urlscan.io logo urlscan.io
SecurityTrails logo

kitaur.cyou Open in urlscan Pro
2606:4700:3031::6815:4114  Public Scan

Go To Rescan Add Verdict Report
URL: https://kitaur.cyou/
Submission Tags: @phishunt_io
Submission: On December 18 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 4 countries across 15 domains to perform 19 HTTP transactions. The main IP is 2606:4700:3031::6815:4114, located in United States and belongs to CLOUDFLARENET, US. The main domain is kitaur.cyou.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 17th 2021. Valid for: a year.
This is the only time kitaur.cyou was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
3 46.148.125.182 35277 (LLHOST-IN...)
4 45.133.44.24 7018 (ATT-INTER...)
1 2 88.212.201.198 39134 (UNITEDNET)
2 2a00:1450:400... 15169 (GOOGLE)
3 45.133.44.25 39572 (ADVANCEDH...)
1 168.119.25.22 24940 (HETZNER-AS)
1 2 2a01:4f8:e0:1... 24940 (HETZNER-AS)
1 88.198.209.36 24940 (HETZNER-AS)
2 85.10.217.94 24940 (HETZNER-AS)
1 1 88.198.182.68 24940 (HETZNER-AS)
1 1 2a01:4f8:c0:2... 24940 (HETZNER-AS)
19 11
1    2606:4700:3031::6815:4114 (United States)

ASN13335 (CLOUDFLARENET, US)
kitaur.cyou
3    46.148.125.182 (Haarlem, Netherlands)

ASN35277 (LLHOST-INC-SRL, RO)
PTR: har57.srv.llhost-inc.com
js.dynssp.com
trk.dynssp.com
4    45.133.44.24 (Philadelphia, United States)

ASN7018 (ATT-INTERNET4, US)
sw.wpush.org
js.wpushsdk.com
2    88.212.201.198 (Russian Federation)

ASN39134 (UNITEDNET, RU)
PTR: host198.rax.ru
counter.yadro.ru
2    2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
3    45.133.44.25 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
js.jnkstff.com
cdn18383040.ahacdn.me
1    168.119.25.22 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.22.25.119.168.clients.your-server.de
nereserv.com
2    2a01:4f8:e0:19cb::1 (Germany)

ASN24940 (HETZNER-AS, DE)
ntvpinp.com
ntvpforever.com
1    88.198.209.36 (Peutenhausen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-209-36.clients.your-server.de
notification.tubecup.net
2    85.10.217.94 (Munich, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.85-10-217-94.clients.your-server.de
static.bookmsg.com
1    88.198.182.68 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-182-68.clients.your-server.de
tcb.pushic.com
1    2a01:4f8:c0:2306::1 (Germany)

ASN24940 (HETZNER-AS, DE)
puwpush.com
Domain Requested by
3 js.wpushsdk.com sw.wpush.org
js.wpushsdk.com
2 cdn18383040.ahacdn.me
2 static.bookmsg.com
2 www.gstatic.com js.dynssp.com
2 counter.yadro.ru 1 redirects kitaur.cyou
2 js.dynssp.com kitaur.cyou
js.dynssp.com
1 puwpush.com 1 redirects
1 tcb.pushic.com 1 redirects
1 ntvpforever.com 1 redirects
1 notification.tubecup.net
1 trk.dynssp.com kitaur.cyou
1 ntvpinp.com js.wpushsdk.com
1 nereserv.com js.wpushsdk.com
1 js.jnkstff.com js.wpushsdk.com
1 sw.wpush.org kitaur.cyou
1 kitaur.cyou
19 16

This site contains links to these domains. Also see Links.

