urlscan.io logo urlscan.io
SecurityTrails logo

lp.nightrush.com Open in urlscan Pro
94.130.106.52  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://goldenetweb.com/
Effective URL: http://lp.nightrush.com/DE/welcome/1405/
Submission: On June 02 via manual from SG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 4 countries across 10 domains to perform 20 HTTP transactions. The main IP is 94.130.106.52, located in Ukraine and belongs to HETZNER-AS, DE. The main domain is lp.nightrush.com.
This is the only time lp.nightrush.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 49.51.86.95 132203 (TENCENT-N...)
8 94.130.106.52 24940 (HETZNER-AS)
1 216.58.207.72 15169 (GOOGLE)
1 216.58.207.74 15169 (GOOGLE)
1 205.185.208.52 20446 (HIGHWINDS3)
2 205.185.216.10 20446 (HIGHWINDS3)
1 40.68.208.131 8075 (MICROSOFT...)
3 216.58.207.67 15169 (GOOGLE)
1 2 172.217.21.238 15169 (GOOGLE)
1 205.185.216.42 20446 (HIGHWINDS3)
1 173.194.76.156 15169 (GOOGLE)
20 10
1    49.51.86.95 (Beijing, China)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)
goldenetweb.com
8    94.130.106.52 (Ukraine)

ASN24940 (HETZNER-AS, DE)
PTR: static.52.106.130.94.clients.your-server.de
lp.nightrush.com
1    216.58.207.72 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s25-in-f8.1e100.net
www.googletagmanager.com
1    216.58.207.74 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s25-in-f10.1e100.net
fonts.googleapis.com
1    205.185.208.52 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net
code.jquery.com
2    205.185.216.10 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: map2.hwcdn.net
static.hotjar.com
vars.hotjar.com
1    40.68.208.131 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
authorisation.mga.org.mt
3    216.58.207.67 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s25-in-f3.1e100.net
fonts.gstatic.com
2    172.217.21.238 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f238.1e100.net
www.google-analytics.com
1    205.185.216.42 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: map2.hwcdn.net
script.hotjar.com
1    173.194.76.156 (Portage, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: ws-in-f156.1e100.net
stats.g.doubleclick.net
Domain Requested by
8 lp.nightrush.com lp.nightrush.com
3 fonts.gstatic.com lp.nightrush.com
2 www.google-analytics.com 1 redirects www.googletagmanager.com
1 vars.hotjar.com static.hotjar.com
1 stats.g.doubleclick.net lp.nightrush.com
1 script.hotjar.com static.hotjar.com
1 authorisation.mga.org.mt lp.nightrush.com
1 static.hotjar.com lp.nightrush.com
1 code.jquery.com lp.nightrush.com
1 fonts.googleapis.com lp.nightrush.com
1 www.googletagmanager.com lp.nightrush.com
1 goldenetweb.com 1 redirects
20 12

This site contains links to these domains. Also see Links.

Domain
wlnightrush.adsrv.eacdn.com
Subject Issuer Validity Valid
www.authorisation.mga.org.mt
DigiCert SHA2 Secure Server CA		 2015-12-04 -
2018-12-12		 3 years crt.sh
*.hotjar.com
Let's Encrypt Authority X3		 2018-05-24 -
2018-08-22		 3 months crt.sh

This page contains 3 frames:

Primary Page: http://lp.nightrush.com/DE/welcome/1405/
Frame ID: C6694C9E99AA6E005255E8488BB625A1
Requests: 18 HTTP requests in this frame

Frame: https://authorisation.mga.org.mt/handlers/seal-of-authorisation.aspx?company=0e2c8c9b-bab1-46ff-9317-5cdc696da1f8&lang=en&fullDetails=0&size=10
Frame ID: F4AB027857FAE0F5A96A2AE65EE6AB79
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/rcj-99d43ead6bdf30da8ed5ffcb4f17100c.html
Frame ID: 3683BFD005CDCEFE57ADF0DD37A13C33
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://goldenetweb.com/ HTTP 302
    http://lp.nightrush.com/DE/welcome/1405/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /php\/?([\d.]+)?/i
Overall confidence: 100%
Detected patterns
  • headers server /CentOS/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • env /^google_tag_manager$/i
Overall confidence: 100%
Detected patterns
  • script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
  • script /jquery.*\.js/i
  • env /^jQuery$/i

