urlscan.io logo urlscan.io
SecurityTrails logo

it-thewinners-it.online Open in urlscan Pro
108.138.7.10  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://tl-glo.gftcardsho.com/t/clk?id=83xxHPlkHRRv0uXrkghB
Effective URL: https://it-thewinners-it.online/
Submission: On August 31 via manual from PL — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 5 countries across 14 domains to perform 23 HTTP transactions. The main IP is 108.138.7.10, located in United States and belongs to AMAZON-02, US. The main domain is it-thewinners-it.online.
TLS certificate: Issued by Amazon on August 2nd 2022. Valid for: a year.
This is the only time it-thewinners-it.online was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 18.195.102.132 16509 (AMAZON-02)
1 1 18.184.136.84 16509 (AMAZON-02)
1 1 18.194.228.220 16509 (AMAZON-02)
1 2 54.149.90.32 16509 (AMAZON-02)
1 1 35.190.66.152 15169 (GOOGLE)
1 12 108.138.7.10 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
3 2606:4700:303... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a03:2880:f10... 32934 (FACEBOOK)
1 2a00:1450:400... 15169 (GOOGLE)
23 9
2    18.195.102.132 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-102-132.eu-central-1.compute.amazonaws.com
tl-glo.gftcardsho.com
bbtl-glo.wereinit.com
1    18.184.136.84 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-136-84.eu-central-1.compute.amazonaws.com
so-glo.yoptv33.com
1    18.194.228.220 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-228-220.eu-central-1.compute.amazonaws.com
bbcc-glo.applewes.com
2    54.149.90.32 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-149-90-32.us-west-2.compute.amazonaws.com
go.grandprizewinners.com
1    35.190.66.152 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 152.66.190.35.bc.googleusercontent.com
www.g33ktr4ck.com
12    108.138.7.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-10.fra56.r.cloudfront.net
it-thewinners-it.online
1    2a00:1450:400e:80d::200a (Ireland)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    2606:4700:3033::6815:3f36 (United States)

ASN13335 (CLOUDFLARENET, US)
use.fontawesome.com
2    2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2606:4700:3037::ac43:88b4 (United States)

ASN13335 (CLOUDFLARENET, US)
flagcdn.com
1    2a03:2880:f107:83:face:b00c:0:25de (Vienna, Austria)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    2a00:1450:400c:c06::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
Apex Domain
Subdomains		 Transfer
12 it-thewinners-it.online
it-thewinners-it.online
222 KB
3 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 897
100 KB
2 gstatic.com
fonts.gstatic.com
75 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 37
20 KB
2 grandprizewinners.com
go.grandprizewinners.com
4 KB
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 85
444 B
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 113
409 B
1 flagcdn.com
flagcdn.com — Cisco Umbrella Rank: 67704
714 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 43
1 KB
1 g33ktr4ck.com
www.g33ktr4ck.com
498 B
1 wereinit.com
bbtl-glo.wereinit.com
532 B
1 applewes.com
bbcc-glo.applewes.com
534 B
1 yoptv33.com
so-glo.yoptv33.com
382 B
1 gftcardsho.com
tl-glo.gftcardsho.com
329 B
23 14
Domain Requested by
12 it-thewinners-it.online 1 redirects it-thewinners-it.online
3 use.fontawesome.com it-thewinners-it.online
use.fontawesome.com
2 fonts.gstatic.com fonts.googleapis.com
2 www.google-analytics.com it-thewinners-it.online
www.google-analytics.com
2 go.grandprizewinners.com 1 redirects
1 stats.g.doubleclick.net www.google-analytics.com
1 www.facebook.com it-thewinners-it.online
1 flagcdn.com it-thewinners-it.online
1 fonts.googleapis.com it-thewinners-it.online
1 www.g33ktr4ck.com 1 redirects
1 bbtl-glo.wereinit.com 1 redirects
1 bbcc-glo.applewes.com 1 redirects
1 so-glo.yoptv33.com 1 redirects
1 tl-glo.gftcardsho.com 1 redirects
23 14

This site contains no links.

Subject Issuer Validity Valid
uk-thewinners.online
Amazon		 2022-08-02 -
2023-08-31		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-08-08 -
2022-10-31		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-06 -
2023-06-05		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-08-15 -
2022-11-07		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-08-08 -
2022-10-31		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-06-09 -
2022-09-07		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-08-08 -
2022-10-31		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://it-thewinners-it.online/
Frame ID: A1101E6F5B6B7742740E09332A579270
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Amazon : New Apple iPhone 12 Pro

Page URL History Show full URLs

  1. https://tl-glo.gftcardsho.com/t/clk?id=83xxHPlkHRRv0uXrkghB HTTP 302
    https://so-glo.yoptv33.com/t/clk?id=JN8CARnfWBwFj329uo&rl=GO6Jy&redirect-from=83xxHPlkHRRv0uXrkghB&rcod... HTTP 302
    https://bbcc-glo.applewes.com/t/clk?id=J8BNsARnfymnrtjRLjso&rl=Lk9OMHyQgy&redirect-from=83xxHPlkHRRv0uXrkg... HTTP 302
    http://go.grandprizewinners.com/click/rNJ9BhQ8Xx?c1=f17eee51-62df-4b49-9297-11d09fbf676d&c2=14455&c7=698676 HTTP 302
    http://go.grandprizewinners.com/main/d.php?s=1&link=https%3A%2F%2Fbbtl-glo.wereinit.com%2Ft%2Fclk%3Fid%3DZ8X... Page URL
  2. https://bbtl-glo.wereinit.com/t/clk?id=Z8X3u873SNm8QU492lCN&s2=qMzntD8GSl-630f56f230d4d473da60f048& HTTP 302
    https://www.g33ktr4ck.com/DFBHL/2CTPL/?uid=1332&sub1=13705&sub2=&sub3=c50cdecb-e359-42ed-83ea-5ce68653... HTTP 302
    https://it-thewinners-it.online/o/2D29ADC2?clickid=35989593c5444871942cbde3774f5465&subid=13705&sourceid=&da... HTTP 302
    https://it-thewinners-it.online/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

