urlscan.io logo urlscan.io
SecurityTrails logo

wxcx.format.com Open in urlscan Pro
104.18.134.62  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://photo.kl9j.com/l8r3gzd0
Effective URL: https://wxcx.format.com/
Submission: On May 11 via manual from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 8 domains to perform 32 HTTP transactions. The main IP is 104.18.134.62, located in and belongs to CLOUDFLARENET, US. The main domain is wxcx.format.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 7th 2021. Valid for: a year.
This is the only time wxcx.format.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 1 66.29.155.33 22612 (NAMECHEAP...)
12 104.18.134.62 13335 (CLOUDFLAR...)
12 104.18.133.62 13335 (CLOUDFLAR...)
1 3 2a02:4780:b:8... 47583 (AS-HOSTINGER)
2 13.224.194.11 16509 (AMAZON-02)
1 151.101.66.137 54113 (FASTLY)
1 67.202.94.93 32748 (STEADFAST)
1 162.247.243.146 13335 (CLOUDFLAR...)
32 8
1    66.29.155.33 (United States)

ASN22612 (NAMECHEAP-NET, US)
photo.kl9j.com
12    104.18.134.62 (None, )

ASN13335 (CLOUDFLARENET, US)
wxcx.format.com
12    104.18.133.62 (None, )

ASN13335 (CLOUDFLARENET, US)
bucket1.format-assets.com
3    2a02:4780:b:848:0:228a:1a6a:1 (Cyprus)

ASN47583 (AS-HOSTINGER, CY)
pa7070.com
2    13.224.194.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-11.fra2.r.cloudfront.net
d1v5qbuvucewy1.cloudfront.net
1    151.101.66.137 (United States)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
1    67.202.94.93 (Chicago, United States)

ASN32748 (STEADFAST, US)
PTR: amung.us
whos.amung.us
1    162.247.243.146 (United States)

ASN13335 (CLOUDFLARENET, US)
bam-cell.nr-data.net
Apex Domain
Subdomains		 Transfer
12 format-assets.com
bucket1.format-assets.com — Cisco Umbrella Rank: 502895
53 KB
12 format.com
wxcx.format.com
107 KB
3 pa7070.com
pa7070.com
13 KB
2 cloudfront.net
d1v5qbuvucewy1.cloudfront.net
77 KB
1 nr-data.net
bam-cell.nr-data.net — Cisco Umbrella Rank: 369
1 KB
1 amung.us
whos.amung.us — Cisco Umbrella Rank: 12351
27 B
1 newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 381
14 KB
1 kl9j.com
photo.kl9j.com
808 B
32 8
Domain Requested by
12 bucket1.format-assets.com wxcx.format.com
12 wxcx.format.com wxcx.format.com
pa7070.com
3 pa7070.com 1 redirects wxcx.format.com
2 d1v5qbuvucewy1.cloudfront.net wxcx.format.com
1 bam-cell.nr-data.net js-agent.newrelic.com
1 whos.amung.us
1 js-agent.newrelic.com wxcx.format.com
1 photo.kl9j.com 1 redirects
32 8

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-10-07 -
2022-10-06		 a year crt.sh
bucket1.format-assets.com
Cloudflare Inc ECC CA-3		 2022-04-29 -
2023-04-29		 a year crt.sh
pa7070.com
R3		 2022-05-09 -
2022-08-07		 3 months crt.sh
*.cloudfront.net
Amazon		 2022-02-01 -
2023-01-31		 a year crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA H2 2021		 2021-10-06 -
2022-11-07		 a year crt.sh
whos.amung.us
Sectigo RSA Domain Validation Secure Server CA		 2020-05-21 -
2022-05-21		 2 years crt.sh
*.nr-data.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-10 -
2023-02-10		 a year crt.sh

This page contains 1 frames:

Primary Page: https://wxcx.format.com/
Frame ID: 3F296CEE40C0DF436D33363EAC0987E7
Requests: 35 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log into Facebook | Facebook

Page URL History Show full URLs

  1. https://photo.kl9j.com/l8r3gzd0 HTTP 302
    https://wxcx.format.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

32
Requests

94 %
HTTPS

13 %
IPv6

8
Domains

8
Subdomains

8
IPs

3
Countries

265 kB
Transfer

874 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://photo.kl9j.com/l8r3gzd0 HTTP 302
    https://wxcx.format.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28
  • https://pa7070.com/play2/location HTTP 301
  • https://pa7070.com/play2/location/