Page Statistics

20
Requests

10 %
HTTPS

0 %
IPv6

10
Domains

12
Subdomains

10
IPs

4
Countries

654 kB
Transfer

1215 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://goldenetweb.com/ HTTP 302
    http://lp.nightrush.com/DE/welcome/1405/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17
  • https://www.google-analytics.com/r/collect?v=1&_v=j68&a=231742620&t=pageview&_s=1&dl=http%3A%2F%2Flp.nightrush.com%2FDE%2Fwelcome%2F1405%2F&ul=en-us&de=UTF-8&dt=NightRush%20Willkommensbonus-Paket%20%E2%82%AC1000&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1060960704&gjid=1469832878&cid=725572380.1527954789&tid=UA-107352757-2&_gid=1792869102.1527954789&_r=1&gtm=u5o&z=1929375097 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-107352757-2&cid=725572380.1527954789&jid=1060960704&_gid=1792869102.1527954789&gjid=1469832878&_v=j68&z=1929375097

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
lp.nightrush.com/DE/welcome/1405/
Redirect Chain
  • http://goldenetweb.com/
  • http://lp.nightrush.com/DE/welcome/1405/
7 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://lp.nightrush.com/DE/welcome/1405/
Protocol
HTTP/1.1
Server
94.130.106.52 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.52.106.130.94.clients.your-server.de
Software
Apache/2.4.6 (CentOS) PHP/5.4.16 /
Resource Hash
fa947a196468c87e69f19ab0778f7672b71674b4c54d9c707474af844f9a2737

Request headers

Host
lp.nightrush.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
C6694C9E99AA6E005255E8488BB625A1

Response headers

Date
Sat, 02 Jun 2018 15:53:07 GMT
Server
Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified
Thu, 14 Dec 2017 13:47:58 GMT
ETag
"1d5d-5604d21c7066a"
Accept-Ranges
bytes
Content-Length
7517
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Server
nginx
Date
Sat, 02 Jun 2018 15:53:08 GMT
Content-Type
text/html;charset=UTF-8
Content-Length
3
Connection
keep-alive
Set-Cookie
userlike2=%F0%EE%3A%14D%21%24%D7%2A%0B%C2%D6%24%D7%80s%98%5B%E4%B1%06%E4A%1A%EAr%D4%D1%8E%97o%ED%E0%A3%88%82%D0p%E3K%82E%E4%CA%A4Z%11%0B%B7+%80%03g%CAS%AA%253%18%BE%9C%19; expires=Fri, 22-Jun-2018 15:50:33 GMT
Cache-Control
no-store, no-cache, must-revalidate
Expires
Sat, 02 Jun 2018 18:50:33 +0300
Location
http://lp.nightrush.com/DE/welcome/1405/
js
www.googletagmanager.com/gtag/ 		68 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-107352757-2
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
SPDY
Server
216.58.207.72 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s25-in-f8.1e100.net
Software
Google Tag Manager (scaffolding) /
Resource Hash
680dc19dbbda4cd4e79f09a04e08d6a955c549869c81ea4b53c6c1d79a44297e
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
http://lp.nightrush.com/DE/welcome/1405/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Sat, 02 Jun 2018 15:53:08 GMT
content-encoding
gzip
server
Google Tag Manager (scaffolding)
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
24484
x-xss-protection
1; mode=block
expires
Sat, 02 Jun 2018 15:53:08 GMT
logo.svg
lp.nightrush.com/DE/welcome/1405/img/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://lp.nightrush.com/DE/welcome/1405/img/logo.svg
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
HTTP/1.1
Server
94.130.106.52 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.52.106.130.94.clients.your-server.de
Software
Apache/2.4.6 (CentOS) PHP/5.4.16 /
Resource Hash
60604904a1b3815555a5e02f9ed80f2663f739601180f6d20ef2aefffebc49db

