dissectingmalwa.re Open in urlscan Pro
85.13.137.36  Public Scan

23 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

43 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request tfw-ransomware-is-only-your-side-hustle.html Show response dissectingmalwa.re/	26 KB 6 KB	128ms 48ms	Document text/html	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Full URL https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 441812043620db2cfec7cc144ac462162f5daa4fd34ff19721db683afa68ae0f Request headers :method GET :authority dissectingmalwa.re :scheme https :path /tfw-ransomware-is-only-your-side-hustle.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT server Apache last-modified Wed, 23 Dec 2020 22:12:43 GMT etag "662e-5b728fd8686c5-br" accept-ranges bytes vary Accept-Encoding,User-Agent content-encoding br content-length 6239 content-type text/html
GET H2	200	css fonts.googleapis.com/	2 KB 635 B	17ms 15ms	Stylesheet text/css	2a00:1450:4001:80e::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans:800italic Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 97e3082d8a8979f619dc92924d61a900427391a1e34031ec0aca528aeb124b81 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Wed, 10 Feb 2021 13:13:11 GMT server ESF date Wed, 10 Feb 2021 13:13:11 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 10 Feb 2021 13:13:11 GMT
GET H2	200	css fonts.googleapis.com/	2 KB 629 B	16ms 14ms	Stylesheet text/css	2a00:1450:4001:80e::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Oswald Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash c8188eeef909338c6c6f466a9c661d4ae00f5fc92161874645b8885fdf555668 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Wed, 10 Feb 2021 11:40:03 GMT server ESF date Wed, 10 Feb 2021 13:13:11 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 10 Feb 2021 13:13:11 GMT
GET H2	200	uikit.min.css cdnjs.cloudflare.com/ajax/libs/uikit/2.23.0/css/	95 KB 15 KB	15ms 13ms	Stylesheet text/css	2606:4700::6810:125e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/uikit/2.23.0/css/uikit.min.css Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e47e8f9c5b5922e32f404f259857f440287c11fd710498e429ffca76286ceae4 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"max_age":604800,"report_to":"cf-nel"} age 4007712 cross-origin-resource-policy cross-origin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 14795 cf-request-id 082dac1886000032371d9ac000000001 timing-allow-origin * last-modified Mon, 04 May 2020 16:17:24 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb04014-17b3c" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=o108cdxUvE9rjIg4Lei82ZJea6dgpIPSvZfKmjbclo1qEGzsVX94wpEjZ7T1JItVwR%2BmMUssPJDjlYwVBES9pV0Btq4ogeCzlM%2Bo9KBs3UXdLjpajJZN2c%2FRgiJ1YaJywg%3D%3D"}],"group":"cf-nel"} content-type text/css; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 61f6160739c13237-FRA expires Mon, 31 Jan 2022 13:13:11 GMT
GET H2	200	search.min.css cdnjs.cloudflare.com/ajax/libs/uikit/2.23.0/css/components/	2 KB 917 B	21ms 19ms	Stylesheet text/css	2606:4700::6810:125e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/uikit/2.23.0/css/components/search.min.css Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5c874534b101e6ddaf1591ad50a5ec7b3f7a71c06a812f9ce960b571f02dd447 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"max_age":604800,"report_to":"cf-nel"} age 99355 cross-origin-resource-policy cross-origin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 593 cf-request-id 082dac1886000032374a0d2000000001 timing-allow-origin * last-modified Mon, 04 May 2020 16:17:24 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb04014-80b" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pIGgb2DaI0P0kFLvdfhHstxeJG2RGGHFzTAr%2FIMHvcom4kZTEsm1cKnRkJNzh9KMulHE5HWTZ4Pb0WGLsVQP%2BNcZYTx11FCErgUfsISXXR6unUDLZ%2FyAyAKgq0MtXNpThw%3D%3D"}],"group":"cf-nel"} content-type text/css; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 61f6160739c53237-FRA expires Mon, 31 Jan 2022 13:13:11 GMT