Domain
www.liveinternet.ru
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-12-17 -
2022-12-17		 a year crt.sh
js.dynssp.com
R3		 2021-11-02 -
2022-01-31		 3 months crt.sh
sw.wpush.org
R3		 2021-11-13 -
2022-02-11		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
js.wpushsdk.com
R3		 2021-11-18 -
2022-02-16		 3 months crt.sh
js.jnkstff.com
R3		 2021-12-17 -
2022-03-17		 3 months crt.sh
notification.tubecup.net
R3		 2021-11-30 -
2022-02-28		 3 months crt.sh
trk.dynssp.com
R3		 2021-11-02 -
2022-01-31		 3 months crt.sh
bookmsg.com
R3		 2021-11-14 -
2022-02-12		 3 months crt.sh
*.ahacdn.me
GoGetSSL RSA DV CA		 2020-12-03 -
2022-01-03		 a year crt.sh

This page contains 2 frames:

Primary Page: https://kitaur.cyou/
Frame ID: 6A298F4AF1F2FF0DAF6FFA0078AD18A3
Requests: 19 HTTP requests in this frame

Frame: https://static.bookmsg.com/creatives/DE/DE_4c0f319d1a96beb4e3d95713256cda506ce66fd8.webp
Frame ID: 445201BB51FA36DD67E8D3C3207D0A85
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Video Catalog