23
Requests

96 %
HTTPS

54 %
IPv6

14
Domains

14
Subdomains

9
IPs

5
Countries

420 kB
Transfer

728 kB
Size

18
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://tl-glo.gftcardsho.com/t/clk?id=83xxHPlkHRRv0uXrkghB HTTP 302
    https://so-glo.yoptv33.com/t/clk?id=JN8CARnfWBwFj329uo&rl=GO6Jy&redirect-from=83xxHPlkHRRv0uXrkghB&rcode=R05&rseq=R05,R98 HTTP 302
    https://bbcc-glo.applewes.com/t/clk?id=J8BNsARnfymnrtjRLjso&rl=Lk9OMHyQgy&redirect-from=83xxHPlkHRRv0uXrkghB&rcode=R05&rseq=R05,R98,R01 HTTP 302
    http://go.grandprizewinners.com/click/rNJ9BhQ8Xx?c1=f17eee51-62df-4b49-9297-11d09fbf676d&c2=14455&c7=698676 HTTP 302
    http://go.grandprizewinners.com/main/d.php?s=1&link=https%3A%2F%2Fbbtl-glo.wereinit.com%2Ft%2Fclk%3Fid%3DZ8X3u873SNm8QU492lCN%26s2%3DqMzntD8GSl-630f56f230d4d473da60f048%26 Page URL
  2. https://bbtl-glo.wereinit.com/t/clk?id=Z8X3u873SNm8QU492lCN&s2=qMzntD8GSl-630f56f230d4d473da60f048& HTTP 302
    https://www.g33ktr4ck.com/DFBHL/2CTPL/?uid=1332&sub1=13705&sub2=&sub3=c50cdecb-e359-42ed-83ea-5ce6865373ce HTTP 302
    https://it-thewinners-it.online/o/2D29ADC2?clickid=35989593c5444871942cbde3774f5465&subid=13705&sourceid=&data=199.48.45.3192.145.127.2201.164.22.1846646254.1661949684.1586856147 HTTP 302
    https://it-thewinners-it.online/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://tl-glo.gftcardsho.com/t/clk?id=83xxHPlkHRRv0uXrkghB HTTP 302
  • https://so-glo.yoptv33.com/t/clk?id=JN8CARnfWBwFj329uo&rl=GO6Jy&redirect-from=83xxHPlkHRRv0uXrkghB&rcode=R05&rseq=R05,R98 HTTP 302
  • https://bbcc-glo.applewes.com/t/clk?id=J8BNsARnfymnrtjRLjso&rl=Lk9OMHyQgy&redirect-from=83xxHPlkHRRv0uXrkghB&rcode=R05&rseq=R05,R98,R01 HTTP 302
  • http://go.grandprizewinners.com/click/rNJ9BhQ8Xx?c1=f17eee51-62df-4b49-9297-11d09fbf676d&c2=14455&c7=698676 HTTP 302
  • http://go.grandprizewinners.com/main/d.php?s=1&link=https%3A%2F%2Fbbtl-glo.wereinit.com%2Ft%2Fclk%3Fid%3DZ8X3u873SNm8QU492lCN%26s2%3DqMzntD8GSl-630f56f230d4d473da60f048%26

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
d.php
go.grandprizewinners.com/main/
Redirect Chain
  • https://tl-glo.gftcardsho.com/t/clk?id=83xxHPlkHRRv0uXrkghB
  • https://so-glo.yoptv33.com/t/clk?id=JN8CARnfWBwFj329uo&rl=GO6Jy&redirect-from=83xxHPlkHRRv0uXrkghB&rcode=R05&rseq=R05,R98
  • https://bbcc-glo.applewes.com/t/clk?id=J8BNsARnfymnrtjRLjso&rl=Lk9OMHyQgy&redirect-from=83xxHPlkHRRv0uXrkghB&rcode=R05&rseq=R05,R98,R01
  • http://go.grandprizewinners.com/click/rNJ9BhQ8Xx?c1=f17eee51-62df-4b49-9297-11d09fbf676d&c2=14455&c7=698676
  • http://go.grandprizewinners.com/main/d.php?s=1&link=https%3A%2F%2Fbbtl-glo.wereinit.com%2Ft%2Fclk%3Fid%3DZ8X3u873SNm8QU492lCN%26s2%3DqMzntD8GSl-630f56f230d4d473da60f048%26
179 B
783 B 		Document
General
Check archive.org
Download Go to
Full URL
http://go.grandprizewinners.com/main/d.php?s=1&link=https%3A%2F%2Fbbtl-glo.wereinit.com%2Ft%2Fclk%3Fid%3DZ8X3u873SNm8QU492lCN%26s2%3DqMzntD8GSl-630f56f230d4d473da60f048%26
Protocol
HTTP/1.1
Server
54.149.90.32 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-149-90-32.us-west-2.compute.amazonaws.com
Software
nginx/1.11.6 /
Resource Hash
69ae332fa7f7e6c20a483e98f5245b193862e675bf924c84b746dc49a64e9455