32 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
wxcx.format.com/
Redirect Chain
  • https://photo.kl9j.com/l8r3gzd0
  • https://wxcx.format.com/
183 KB
32 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.134.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9eb04c15dda2f15e7a66c995976c215152cba0d630c96824547cd047bffae8e
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, must-revalidate, private, max-age=0
cf-cache-status
MISS
cf-ray
709a1a59ace19046-FRA
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 11 May 2022 10:06:37 GMT
etag
W/"a9eb04c15dda2f15e7a66c995976c215"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=0; includeSubDomains
vary
X-Platform, Accept-Encoding
via
1.1 vegur
x-content-type-options
nosniff
x-download-options
noopen
x-format-path
x-permitted-cross-domain-policies
none
x-request-id
89b60e40-3515-43ea-95e5-0de2b4958d9c
x-runtime
0.333054
x-xss-protection
1; mode=block

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Wed, 11 May 2022 10:06:36 GMT
Expires
0
Last-Modified
Wed, 11 May 2022 10:06:36 GMT
Location
https://wxcx.format.com/
Pragma
no-cache
Server
nginx
Vary
Accept-Encoding
jquery.scrollpane.css
bucket1.format-assets.com/theme_versions/7794919/assets/stylesheets/ 		991 B
633 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bucket1.format-assets.com/theme_versions/7794919/assets/stylesheets/jquery.scrollpane.css
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.133.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d39b68c23f7523a8f45e32413d9f3fb503675a3c825a57efc6e0347154199cfc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:37 GMT
content-encoding
gzip
cf-cache-status
HIT
age
1399
x-amz-request-id
53MFM7D812V26587
x-amz-id-2
EWk5mZFy3Xg47gjcJ+9MT6e6+2MChAdCF0ldqT8hykaYBTLFsu8Zj2WyBw5xU+WfxDtMSLsPbpc=
last-modified
Fri, 04 Feb 2022 13:58:28 GMT
server
cloudflare
etag
W/"14914c27204de7561fb8f8020bdf6ad3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
cf-ray
709a1a5d9a849b74-FRA
hosted_fonts-d5ec48dda39ec1dad115aee68d1d6c3460ffc8c8697f01060d36750496a3192f.css
wxcx.format.com/static/theme_api/v1/ 		29 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wxcx.format.com/static/theme_api/v1/hosted_fonts-d5ec48dda39ec1dad115aee68d1d6c3460ffc8c8697f01060d36750496a3192f.css
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.134.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5ec48dda39ec1dad115aee68d1d6c3460ffc8c8697f01060d36750496a3192f
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:37 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 01 Apr 2022 17:01:06 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
strict-transport-security
max-age=0; includeSubDomains
accept-ranges
bytes
cf-ray
709a1a5d2b559046-FRA
content-length
1963
via
1.1 vegur
webtype_fonts.min-51d9b9edb8f956fb39da113609d790ba607fa4fbda053af8e378bb9233ef4a39.css
wxcx.format.com/static/theme_api/vendor/ 		119 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wxcx.format.com/static/theme_api/vendor/webtype_fonts.min-51d9b9edb8f956fb39da113609d790ba607fa4fbda053af8e378bb9233ef4a39.css
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.134.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
51d9b9edb8f956fb39da113609d790ba607fa4fbda053af8e378bb9233ef4a39
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:37 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 01 Apr 2022 17:01:06 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
strict-transport-security
max-age=0; includeSubDomains
accept-ranges
bytes
cf-ray
709a1a5d2b589046-FRA
content-length
6455
via
1.1 vegur
share_panel-1a26721acae26eabd7c32296e2ee8cf053d1a1a8d9f7c49f0df899bc27b784c1.css
wxcx.format.com/static/theme_api/v1/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wxcx.format.com/static/theme_api/v1/share_panel-1a26721acae26eabd7c32296e2ee8cf053d1a1a8d9f7c49f0df899bc27b784c1.css
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.134.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a26721acae26eabd7c32296e2ee8cf053d1a1a8d9f7c49f0df899bc27b784c1
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:37 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 01 Apr 2022 17:01:06 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
strict-transport-security
max-age=0; includeSubDomains
accept-ranges
bytes
cf-ray
709a1a5d2b599046-FRA
content-length
1034
via
1.1 vegur
protected_images-6cc002aad772e14af53bbbb966d0611491b39e25fc8fba42e94598f98d535828.css
wxcx.format.com/static/theme_api/v1/ 		3 KB
443 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wxcx.format.com/static/theme_api/v1/protected_images-6cc002aad772e14af53bbbb966d0611491b39e25fc8fba42e94598f98d535828.css
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.134.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6cc002aad772e14af53bbbb966d0611491b39e25fc8fba42e94598f98d535828
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:37 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 01 Apr 2022 17:01:06 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
strict-transport-security
max-age=0; includeSubDomains
accept-ranges
bytes
cf-ray
709a1a5d2b5a9046-FRA
content-length
379
via
1.1 vegur
font-awesome.min-3149da3014aff38a256574aa7aa1b947387efee9cdc1fb2d39e234606f231c96.css
wxcx.format.com/static/theme_api/v1/ 		15 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wxcx.format.com/static/theme_api/v1/font-awesome.min-3149da3014aff38a256574aa7aa1b947387efee9cdc1fb2d39e234606f231c96.css
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.134.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3149da3014aff38a256574aa7aa1b947387efee9cdc1fb2d39e234606f231c96
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:38 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 01 Apr 2022 17:01:06 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
strict-transport-security
max-age=0; includeSubDomains
accept-ranges
bytes
cf-ray
709a1a5d2b5b9046-FRA
content-length
3255
via
1.1 vegur
theme_social-666d56afe440722dbf0325c8f10528dcc28546f5fab9eb19bc7098b0179fac58.css
wxcx.format.com/static/theme_api/v1/ 		2 KB
581 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wxcx.format.com/static/theme_api/v1/theme_social-666d56afe440722dbf0325c8f10528dcc28546f5fab9eb19bc7098b0179fac58.css
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.134.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
666d56afe440722dbf0325c8f10528dcc28546f5fab9eb19bc7098b0179fac58
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:38 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 01 Apr 2022 17:01:06 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
strict-transport-security
max-age=0; includeSubDomains
accept-ranges
bytes
cf-ray
709a1a5d2b5c9046-FRA
content-length
494
via
1.1 vegur
cart-4d5bed841e04f35cada9bb41f30882005c189af13e193524545f285f7c279533.css
wxcx.format.com/static/theme_api/v1/sales/ 		10 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wxcx.format.com/static/theme_api/v1/sales/cart-4d5bed841e04f35cada9bb41f30882005c189af13e193524545f285f7c279533.css
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.134.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d5bed841e04f35cada9bb41f30882005c189af13e193524545f285f7c279533
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:37 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 01 Apr 2022 17:01:06 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
strict-transport-security
max-age=0; includeSubDomains
accept-ranges
bytes
cf-ray
709a1a5d2b5e9046-FRA
content-length
2182
via
1.1 vegur
stylesheet.css
wxcx.format.com/ 		75 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wxcx.format.com/stylesheet.css?v=2022-05-10T01:57:02Z
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.134.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc7a0ee1cef5bd58e4bb7521f179fce8c4341e56c22fd3856865bb89aea72767
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:38 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
MISS
x-permitted-cross-domain-policies
none
content-encoding
gzip
vary
X-Platform, Accept-Encoding
x-xss-protection
1; mode=block
x-request-id
fd82c3cb-ee34-481e-88ae-28dd1211473f
x-runtime
0.285703
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"dc7a0ee1cef5bd58e4bb7521f179fce8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
x-download-options
noopen
content-type
text/css
cache-control
no-store, must-revalidate, private, max-age=0
cf-ray
709a1a5d2b5f9046-FRA
/
pa7070.com/play2/ 		20 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pa7070.com/play2/?api=1&lan=fbmobile&ht=2
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:b:848:0:228a:1a6a:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed / PHP/7.4.29
Resource Hash
4382b9e8ccd4b5601f189b73c5f7446b722be22c38d1fc3b4d641313b0bac039
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 11 May 2022 10:06:38 GMT
content-encoding
br
server
LiteSpeed
x-powered-by
PHP/7.4.29
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-store, no-cache, must-revalidate
content-security-policy
upgrade-insecure-requests
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
11756
expires
Thu, 19 Nov 1981 08:52:00 GMT
jquery.js
bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/ 		91 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/jquery.js
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.133.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dcc84f55c05e29f6f1c909a9e9dee7b058a4998b261ec6b6a6184d9526d41214

