloudflare
/
ukankingwithea.com/ 		26 B
725 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ukankingwithea.com/
Requested by
Host: d1vy7td57198sq.cloudfront.net
URL: https://d1vy7td57198sq.cloudfront.net/?dtyvd=1108348
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d0ad3e2a9f6436d6a0b8dd1f882e8b617f1ae005310c2565debf17b5628a25e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
DYNAMIC
access-control-allow-credentials
true
access-control-allow-methods
GET
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kqx1xV%2Bq69QlMwFIRGEo9zImMCV2JrKd16e2NHqTPMjktHQfd7tC3fjrWsBmzIryBA0fD4j3fqH98yuaJlvPqIFxjaMz6Zsk3d1WEIc8tm2oo2xlh36anfqyI3wTzuM2NQsx1Hw%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8d8c3e4d9e8db92a-AMS
access-control-allow-origin
https://gamerxyt.com
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=18608&sent=103&recv=56&lost=0&retrans=0&sent_bytes=109722&recv_bytes=6648&delivery_rate=2643844&cwnd=60000&unsent_bytes=0&cid=d11a39dc08da4df5&ts=140&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sat, 26 Oct 2024 17:42:31 GMT
content-type
text/plain
server
cloudflare
priority
u=1,i
access-control-allow-headers
X-Requested-With, content-type
cn5xAQ
kinarilyhukelpfulin.com/RTZKQ0xqCSkwcSFxPhMuDWAPFCIfVxsGCiNTey8LFHBzexQQBmw3JSELe3J8fQV+e2o1Xy5+fWNFPiI4MEV3cmosWCwscWNAd3JidgJkcHprAmw2cXQQPjMtIgt7ZTwxQiZ+fXIEc3p6cQN/ 		0
587 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://kinarilyhukelpfulin.com/RTZKQ0xqCSkwcSFxPhMuDWAPFCIfVxsGCiNTey8LFHBzexQQBmw3JSELe3J8fQV+e2o1Xy5+fWNFPiI4MEV3cmosWCwscWNAd3JidgJkcHprAmw2cXQQPjMtIgt7ZTwxQiZ+fXIEc3p6cQN/cn5xAQ
Requested by
Host: gamerxyt.com
URL: https://gamerxyt.com/dl.php?link=video-downloads.googleusercontent.com/ADGPM2kV27NS1osLmBKotNJB0mfMK2-jCwElcDmI5TC7KvjWfu6ZpctZguk3BWtL73ybFjmuljEPdUIq4yr4YWu7SsbUMcmtd_oz7XWIqOC1HgsvkLImS3Iq3nol4V3n02ogHtnCmVMZGqMO-mdWVZD8lo9NB-l8d80ECZkYvQCRUyt10iVLVf9DQs3HN5l73sg_Ymp24K7M0...%20312%20...SjqKyvwROSLyC7YAIsRSPl4FEm4zde
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dEAP1UFBd1tfa4gOROKzfBrXHs74RrZL74pAgyuGrKzFhRGpqtwQxy6No6aRGJ7WIuIVXbx3xlJrM%2F1j5CXqhBN0SS%2BJ4kLO1gzR%2BphXHNsfG86uK0iwTtMlg2OXGDpQgUmVim0Ndtwo7g%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8d8c3e4dedc0655c-AMS
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=18453&sent=13&recv=13&lost=0&retrans=0&sent_bytes=4966&recv_bytes=5342&delivery_rate=23772&cwnd=12000&unsent_bytes=0&cid=fc82a9ee7e7aa545&ts=154&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sat, 26 Oct 2024 17:42:31 GMT
server
cloudflare
priority
u=3,i
login.php
www.facebook.com/ 		0
0
identifier
accounts.google.com/v3/signin/
Redirect Chain
  • https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
  • https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AcMMx-dm66g6cFfaBt5R2IQEYh7StokZVEKhLCTXUd-GXb0vTyH6nSUsHVNhrUk...
  • https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AcMMx-eKJP54Hf2W_Af_f5U8TwKYx2c54CXdzZjPo00zIN8EL5d_9pkqVz0xCTKPNDoMfSuB945xjg&passiv...
0
0
identifier
accounts.google.com/v3/signin/
Redirect Chain
  • https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
  • https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AcMMx-eDAnr2QHIqs13Zbp8SyyiP5OQUJFBx8cu9vaBTIQ2ZXGTRik1knwu...
  • https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AcMMx-c5kuLzXZT6_oHf5PjFixrWdi_m9HlytGo5nkwVTnGmkRv9lvFOBhaEE9TYdyyVGWHD37OhLQ&passi...