GET H2	200	tipuesearch.css dissectingmalwa.re/theme/css/	2 KB 753 B	39ms 38ms	Stylesheet text/css	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Full URL https://dissectingmalwa.re/theme/css/tipuesearch.css Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 0ce5059a284a876fff46296c25c492939e3bee8b181c555fd700b1e156a5dc78 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT content-encoding br last-modified Wed, 03 Jun 2020 21:52:52 GMT server Apache etag "8c9-5a7350cc2543b-br" vary Accept-Encoding,User-Agent content-type text/css accept-ranges bytes content-length 671
GET H2	200	solarized.css dissectingmalwa.re/theme/css/	4 KB 1 KB	40ms 39ms	Stylesheet text/css	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Full URL https://dissectingmalwa.re/theme/css/solarized.css Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 988d5db23ac3272f573c58b76fe72182c327d1a1004b606600e7adced61c5a7b Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT content-encoding br last-modified Wed, 03 Jun 2020 21:52:52 GMT server Apache etag "1128-5a7350cbf75e0-br" vary Accept-Encoding,User-Agent content-type text/css accept-ranges bytes content-length 992
GET H2	200	main.css dissectingmalwa.re/theme/css/	3 KB 974 B	41ms 39ms	Stylesheet text/css	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Full URL https://dissectingmalwa.re/theme/css/main.css Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 324cd3181d3811633aab285f7f84bab43d1f31bc19a1f1116bdcc6ec25c4e841 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT content-encoding br last-modified Mon, 14 Dec 2020 20:43:52 GMT server Apache etag "cc0-5b672b3392bf5-br" vary Accept-Encoding,User-Agent content-type text/css accept-ranges bytes content-length 900
GET H2	200	html5shiv.min.js Show response cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.2/	3 KB 1 KB	13ms 12ms	Script application/javascript	2606:4700::6810:125e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.2/html5shiv.min.js Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e0eac80838c161f29e7c46d54fbc044d12cd164baae13255e562c6be3aa91809 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"max_age":604800,"report_to":"cf-nel"} age 107093 cross-origin-resource-policy cross-origin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 1104 cf-request-id 082dac18860000323734130000000001 timing-allow-origin * last-modified Mon, 04 May 2020 16:11:10 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03e9e-a4c" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3gGasHjc42usDoxkY0LpjTvZnIsAJy15zQrIW3HbwyjxjcsW4YQUVkWTbmVIK2nQVDVP1GZYsMntPhJVzBpEPagGodtz77l5SJO%2FLHaS8vIcESlgz%2Fx6owaXM2Cul6KukQ%3D%3D"}],"group":"cf-nel"} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 61f6160739c73237-FRA expires Mon, 31 Jan 2022 13:13:11 GMT
GET H2	200	jodel-email.png dissectingmalwa.re/img/	106 KB 107 KB	64ms 57ms	Image image/png	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://dissectingmalwa.re/img/jodel-email.png Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash f5aa1d41156256d2517ac6b9578e19fd513fbd7a3d09615af72420d881efc741 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Thu, 01 Aug 2019 21:53:58 GMT server Apache accept-ranges bytes etag "1a81a-58f15475fea62" content-length 108570 content-type image/png
GET H2	200	jodel-link.png dissectingmalwa.re/img/	39 KB 39 KB	103ms 96ms	Image image/png	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://dissectingmalwa.re/img/jodel-link.png Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 70c6619f9f81d5db7ab7aaf88ec0c4e189b7a2dddccdab18ef362d73e27675b9 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Thu, 01 Aug 2019 21:53:58 GMT server Apache accept-ranges bytes etag "9ace-58f15475f0fa4" content-length 39630 content-type image/png