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 31 Aug 2022 12:41:22 GMT
Server
nginx/1.11.6
Transfer-Encoding
chunked

Redirect headers

Cache-Control
no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Wed, 31 Aug 2022 12:41:22 GMT
Location
/main/d.php?s=1&link=https%3A%2F%2Fbbtl-glo.wereinit.com%2Ft%2Fclk%3Fid%3DZ8X3u873SNm8QU492lCN%26s2%3DqMzntD8GSl-630f56f230d4d473da60f048%26
Server
nginx/1.11.6
Transfer-Encoding
chunked
Primary Request /
it-thewinners-it.online/
Redirect Chain
  • https://bbtl-glo.wereinit.com/t/clk?id=Z8X3u873SNm8QU492lCN&s2=qMzntD8GSl-630f56f230d4d473da60f048&
  • https://www.g33ktr4ck.com/DFBHL/2CTPL/?uid=1332&sub1=13705&sub2=&sub3=c50cdecb-e359-42ed-83ea-5ce6865373ce
  • https://it-thewinners-it.online/o/2D29ADC2?clickid=35989593c5444871942cbde3774f5465&subid=13705&sourceid=&data=199.48.45.3192.145.127.2201.164.22.1846646254.1661949684.1586856147
  • https://it-thewinners-it.online/
16 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://it-thewinners-it.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-10.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
a4775ea77c5bc54d04c6952f05b5862d07cf345a0668f4343d729a3ab7f944e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://go.grandprizewinners.com/main/d.php?s=1&link=https%3A%2F%2Fbbtl-glo.wereinit.com%2Ft%2Fclk%3Fid%3DZ8X3u873SNm8QU492lCN%26s2%3DqMzntD8GSl-630f56f230d4d473da60f048%26
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

cache-control
max-age=0, must-revalidate, private
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 31 Aug 2022 12:41:25 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains;
vary
Accept-Encoding
via
1.1 a2eae5bb517678c9d6b43a2731b4462e.cloudfront.net (CloudFront)
x-amz-cf-id
dsMb7Lob6EA3Vu_96sPE7uUvXCIBKUXCwpXsv5Lt1p_eCPxyI6TBvA==
x-amz-cf-pop
FRA56-P6
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