0
0
popunder.gif
kinarilyhukelpfulin.com/ 		35 B
772 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://kinarilyhukelpfulin.com/popunder.gif
Requested by
Host: gamerxyt.com
URL: https://gamerxyt.com/dl.php?link=video-downloads.googleusercontent.com/ADGPM2kV27NS1osLmBKotNJB0mfMK2-jCwElcDmI5TC7KvjWfu6ZpctZguk3BWtL73ybFjmuljEPdUIq4yr4YWu7SsbUMcmtd_oz7XWIqOC1HgsvkLImS3Iq3nol4V3n02ogHtnCmVMZGqMO-mdWVZD8lo9NB-l8d80ECZkYvQCRUyt10iVLVf9DQs3HN5l73sg_Ymp24K7M0...%20312%20...SjqKyvwROSLyC7YAIsRSPl4FEm4zde
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
cf-cache-status
HIT
age
1772
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QcQtvSMgOOjFwRVbuh1Un5C2B0EqGYmw%2FzPS2MEV1FYslSVDCmdNpGcW4Zs8SfvFPs9hg1E%2Fqb6fZePaCVJAR%2FtYz0Gr3f5Pn4gvYRyNuWQAsurUr%2BpnYqomIDC9xeIQ2rQQ%2BVRY78vV6w%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=19305&sent=12&recv=12&lost=0&retrans=0&sent_bytes=4171&recv_bytes=5299&delivery_rate=43324&cwnd=12000&unsent_bytes=0&cid=fc82a9ee7e7aa545&ts=69&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sat, 26 Oct 2024 17:42:31 GMT
content-type
image/gif
last-modified
Sat, 26 Oct 2024 17:12:59 GMT
vary
Accept-Encoding
priority
u=3,i
cache-control
public, max-age=604800, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
public
cf-ray
8d8c3e4dedc2655c-AMS
accept-ranges
bytes
access-control-allow-origin
*
content-length
58
server
cloudflare
eXJhbkRWTQIdeSseDRoWPjRRDCgJCjQAFg0qKTwVHUARDSAvI0caLR1PUF91SUZWXmIJGwVTdUFUEholDQcSU3VfGw8IK0RUF1N1V0JPXGpMVBRTdV8GEQ8jRENHHjANHlxfc0tLWFhwTEdQXHFM
kinarilyhukelpfulin.com/ 		0
586 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://kinarilyhukelpfulin.com/eXJhbkRWTQIdeSseDRoWPjRRDCgJCjQAFg0qKTwVHUARDSAvI0caLR1PUF91SUZWXmIJGwVTdUFUEholDQcSU3VfGw8IK0RUF1N1V0JPXGpMVBRTdV8GEQ8jRENHHjANHlxfc0tLWFhwTEdQXHFM
Requested by
Host: gamerxyt.com
URL: https://gamerxyt.com/dl.php?link=video-downloads.googleusercontent.com/ADGPM2kV27NS1osLmBKotNJB0mfMK2-jCwElcDmI5TC7KvjWfu6ZpctZguk3BWtL73ybFjmuljEPdUIq4yr4YWu7SsbUMcmtd_oz7XWIqOC1HgsvkLImS3Iq3nol4V3n02ogHtnCmVMZGqMO-mdWVZD8lo9NB-l8d80ECZkYvQCRUyt10iVLVf9DQs3HN5l73sg_Ymp24K7M0...%20312%20...SjqKyvwROSLyC7YAIsRSPl4FEm4zde
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DBa0e9YR2r7P5rR96lz%2Fj5nfc6YRj1OY94HHw46Hw%2BYZE4mmYB34jEituxvy2byph9qkI7xpsL2WgNvJDttKHorMjEzviXOsn4rH4Kyyrt0PBDSaKG2lghybHHn%2FxJBxERkh47gp6Std2g%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8d8c3e4dedc3655c-AMS
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=18453&sent=14&recv=13&lost=0&retrans=0&sent_bytes=5576&recv_bytes=5342&delivery_rate=23772&cwnd=12000&unsent_bytes=0&cid=fc82a9ee7e7aa545&ts=154&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sat, 26 Oct 2024 17:42:31 GMT
server
cloudflare
priority
u=3,i
bundle_ad1292.c17e20304ac02fab29d7.js
delivery.r2b2.io/js/7.19.0/online/public/ 		752 KB
238 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://delivery.r2b2.io/js/7.19.0/online/public/bundle_ad1292.c17e20304ac02fab29d7.js
Requested by
Host: delivery.r2b2.io
URL: https://delivery.r2b2.io/get/gamerxyt.com/generic/sticky/mobile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.67.52 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c8d8b64bd26696ba0c2e63b1d5e0dcebf7be5c2bc5072beb9f56c53fab355440