GET H2	200	jodel-url.png dissectingmalwa.re/img/	36 KB 36 KB	104ms 97ms	Image image/png	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://dissectingmalwa.re/img/jodel-url.png Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 30512802c8cf38a81f4c2d636cbe1c466d8108dad66825e80144e4f7de7505e2 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Thu, 01 Aug 2019 21:53:58 GMT server Apache accept-ranges bytes etag "8fcb-58f15476364fc" content-length 36811 content-type image/png
GET H2	200	jodel-zeros.png dissectingmalwa.re/img/	17 KB 18 KB	64ms 58ms	Image image/png	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://dissectingmalwa.re/img/jodel-zeros.png Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 45d562534a3c5f3e20916cb21c2824035306bb54f9be0ac808091fff78e236ac Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Thu, 01 Aug 2019 22:44:06 GMT server Apache accept-ranges bytes etag "4591-58f15faae6a6a" content-length 17809 content-type image/png
GET H2	200	germanWiper-run.png dissectingmalwa.re/img/	119 KB 120 KB	103ms 97ms	Image image/png	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://dissectingmalwa.re/img/germanWiper-run.png Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 7e5bde4a1d84500c4d13b5284509cf62a115ef8600052201802dd843f17d1453 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Fri, 02 Aug 2019 19:22:52 GMT server Apache accept-ranges bytes etag "1dda0-58f2748dce420" content-length 122272 content-type image/png
GET H2	200	germanWiper-die.png dissectingmalwa.re/img/	86 KB 86 KB	103ms 97ms	Image image/png	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://dissectingmalwa.re/img/germanWiper-die.png Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash e5702b13fd82dd1fccdf107b3650a182cbff2423190eda53022760e578e402f4 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Fri, 02 Aug 2019 18:24:37 GMT server Apache accept-ranges bytes etag "1569e-58f2678902951" content-length 87710 content-type image/png
GET H2	200	germanWiper-entropy.png dissectingmalwa.re/img/	77 KB 78 KB	103ms 97ms	Image image/png	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://dissectingmalwa.re/img/germanWiper-entropy.png Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 32363216d832da5a7da2f0527479ba90a43ada78466e7cae96528e0d52991c3f Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Fri, 02 Aug 2019 18:24:37 GMT server Apache accept-ranges bytes etag "135b2-58f26788ef0d3" content-length 79282 content-type image/png
GET H2	200	germanWiper-upx.png dissectingmalwa.re/img/	38 KB 38 KB	90ms 85ms	Image image/png	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://dissectingmalwa.re/img/germanWiper-upx.png Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 85ac47b23efb3d5f2643d25ce93b761c3cfbda47f9de65b681360825a399f8b4 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Fri, 02 Aug 2019 18:24:37 GMT server Apache accept-ranges bytes etag "96c2-58f267884fe05" content-length 38594 content-type image/png
GET H2	200	germanWiper-filepng.png dissectingmalwa.re/img/	6 KB 7 KB	103ms 98ms	Image image/png	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://dissectingmalwa.re/img/germanWiper-filepng.png Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash ed96b910dc3a833f09e6992e0b1b2ee4e8127b1a83b169a77c6efeffac68d983 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Fri, 02 Aug 2019 18:24:37 GMT server Apache accept-ranges bytes etag "19cc-58f26788b37ba" content-length 6604 content-type image/png
GET H2	200	germanWiper-newURL.png dissectingmalwa.re/img/	6 KB 6 KB	104ms 98ms	Image image/png	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://dissectingmalwa.re/img/germanWiper-newURL.png Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 623c27a630ada17fd805e9e80823ec49e746158e9a27f67654f2a5883e351804 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Fri, 02 Aug 2019 18:24:37 GMT server Apache accept-ranges bytes etag "18f5-58f26788a4d5b" content-length 6389 content-type image/png