cache-control
max-age=0, must-revalidate, private
content-type
text/html; charset=UTF-8
date
Wed, 31 Aug 2022 12:41:25 GMT
location
/
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains;
via
1.1 a2eae5bb517678c9d6b43a2731b4462e.cloudfront.net (CloudFront)
x-amz-cf-id
WDVVcTprQYpavBmz3Sq1QRnlVRmEsgq_7wlSy_vV8mTxe0-uqLdhNA==
x-amz-cf-pop
FRA56-P6
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
index.css
it-thewinners-it.online/lp/iphone12pro-amazon.src/ 		171 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://it-thewinners-it.online/lp/iphone12pro-amazon.src/index.css?1661949685
Requested by
Host: it-thewinners-it.online
URL: https://it-thewinners-it.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-10.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
549eb14e2e450de95530d5596872ec29a2addbe90348e8c1d7f4b62b56f0411a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://it-thewinners-it.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 12:41:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 03 Aug 2021 20:40:27 GMT
server
nginx
x-amz-cf-pop
FRA56-P6
etag
W/"6109a9bb-2ac6e"
x-frame-options
SAMEORIGIN
x-cache
Miss from cloudfront
content-type
text/css
via
1.1 a2eae5bb517678c9d6b43a2731b4462e.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubdomains;
vary
Accept-Encoding
x-amz-cf-id
Cj3Cq_y4087e92t3psRuby12KAbvDTGSFHSQ7QBF_vkhQkTxGgll0A==
x-xss-protection
1; mode=block
index.js
it-thewinners-it.online/lp/iphone12pro-amazon.src/ 		92 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://it-thewinners-it.online/lp/iphone12pro-amazon.src/index.js?1661949685
Requested by
Host: it-thewinners-it.online
URL: https://it-thewinners-it.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-10.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
3fc87cf0eb1303e57cb6b7b29fbd0f4ffd9ff6a81c7f7b2e0fa87e389e988329
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://it-thewinners-it.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 12:41:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 29 Oct 2021 05:55:49 GMT
server
nginx
x-amz-cf-pop
FRA56-P6
etag
W/"617b8ce5-16ea5"
x-frame-options
SAMEORIGIN
x-cache
Miss from cloudfront
content-type
application/javascript
via
1.1 a2eae5bb517678c9d6b43a2731b4462e.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubdomains;
vary
Accept-Encoding
x-amz-cf-id
THhnPhZlt7rF-kvJ4sOhFri8sctLbnt1vyMBhJrbnyOyN7x7fpacHg==
x-xss-protection
1; mode=block
amazing-logo.svg
it-thewinners-it.online/lp/iphone12pro-amazon.src/img/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://it-thewinners-it.online/lp/iphone12pro-amazon.src/img/amazing-logo.svg
Requested by
Host: it-thewinners-it.online
URL: https://it-thewinners-it.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-10.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
7192c4b18aeed39a9a325765083fc597ddd7a70289b49e2d373b8e26cc551dee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://it-thewinners-it.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 12:41:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 03 Aug 2021 20:40:27 GMT
server
nginx
x-amz-cf-pop
FRA56-P6
etag
W/"6109a9bb-1176"
x-frame-options
SAMEORIGIN
x-cache
Miss from cloudfront
content-type
image/svg+xml
via
1.1 a2eae5bb517678c9d6b43a2731b4462e.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubdomains;
vary
Accept-Encoding
x-amz-cf-id
Sgc3cht9F2vDbb3AoSVwZXFagzw5V9hcnEXcQgK0B6GbfuOtyyGhpQ==
x-xss-protection
1; mode=block
iphone12pro_blue1.jpg
it-thewinners-it.online/lp/iphone12pro-amazon.src/img/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://it-thewinners-it.online/lp/iphone12pro-amazon.src/img/iphone12pro_blue1.jpg
Requested by
Host: it-thewinners-it.online
URL: https://it-thewinners-it.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-10.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
7a5750128fb915ed26ec2d7f3fc785041f54f940852a23b90842babf665e27d4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://it-thewinners-it.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 12:41:25 GMT
via
1.1 a2eae5bb517678c9d6b43a2731b4462e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
last-modified
Tue, 03 Aug 2021 20:40:27 GMT
server
nginx
x-amz-cf-pop
FRA56-P6
etag
"6109a9bb-1984"
x-frame-options
SAMEORIGIN
x-cache
Miss from cloudfront
content-type
image/jpeg
strict-transport-security
max-age=31536000; includeSubdomains;
accept-ranges
bytes
content-length
6532
x-xss-protection
1; mode=block
x-amz-cf-id
5mjv1ZcEPWOm-NFzFLDCC3TXDNdsiBYSwcoRq8zvoM1-YWK8PO3tpw==
iphone12pro_blue2.jpeg
it-thewinners-it.online/lp/iphone12pro-amazon.src/img/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://it-thewinners-it.online/lp/iphone12pro-amazon.src/img/iphone12pro_blue2.jpeg
Requested by
Host: it-thewinners-it.online
URL: https://it-thewinners-it.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-10.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
e0e373ffbd993ee366120b76a1298e00c4213c3e1dbb7a70d2d586c9940059ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://it-thewinners-it.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 12:41:25 GMT
via
1.1 a2eae5bb517678c9d6b43a2731b4462e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
last-modified
Tue, 03 Aug 2021 20:40:27 GMT
server
nginx
x-amz-cf-pop
FRA56-P6
etag
"6109a9bb-1e0f"
x-frame-options
SAMEORIGIN
x-cache
Miss from cloudfront
content-type
image/jpeg
strict-transport-security
max-age=31536000; includeSubdomains;
accept-ranges
bytes
content-length
7695
x-xss-protection
1; mode=block
x-amz-cf-id
Od_nT5csI1HMkNfZDcKdCp4KuYvqFC4Xv1_44dRZV-sCHHPV2n3Zog==
iphone12pro_blue3.jpeg
it-thewinners-it.online/lp/iphone12pro-amazon.src/img/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://it-thewinners-it.online/lp/iphone12pro-amazon.src/img/iphone12pro_blue3.jpeg
Requested by
Host: it-thewinners-it.online
URL: https://it-thewinners-it.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-10.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