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control
max-age=10800, public
content-encoding
gzip
etag
"671b6d92-bc196"
age
2784
x-lb-cache
HIT
expires
Sat, 26 Oct 2024 19:54:51 GMT
accept-ranges
bytes
x-cache
HIT
content-length
243165
date
Sat, 26 Oct 2024 16:56:08 GMT
content-type
text/javascript; charset=utf-8
last-modified
Fri, 25 Oct 2024 10:06:10 GMT
server
nginx
x-cache-hits
1102
x-served-by
cache-ams2100105-AMS
MXReVB0eCiZTIxtnD34VBmRbbz0rYD5VCx56LFM3NXwIYTtKaz0PJjFdRkUGMVkPbwMbBz98GUtaI2ABQlAFAy4iZAB+KSZLLlI3BFQqZwYCZCwDLT1kInEqBGYNegk1RjwGFhRmOFEMNGRfZColWD16fypYKXQBGnEMBxYhawhXKkNXLFceIUY8BhZDZTgGBjFwX...
ordinghology.com/Nk9zM2tXLRBeVFdyERUeRCNOFllwakF1Dwc5CgQfUnpEAlIOPAIdCFogBlcNRCAdR0VYKgcWWXAIIUk5ei4ragBhNiZjOGIBF39aZAcXVDlMGBh5TgQJNlkYVAoKdiF6DhRRIl0WCXYqfD8lSjpzGjACI3wOEHQOWwpFawJzDBZiCE4KQXUq... Frame CE3F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ordinghology.com/Nk9zM2tXLRBeVFdyERUeRCNOFllwakF1Dwc5CgQfUnpEAlIOPAIdCFogBlcNRCAdR0VYKgcWWXAIIUk5ei4ragBhNiZjOGIBF39aZAcXVDlMGBh5TgQJNlkYVAoKdiF6DhRRIl0WCXYqfD8lSjpzGjACI3wOEHQOWwpFawJzDBZiCE4KQXUqex5Cfw9kBh1wKVEoMGRbewgwYiFTJEtrIgcVQWs9dzUhcDp1HAkKCmY4BHYmYHscdBN0JyJgG2MIClskfygmUiFeCUZ/W3g/MXReVB0eCiZTIxtnD34VBmRbbz0rYD5VCx56LFM3NXwIYTtKaz0PJjFdRkUGMVkPbwMbBz98GUtaI2ABQlAFAy4iZAB+KSZLLlI3BFQqZwYCZCwDLT1kInEqBGYNegk1RjwGFhRmOFEMNGRfZColWD16fypYKXQBGnEMBxYhawhXKkNXLFceIUY8BhZDZTgGBjFwX2QqIAovUg49XzxdDRtiM2wWVVkYWSEDDj5HeCR2JnoXFg
Requested by
Host: d1vy7td57198sq.cloudfront.net
URL: https://d1vy7td57198sq.cloudfront.net/?dtyvd=1108348
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-57.fra60.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
cache-control
no-store, no-cache, must-revalidate, no-transform
content-encoding
gzip
content-length
1230
content-type
text/html
date
Sat, 26 Oct 2024 17:42:31 GMT
p3p
CP="NID DSP ALL COR"
pragma
no-cache
server
openresty/1.17.8.2
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
x-amz-cf-id
l_-543wYnossnPxWrLxgGVvfcDvEh8PoiA-H9FsyyWp0StajHZLNrg==
x-amz-cf-pop
FRA60-P3
x-cache
Miss from cloudfront
HzJnfxMDAHFcVwBSd188DCVkbk0fCFBxHwklVXMRBwh5cjwPAGQFTBwmBlIzN1VhZTsXEn9mGRQzZHIOHA95YjMKC1F8SwAQVl4wCiZrXBccIkRzICAMYWU7F1N4ZjMaNnByDhwOYnAffV1SZSsMEWNhFgpCWUcVIBQOUis5A3Z7DXk9XGNKeQ
undefined/TmQzNHovBlBZRS9ZURIPPAgOEUgIQQFyHn8SSgMOKlEEBUN2F0IaGSILRlAcPAtdQFQgAUcRSAhQV3wzfDd2UyIGMlRBHjklUWEUGFFhYTcJAnsNPxghagI2HC5jYSklCHZlOAEpZ0wbCzJYWBgmUHFjKRdQYGYoIDRKDAIeMXURSAghYUcWDAoKQTs... Frame B09C 		0
0
pwt.js
ads.pubmatic.com/AdServer/js/pwt/158361/3614/ 		260 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/pwt/158361/3614/pwt.js
Requested by
Host: delivery.r2b2.io
URL: https://delivery.r2b2.io/js/7.19.0/online/public/bundle_ad1292.c17e20304ac02fab29d7.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.213.164.238 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-213-164-238.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d5e62fff7eaf370fbed188432f6ea7cfb63ca0ee68a91a7ee86c8befc180c77b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control
max-age=18020
content-encoding
gzip
expires
Sat, 26 Oct 2024 22:42:51 GMT
accept-ranges
bytes
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
90697
date
Sat, 26 Oct 2024 17:42:31 GMT
last-modified
Tue, 17 Oct 2023 13:19:47 GMT
content-type
application/javascript
server
Apache
vary
Accept-Encoding
topicsapi.html
topics.authorizedvault.com/ Frame 00CB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://topics.authorizedvault.com/topicsapi.html?bidder=rtbhouse