GET H2	200	germanWiper-vssadmin.png dissectingmalwa.re/img/	25 KB 25 KB	90ms 85ms	Image image/png	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://dissectingmalwa.re/img/germanWiper-vssadmin.png Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 80382672da6ee9eb7afea19b5416c6b0691a4b428b7835fb8a2a5a402f5190b8 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Fri, 02 Aug 2019 18:24:37 GMT server Apache accept-ranges bytes etag "6379-58f2678876f00" content-length 25465 content-type image/png
GET H2	200	germanWiper-ph.png dissectingmalwa.re/img/	10 KB 10 KB	91ms 87ms	Image image/png	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://dissectingmalwa.re/img/germanWiper-ph.png Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 80f7bffcd868f483904ac4c6e0e2644242068724a4661aec5a5d373fb6bcfc40 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Fri, 02 Aug 2019 18:37:04 GMT server Apache accept-ranges bytes etag "28da-58f26a5135c81" content-length 10458 content-type image/png
GET H2	200	germanWiper-start.png dissectingmalwa.re/img/	24 KB 24 KB	91ms 87ms	Image image/png	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://dissectingmalwa.re/img/germanWiper-start.png Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 44306b0be7d655e88003a99ac62a47f89a244afd4d7c664c14a9b4eefe56a551 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Fri, 02 Aug 2019 19:23:02 GMT server Apache accept-ranges bytes etag "5f6e-58f27497838ac" content-length 24430 content-type image/png
GET H2	200	germanWiper-autostart.png dissectingmalwa.re/img/	12 KB 12 KB	102ms 98ms	Image image/png	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://dissectingmalwa.re/img/germanWiper-autostart.png Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 1c4e8c037b60ae7248c894b9c0d22c90083f1782e43367bec9d3e8f7dc696476 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Fri, 02 Aug 2019 19:22:56 GMT server Apache accept-ranges bytes etag "2feb-58f27491875b6" content-length 12267 content-type image/png
GET H2	200	dm-logo.png dissectingmalwa.re/img/	60 KB 61 KB	89ms 85ms	Image image/png	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://dissectingmalwa.re/img/dm-logo.png Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 0ea4207e3fd7ddbcf140b2d0a17917614186bc309c3e1ead578bd5a9fb097a15 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Sat, 12 Dec 2020 14:15:21 GMT server Apache accept-ranges bytes etag "f0f8-5b6450a1664ca" content-length 61688 content-type image/png
GET H2	200	howler.png ransomware.email/img/	30 KB 30 KB	158ms 38ms	Image image/png	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://ransomware.email/img/howler.png Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash c30b1918f9623362018607ea86afcb2751eed25f34edb1b70c8ce2da6c7628b0 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Tue, 07 Jan 2020 15:50:12 GMT server Apache accept-ranges bytes etag "7605-59b8ebb3f4da4" content-length 30213 content-type image/png
GET H2	200	vb.ico dissectingmalwa.re/img/	15 KB 15 KB	89ms 85ms	Image image/vnd.microsoft.icon	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://dissectingmalwa.re/img/vb.ico Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 3cc8f15a6ec5a851841ae210bbb1ce05ab45476a0dfaa1a928d946f99407285f Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Thu, 05 Dec 2019 00:11:41 GMT server Apache etag "3aee-598e9c612999f" vary User-Agent content-type image/vnd.microsoft.icon accept-ranges bytes content-length 15086