Detected technologies

Overall confidence: 100%
Detected patterns
  • /firebasejs/([\d.]+)/firebase

Page Statistics

19
Requests

84 %
HTTPS

33 %
IPv6

15
Domains

16
Subdomains

11
IPs

4
Countries

281 kB
Transfer

457 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://counter.yadro.ru/hit;porno_kobec_new_4?t52.6;r;s1600*1200*24;uhttps%3A//kitaur.cyou/;hVideo%20Catalog;0.6327160506139093 HTTP 302
  • https://counter.yadro.ru/hit;porno_kobec_new_4?q;t52.6;r;s1600*1200*24;uhttps%3A//kitaur.cyou/;hVideo%20Catalog;0.6327160506139093
Request Chain 17
  • https://ntvpforever.com/in/show/?mid=925836658&pid=0&site=native-push&sc=DE&usage_type=DCH&subid=784638506&sid=1490576822&cid=1200&price=0.000822&is_cpm=0&cpm=0&ecpm=0.018331217621024465&crid=728&crtid=84fc22947314d4cf09cfaf8b88d86b88&tcid=6353&out_id=1&ver=2.20.9&ver_c=&refdom=kitaur.cyou&hostname=auc-inpage-hz-3&site_id=316353&spot_id=0&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=0&created_at=2021-12-18&is_native=1&auction_queue=0&burl=&pop_winurl=&ip=194.36.108.20&testab=0&px_id=316353&adblock=0&auction_host=&url=https%3A%2F%2Ftcb.pushic.com%2Fv1%2Ftrack%2Fimpression%3Fdata%3DeyJhbGciOiJIUzI1NiJ9.eyJhbCI6ImRlLURFIiwiaSI6IjMxNjM1MzoxODozODkxOTAxMjUzNjYwMjAwNjUyOjM4ODo3Mjg6MTQzMjg5MzA1ODU4OTA3ODU5NTA6Njo4MjA3MCIsImlwIjoiMTk0LjM2LjEwOC4yMCIsImp0aSI6IjU4NWNiNWVmLWQ4ZTEtNGM4Zi1iNWM4LTQ4YmE1MWY1ZDVhOSIsInAiOjAuMDAwODIyLCJzcCI6Int9IiwidCI6InB1c2hfbmF0aXZlOmNwYyIsInUiOiJodHRwczovL2NkbjE4MzgzMDQwLmFoYWNkbi5tZS9hc3NldHMvMzFlYThhMDAtN2UwYi00MWJmLWI5ODAtNDU1ZTAzMDFiNDUxLnBuZyIsInVhIjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk2LjAuNDY2NC45MyBTYWZhcmkvNTM3LjM2IiwidWgiOiJlMWE5MjE5ODM4YzhlZGQ3ZmQ2NGE1OWMyZDE0MTVlNSIsInVpIjoiZGZmZTdkNzktMjQ1ZS01ZThlLWJlNmEtNGMwN2U3NDUxMzU1IiwidXIiOiIxODpwdXNoX25hdGl2ZTozMTYzNTM6dHJ1ZToifQ.A49hsYPDm_lOPCANKBua0Lh8eNN1LCtCmlT9eg3wKvI%26ap%3D0.000822&image_url=https%3A%2F%2Fcdn18383040.ahacdn.me%2Fassets%2F31ea8a00-7e0b-41bf-b980-455e0301b451.png&cpa=b6bf2172-631a-4c9c-ab86-15bdc86a8f2b&mlf=1&format=default-r-d&mlc=1 HTTP 302
  • https://tcb.pushic.com/v1/track/impression?data=eyJhbGciOiJIUzI1NiJ9.eyJhbCI6ImRlLURFIiwiaSI6IjMxNjM1MzoxODozODkxOTAxMjUzNjYwMjAwNjUyOjM4ODo3Mjg6MTQzMjg5MzA1ODU4OTA3ODU5NTA6Njo4MjA3MCIsImlwIjoiMTk0LjM2LjEwOC4yMCIsImp0aSI6IjU4NWNiNWVmLWQ4ZTEtNGM4Zi1iNWM4LTQ4YmE1MWY1ZDVhOSIsInAiOjAuMDAwODIyLCJzcCI6Int9IiwidCI6InB1c2hfbmF0aXZlOmNwYyIsInUiOiJodHRwczovL2NkbjE4MzgzMDQwLmFoYWNkbi5tZS9hc3NldHMvMzFlYThhMDAtN2UwYi00MWJmLWI5ODAtNDU1ZTAzMDFiNDUxLnBuZyIsInVhIjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk2LjAuNDY2NC45MyBTYWZhcmkvNTM3LjM2IiwidWgiOiJlMWE5MjE5ODM4YzhlZGQ3ZmQ2NGE1OWMyZDE0MTVlNSIsInVpIjoiZGZmZTdkNzktMjQ1ZS01ZThlLWJlNmEtNGMwN2U3NDUxMzU1IiwidXIiOiIxODpwdXNoX25hdGl2ZTozMTYzNTM6dHJ1ZToifQ.A49hsYPDm_lOPCANKBua0Lh8eNN1LCtCmlT9eg3wKvI&ap=0.000822 HTTP 302
  • https://cdn18383040.ahacdn.me/assets/31ea8a00-7e0b-41bf-b980-455e0301b451.png
Request Chain 21
  • https://puwpush.com/popunder/in/show/?mid=925836658&pid=0&site=native-push&sc=DE&usage_type=DCH&subid=784638506&sid=1490576822&cid=10289&price=0&is_cpm=1&cpm=2.5&ecpm=2.5&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=6353&out_id=0&ver=2.20.9&ver_c=&refdom=kitaur.cyou&hostname=auc-inpage-hz-3&site_id=316353&spot_id=0&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=0&created_at=2021-12-18&is_native=3&auction_queue=0&burl=&pop_winurl=&ip=194.36.108.20&testab=0&px_id=316353&adblock=0&auction_host=&pop_type=1&space_id=1546&url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FDE%2FDE_4c0f319d1a96beb4e3d95713256cda506ce66fd8_icon.webp&cpa=6735479d-977b-40f4-8c6c-7091771ad894&mlf=1&format=default-r-d HTTP 302
  • https://static.bookmsg.com/creatives/DE/DE_4c0f319d1a96beb4e3d95713256cda506ce66fd8_icon.webp

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
kitaur.cyou/ 		22 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://kitaur.cyou/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:4114 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.8
Resource Hash
0fe3a274d79fdda2e42a0d170af167a72b33db0fa021710376918689d7054b31

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Sat, 18 Dec 2021 10:18:04 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.4.8
access-control-allow-origin
*
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HBEnKBfID3b3JGktAvcIw3a%2BvrF7dZj09cGcMZZnK3FbruuGautB0nxsBYbDLTEgRk0Rlr9HGztmX3JNJIDABU960JyDhaQZY92dq4nspULABsGuqldDSQAZTHFK5nm5BfLG9smjmeIa4g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6bf7a521bd63375e-MXP
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
ps.js
js.dynssp.com/ps/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.dynssp.com/ps/ps.js?id=3fyCVAiuIEOxl8jJi0O59Q
Requested by
Host: kitaur.cyou
URL: https://kitaur.cyou/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
46.148.125.182 Haarlem, Netherlands, ASN35277 (LLHOST-INC-SRL, RO),
Reverse DNS
har57.srv.llhost-inc.com
Software
nginx /
Resource Hash
6c1f153640761c1342b5954209bcde745d8ba776d9264ea4021bbfdcc6093861