Requested by
Host: delivery.r2b2.io
URL: https://delivery.r2b2.io/js/7.19.0/online/public/bundle_ad1292.c17e20304ac02fab29d7.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
37.19.194.81 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
413474573.fra.cdn77.com
Software
CDN77-Turbo /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=604800
content-encoding
gzip
content-type
text/html
date
Sat, 26 Oct 2024 17:42:31 GMT
etag
W/"b1da2234a554ee8bc6519a75d88402d9"
expires
Sun, 07 Jan 2024 22:30:26 GMT
last-modified
Mon, 26 Jun 2023 15:39:25 GMT
server
CDN77-Turbo
vary
Accept-Encoding
via
1.1 google
x-77-age
504684
x-77-cache
HIT
x-77-nzt
EgwBJRPCTwH3bLMHAAwB1GY4EQH3wxkGAA
x-77-nzt-ray
0d1fa518e15ff733072a1d674e885a1e
x-77-pop
frankfurtDE
x-goog-generation
1687793965818864
x-goog-hash
crc32c=LvKeBQ== md5=sdoiNKVU7ovGUZp12IQC2Q==
x-goog-metageneration
1
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
1404
x-guploader-uploadid
ABPtcPoZDS7_aCon-JVvX7xEB5qiduXohRxhaUJEcurJnHQA4lh4mfE-NaoMpM1Avb2HKdtYrSbrQ63T
topics_frame.html
ads.pubmatic.com/AdServer/js/topics/ Frame 67C6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/topics/topics_frame.html?bidder=pubmatic
Requested by
Host: delivery.r2b2.io
URL: https://delivery.r2b2.io/js/7.19.0/online/public/bundle_ad1292.c17e20304ac02fab29d7.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.213.164.238 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-213-164-238.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
max-age=143746
content-encoding
gzip
content-length
859
content-type
text/html
date
Sat, 26 Oct 2024 17:42:31 GMT
expires
Mon, 28 Oct 2024 09:38:17 GMT
last-modified
Tue, 21 Mar 2023 05:02:13 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
topics_frame.html
delivery.r2b2.io/static/topics/ Frame 0B17 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://delivery.r2b2.io/static/topics/topics_frame.html?bidder=r2b2
Requested by
Host: delivery.r2b2.io
URL: https://delivery.r2b2.io/js/7.19.0/online/public/bundle_ad1292.c17e20304ac02fab29d7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.67.52 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
1359
content-encoding
gzip
content-length
617
content-type
text/html
date
Sat, 26 Oct 2024 17:19:53 GMT
etag
"671b6d98-58c"
last-modified
Fri, 25 Oct 2024 10:06:16 GMT
server
nginx
vary
Accept-Encoding
x-cache
HIT
x-cache-hits
4621
x-lb-cache
HIT
x-served-by
cache-ams2100089-AMS
publishertag.standalone.js
static.criteo.net/js/ld/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.standalone.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.1.3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://gamerxyt.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
cache-control
max-age=86400
date
Sat, 26 Oct 2024 17:42:31 GMT
expires
Sun, 27 Oct 2024 17:42:31 GMT
server
nginx
strict-transport-security
max-age=31536000; preload;
publishertag.standalone.js
static.criteo.net/js/ld/ 		100 KB
32 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.standalone.js
Requested by
Host: delivery.r2b2.io
URL: https://delivery.r2b2.io/js/7.19.0/online/public/bundle_ad1292.c17e20304ac02fab29d7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.1.3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a571605e34597742b2e316f4d25828053eb2e841413ba6cf8ae58a487b692c7d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type
application/javascript
Referer