GET H2	200	bc.png dissectingmalwa.re/img/	9 KB 9 KB	89ms 86ms	Image image/png	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://dissectingmalwa.re/img/bc.png Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash e8c7445c2f802a78631a417060194f9b15aaaa6ca1caee638c38390073d72c89 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Thu, 05 Dec 2019 21:53:25 GMT server Apache accept-ranges bytes etag "2364-598fbf5681671" content-length 9060 content-type image/png
GET H2	200	ha.png dissectingmalwa.re/img/	9 KB 10 KB	89ms 86ms	Image image/png	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://dissectingmalwa.re/img/ha.png Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash a15e794c0a0195c58f88b9f233d4b364baec348af13975c4d9ea02ac244baf1e Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Thu, 05 Dec 2019 00:11:43 GMT server Apache accept-ranges bytes etag "25db-598e9c62fb68b" content-length 9691 content-type image/png
GET H2	200	vt.png dissectingmalwa.re/img/	3 KB 3 KB	89ms 86ms	Image image/png	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://dissectingmalwa.re/img/vt.png Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 3924431f1d7bf63ce9ed9028558906df0461c036b733ce00fe3bdfd227e5d862 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Thu, 05 Dec 2019 00:11:39 GMT server Apache accept-ranges bytes etag "b44-598e9c5f482b5" content-length 2884 content-type image/png
GET H2	200	icon-key.png dissectingmalwa.re/img/	4 KB 4 KB	89ms 86ms	Image image/png	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://dissectingmalwa.re/img/icon-key.png Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 0f2608981b672b362918028817ca948abd6a6562da777220a969f1e568c6e55f Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Sun, 26 Jan 2020 16:29:22 GMT server Apache accept-ranges bytes etag "1050-59d0d7e4b9256" content-length 4176 content-type image/png
GET H2	200	malpedia.png dissectingmalwa.re/img/	12 KB 12 KB	89ms 86ms	Image image/png	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Show image Full URL https://dissectingmalwa.re/img/malpedia.png Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash febad08442f5f579bb299e889b2c491a78f069b1d40394cee02df1e11e4d56e3 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT last-modified Sat, 12 Dec 2020 13:20:28 GMT server Apache accept-ranges bytes etag "2f96-5b64445cf0ef3" content-length 12182 content-type image/png
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/1.10.2/	91 KB 32 KB	7ms 6ms	Script text/javascript	2a00:1450:4001:812::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 10:50:34 GMT content-encoding gzip x-content-type-options nosniff age 8557 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 32954 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Thu, 10 Feb 2022 10:50:34 GMT
GET H2	200	uikit.min.js Show response cdnjs.cloudflare.com/ajax/libs/uikit/2.23.0/js/	52 KB 13 KB	17ms 16ms	Script application/javascript	2606:4700::6810:125e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/uikit/2.23.0/js/uikit.min.js Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 526337d6cb78701a20d91688757a5b8d09c494ec56f5666d3545f35f4c2cf727 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"max_age":604800,"report_to":"cf-nel"} age 1187678 cross-origin-resource-policy cross-origin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 12682 cf-request-id 082dac18af000032371a9ce000000001 timing-allow-origin * last-modified Mon, 04 May 2020 16:17:24 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb04014-ce32" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YRDeAMHZkPPczCZte6OBO7hHrn3CoUfzfjWpiXripLS0ic9UHU9lFc2eiHQCzfMVeTscacL4AkOeqZHWZXhf58ipcLd53yupZYSjE3cmeUQBCjl7iQU5G8VaVz7R%2BpoiNQ%3D%3D"}],"group":"cf-nel"} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 61f616077a303237-FRA expires Mon, 31 Jan 2022 13:13:11 GMT