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:37 GMT
content-encoding
gzip
cf-cache-status
HIT
age
1765
x-amz-request-id
17FW8Z8G0THHD37Q
x-amz-id-2
LJ0d+aWokwfjT5qaQ1G+pLrxXWT02fErhmBMrf69+NDDjyq09Kqn6IZNOf8luNpchqeT2AjQmVc=
last-modified
Fri, 04 Feb 2022 13:58:27 GMT
server
cloudflare
etag
W/"9a412110823825a1cb282fc1a3fe6960"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
cf-ray
709a1a5d9a8a9b74-FRA
menu_dropdown.js
bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/ 		198 B
624 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/menu_dropdown.js
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.133.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3328dc4a0ff060f640d23c83546582685a58e66cfa908efd0aedff908958c48d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:37 GMT
content-encoding
gzip
cf-cache-status
HIT
age
1750
x-amz-request-id
17FWHFK4BEHGN3AC
x-amz-id-2
cuSoLtPnsehc35qP9US14CbvuYIP6AilheSQB+6hJl7iBJ2nqEN3+MVI/WEpSCrrBYLuJgwi+JI=
last-modified
Fri, 04 Feb 2022 13:58:27 GMT
server
cloudflare
etag
W/"ed1b135bce8d79142580cb0550af652c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
cf-ray
709a1a5d9a8d9b74-FRA
jquery.jscrollpane.js
bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/jquery.jscrollpane.js
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.133.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6342e0dab2a81ace5d67719288c433dc992f0bf5a6dd8c7aa23e58f4722aed81