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
lp.nightrush.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://lp.nightrush.com/DE/welcome/1405/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://lp.nightrush.com/DE/welcome/1405/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Sat, 02 Jun 2018 15:53:07 GMT
Last-Modified
Thu, 14 Dec 2017 13:42:41 GMT
Server
Apache/2.4.6 (CentOS) PHP/5.4.16
ETag
"3fba-5604d0ee0e002"
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
16314
style.css
lp.nightrush.com/DE/welcome/1405/css/ 		9 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://lp.nightrush.com/DE/welcome/1405/css/style.css
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
HTTP/1.1
Server
94.130.106.52 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.52.106.130.94.clients.your-server.de
Software
Apache/2.4.6 (CentOS) PHP/5.4.16 /
Resource Hash
c6d2859eca7e87474bf4190dbd2f364246fa43a4b8cc8f4b46eb7c3c122dd758

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
lp.nightrush.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://lp.nightrush.com/DE/welcome/1405/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://lp.nightrush.com/DE/welcome/1405/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Sat, 02 Jun 2018 15:53:07 GMT
Last-Modified
Thu, 14 Dec 2017 13:42:35 GMT
Server
Apache/2.4.6 (CentOS) PHP/5.4.16
ETag
"25f0-5604d0e7c3a62"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
9712
css
fonts.googleapis.com/ 		730 B
353 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,600,700
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
SPDY
Server
216.58.207.74 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s25-in-f10.1e100.net
Software
ESF /
Resource Hash
a6b774d1722b797b51d8acde49b44e031bcc5800ce07d431aa016dbdbb96b083
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://lp.nightrush.com/DE/welcome/1405/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Sat, 02 Jun 2018 15:53:08 GMT
content-encoding
gzip
server
ESF
status
200
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
x-xss-protection
1; mode=block
expires
Sat, 02 Jun 2018 15:53:08 GMT
jquery-1.9.1.js
code.jquery.com/ 		262 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://code.jquery.com/jquery-1.9.1.js
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
HTTP/1.1
Server
205.185.208.52 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip052.ssl.hwcdn.net
Software
nginx /
Resource Hash
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40

Request headers

Referer
http://lp.nightrush.com/DE/welcome/1405/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Sat, 02 Jun 2018 15:53:08 GMT
Content-Encoding
gzip
Last-Modified
Fri, 24 Oct 2014 00:16:07 GMT
Server
nginx
ETag
W/"54499a47-4185d"
Vary
Accept-Encoding
X-HW
1527954788.dop004.fr8.t,1527954788.cds029.fr8.c
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
97176
hotjar-648366.js
static.hotjar.com/c/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-648366.js?sv=6
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
HTTP/1.1
Server
205.185.216.10 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
d971ed3ca02093e36c6cd0f6920d6fcb1690beb687a20853baf8becb7169bc91

Request headers

Referer
http://lp.nightrush.com/DE/welcome/1405/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Sat, 02 Jun 2018 15:53:08 GMT
Content-Encoding
gzip
Last-Modified
Sat, 02 Jun 2018 15:53:08 GMT
ETag
"1527954788"
X-HW
1527954788.dop012.fr8.shc,1527954788.dop012.fr8.t,1527954788.cds008.fr8.e
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=60
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
872
Cookie set seal-of-authorisation.aspx
authorisation.mga.org.mt/handlers/ Frame F4AB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://authorisation.mga.org.mt/handlers/seal-of-authorisation.aspx?company=0e2c8c9b-bab1-46ff-9317-5cdc696da1f8&lang=en&fullDetails=0&size=10
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.68.208.131 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash

Request headers

Host
authorisation.mga.org.mt
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://lp.nightrush.com/DE/welcome/1405/
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
C6694C9E99AA6E005255E8488BB625A1
Referer
http://lp.nightrush.com/DE/welcome/1405/

Response headers

Cache-Control
private
Content-Length
705
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Vary
Accept-Encoding
Server
Microsoft-IIS/10.0
X-AspNetMvc-Version
5.2
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Set-Cookie
ARRAffinity=4a94332188ca85c51edec7f75ce626053099c754beca68e86359a9b7d504f38b;Path=/;HttpOnly;Domain=authorisation.mga.org.mt
Date
Sat, 02 Jun 2018 15:53:08 GMT
bg.jpg
lp.nightrush.com/DE/welcome/1405/img/ 		174 KB
175 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://lp.nightrush.com/DE/welcome/1405/img/bg.jpg
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
HTTP/1.1
Server
94.130.106.52 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.52.106.130.94.clients.your-server.de
Software
Apache/2.4.6 (CentOS) PHP/5.4.16 /
Resource Hash
ed23264dad1878d050a423cca57790d3020fc90062099df9f95cd1dc367b986e