deac6fdd1f750e2befbb0c0e4b27b794a564575a37859e40f2b2736bbe1dce64
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://it-thewinners-it.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 12:41:25 GMT
via
1.1 a2eae5bb517678c9d6b43a2731b4462e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
last-modified
Tue, 03 Aug 2021 20:40:27 GMT
server
nginx
x-amz-cf-pop
FRA56-P6
etag
"6109a9bb-2ab6"
x-frame-options
SAMEORIGIN
x-cache
Miss from cloudfront
content-type
image/jpeg
strict-transport-security
max-age=31536000; includeSubdomains;
accept-ranges
bytes
content-length
10934
x-xss-protection
1; mode=block
x-amz-cf-id
vgr4MAPjllYIs1s3u_rYvGJeWZme_A2XqQqUqnCHpjbUOUj_lt_8EA==
iphone12pro_blue4.jpg
it-thewinners-it.online/lp/iphone12pro-amazon.src/img/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://it-thewinners-it.online/lp/iphone12pro-amazon.src/img/iphone12pro_blue4.jpg
Requested by
Host: it-thewinners-it.online
URL: https://it-thewinners-it.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-10.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
98f6474cf6f495f1a2a4ffb9cbdab3c919c178dbb3c94005bb486a899208932c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://it-thewinners-it.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 12:41:25 GMT
via
1.1 a2eae5bb517678c9d6b43a2731b4462e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
last-modified
Tue, 03 Aug 2021 20:40:27 GMT
server
nginx
x-amz-cf-pop
FRA56-P6
etag
"6109a9bb-1850"
x-frame-options
SAMEORIGIN
x-cache
Miss from cloudfront
content-type
image/jpeg
strict-transport-security
max-age=31536000; includeSubdomains;
accept-ranges
bytes
content-length
6224
x-xss-protection
1; mode=block
x-amz-cf-id
_0Hd6jXZfAHRklCU-IG0wFQ8EX6_d6FZyTr496h_MNBBwhmSqPcYMg==
a14.jpg
it-thewinners-it.online/lp/iphone12pro-amazon.src/img/ 		63 KB
63 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://it-thewinners-it.online/lp/iphone12pro-amazon.src/img/a14.jpg
Requested by
Host: it-thewinners-it.online
URL: https://it-thewinners-it.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-10.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
c0d53100ec0c63e10178248f48fdf367628bd914d8ec8535c9a8e023f2c347f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://it-thewinners-it.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 12:41:25 GMT
via
1.1 a2eae5bb517678c9d6b43a2731b4462e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
last-modified
Tue, 03 Aug 2021 20:40:27 GMT
server
nginx
x-amz-cf-pop
FRA56-P6
etag
"6109a9bb-fabf"
x-frame-options
SAMEORIGIN
x-cache
Miss from cloudfront
content-type
image/jpeg
strict-transport-security
max-age=31536000; includeSubdomains;
accept-ranges
bytes
content-length
64191
x-xss-protection
1; mode=block
x-amz-cf-id
EdsnaFtb9ycG8jPbN0qnj5gVjJzEKuGvpUfrssyazVxd5-AuC5lKdQ==
camera.jpg
it-thewinners-it.online/lp/iphone12pro-amazon.src/img/ 		33 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://it-thewinners-it.online/lp/iphone12pro-amazon.src/img/camera.jpg
Requested by
Host: it-thewinners-it.online
URL: https://it-thewinners-it.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-10.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
8327cc907eaa00259eac8a09ce99383281e619a0d5222c4a5ffd8972fb1d5a0b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://it-thewinners-it.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 12:41:25 GMT
via
1.1 a2eae5bb517678c9d6b43a2731b4462e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
last-modified
Tue, 03 Aug 2021 20:40:27 GMT
server
nginx
x-amz-cf-pop
FRA56-P6
etag
"6109a9bb-84ae"
x-frame-options
SAMEORIGIN
x-cache
Miss from cloudfront
content-type
image/jpeg
strict-transport-security
max-age=31536000; includeSubdomains;
accept-ranges
bytes
content-length
33966
x-xss-protection
1; mode=block
x-amz-cf-id
GqFae-2RndjMlO7VC6cq-MEJ1BbE_f6-hRYh5fwFmsQ_d_FTodbF4g==
paycards.png
it-thewinners-it.online/lp/_global/img/ 		38 KB
39 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://it-thewinners-it.online/lp/_global/img/paycards.png
Requested by
Host: it-thewinners-it.online
URL: https://it-thewinners-it.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-10.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
bcbba6b1642f8d581cca594275c19501804c452b19376f27ffada1d5141c8389
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://it-thewinners-it.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 12:41:25 GMT
via
1.1 a2eae5bb517678c9d6b43a2731b4462e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
last-modified
Tue, 03 Aug 2021 20:40:22 GMT
server
nginx
x-amz-cf-pop
FRA56-P6
etag
"6109a9b6-9951"
x-frame-options
SAMEORIGIN
x-cache
Miss from cloudfront
content-type
image/png
strict-transport-security
max-age=31536000; includeSubdomains;
accept-ranges
bytes
content-length
39249
x-xss-protection
1; mode=block
x-amz-cf-id
6y7KpF_pyATCj-lSkxrhljjezs4gIPiuJCxElZxzvfusDm9y2eG7-g==
css
fonts.googleapis.com/ 		17 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,400i,600,600i,700,700i&display=swap&subset=cyrillic,cyrillic-ext,latin-ext,vietnamese
Requested by
Host: it-thewinners-it.online
URL: https://it-thewinners-it.online/lp/iphone12pro-amazon.src/index.css?1661949685
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400e:80d::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
09034e7ee35cadb33b2fc5ae388cc95270389f0f71231068275e1e64b75d7809
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://it-thewinners-it.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 31 Aug 2022 12:41:25 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 31 Aug 2022 12:41:25 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 31 Aug 2022 12:41:25 GMT
all.css
use.fontawesome.com/releases/v5.8.1/css/ 		54 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.8.1/css/all.css
Requested by
Host: it-thewinners-it.online
URL: https://it-thewinners-it.online/lp/iphone12pro-amazon.src/index.css?1661949685
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eeb17a45a48aca1d7adbcf04de155dcd0b47cb36ad036310446bb471fea9aaa3