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:37 GMT
content-encoding
gzip
cf-cache-status
HIT
age
1399
x-amz-request-id
WZ5DPK1QXD2M4VN6
x-amz-id-2
yW7CBnHcsTUvG6uM4OUYRRUnwQWPRSu11DO1m1mBMJ1mFO9/W2j3AMXbLwtafEb56Ck2ev9iVvo=
last-modified
Fri, 04 Feb 2022 13:58:27 GMT
server
cloudflare
etag
W/"75460df292d2dd66b62ebd26cb66d8b3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
cf-ray
709a1a5d9a939b74-FRA
jquery.mousewheel.js
bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/ 		1 KB
874 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/jquery.mousewheel.js
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.133.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ad36c201a155c72065f955f0b04a0cdcbf5a9911c9ea26f051941ae4081bd8d5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:37 GMT
content-encoding
gzip
cf-cache-status
HIT
age
1399
x-amz-request-id
NX3Q04W81DF1VD24
x-amz-id-2
fSG014+J68ou1mVtYwbXQWeWCctj2Ldin7o3yRY6QEmav84YGAqEfKf3a+5uUGJEsxNrnrI9sPg=
last-modified
Fri, 04 Feb 2022 13:58:27 GMT
server
cloudflare
etag
W/"6402c77c9590248ac344b12ae8892cd1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
cf-ray
709a1a5d9a979b74-FRA
jquery-throttle-debounce.js
bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/ 		698 B
623 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/jquery-throttle-debounce.js
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.133.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2024f7ed25c0439731e05bc8a7b649c71bb5726676c4362db31091ec52caf906

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:37 GMT
content-encoding
gzip
cf-cache-status
HIT
age
3897
x-amz-request-id
WZ55WJDFXSZ17JKM
x-amz-id-2
5aEuWmUuQMJs4c29/IodS+6dsTWEQFr2x+94hUToa72W5l7R9EkE8h3TrOjlCNCGzoXqDwYYeq4=
last-modified
Fri, 04 Feb 2022 13:58:27 GMT
server
cloudflare
etag
W/"7fbae5d41562d2b087d40ff3940fdc53"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
cf-ray
709a1a5d9a9a9b74-FRA
scrollDelta-1-b6e8272491eb8c6443315078df2ac0e991ffe130f23a3b1943b7ee57fe861ea0.js
wxcx.format.com/static/theme_api/vendor/ 		971 B
424 B 		Script
General
Check archive.org
Download Go to
Full URL
https://wxcx.format.com/static/theme_api/vendor/scrollDelta-1-b6e8272491eb8c6443315078df2ac0e991ffe130f23a3b1943b7ee57fe861ea0.js
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.134.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6e8272491eb8c6443315078df2ac0e991ffe130f23a3b1943b7ee57fe861ea0
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:37 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 01 Apr 2022 17:01:06 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
strict-transport-security
max-age=0; includeSubDomains
accept-ranges
bytes
cf-ray
709a1a5d2b629046-FRA
content-length
343
via
1.1 vegur
responsive.js
bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/ 		624 B
486 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/responsive.js
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.133.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b8ad27ed1c02f999af9ce1e73f991eb186f0d91663bdf78a6ed54d15eb32d0f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:37 GMT
content-encoding
gzip
cf-cache-status
HIT
age
3898
x-amz-request-id
17FTJ3K0DMGPXA49
x-amz-id-2
aRoNIfX1LgMX/h4n1Kr+HKWJDX0pXf99ZrVUqnLsd70fbQctc0Mw96g7ehzgUo1GnM/i4ALyKaY=
last-modified
Fri, 04 Feb 2022 13:58:28 GMT
server
cloudflare
etag
W/"d710d05f4e8b369dec11cf49f0664d2e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
cf-ray
709a1a5daace9b74-FRA
mobile_menu.js
bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/ 		2 KB
913 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/mobile_menu.js
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.133.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
630bd8d8f0929fd50c91b4f25194e2a99612cb62267a1877b7c844d3031a3488