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
max-age=86400, public
timing-allow-origin
*
content-encoding
gzip
etag
W/"670e3454-191ed"
cross-origin-resource-policy
cross-origin
expires
Sun, 27 Oct 2024 17:42:31 GMT
access-control-allow-origin
*
date
Sat, 26 Oct 2024 17:42:31 GMT
content-type
text/javascript
last-modified
Tue, 15 Oct 2024 09:22:28 GMT
server
nginx
pixel.gif
static.criteo.net/images/ 		43 B
366 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/images/pixel.gif?ch=2
Requested by
Host: gamerxyt.com
URL: https://gamerxyt.com/how-to-get-job-in-canada-from-india-full-guide-2024/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.1.3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
max-age=31104000, public
timing-allow-origin
*
etag
"493ea254-2b"
cross-origin-resource-policy
cross-origin
expires
Tue, 21 Oct 2025 17:42:31 GMT
cross-origin-embedder-policy
require-corp
accept-ranges
bytes
access-control-allow-origin
*
content-length
43
date
Sat, 26 Oct 2024 17:42:31 GMT
content-type
image/gif
last-modified
Tue, 09 Dec 2008 16:52:36 GMT
server
nginx
events
track.us.org/ 		19 B
601 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://track.us.org/events?u=https%3A%2F%2Fgamerxyt.com%2Fhow-to-get-job-in-canada-from-india-full-guide-2024%2F
Requested by
Host: delivery.r2b2.io
URL: https://delivery.r2b2.io/js/7.19.0/online/public/bundle_ad1292.c17e20304ac02fab29d7.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
185.59.208.177 , Czech Republic, ASN43541 (VSHOSTING, CZ),
Reverse DNS
webgarden-track-lb-ha.vshosting.cz
Software
nginx /
Resource Hash
c8afbe9c0eb9ac10525287cfb0fcda2d41dc393b2bbb8acf8a6fb9e8c520c252