GET H2	200	search.min.js Show response cdnjs.cloudflare.com/ajax/libs/uikit/2.23.0/js/components/	3 KB 1 KB	21ms 13ms	Script application/javascript	2606:4700::6810:125e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/uikit/2.23.0/js/components/search.min.js Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5f1b0f46442d86d250771bbe23d99c67f60b7d5cfc1a5ed387f62aae8d216c81 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"max_age":604800,"report_to":"cf-nel"} age 99355 cross-origin-resource-policy cross-origin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 762 cf-request-id 082dac18ba00003237f92f9000000001 timing-allow-origin * last-modified Mon, 04 May 2020 16:17:24 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb04014-aea" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=p%2FZAOxASeNzS4O8Ea6KdvEVjAKgZVrTBkO16SJcAfQ5z6BKJdX7kk5vj0r3w45ZBuMlqU%2BGFbMLfaHKTeBPWD9yRwoiJZTa%2BL2502EkEtzTfdM7fWAF8wEVQUHCh8VQxmw%3D%3D"}],"group":"cf-nel"} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 61f616079a533237-FRA expires Mon, 31 Jan 2022 13:13:11 GMT
GET H2	200	tipuesearch_set.js Show response dissectingmalwa.re/theme/js/	608 B 326 B	47ms 38ms	Script application/javascript	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Full URL https://dissectingmalwa.re/theme/js/tipuesearch_set.js Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 154974aaccfb25460a24adbacb8e3d2774435d958a79b0412441f6e3917bdff6 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT content-encoding br last-modified Wed, 03 Jun 2020 21:52:52 GMT server Apache etag "260-5a7350cba93e9-br" vary Accept-Encoding,User-Agent content-type application/javascript accept-ranges bytes content-length 257
GET H2	200	tipuesearch.js Show response dissectingmalwa.re/theme/js/	21 KB 3 KB	67ms 59ms	Script application/javascript	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Full URL https://dissectingmalwa.re/theme/js/tipuesearch.js Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 895495663303cbf5d6a8f6f3de83e7e94b8720b4b6695886e12028af1b9a3120 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT content-encoding br last-modified Wed, 03 Jun 2020 21:52:51 GMT server Apache etag "558f-5a7350cb65dd0-br" vary Accept-Encoding,User-Agent content-type application/javascript accept-ranges bytes content-length 2840
GET H2	200	jquery.sticky-kit.js Show response dissectingmalwa.re/theme/js/	7 KB 2 KB	66ms 59ms	Script application/javascript	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Full URL https://dissectingmalwa.re/theme/js/jquery.sticky-kit.js Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 6c254a966a6bb4116fb90e910fd6b7e5483b1fafecc2ee7ecb6ff2ded7490f16 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT content-encoding br last-modified Wed, 03 Jun 2020 21:52:52 GMT server Apache etag "1d65-5a7350cb7b58e-br" vary Accept-Encoding,User-Agent content-type application/javascript accept-ranges bytes content-length 1733
GET H2	200	plugins.js Show response dissectingmalwa.re/theme/js/	688 B 351 B	65ms 58ms	Script application/javascript	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Full URL https://dissectingmalwa.re/theme/js/plugins.js Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash b2aeea55b21311bc0996e6bf779267991a6acbb2ec494bc9afef905932374c67 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT content-encoding br last-modified Wed, 03 Jun 2020 21:52:52 GMT server Apache etag "2b0-5a7350cbb3028-br" vary Accept-Encoding,User-Agent content-type application/javascript accept-ranges bytes content-length 299
GET H2	200	main-search.js Show response dissectingmalwa.re/theme/js/	410 B 286 B	66ms 58ms	Script application/javascript	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Full URL https://dissectingmalwa.re/theme/js/main-search.js Requested by Host: dissectingmalwa.re URL: https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash e4297280c74db2b6474b66051f5688f430a2a6c24e8aa44318dcf5549f4d6395 Request headers Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT content-encoding br last-modified Wed, 03 Jun 2020 21:52:51 GMT server Apache etag "19a-5a7350cb58312-br" vary Accept-Encoding,User-Agent content-type application/javascript accept-ranges bytes content-length 212