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://kitaur.cyou/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 18 Dec 2021 10:18:04 GMT
cache-control
max-age=0, no-cache, no-store, must-revalidate
server
nginx
content-length
7913
content-type
application/javascript
config.js
js.dynssp.com/ps/ 		356 B
482 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.dynssp.com/ps/config.js?id=3fyCVAiuIEOxl8jJi0O59Q
Requested by
Host: js.dynssp.com
URL: https://js.dynssp.com/ps/ps.js?id=3fyCVAiuIEOxl8jJi0O59Q
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
46.148.125.182 Haarlem, Netherlands, ASN35277 (LLHOST-INC-SRL, RO),
Reverse DNS
har57.srv.llhost-inc.com
Software
nginx /
Resource Hash
328edfbd969517b49101cd8dcc0f333b9914cdf2077524cf7d903b246e25e4e2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://kitaur.cyou/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 18 Dec 2021 10:18:04 GMT
cache-control
max-age=0, no-cache, no-store, must-revalidate
server
nginx
content-length
356
content-type
application/javascript
main.js
sw.wpush.org/script/ 		75 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sw.wpush.org/script/main.js?promo=24303&tcid=6353&src=784638506
Requested by
Host: kitaur.cyou
URL: https://kitaur.cyou/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.24 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
638341870e326a881a8599ca76a53d916752f6d1170bd6f22236e5947eadedbf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://kitaur.cyou/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 18 Dec 2021 10:18:04 GMT
content-encoding
gzip
last-modified
Wed, 18 Aug 2021 13:25:45 GMT
server
nginx/1.18.0
etag
W/"611d0a59-12a35"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Sat, 18 Dec 2021 11:18:04 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
truncated
/ 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/gif
hit;porno_kobec_new_4
counter.yadro.ru/
Redirect Chain
  • https://counter.yadro.ru/hit;porno_kobec_new_4?t52.6;r;s1600*1200*24;uhttps%3A//kitaur.cyou/;hVideo%20Catalog;0.6327160506139093
  • https://counter.yadro.ru/hit;porno_kobec_new_4?q;t52.6;r;s1600*1200*24;uhttps%3A//kitaur.cyou/;hVideo%20Catalog;0.6327160506139093
410 B
896 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://counter.yadro.ru/hit;porno_kobec_new_4?q;t52.6;r;s1600*1200*24;uhttps%3A//kitaur.cyou/;hVideo%20Catalog;0.6327160506139093
Requested by
Host: kitaur.cyou
URL: https://kitaur.cyou/
Protocol
HTTP/1.1
Server
88.212.201.198 , Russian Federation, ASN39134 (UNITEDNET, RU),
Reverse DNS
host198.rax.ru
Software
nginx/1.17.9 /
Resource Hash
ed8639c57f216bc207c72bc4098e07bc6296d825c2269c90296fb3810ea2c69e
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://kitaur.cyou/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 18 Dec 2021 10:18:16 GMT
Server
nginx/1.17.9
Strict-Transport-Security
max-age=86400
P3P
policyref="/w3c/p3p.xml", CP="UNI"
Access-Control-Allow-Origin
*
Cache-control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
410
Expires
Thu, 17 Dec 2020 21:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 18 Dec 2021 10:18:16 GMT
Server
nginx/1.17.9
Strict-Transport-Security
max-age=86400
P3P
policyref="/w3c/p3p.xml", CP="UNI"
Location
https://counter.yadro.ru/hit;porno_kobec_new_4?q;t52.6;r;s1600*1200*24;uhttps%3A//kitaur.cyou/;hVideo%20Catalog;0.6327160506139093
Cache-control
no-cache
Connection
keep-alive
Content-Type
text/html
Content-Length
32
Expires
Thu, 17 Dec 2020 21:00:00 GMT
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b6d7a3c4abc9aeaa895a16fc1aa55b0acc107a183e815fac4d9415631e8349e6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/jpeg
firebase-app.js
www.gstatic.com/firebasejs/8.4.1/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/firebasejs/8.4.1/firebase-app.js
Requested by
Host: js.dynssp.com
URL: https://js.dynssp.com/ps/ps.js?id=3fyCVAiuIEOxl8jJi0O59Q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://kitaur.cyou/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 03:14:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
284587
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6763
x-xss-protection
0
last-modified
Tue, 13 Apr 2021 06:56:11 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="firebase-js"
vary
Accept-Encoding
report-to
{"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 03:14:57 GMT
npush.js
js.wpushsdk.com/npc/sdk/wpu/ 		91 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.wpushsdk.com/npc/sdk/wpu/npush.js
Requested by
Host: sw.wpush.org
URL: https://sw.wpush.org/script/main.js?promo=24303&tcid=6353&src=784638506
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.24 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
2e790a7264a6f4513f509764e1a64638c91961b8e58641e6260baa0c9e56990b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://kitaur.cyou/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 18 Dec 2021 10:18:04 GMT
content-encoding
gzip
last-modified
Thu, 02 Sep 2021 09:32:34 GMT
server
nginx/1.18.0
etag
W/"61309a32-16a1b"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Sat, 18 Dec 2021 11:18:04 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
firebase-messaging.js
www.gstatic.com/firebasejs/8.4.1/ 		40 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