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer

Response headers

access-control-max-age
1
cache-control
post-check=0, pre-check=0; max-age=0, no-cache, must-revalidate, proxy-revalidate, private
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS
expires
Tue, 01 Jan 2000 00:00:00 GMT
access-control-allow-origin
https://gamerxyt.com
p3p
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
date
Sat, 26 Oct 2024 17:42:29 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
server
nginx
last-modified
Sat, 26 Oct 2024 17:42:31 GMT
access-control-allow-headers
X-Requested-With,origin,content-type,accept,accept-encoding,accept-language
syncframe
gum.criteo.com/ Frame 5D7A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=gamerxyt.com
Requested by
Host: gamerxyt.com
URL: https://gamerxyt.com/dl.php?link=video-downloads.googleusercontent.com/ADGPM2kV27NS1osLmBKotNJB0mfMK2-jCwElcDmI5TC7KvjWfu6ZpctZguk3BWtL73ybFjmuljEPdUIq4yr4YWu7SsbUMcmtd_oz7XWIqOC1HgsvkLImS3Iq3nol4V3n02ogHtnCmVMZGqMO-mdWVZD8lo9NB-l8d80ECZkYvQCRUyt10iVLVf9DQs3HN5l73sg_Ymp24K7M0...%20312%20...SjqKyvwROSLyC7YAIsRSPl4FEm4zde
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sat, 26 Oct 2024 17:42:31 GMT
server
Kestrel
server-processing-duration-in-ticks
465924
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
x-robots-tag
noindex
favicon.ico
gamerxyt.com/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://gamerxyt.com/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7becc0246aa4fcb8127b3459b2b8c6c04879c6855b0fcf370f8c83d2de88d319

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
br
cf-cache-status
HIT
age
283877
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z4gSabFanLhurEGE80LABCizB%2FmwUbpO5cvkKJs5xXHy0EoV0Ve4G%2BHPZbMAv26CZ3%2FJ0TJ2sVG9ON6EOUo8avvysSX0fMJ2YKGNzQb64qjIeW7flrsj5uuGofO6xAw%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=16285&sent=18&recv=14&lost=0&retrans=0&sent_bytes=8325&recv_bytes=5202&delivery_rate=194667&cwnd=12000&unsent_bytes=0&cid=9c231873d8d56c1d&ts=896&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sat, 26 Oct 2024 17:42:31 GMT
content-type
text/html
vary
Accept-Encoding
priority
u=1,i
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
cf-ray
8d8c3e50c8f20c38-AMS
x-turbo-charged-by
LiteSpeed
server
cloudflare
events
track.us.org/ 		19 B
601 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://track.us.org/events?u=https%3A%2F%2Fgamerxyt.com%2Fhow-to-get-job-in-canada-from-india-full-guide-2024%2F
Requested by
Host: delivery.r2b2.io
URL: https://delivery.r2b2.io/js/7.19.0/online/public/bundle_ad1292.c17e20304ac02fab29d7.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
185.59.208.177 , Czech Republic, ASN43541 (VSHOSTING, CZ),
Reverse DNS
webgarden-track-lb-ha.vshosting.cz
Software
nginx /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer

Response headers

access-control-max-age
1
cache-control
post-check=0, pre-check=0; max-age=0, no-cache, must-revalidate, proxy-revalidate, private
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS
expires
Tue, 01 Jan 2000 00:00:00 GMT
access-control-allow-origin
https://gamerxyt.com
p3p
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
date
Sat, 26 Oct 2024 17:42:33 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
server
nginx
last-modified
Sat, 26 Oct 2024 17:42:35 GMT
access-control-allow-headers
X-Requested-With,origin,content-type,accept,accept-encoding,accept-language

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
arc.io
URL
https://arc.io/widget.min.js
Domain
hubcdn.vip
URL
https://hubcdn.vip/css/dl.min.css
Domain
hubcdn.vip
URL
https://hubcdn.vip/css/dlstyle.css
Domain
www.facebook.com
URL
https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
Domain
accounts.google.com
URL
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AcMMx-eKJP54Hf2W_Af_f5U8TwKYx2c54CXdzZjPo00zIN8EL5d_9pkqVz0xCTKPNDoMfSuB945xjg&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-2127508086%3A1729964551386998&ddm=0
Domain
accounts.google.com
URL
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AcMMx-c5kuLzXZT6_oHf5PjFixrWdi_m9HlytGo5nkwVTnGmkRv9lvFOBhaEE9TYdyyVGWHD37OhLQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1295606229%3A1729964551389339&ddm=0
Domain
undefined
URL
https://undefined/TmQzNHovBlBZRS9ZURIPPAgOEUgIQQFyHn8SSgMOKlEEBUN2F0IaGSILRlAcPAtdQFQgAUcRSAhQV3wzfDd2UyIGMlRBHjklUWEUGFFhYTcJAnsNPxghagI2HC5jYSklCHZlOAEpZ0wbCzJYWBgmUHFjKRdQYGYoIDRKDAIeMXURSAghYUcWDAoKQTsPDGBQIj43e1gZIygDWC8bHWpGKRspYn8pOTNnQzA7NGFiKhkdUE0yHFFSfy1/I311NCMBdXI7DAlyQygbKWdRDT42YnUjJS1hWzIaCQICKA8LfFISKidhXEM6AVhlLhwOVF8/HzJnfxMDAHFcVwBSd188DCVkbk0fCFBxHwklVXMRBwh5cjwPAGQFTBwmBlIzN1VhZTsXEn9mGRQzZHIOHA95YjMKC1F8SwAQVl4wCiZrXBccIkRzICAMYWU7F1N4ZjMaNnByDhwOYnAffV1SZSsMEWNhFgpCWUcVIBQOUis5A3Z7DXk9XGNKeQ