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:37 GMT
content-encoding
gzip
cf-cache-status
HIT
age
1750
x-amz-request-id
KFZBDAAC5HWG8D1E
x-amz-id-2
9khnStpkw6ekxKoP6HTigTRFA4ZhQ2H3YP9eibpI/Tbo20MJrfXYuFkieZHOfB2+gerZ4wevSE0=
last-modified
Fri, 04 Feb 2022 13:58:27 GMT
server
cloudflare
etag
W/"ee5d6493ce74e9db74b13dafb7d32a16"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
cf-ray
709a1a5daad29b74-FRA
ls.respimg.min.js
bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/ls.respimg.min.js
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.133.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2265287d55a26ab4567ce6c297d74de9f5748b7140f8c37ce06852cf7a8ed93

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:38 GMT
content-encoding
gzip
cf-cache-status
HIT
age
1765
x-amz-request-id
CKVYGX30ADKSJSXV
x-amz-id-2
igwvUEmJDqzh4Tcnikb3qB3OYzTtgci1awp0iBuXKGRAu0uCdfvEFDZzNBlIeOmpYucxTwMqx0A=
last-modified
Fri, 04 Feb 2022 13:58:27 GMT
server
cloudflare
etag
W/"2ef29400a1a779a06618dba5690d0fd4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
cf-ray
709a1a603c439b74-FRA
lazysizes.min.js
bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/lazysizes.min.js
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.133.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e28d2aaac8c0b1a306cdffa081b7f0527f2d14317f1930b8abbdaa1c312d76b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:38 GMT
content-encoding
gzip
cf-cache-status
HIT
age
1751
x-amz-request-id
17FWAKGZ97TA3WBS
x-amz-id-2
X4kGm+JCUuLX3mtsN6s3s+ZaGettVcp2d8Plx+mDdb3IpFVwofq3QQEe+z1AqQ2voYsPvDHmK7A=
last-modified
Fri, 04 Feb 2022 13:58:27 GMT
server
cloudflare
etag
W/"8089848ee174fa79c144099de88b6e59"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
cf-ray
709a1a604c7d9b74-FRA
masonry.pkgd-4.2.2.min-8d645c617dae902d017672ffda525cc733715da09ddf3d8e52129f0ac480f0c6.js
wxcx.format.com/static/theme_api/vendor/ 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wxcx.format.com/static/theme_api/vendor/masonry.pkgd-4.2.2.min-8d645c617dae902d017672ffda525cc733715da09ddf3d8e52129f0ac480f0c6.js
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.134.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d645c617dae902d017672ffda525cc733715da09ddf3d8e52129f0ac480f0c6
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:37 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 01 Apr 2022 17:01:06 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
strict-transport-security
max-age=0; includeSubDomains
accept-ranges
bytes
cf-ray
709a1a5d2b639046-FRA
content-length
7352
via
1.1 vegur
zoomlevel.js
bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/ 		975 B
646 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/zoomlevel.js
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.133.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99a618a8f1ce497ed1fe125c1926668efd8e6b8a27abe35e35910674822a700e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:37 GMT
content-encoding
gzip
cf-cache-status
HIT
age
1750
x-amz-request-id
WM7GYWYH1G6TKHYN
x-amz-id-2
kcMaPn6FL3Xy3AVN5u5e66NYKfyRgJDkQYPncz0lG+QIyuW2y1dcAuC1dKGBsPwHqz5DIC01GZE=
last-modified
Fri, 04 Feb 2022 13:58:28 GMT
server
cloudflare
etag
W/"5ea1b7d52c67cdc2785a1afd3bc6cbdd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
cf-ray
709a1a5d9aa09b74-FRA
theme.js
bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bucket1.format-assets.com/theme_versions/7794919/assets/javascripts/theme.js
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.133.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
280c59c3ec4f9be61433b6df946cfac52c5a6701dbdc809f04e1b33812883701