Requested by
Host: js.dynssp.com
URL: https://js.dynssp.com/ps/ps.js?id=3fyCVAiuIEOxl8jJi0O59Q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://kitaur.cyou/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 02:17:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
115257
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10908
x-xss-protection
0
last-modified
Tue, 13 Apr 2021 06:56:17 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="firebase-js"
vary
Accept-Encoding
report-to
{"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 17 Dec 2022 02:17:07 GMT
6353.php
js.jnkstff.com/npc/anpc/ 		130 B
339 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://js.jnkstff.com/npc/anpc/6353.php
Requested by
Host: js.wpushsdk.com
URL: https://js.wpushsdk.com/npc/sdk/wpu/npush.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.25 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.16.1 / PHP/7.1.28
Resource Hash
0b1cd689e19af8510babc1f044c468f6e178d637b160de038f4d3fc7348cfc2e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://kitaur.cyou/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 18 Dec 2021 10:18:04 GMT
content-encoding
gzip
server
nginx/1.16.1
x-powered-by
PHP/7.1.28
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
expires
Sat, 18 Dec 2021 11:18:04 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
csub.js
js.wpushsdk.com/npc/sdk/wpu/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.wpushsdk.com/npc/sdk/wpu/csub.js
Requested by
Host: js.wpushsdk.com
URL: https://js.wpushsdk.com/npc/sdk/wpu/npush.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.24 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
c91a75b4331f5f78cdb3b1264724d73a79d10c83d0bd186261a7f7a2b8d04f1e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://kitaur.cyou/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 18 Dec 2021 10:18:04 GMT
content-encoding
gzip
last-modified
Thu, 28 Oct 2021 14:05:52 GMT
server
nginx/1.18.0
etag
W/"617aae40-32b9"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Sat, 18 Dec 2021 11:18:04 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
dip
nereserv.com/in/ 		0
193 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://nereserv.com/in/dip?wl=1&event_id=b055d77c-4bc6-4258-97c7-bfad3755153b&subid=784638506&sid=1490576822&spot_id=0&created_at=2021-12-18&timezone=0&ver=2.20.9&is_native=1&site=native-push
Requested by
Host: js.wpushsdk.com
URL: https://js.wpushsdk.com/npc/sdk/wpu/npush.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
168.119.25.22 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.22.25.119.168.clients.your-server.de
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://kitaur.cyou/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 18 Dec 2021 10:18:04 GMT
server
nginx/1.18.0
vary
Origin
access-control-allow-methods
*
access-control-allow-origin
*
cache-control
no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers
*
content-length
0
multy
ntvpinp.com/in/ 		6 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ntvpinp.com/in/multy?wl=1&event_id=b055d77c-4bc6-4258-97c7-bfad3755153b&subid=784638506&sid=1490576822&spot_id=0&created_at=2021-12-18&timezone=0&ver=2.20.9&is_native=1&cid=0&tcid=6353&site=native-push&screen_resolution=1600x1200&tw=0&format=default-r-d&adblock=0&testab=0
Requested by
Host: js.wpushsdk.com
URL: https://js.wpushsdk.com/npc/sdk/wpu/npush.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:4f8:e0:19cb::1 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
4e3046c938533d29b2ba2c3b917d8090a5c97b3f1c4d9958db6e48e0e8dbe4d7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://kitaur.cyou/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 18 Dec 2021 10:18:05 GMT
server
nginx/1.18.0
vary
Origin
access-control-allow-methods
*
content-type
application/json
access-control-allow-origin
*
cache-control
no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers
*
content-length
5977
trk
trk.dynssp.com/ 		95 B
212 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trk.dynssp.com/trk?s1=Qgn0swFS%2FAyU5sDBZkPFRgM81ybm1WrY2YIjxqLsGrmTG4WzI%2By2u16bDwY5XKbZA1g%2BhIPJ2aW5rzW80AOsngTZfcmdBtiZYrKJd%2FDSMKg4m3hlLo43an1whpuAUgfuhSlOkpG5gU7OGK0vs1R9d07R6%2Bh%2BRFrMB4fviD%2FcDjd74FHcAe8nw%2BZ5fKE5cOxhScNC5N4drNdfUrcnBMeXIbPIoY6sisiNa0bIOty2OI7Ix8C3Bgc%3D&type=0
Requested by
Host: kitaur.cyou
URL: https://kitaur.cyou/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
46.148.125.182 Haarlem, Netherlands, ASN35277 (LLHOST-INC-SRL, RO),
Reverse DNS
har57.srv.llhost-inc.com
Software
nginx /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://kitaur.cyou/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 18 Dec 2021 10:18:04 GMT
cache-control
max-age=0, no-cache, no-store, must-revalidate
server
nginx
content-length
95
content-type
image/png
styles.css
js.wpushsdk.com/npc/sdk/push/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.wpushsdk.com/npc/sdk/push/styles.css
Requested by
Host: sw.wpush.org
URL: https://sw.wpush.org/script/main.js?promo=24303&tcid=6353&src=784638506
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.24 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
1530691d7096753c4a33ff3d11be983fbec896774cffe9a3555c2c81e6f18906