GET H2	200	memnYaGs126MiZpBA-UFUKW-U9hrIqOxjaPX.woff2 fonts.gstatic.com/s/opensans/v18/	10 KB 10 KB	6ms 6ms	Font font/woff2	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKW-U9hrIqOxjaPX.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open+Sans:800italic Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 9bab0b356d452a6ac7735a73f860787fd845742b9d1843bfb92fac2b75092073 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://dissectingmalwa.re Referer https://fonts.googleapis.com/css?family=Open+Sans:800italic User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 04 Feb 2021 09:20:00 GMT x-content-type-options nosniff last-modified Tue, 15 Sep 2020 18:09:42 GMT server sffe age 532391 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 9760 x-xss-protection 0 expires Fri, 04 Feb 2022 09:20:00 GMT
GET H2	200	TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiYySUhiCXAA.woff fonts.gstatic.com/s/oswald/v36/	12 KB 12 KB	6ms 6ms	Font font/woff	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/oswald/v36/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiYySUhiCXAA.woff Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Oswald Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 6b810957ff3f3c7c207fbb3b24a0c9370f2b23bc94e7acfebceefa0d2976ac99 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://dissectingmalwa.re Referer https://fonts.googleapis.com/css?family=Oswald User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 06 Feb 2021 01:47:01 GMT x-content-type-options nosniff last-modified Thu, 28 Jan 2021 20:33:12 GMT server sffe age 386770 content-type font/woff access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 12672 x-xss-protection 0 expires Sun, 06 Feb 2022 01:47:01 GMT
GET H2	200	fontawesome-webfont.woff2 cdnjs.cloudflare.com/ajax/libs/uikit/2.23.0/fonts/	63 KB 63 KB	15ms 15ms	Font application/octet-stream	2606:4700::6810:125e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/uikit/2.23.0/fonts/fontawesome-webfont.woff2 Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/uikit/2.23.0/css/uikit.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ad9764e32f78e55225cbd63a0dcb0722f4ced8eb5dc35575cd4d08b999320d73 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Origin https://dissectingmalwa.re Referer https://cdnjs.cloudflare.com/ajax/libs/uikit/2.23.0/css/uikit.min.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT x-content-type-options nosniff cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 4007104 cross-origin-resource-policy cross-origin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 64464 cf-request-id 082dac18be0000d6f9fdb5e000000001 timing-allow-origin * last-modified Mon, 04 May 2020 16:17:24 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb04014-fbd0" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=o9n0TUPAruEBwA8R%2B6f%2FrbsngSk0fWRut%2F%2FicUqA4cjYdjMoZ8XEPCj92k2RCErAlCrP4JI4UyMtbuCZo%2BGswIc%2BRk40zRE9l%2BC4XOfmeByzOhObmJ5ecrm2z9gW3OaKAg%3D%3D"}],"group":"cf-nel"} content-type application/octet-stream; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 61f616079c1dd6f9-FRA expires Mon, 31 Jan 2022 13:13:11 GMT
GET H2	200	tipue_search.json Show response dissectingmalwa.re/	199 KB 77 KB	66ms 66ms	XHR application/json	85.13.137.36 02742 Friedersdor...