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://it-thewinners-it.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 12:41:25 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
23452497
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id
8XX4R9E9C4SAGP9T
x-amz-id-2
JPtUYZYNUbvXjgrErHdiWJU7OpFCzYUIms4EpPN6vnhzw+Cxls0PQPlGYwFpgNuwrCCeF2q5QNI=
last-modified
Wed, 30 Jun 2021 15:46:39 GMT
server
cloudflare
etag
W/"e4c542a7f6bf6f74fdd8cdf6e8096396"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6PEJ%2BUqGZkkddiBspT81aTRvwZZc8Gbu%2BusFQdPtDRPVoAwFYBtzLvOkJIuorjRJm5n9X7e3NMvFObY2UkX2dGv2wCN6BH%2BxSBfpC34U%2FRJEXoHqqphzXC4hvB8%2B6J%2F0dy8GOLPIQ46W8IMopPzsW%2B7e"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31556926
cf-ray
7435d71f8f333749-MXP
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: it-thewinners-it.online
URL: https://it-thewinners-it.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://it-thewinners-it.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
5965
date
Wed, 31 Aug 2022 11:02:00 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 31 Aug 2022 13:02:00 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,400i,600,600i,700,700i&display=swap&subset=cyrillic,cyrillic-ext,latin-ext,vietnamese
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://it-thewinners-it.online
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 18:50:34 GMT
x-content-type-options
nosniff
age
150651
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44856
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 18:20:18 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 29 Aug 2023 18:50:34 GMT
fa-solid-900.woff2
use.fontawesome.com/releases/v5.8.1/webfonts/ 		73 KB
73 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.8.1/webfonts/fa-solid-900.woff2
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.8.1/css/all.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::6815:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f18c486a80175cf02fee0e05c2b4acd86c04cdbaecec61c1ef91f920509b5efe