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| utr_1108348 number| userTrackingInterval number| _554840993 object| AdTrack function| changeUrlWithReplaceState function| setCookie object| R2B2 object| Criteo number| iinf object| criteo_syncframe_state object| criteo_pubtag object| criteo_pubtag_standalone_159 object| Criteo_standalone_159 object| ihowpbjsChunk object| ihowpbjs object| _pbjsGlobals object| IHPWT string| partnerName string| key

5 Cookies

Domain/Path Name / Value
gamerxyt.com/ Name: xyt
Value: 1
ukankingwithea.com/ Name: csu
Value: 475345971599926@1@1729964551
.criteo.com/ Name: uid
Value: 4d755139-7698-45b7-b0e7-540dd98fabf4
.criteo.com/ Name: receive-cookie-deprecation
Value: 1
.gamerxyt.com/ Name: cto_bundle
Value: izEqx19lWkJSc1lvUHVBUGslMkZaQzFQbDROV2RFbG92WHBqZG9iakFaeSUyRkVwZEtjaEFSS2VDdU1kektBUGtRbTQyWkJ6QiUyRjNZckdOJTJCSkhYVFZ3emdhM0d0QVRvdTR0TUxZVERYJTJGbTB1eVNqYmZMZVNKVEIlMkZTcE1XNXRQbSUyRjNOZFlMcVZuVjVlTThMdWdkQTllRVN5TXRMVWtXYkN2ZXRGN2VRNUs1MncwR3NTUnlJdyUzRA

4 Console Messages

Source Level URL
Text
network error URL: https://arc.io/widget.min.js#dhkkByuS
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://hubcdn.vip/css/dlstyle.css
Message:
Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOrigin
network error URL: https://hubcdn.vip/css/dl.min.css
Message:
Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOrigin
network error URL: https://gamerxyt.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
ads.pubmatic.com
arc.io
d1vy7td57198sq.cloudfront.net
delivery.r2b2.io
gamerxyt.com
gum.criteo.com
hubcdn.vip
kinarilyhukelpfulin.com
newsadda4u.com
ordinghology.com
static.criteo.net
topics.authorizedvault.com
track.us.org
ukankingwithea.com
undefined
www.facebook.com
accounts.google.com
arc.io
hubcdn.vip
undefined
www.facebook.com
13.32.99.57
151.101.67.52
178.250.1.11
178.250.1.3
18.245.78.155
185.59.208.177
188.114.96.3
188.114.97.3
23.213.164.238
37.19.194.81
0d0ad3e2a9f6436d6a0b8dd1f882e8b617f1ae005310c2565debf17b5628a25e
1fdc2c7a9511b9f8c8814f9bdec6eaa73bdde3fe0e4fc5525d18298ca29a4215
2631c948ecd71dfe840eddedf65c6a31c82e8106298b18e09e06cca592a13781
7becc0246aa4fcb8127b3459b2b8c6c04879c6855b0fcf370f8c83d2de88d319
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9c528f83c570d313a157513a350e7a8358f0bdccdf821a0843e5708043e49222
a571605e34597742b2e316f4d25828053eb2e841413ba6cf8ae58a487b692c7d
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
c8afbe9c0eb9ac10525287cfb0fcda2d41dc393b2bbb8acf8a6fb9e8c520c252
c8d8b64bd26696ba0c2e63b1d5e0dcebf7be5c2bc5072beb9f56c53fab355440
d5e62fff7eaf370fbed188432f6ea7cfb63ca0ee68a91a7ee86c8befc180c77b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16