General Check archive.org Show headers Download Go to Full URL https://dissectingmalwa.re/tipue_search.json Requested by Host: ajax.googleapis.com URL: https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.13.137.36 , Germany, ASN34788 (NMM-AS D - 02742 Friedersdorf Hauptstrasse 68, DE), Reverse DNS dd16018.kasserver.com Software Apache / Resource Hash 7cde6af72f86e643e30ea5780c4e11fc43e561b3e1b89f913b6fb9ba545aa8d0 Request headers Accept application/json, text/javascript, */*; q=0.01 Referer https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 10 Feb 2021 13:13:11 GMT content-encoding br last-modified Wed, 23 Dec 2020 22:12:44 GMT server Apache etag "31c36-5b728fd8e9536-br" vary Accept-Encoding,User-Agent content-type application/json accept-ranges bytes content-length 77954

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| html5 function| hybridana function| $ function| jQuery object| UIkit object| jQuery1102022931409547674297 object| tipuesearch_stop_words object| tipuesearch_replace object| tipuesearch_stem

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdnjs.cloudflare.com
dissectingmalwa.re
fonts.googleapis.com
fonts.gstatic.com
ransomware.email
2606:4700::6810:125e
2a00:1450:4001:80e::200a
2a00:1450:4001:812::200a
2a00:1450:4001:828::2003
85.13.137.36
0ce5059a284a876fff46296c25c492939e3bee8b181c555fd700b1e156a5dc78
0ea4207e3fd7ddbcf140b2d0a17917614186bc309c3e1ead578bd5a9fb097a15
0f2608981b672b362918028817ca948abd6a6562da777220a969f1e568c6e55f
154974aaccfb25460a24adbacb8e3d2774435d958a79b0412441f6e3917bdff6
1c4e8c037b60ae7248c894b9c0d22c90083f1782e43367bec9d3e8f7dc696476
30512802c8cf38a81f4c2d636cbe1c466d8108dad66825e80144e4f7de7505e2
32363216d832da5a7da2f0527479ba90a43ada78466e7cae96528e0d52991c3f
324cd3181d3811633aab285f7f84bab43d1f31bc19a1f1116bdcc6ec25c4e841
3924431f1d7bf63ce9ed9028558906df0461c036b733ce00fe3bdfd227e5d862
3cc8f15a6ec5a851841ae210bbb1ce05ab45476a0dfaa1a928d946f99407285f
441812043620db2cfec7cc144ac462162f5daa4fd34ff19721db683afa68ae0f
44306b0be7d655e88003a99ac62a47f89a244afd4d7c664c14a9b4eefe56a551
45d562534a3c5f3e20916cb21c2824035306bb54f9be0ac808091fff78e236ac
526337d6cb78701a20d91688757a5b8d09c494ec56f5666d3545f35f4c2cf727
5c874534b101e6ddaf1591ad50a5ec7b3f7a71c06a812f9ce960b571f02dd447
5f1b0f46442d86d250771bbe23d99c67f60b7d5cfc1a5ed387f62aae8d216c81
623c27a630ada17fd805e9e80823ec49e746158e9a27f67654f2a5883e351804
6b810957ff3f3c7c207fbb3b24a0c9370f2b23bc94e7acfebceefa0d2976ac99
6c254a966a6bb4116fb90e910fd6b7e5483b1fafecc2ee7ecb6ff2ded7490f16
70c6619f9f81d5db7ab7aaf88ec0c4e189b7a2dddccdab18ef362d73e27675b9
7cde6af72f86e643e30ea5780c4e11fc43e561b3e1b89f913b6fb9ba545aa8d0
7e5bde4a1d84500c4d13b5284509cf62a115ef8600052201802dd843f17d1453
80382672da6ee9eb7afea19b5416c6b0691a4b428b7835fb8a2a5a402f5190b8
80f7bffcd868f483904ac4c6e0e2644242068724a4661aec5a5d373fb6bcfc40
85ac47b23efb3d5f2643d25ce93b761c3cfbda47f9de65b681360825a399f8b4
895495663303cbf5d6a8f6f3de83e7e94b8720b4b6695886e12028af1b9a3120
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
97e3082d8a8979f619dc92924d61a900427391a1e34031ec0aca528aeb124b81
988d5db23ac3272f573c58b76fe72182c327d1a1004b606600e7adced61c5a7b
9bab0b356d452a6ac7735a73f860787fd845742b9d1843bfb92fac2b75092073
a15e794c0a0195c58f88b9f233d4b364baec348af13975c4d9ea02ac244baf1e
ad9764e32f78e55225cbd63a0dcb0722f4ced8eb5dc35575cd4d08b999320d73
b2aeea55b21311bc0996e6bf779267991a6acbb2ec494bc9afef905932374c67
c30b1918f9623362018607ea86afcb2751eed25f34edb1b70c8ce2da6c7628b0
c8188eeef909338c6c6f466a9c661d4ae00f5fc92161874645b8885fdf555668
e0eac80838c161f29e7c46d54fbc044d12cd164baae13255e562c6be3aa91809
e4297280c74db2b6474b66051f5688f430a2a6c24e8aa44318dcf5549f4d6395
e47e8f9c5b5922e32f404f259857f440287c11fd710498e429ffca76286ceae4
e5702b13fd82dd1fccdf107b3650a182cbff2423190eda53022760e578e402f4
e8c7445c2f802a78631a417060194f9b15aaaa6ca1caee638c38390073d72c89
ed96b910dc3a833f09e6992e0b1b2ee4e8127b1a83b169a77c6efeffac68d983
f5aa1d41156256d2517ac6b9578e19fd513fbd7a3d09615af72420d881efc741
febad08442f5f579bb299e889b2c491a78f069b1d40394cee02df1e11e4d56e3