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:37 GMT
content-encoding
gzip
cf-cache-status
HIT
age
1750
x-amz-request-id
HDBC0APSZFTZJXE9
x-amz-id-2
ztnkcQC6kMSlTC3O98rug5N0hkZM5KesAyi71PJCHnA6hoZt8SNhSptt18BB335xtPhVVJEMO4E=
last-modified
Fri, 04 Feb 2022 13:58:28 GMT
server
cloudflare
etag
W/"f4bce16a582dd8b97e6378f3a8bb00ce"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
cf-ray
709a1a5d9aa29b74-FRA
4ormat-70901225320ae427277039851b0e0b51e410c74562a86d842c56870b6226e02e.js
wxcx.format.com/static/theme_api/v1/ 		127 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wxcx.format.com/static/theme_api/v1/4ormat-70901225320ae427277039851b0e0b51e410c74562a86d842c56870b6226e02e.js
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.134.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70901225320ae427277039851b0e0b51e410c74562a86d842c56870b6226e02e
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:37 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 01 Apr 2022 17:01:06 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-store, must-revalidate, private, max-age=0
strict-transport-security
max-age=0; includeSubDomains
accept-ranges
bytes
cf-ray
709a1a5d3b8d9046-FRA
content-length
42482
via
1.1 vegur
09da50f2-1eeb-4ba1-a23e-f327abbe9220-3.woff
d1v5qbuvucewy1.cloudfront.net/webtype/Lydian/ 		32 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://d1v5qbuvucewy1.cloudfront.net/webtype/Lydian/09da50f2-1eeb-4ba1-a23e-f327abbe9220-3.woff
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/static/theme_api/vendor/webtype_fonts.min-51d9b9edb8f956fb39da113609d790ba607fa4fbda053af8e378bb9233ef4a39.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-11.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
29d02f4707bca47f6174acfdaa987074bb1c69a0c0074112b235ef6954676f72

Request headers

Referer
https://wxcx.format.com/
Origin
https://wxcx.format.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 11 May 2022 05:50:46 GMT
Via
1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront)
Vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
Age
15353
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
32651
Last-Modified
Thu, 16 Jun 2016 18:23:16 GMT
Server
AmazonS3
ETag
"162d6c2b991ba4403413767ce256c982"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
Content-Type
application/x-font-woff
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
X-Amz-Cf-Pop
FRA2-C1
Accept-Ranges
bytes
X-Amz-Cf-Id
SLK5AkdW8xEK3vIikioIefXCcYoZXKe14Gp-d8OpikjXQUhMXs-oeQ==
a1597cec-7798-455f-8033-f2949c56e28e-3.woff
d1v5qbuvucewy1.cloudfront.net/webtype/Freight-Sans-Book/ 		44 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://d1v5qbuvucewy1.cloudfront.net/webtype/Freight-Sans-Book/a1597cec-7798-455f-8033-f2949c56e28e-3.woff
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/static/theme_api/vendor/webtype_fonts.min-51d9b9edb8f956fb39da113609d790ba607fa4fbda053af8e378bb9233ef4a39.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-11.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
dc3c4d74c88e5b9f761d9021373b7e7c2f2e9b51ae0b50d150426bf1c583d426

Request headers

Referer
https://wxcx.format.com/
Origin
https://wxcx.format.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 11 May 2022 05:50:46 GMT
Via
1.1 dde0b4b1e223fa23670e93078a04c116.cloudfront.net (CloudFront)
Vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
Age
15353
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
45147
Last-Modified
Thu, 16 Jun 2016 18:23:14 GMT
Server
AmazonS3
ETag
"477e11a357ebb2ad17eeed6703e73995"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
Content-Type
application/x-font-woff
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
X-Amz-Cf-Pop
FRA2-C1
Accept-Ranges
bytes
X-Amz-Cf-Id
5CYfIl9pF9aCtNgKLjEsX-xClV-h5BjL-_tYxhECXkhoqwH_FQacgQ==
nr-1216.min.js
js-agent.newrelic.com/ 		38 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1216.min.js
Requested by
Host: wxcx.format.com
URL: https://wxcx.format.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id
mHHzJIqOizHibcYt0xqAszRr0gQRiNYy
content-encoding
gzip
etag
"9f533d8cd24b2c5e3b4dc886ecbd43e8"
x-amz-request-id
702BXDH9DS50TBSA
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
14391
x-amz-id-2
5vd9vstz3V3z74kfjj1dCPZWEqafZIkasHjA0BdDCJvZTnwH4UnkRjWckumVI0cOdusYAlzF0pM=
x-served-by
cache-hhn4076-HHN
last-modified
Thu, 14 Apr 2022 16:45:57 GMT
server
AmazonS3
x-timer
S1652263599.100102,VS0,VE0
date
Wed, 11 May 2022 10:06:39 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
15180
styles.css
wxcx.format.com/ 		0
0
/
pa7070.com/play2/location/
Redirect Chain
  • https://pa7070.com/play2/location
  • https://pa7070.com/play2/location/
1 KB
596 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pa7070.com/play2/location/
Protocol
H2
Server
2a02:4780:b:848:0:228a:1a6a:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed / PHP/7.4.29
Resource Hash
6484a4cc5ef37afcbed96f3c7fad850a6b89389969766ee1416556a2fc9745ad
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:39 GMT
content-encoding
br
server
LiteSpeed
x-powered-by
PHP/7.4.29
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
content-security-policy
upgrade-insecure-requests
content-length
514
expires
Wed, 18 May 2022 10:06:39 GMT