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://kitaur.cyou/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 18 Dec 2021 10:18:04 GMT
content-encoding
gzip
last-modified
Thu, 16 Jul 2020 20:33:19 GMT
server
nginx/1.18.0
etag
W/"5f10b98f-843"
content-type
text/css
access-control-allow-origin
*
expires
Sat, 18 Dec 2021 11:18:04 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
subscription-offers
notification.tubecup.net/in/ 		0
193 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://notification.tubecup.net/in/subscription-offers?href=https%3A%2F%2Fkitaur.cyou%2F&tcid=6353&spot_id=0&site=tcpublisher&source_id=784638506
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.198.209.36 Peutenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.88-198-209-36.clients.your-server.de
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://kitaur.cyou/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 18 Dec 2021 10:18:04 GMT
server
nginx/1.18.0
vary
Origin
access-control-allow-methods
*
access-control-allow-origin
*
cache-control
no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers
*
content-length
0
DE_4c0f319d1a96beb4e3d95713256cda506ce66fd8.webp
static.bookmsg.com/creatives/DE/ Frame 4452 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.bookmsg.com/creatives/DE/DE_4c0f319d1a96beb4e3d95713256cda506ce66fd8.webp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.10.217.94 Munich, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.85-10-217-94.clients.your-server.de
Software
nginx/1.18.0 /
Resource Hash
6a22e4c151ea8365e1df836097f16d7a17caa5985633a39d811280c7318c5ae8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 18 Dec 2021 10:18:05 GMT
last-modified
Tue, 24 Nov 2020 14:19:45 GMT
server
nginx/1.18.0
etag
"5fbd1681-cd8"
content-type
image/webp
cache-control
public, max-age=315360000
accept-ranges
bytes
content-length
3288
31ea8a00-7e0b-41bf-b980-455e0301b451.png
cdn18383040.ahacdn.me/assets/
Redirect Chain
  • https://ntvpforever.com/in/show/?mid=925836658&pid=0&site=native-push&sc=DE&usage_type=DCH&subid=784638506&sid=1490576822&cid=1200&price=0.000822&is_cpm=0&cpm=0&ecpm=0.018331217621024465&crid=728&c...
  • https://tcb.pushic.com/v1/track/impression?data=eyJhbGciOiJIUzI1NiJ9.eyJhbCI6ImRlLURFIiwiaSI6IjMxNjM1MzoxODozODkxOTAxMjUzNjYwMjAwNjUyOjM4ODo3Mjg6MTQzMjg5MzA1ODU4OTA3ODU5NTA6Njo4MjA3MCIsImlwIjoiMTk0...
  • https://cdn18383040.ahacdn.me/assets/31ea8a00-7e0b-41bf-b980-455e0301b451.png
85 KB
85 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn18383040.ahacdn.me/assets/31ea8a00-7e0b-41bf-b980-455e0301b451.png
Protocol
H2
Server
45.133.44.25 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
325cc7c6caec8ddf2c10337e08a83fc94a2688ce877c622263b321f408305379