Request headers

Referer
https://use.fontawesome.com/releases/v5.8.1/css/all.css
Origin
https://it-thewinners-it.online
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 12:41:25 GMT
access-control-allow-methods
GET
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
657718
cf-ray
7435d7203f91bb1a-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
74256
x-amz-id-2
hpAyXDo/+pWj4P7wTMZfxxe3cBqBSgGxKqk80IGCJuFTwM7hhuvf/El6sgz0Cjxnm4Inl8e8zJM=
last-modified
Wed, 30 Jun 2021 15:47:00 GMT
server
cloudflare
etag
"418dad87601f9c8abd0e5798c0dc1feb"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q6GopoA2Kl8ojZFjly%2BxQs1uvpPx0C4rZ3TcGyjzNIyndmawCcKfKtZo4Z5H2Yn8PAvTfeilAxm7q7opjHI%2FtOH2oHVvCSQ123sTcmZDd3ifOixBJeqklTopqwzGWeoUYoWj6gaDP75u0kfRu1KUMZqq"}],"group":"cf-nel","max_age":604800}
x-amz-request-id
E3WAT4RWKK3G7BMP
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
content-type
font/woff2
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2
fonts.gstatic.com/s/opensans/v34/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,400i,600,600i,700,700i&display=swap&subset=cyrillic,cyrillic-ext,latin-ext,vietnamese
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
24c0e724005344165ee0a0ff4c96a914e174bb4caa20c8a533fb194d92853e95
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://it-thewinners-it.online
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 19:00:06 GMT
x-content-type-options
nosniff
age
150079
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31320
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 18:11:37 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 29 Aug 2023 19:00:06 GMT
it.svg
flagcdn.com/ 		202 B
714 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flagcdn.com/it.svg
Requested by
Host: it-thewinners-it.online
URL: https://it-thewinners-it.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f818fa8e36ca606a8cbd35106fd7d277f094f10f2aa1f7a0585421a20e37070
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://it-thewinners-it.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 12:41:25 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
499475
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 19 Nov 2020 12:03:17 GMT
server
cloudflare
etag
W/"5fb65f05-ca"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SFUe8DdU8KbeOJIc%2BeZbxEOjAjlvyFpXA8EWKGB%2FPNddREqqqMORDKSUnxPhpt3tLX8hMRBXb0tNfVvkQt%2F7t4LP0LSBRnpYwxBTh2rZUu93HkYHpOvWZxYZ6FRv4x4sCpPvwqKA8fQ6aQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=2678400, s-maxage=2678400
cf-ray
7435d720a9503756-MXP
fa-regular-400.woff2
use.fontawesome.com/releases/v5.8.1/webfonts/ 		13 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.8.1/webfonts/fa-regular-400.woff2
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.8.1/css/all.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::6815:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf4db1eeb68c96e05e74f8ebfa75cc60c3a0fed862dae6b0ad85d4e1b5b4e4f

Request headers

Referer
https://use.fontawesome.com/releases/v5.8.1/css/all.css
Origin
https://it-thewinners-it.online
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 12:41:25 GMT
access-control-allow-methods
GET
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
774761
cf-ray
7435d7203f96bb1a-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
13552
x-amz-id-2
Z7JhnDyWddvelZLzEldrSPMm8G1u+tRT2Oj4Wy+fXmHmyErELJjwLM8svc5V1XwcCavlgZ8+eBU=
last-modified
Wed, 30 Jun 2021 15:47:00 GMT
server
cloudflare
etag
"e6257a726a0cf6ec8c6fec22821c055f"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=URG%2FCeqFvENkzbJ0LD%2BY0Fa9IA6sTEgM48imxs9ThaNATQH9HlTSO2s1fNDkyWxSkO4tCCTmdna9woRTekwHVmZs14FpguO113veqmQlSgN%2BqgNo%2BvoixRu9%2FVSv3J0kcwoWj9d51C9nhryFLj7iVQHN"}],"group":"cf-nel","max_age":604800}
x-amz-request-id
KXB4GCM2EMX7XQDX
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
content-type
font/woff2
tr
www.facebook.com/ 		44 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr?id=&ev=PageView&noscript=1
Requested by
Host: it-thewinners-it.online
URL: https://it-thewinners-it.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://it-thewinners-it.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 12:41:25 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Wed, 31 Aug 2022 12:41:25 GMT
collect
www.google-analytics.com/j/ 		4 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1439913959&t=pageview&_s=1&dl=https%3A%2F%2Fit-thewinners-it.online%2F&ul=en-us&de=UTF-8&dt=Amazon%20%3A%20New%20Apple%20iPhone%2012%20Pro&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=802898152&gjid=1121874033&cid=642407632.1661949686&tid=UA-103066933-1&_gid=7643619.1661949686&_r=1&_slc=1&z=758343446
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://it-thewinners-it.online/
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 31 Aug 2022 12:41:25 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://it-thewinners-it.online
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
444 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-103066933-1&cid=642407632.1661949686&jid=802898152&gjid=1121874033&_gid=7643619.1661949686&_u=IEBAAEAAAAAAAC~&z=1899977528
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c06::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://it-thewinners-it.online/
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 31 Aug 2022 12:41:26 GMT
content-type
text/plain
access-control-allow-origin
https://it-thewinners-it.online
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| inline_url_params string| url_server string| site_slug string| ga_token string| GoogleAnalyticsObject function| ga function| _createClass function| _typeof function| _toConsumableArray function| _possibleConstructorReturn function| _inherits function| _classCallCheck function| Payment function| Card object| App object| google_tag_data object| gaplugins object| gaGlobal object| gaData