Redirect headers

location
https://pa7070.com/play2/location/
content-security-policy
upgrade-insecure-requests
server
LiteSpeed
date
Wed, 11 May 2022 10:06:39 GMT
content-length
707
content-type
text/html
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1230532f79456753fb73f559ece9b95c17cfb36325dc313a3eda5ac22dfd9a2b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9c74356e8464722d314b3b8ac1dfe373a43b1325c85f2faeae17f3d941203e2e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d9b0eae6f3267fff88ee70a8fdbd8f626f9f8705eb05fced528a550dea39bc16

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/png
/
whos.amung.us/pingjs/ 		27 B
27 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://whos.amung.us/pingjs/?k=panama15&t=BMW.Com&x=%20https://www.bmw.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.202.94.93 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS
amung.us
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 10:06:39 GMT
content-encoding
gzip
content-type
text/javascript;charset=UTF-8
dcbde81dc9
bam-cell.nr-data.net/1/ 		49 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bam-cell.nr-data.net/1/dcbde81dc9?a=77525617&v=1216.487a282&to=IlsMTEJWDl4ERBZIEwNYC1sfSgpdFg%3D%3D&rst=3019&ck=1&ref=https://wxcx.format.com/&qt=2&ap=332&be=1679&fe=2959&dc=2043&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1652263596110,%22n%22:0,%22f%22:891,%22dn%22:891,%22dne%22:911,%22c%22:911,%22s%22:924,%22ce%22:954,%22rq%22:954,%22rp%22:1475,%22rpe%22:1490,%22dl%22:1481,%22di%22:2042,%22ds%22:2042,%22de%22:2055,%22dc%22:2959,%22l%22:2959,%22le%22:2962%7D,%22navigation%22:%7B%7D%7D&fp=2032&fcp=2032&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1216.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxcx.format.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 11 May 2022 10:06:39 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
NEL
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Connection
keep-alive
Server
cloudflare
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xMGe1TfIdFB7RQ1uHtKdZZt9h0FgeAoCGe1TYfGhpEjoU6455MvKAd8GnXU%2FbTSSfqcGS%2B94GcZ4n4qiT71GtPyrO1tDvhDnB%2Fva0jwYSdy%2F1MevgB1fiCr3yL7%2F88GzEUoaKjym"}],"group":"cf-nel","max_age":604800}
Content-Type
text/javascript
Access-Control-Allow-Origin
*
access-control-allow-credentials
true
CF-Ray
709a1a66ec4a5c4a-FRA

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
wxcx.format.com
URL
https://wxcx.format.com/styles.css?v=1652263598

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

96 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| NREUM object| newrelic function| __nr_require function| css_browser_selector string| c object| _4ORMAT function| $ function| jQuery object| _4ORMAT_HORIZON function| jQueryBridget function| EvEmitter function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Masonry object| detectZoom function| setAssetsWidth function| resizeImage function| imageMaxHeight function| setAssetsHeight function| debounce function| handleResize function| gestureEnd function| positionContent function| resizeListing function| animationCascade function| getWindowSpace function| setAssetsSize function| enable_scrolling function| moveSlider function| setLocationHash function| loadSlideAtIndex function| setActiveSlide function| customCursor function| setMarginTop function| isZoomActive number| globalWindowSpace number| windowSpace number| activeSlideIndex number| slideAssetsLength object| enough_assets string| responsiveMode string| FULLHEIGHTDESKTOP_MOBILE string| FIXEDHEIGHTDESKTOP string| ASPECT_RATIO_PORTRAIT string| ASPECT_RATIO_LANDSCAPE object| respUtils object| mobileMenu number| initialHash boolean| resizeHandled boolean| isSafariZoomed function| setUpFullHeightDesktopOrMobileLazyLoading function| setUpFixedHeightDesktopLazyLoading function| initOrReinitjScrollPane function| resetAssetSizes function| nonGalleryResponsiveness function| now function| handleWindowChanges function| setImageSizingStrategy function| setVideoSizingStrategy function| setItemSizingStrategy function| positionGalleryImage function| positionGalleryVideo object| $window object| jQuery110209724590077043382 object| _gaq function| getUrlVars function| getCookie function| handleCloseInfoClick function| createComputerSvg function| createContent function| createCloseIconSvg object| _4ORMAT_DATA object| PathHelper object| lazySizesConfig object| lazySizes function| sh boolean| IS_MOBILE number| limit_bot string| object string| type string| OUTPUT object| ___ object| params number| tt undefined| to_object string| a object| $scrollEl function| checking function| creatingInput function| searchingForms