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://kitaur.cyou/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 18 Dec 2021 10:18:05 GMT
server
nginx/1.18.0
vary
Origin
content-type
image/png
access-control-allow-origin
*
expires
Sat, 14 May 2022 12:01:25 GMT
cache-control
max-age=31536000
content-length
87264
x-proxy-cache
HIT

Redirect headers

location
https://cdn18383040.ahacdn.me/assets/31ea8a00-7e0b-41bf-b980-455e0301b451.png
date
Sat, 18 Dec 2021 10:18:05 GMT
server
nginx/1.18.0
content-length
0
vary
Origin
content-type
text/plain; charset=utf-8
31ea8a00-7e0b-41bf-b980-455e0301b451.png
cdn18383040.ahacdn.me/assets/ 		85 KB
85 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn18383040.ahacdn.me/assets/31ea8a00-7e0b-41bf-b980-455e0301b451.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.25 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
325cc7c6caec8ddf2c10337e08a83fc94a2688ce877c622263b321f408305379

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://kitaur.cyou/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 18 Dec 2021 10:18:05 GMT
server
nginx/1.18.0
vary
Origin
content-type
image/png
access-control-allow-origin
*
expires
Sat, 14 May 2022 12:01:25 GMT
cache-control
max-age=31536000
content-length
87264
x-proxy-cache
HIT
truncated
/ Frame 4452 		692 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9c55477bf59eb7492347a8ddf46d0c1fe1d5d3cae02d74e514cca631af3ef65f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 4452 		862 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1e1ca32c4b05ca52e5b8bd614b431294310129c02f7408808367d5d2b244ddb3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml
DE_4c0f319d1a96beb4e3d95713256cda506ce66fd8_icon.webp
static.bookmsg.com/creatives/DE/ Frame 4452
Redirect Chain
  • https://puwpush.com/popunder/in/show/?mid=925836658&pid=0&site=native-push&sc=DE&usage_type=DCH&subid=784638506&sid=1490576822&cid=10289&price=0&is_cpm=1&cpm=2.5&ecpm=2.5&crid=&crtid=d41d8cd98f00b2...
  • https://static.bookmsg.com/creatives/DE/DE_4c0f319d1a96beb4e3d95713256cda506ce66fd8_icon.webp
752 B
908 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.bookmsg.com/creatives/DE/DE_4c0f319d1a96beb4e3d95713256cda506ce66fd8_icon.webp
Protocol
H2
Server
85.10.217.94 Munich, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.85-10-217-94.clients.your-server.de
Software
nginx/1.18.0 /
Resource Hash
5697845a65dcf4abf831944b560bcde2e0e482daaa205b8b46023d86fa1f5e07