18 Cookies

Domain/Path Name / Value
tl-glo.gftcardsho.com/ Name: ydt_65c1a6749c2f469580ffa9e83e5f9956
Value: "[]:1oTN21:6LGNpq9VYRlrbJqK9VZW6-_zVG4"
so-glo.yoptv33.com/ Name: ydt_69a756d9a2a44370a5365f82fbdfa6e5
Value: "[]:1oTN21:NLewAnUKcu4yHaU_kOhaPWrfRbs"
bbcc-glo.applewes.com/ Name: uip
Value: "[\"z9JfGnnvY\"\054 {\"ogYGg\": \"DGxxgD4\"}]:1oTN21:C483NKrva11JAB6En_4LuWjnXGs"
bbcc-glo.applewes.com/ Name: ydt_dcd665d8e96a45b1aecb566882c78ccb
Value: "[\"f17eee51-62df-4b49-9297-11d09fbf676d\"]:1oTN21:a1aHbVEQhNSbLd6Ys1UbwrHpQm8"
go.grandprizewinners.com/ Name: XSRF-TOKEN
Value: eyJpdiI6InZERTF0citheDVVZWNpWGlXY0U5d3c9PSIsInZhbHVlIjoibTRrMGg3SzFTSUhsbHpPUnJpV3U5OHMybzkyUDd6bEp0eFRoYnlxazN3UGJ4SWMycHlCa3ZXclY5cE1uTWd1MXVTTVdyTTNVRFwvRitSekdrdytheEZnPT0iLCJtYWMiOiI1YjAxODk1MzVkOTE0OTM3ODYzYTg2ZTA1MTllZWIzNGU2ZDQwM2MzNzFiNDUxMDFmZDZmMTFmNDZhYTk2ZTQ1In0%3D
go.grandprizewinners.com/ Name: session
Value: eyJpdiI6IjlOZmkwWERBVHFlWElFYzJtUDgrOGc9PSIsInZhbHVlIjoieWZvM2I3RW1xS2FhWnhQWGdMUlRRZVArQXR3c09jdk1uWENtR2ZHdDVkTWRjZGw5QmluRnBGNWZVMFIxd2M1NDJ2NGlLdjNxSTVYRlZ6ZVd3UUdOMUE9PSIsIm1hYyI6Ijk3MDhlMmFkNjQxNGIyNzFiOTJmNTI4Zjg0NDc4OGIzNjJiZjUwZDMzM2RjMmZlZDhmNDBlMTkxMmViNDdmZmUifQ%3D%3D
go.grandprizewinners.com/ Name: ept2
Value: eyJpdiI6IklvemhyR2QwZnU5TEZrbVd3c2ZYMFE9PSIsInZhbHVlIjoiRmQ4WnhQY1Roc3hjRis5ZzlweEhBa2x5SnNvMVMwWmZFcysrZ1lXNHdiOTh0QTd5cGVMSkpQUW4ybXJJdEEyc25MTnh1XC9hRnJvZE5nR3ZtZXlvUDM1KytFUzN1bXBKYlRlcFV3MUhQaUZzWk9lTmhqbk9sZ3lLbUdRdWIxcG1iUE1uVm9QdGVsQ2lJNUNTZ3BvMzBFb1pjMmdhNEc5ZnpSU3N0XC9ZSFNZWVwvYVRjQmcwaDBxQVdZeVI0S1NCYkRYIiwibWFjIjoiNjIzOGI5YjM4ZjY0YTAwZWExOGIxMTAyNWQxMzJmM2RmZTI3MDcxNDMwYWFkN2Y1NGY4ZjAzM2Y5NjQxMDZkYyJ9
go.grandprizewinners.com/ Name: VdRMgd0fdUemLXJRDYTCCpMhmnKcKi5mvuKu7599
Value: eyJpdiI6IlwvWVFrdDFBME12QWd4SEQ1YTJKVFJBPT0iLCJ2YWx1ZSI6IjZrV1dIYUtmSzJuNlllb1RRakxxRkhZR05WaFp4TzVPS1NWc1owOEE1M3ZWSkRxZWhLNCsxcmF0WUIwNmR2QjNrdUZHZUp6QmJHTUwxejhSZEtrQ1JyOFhRRThRSWlCanlBNUxRbjZjRXpRdUZYcGZBU2s3XC9uT3RuSDVEaHBxWmR4enQ1a3V3MDFRR2RidnVaMmp6RDE0RjJ5ME9kdnhIeURkdTNFRHk3c1wvajFicW9TSm1JcnRXb3FHRGViWG5xZnNONkFVYnJPeE80UlJnQ01sTktcL1g5TjE1Q1hEMk1jYXBJWm1xdmxWYnFNcHlDNzJnQkZnSHh0clBnVnFoc3BwOWZoM3krSlJ5VnBsWFpZaElyb2l4d1JIaUFtTTJ1ZWR4MmNOcGRENmhNSzZPYWhzSm5jXC9ETmYzRGwxS1wvTksrSGNIWEhKcEl1WThUdHI4MnhCSmJ5eEI2azFaenkrZWgwZ0FXTjFpb2hYSFdHS0FXTEhSVG5Dak94RHBNZlhJNDh0bU1FYUtleFVERG9JUXB4UFBhY2VxWjQ2RlVyaFpFWTdCWEozYXZ4WmpnS1ptZVwvcERHWjFDa0I4U0VqVEcwSHVVMXdiYlRnV3J1SENpeXZvdlVqOFwvajBicjF4YnN4MkRJSUhCZVBkTk9sYVRqQ0VSb2tGaDdqTWJINXFHejVyVXhDS3pZR0ZYWndMZzV3Nmc3bXdHaWVUSGl6UGdcLzA5SGFHS3lmeVZTRG9RSVBRWGZpdjl5WHJGM2Z0eEVaWHBWT1wvd0JGZkpCZjdBOGdCSEtOSHFaSzNKbUtXOFJ5UVF5cmpGS0l0aUN0MnlXbkY4TnFNc01DSm9DY2Nadm0iLCJtYWMiOiJkMDA3NDEwMjNkMmM2NGUxOWJmYjNjMDRjNGEwOTMyYWQ3MjQzN2M4NTI4Zjg1NjI5ZmY5MDc0NzI0NWQ3ZTJkIn0%3D
go.grandprizewinners.com/ Name: AWSALB
Value: jdpkG43CCAF7WEWBVjCEyr1Q1sZ2fgT1WM98W9Tx3+7hjRPtoWZdsckBwkP2H2dnMg85Tfe8RGhQMyQMbfuo+NZk1ZlzPxPrWR+g/RsWegPFmuhDRPbGg0OqJGJU
bbtl-glo.wereinit.com/ Name: uip
Value: "[\"msFcJ3au0\"\054 {\"y06eK\": \"pgAAJO5\"}]:1oTN24:c8tVp3bn4nlhIUAp_Ret6UESdZ0"
bbtl-glo.wereinit.com/ Name: ydt_c0ab0d492dc24d7d8b09aa30f6ea3346
Value: "[\"c50cdecb-e359-42ed-83ea-5ce6865373ce\"]:1oTN24:de_Kz-aQuQEUkcPROzuxaPOfuRo"
www.g33ktr4ck.com/ Name: uniqueClick_2CTPL
Value: 747d7007-6161-4a4e-b3be-9b4dfb8337b7:1661949684
www.g33ktr4ck.com/ Name: transaction_id
Value: 35989593c5444871942cbde3774f5465
it-thewinners-it.online/ Name: PHPSESSID
Value: mrgni62o7v10mtcnnrm814pl6b
.it-thewinners-it.online/ Name: _ga
Value: GA1.2.642407632.1661949686
.it-thewinners-it.online/ Name: _gid
Value: GA1.2.7643619.1661949686
.it-thewinners-it.online/ Name: _gat
Value: 1
.facebook.com/ Name: fr
Value: 0fLG2F92SNKA1SupZ..BjD1b1...1.0.BjD1b1.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bbcc-glo.applewes.com
bbtl-glo.wereinit.com
flagcdn.com
fonts.googleapis.com
fonts.gstatic.com
go.grandprizewinners.com
it-thewinners-it.online
so-glo.yoptv33.com
stats.g.doubleclick.net
tl-glo.gftcardsho.com
use.fontawesome.com
www.facebook.com
www.g33ktr4ck.com
www.google-analytics.com
108.138.7.10
18.184.136.84
18.194.228.220
18.195.102.132
2606:4700:3033::6815:3f36
2606:4700:3037::ac43:88b4
2a00:1450:4001:806::2003
2a00:1450:4001:80e::200e
2a00:1450:400c:c06::9c
2a00:1450:400e:80d::200a
2a03:2880:f107:83:face:b00c:0:25de
35.190.66.152
54.149.90.32
09034e7ee35cadb33b2fc5ae388cc95270389f0f71231068275e1e64b75d7809
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
24c0e724005344165ee0a0ff4c96a914e174bb4caa20c8a533fb194d92853e95
3fc87cf0eb1303e57cb6b7b29fbd0f4ffd9ff6a81c7f7b2e0fa87e389e988329
549eb14e2e450de95530d5596872ec29a2addbe90348e8c1d7f4b62b56f0411a
69ae332fa7f7e6c20a483e98f5245b193862e675bf924c84b746dc49a64e9455
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7192c4b18aeed39a9a325765083fc597ddd7a70289b49e2d373b8e26cc551dee
7a5750128fb915ed26ec2d7f3fc785041f54f940852a23b90842babf665e27d4
7f818fa8e36ca606a8cbd35106fd7d277f094f10f2aa1f7a0585421a20e37070
8327cc907eaa00259eac8a09ce99383281e619a0d5222c4a5ffd8972fb1d5a0b
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
98f6474cf6f495f1a2a4ffb9cbdab3c919c178dbb3c94005bb486a899208932c
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4775ea77c5bc54d04c6952f05b5862d07cf345a0668f4343d729a3ab7f944e6
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
bcbba6b1642f8d581cca594275c19501804c452b19376f27ffada1d5141c8389
c0d53100ec0c63e10178248f48fdf367628bd914d8ec8535c9a8e023f2c347f6
ccf4db1eeb68c96e05e74f8ebfa75cc60c3a0fed862dae6b0ad85d4e1b5b4e4f
deac6fdd1f750e2befbb0c0e4b27b794a564575a37859e40f2b2736bbe1dce64
e0e373ffbd993ee366120b76a1298e00c4213c3e1dbb7a70d2d586c9940059ce
eeb17a45a48aca1d7adbcf04de155dcd0b47cb36ad036310446bb471fea9aaa3
f18c486a80175cf02fee0e05c2b4acd86c04cdbaecec61c1ef91f920509b5efe