3 Cookies

Domain/Path Name / Value
photo.kl9j.com/ Name: _subid
Value: jm2phi600c
photo.kl9j.com/ Name: 07483
Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjI1MzI4XCI6MTY1MjI2MzU5Nn0sXCJjYW1wYWlnbnNcIjp7XCIxMjY2NFwiOjE2NTIyNjM1OTZ9LFwidGltZVwiOjE2NTIyNjM1OTZ9In0.9CEytNkec2LhWVdhCGTb0N3aPv3mkUWOckc39aQSaug
.nr-data.net/ Name: JSESSIONID
Value: 78dbd0a514a10c6a

1 Console Messages

Source Level URL
Text
security error URL: https://wxcx.format.com/
Message:
Refused to apply style from 'https://wxcx.format.com/styles.css?v=1652263598' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bam-cell.nr-data.net
bucket1.format-assets.com
d1v5qbuvucewy1.cloudfront.net
js-agent.newrelic.com
pa7070.com
photo.kl9j.com
whos.amung.us
wxcx.format.com
wxcx.format.com
104.18.133.62
104.18.134.62
13.224.194.11
151.101.66.137
162.247.243.146
2a02:4780:b:848:0:228a:1a6a:1
66.29.155.33
67.202.94.93
1230532f79456753fb73f559ece9b95c17cfb36325dc313a3eda5ac22dfd9a2b
1a26721acae26eabd7c32296e2ee8cf053d1a1a8d9f7c49f0df899bc27b784c1
2024f7ed25c0439731e05bc8a7b649c71bb5726676c4362db31091ec52caf906
280c59c3ec4f9be61433b6df946cfac52c5a6701dbdc809f04e1b33812883701
29d02f4707bca47f6174acfdaa987074bb1c69a0c0074112b235ef6954676f72
2b8ad27ed1c02f999af9ce1e73f991eb186f0d91663bdf78a6ed54d15eb32d0f
3149da3014aff38a256574aa7aa1b947387efee9cdc1fb2d39e234606f231c96
3328dc4a0ff060f640d23c83546582685a58e66cfa908efd0aedff908958c48d
4382b9e8ccd4b5601f189b73c5f7446b722be22c38d1fc3b4d641313b0bac039
4d5bed841e04f35cada9bb41f30882005c189af13e193524545f285f7c279533
51d9b9edb8f956fb39da113609d790ba607fa4fbda053af8e378bb9233ef4a39
5e28d2aaac8c0b1a306cdffa081b7f0527f2d14317f1930b8abbdaa1c312d76b
630bd8d8f0929fd50c91b4f25194e2a99612cb62267a1877b7c844d3031a3488
6342e0dab2a81ace5d67719288c433dc992f0bf5a6dd8c7aa23e58f4722aed81
6484a4cc5ef37afcbed96f3c7fad850a6b89389969766ee1416556a2fc9745ad
666d56afe440722dbf0325c8f10528dcc28546f5fab9eb19bc7098b0179fac58
6cc002aad772e14af53bbbb966d0611491b39e25fc8fba42e94598f98d535828
6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708
70901225320ae427277039851b0e0b51e410c74562a86d842c56870b6226e02e
8d645c617dae902d017672ffda525cc733715da09ddf3d8e52129f0ac480f0c6
99a618a8f1ce497ed1fe125c1926668efd8e6b8a27abe35e35910674822a700e
9c74356e8464722d314b3b8ac1dfe373a43b1325c85f2faeae17f3d941203e2e
a9eb04c15dda2f15e7a66c995976c215152cba0d630c96824547cd047bffae8e
ad36c201a155c72065f955f0b04a0cdcbf5a9911c9ea26f051941ae4081bd8d5
b6e8272491eb8c6443315078df2ac0e991ffe130f23a3b1943b7ee57fe861ea0
d2265287d55a26ab4567ce6c297d74de9f5748b7140f8c37ce06852cf7a8ed93
d39b68c23f7523a8f45e32413d9f3fb503675a3c825a57efc6e0347154199cfc
d5ec48dda39ec1dad115aee68d1d6c3460ffc8c8697f01060d36750496a3192f
d9b0eae6f3267fff88ee70a8fdbd8f626f9f8705eb05fced528a550dea39bc16
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
dc3c4d74c88e5b9f761d9021373b7e7c2f2e9b51ae0b50d150426bf1c583d426
dc7a0ee1cef5bd58e4bb7521f179fce8c4341e56c22fd3856865bb89aea72767
dcc84f55c05e29f6f1c909a9e9dee7b058a4998b261ec6b6a6184d9526d41214
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855