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 18 Dec 2021 10:18:05 GMT
last-modified
Tue, 24 Nov 2020 14:19:45 GMT
server
nginx/1.18.0
etag
"5fbd1681-2f0"
content-type
image/webp
cache-control
public, max-age=315360000
accept-ranges
bytes
content-length
752

Redirect headers

pragma
no-cache
date
Sat, 18 Dec 2021 10:18:05 GMT
server
nginx/1.16.0
access-control-allow-origin
*
vary
Origin
location
https://static.bookmsg.com/creatives/DE/DE_4c0f319d1a96beb4e3d95713256cda506ce66fd8_icon.webp
cache-control
no-transform, no-cache, no-store, must-revalidate
content-length
0

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| a3_0xd243 function| initPush function| askPermission function| sendTokenToServer function| isTokenSentToServer function| setTokenSentToServer function| sendSubscriptionInfoToServer function| createCORSRequest string| prm function| e object| config object| regeneratorRuntime function| setImmediate function| clearImmediate function| tcpusher object| firebase function| __fp-init

3 Cookies

Domain/Path Name / Value
js.dynssp.com/ Name: __psu
Value: 5761f555-2ffe-4f30-90f7-cc591237a2a2
.yadro.ru/ Name: FTID
Value: 1XlRLe3212uD1XlRLe001RKJ
.yadro.ru/ Name: VID
Value: 2i7bHJ2wDj8D1XlRLe001RM5

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn18383040.ahacdn.me
counter.yadro.ru
js.dynssp.com
js.jnkstff.com
js.wpushsdk.com
kitaur.cyou
nereserv.com
notification.tubecup.net
ntvpforever.com
ntvpinp.com
puwpush.com
static.bookmsg.com
sw.wpush.org
tcb.pushic.com
trk.dynssp.com
www.gstatic.com
168.119.25.22
2606:4700:3031::6815:4114
2a00:1450:4001:810::2003
2a01:4f8:c0:2306::1
2a01:4f8:e0:19cb::1
45.133.44.24
45.133.44.25
46.148.125.182
85.10.217.94
88.198.182.68
88.198.209.36
88.212.201.198
0b1cd689e19af8510babc1f044c468f6e178d637b160de038f4d3fc7348cfc2e
0fe3a274d79fdda2e42a0d170af167a72b33db0fa021710376918689d7054b31
1530691d7096753c4a33ff3d11be983fbec896774cffe9a3555c2c81e6f18906
1e1ca32c4b05ca52e5b8bd614b431294310129c02f7408808367d5d2b244ddb3
2e790a7264a6f4513f509764e1a64638c91961b8e58641e6260baa0c9e56990b
325cc7c6caec8ddf2c10337e08a83fc94a2688ce877c622263b321f408305379
328edfbd969517b49101cd8dcc0f333b9914cdf2077524cf7d903b246e25e4e2
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
4e3046c938533d29b2ba2c3b917d8090a5c97b3f1c4d9958db6e48e0e8dbe4d7
5697845a65dcf4abf831944b560bcde2e0e482daaa205b8b46023d86fa1f5e07
638341870e326a881a8599ca76a53d916752f6d1170bd6f22236e5947eadedbf
6a22e4c151ea8365e1df836097f16d7a17caa5985633a39d811280c7318c5ae8
6c1f153640761c1342b5954209bcde745d8ba776d9264ea4021bbfdcc6093861
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9c55477bf59eb7492347a8ddf46d0c1fe1d5d3cae02d74e514cca631af3ef65f
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7
b6d7a3c4abc9aeaa895a16fc1aa55b0acc107a183e815fac4d9415631e8349e6
c91a75b4331f5f78cdb3b1264724d73a79d10c83d0bd186261a7f7a2b8d04f1e
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed8639c57f216bc207c72bc4098e07bc6296d825c2269c90296fb3810ea2c69e