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
lp.nightrush.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://lp.nightrush.com/DE/welcome/1405/css/style.css
Connection
keep-alive
Cache-Control
no-cache
Referer
http://lp.nightrush.com/DE/welcome/1405/css/style.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Sat, 02 Jun 2018 15:53:07 GMT
Last-Modified
Thu, 14 Dec 2017 13:42:37 GMT
Server
Apache/2.4.6 (CentOS) PHP/5.4.16
ETag
"2b94b-5604d0e9c978a"
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
178507
ceg-seal.png
lp.nightrush.com/DE/welcome/1405/img/ 		26 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://lp.nightrush.com/DE/welcome/1405/img/ceg-seal.png
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
HTTP/1.1
Server
94.130.106.52 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.52.106.130.94.clients.your-server.de
Software
Apache/2.4.6 (CentOS) PHP/5.4.16 /
Resource Hash
67eb1041fbf1467e104c101749f05dc041677066f17e081ab34478cc533bfa11

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
lp.nightrush.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://lp.nightrush.com/DE/welcome/1405/css/style.css
Connection
keep-alive
Cache-Control
no-cache
Referer
http://lp.nightrush.com/DE/welcome/1405/css/style.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Sat, 02 Jun 2018 15:53:07 GMT
Last-Modified
Thu, 14 Dec 2017 13:42:38 GMT
Server
Apache/2.4.6 (CentOS) PHP/5.4.16
ETag
"69f1-5604d0ead48fa"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
27121
provider-sprite.png
lp.nightrush.com/DE/welcome/1405/img/ 		40 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://lp.nightrush.com/DE/welcome/1405/img/provider-sprite.png?v=1
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
HTTP/1.1
Server
94.130.106.52 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.52.106.130.94.clients.your-server.de
Software
Apache/2.4.6 (CentOS) PHP/5.4.16 /
Resource Hash
800f5873ca6ca9d2b5052d862adef3ef1b526a4e42450016e213fc46095fac24

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
lp.nightrush.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://lp.nightrush.com/DE/welcome/1405/css/style.css
Connection
keep-alive
Cache-Control
no-cache
Referer
http://lp.nightrush.com/DE/welcome/1405/css/style.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Sat, 02 Jun 2018 15:53:07 GMT
Last-Modified
Thu, 14 Dec 2017 13:42:43 GMT
Server
Apache/2.4.6 (CentOS) PHP/5.4.16
ETag
"a17e-5604d0efd9f62"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
41342
payment-sprite.png
lp.nightrush.com/DE/welcome/1405/img/ 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://lp.nightrush.com/DE/welcome/1405/img/payment-sprite.png
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
HTTP/1.1
Server
94.130.106.52 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.52.106.130.94.clients.your-server.de
Software
Apache/2.4.6 (CentOS) PHP/5.4.16 /
Resource Hash
8627e01beff65b3dbddf53ee19cc04832225f7cb2d138473ebeb50ee4e6c62ed

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
lp.nightrush.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://lp.nightrush.com/DE/welcome/1405/css/style.css
Connection
keep-alive
Cache-Control
no-cache
Referer
http://lp.nightrush.com/DE/welcome/1405/css/style.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Sat, 02 Jun 2018 15:53:07 GMT
Last-Modified
Thu, 14 Dec 2017 13:42:42 GMT
Server
Apache/2.4.6 (CentOS) PHP/5.4.16
ETag
"75a9-5604d0eee516a"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
30121
header-bg.jpg
lp.nightrush.com/DE/welcome/1405/img/ 		84 KB
85 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://lp.nightrush.com/DE/welcome/1405/img/header-bg.jpg
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
HTTP/1.1
Server
94.130.106.52 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.52.106.130.94.clients.your-server.de
Software
Apache/2.4.6 (CentOS) PHP/5.4.16 /
Resource Hash
0408664eab8ed6cca8aa9924638a7afa67c0b399bfc29b8dbf4df83bc0eeb9fa

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
lp.nightrush.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://lp.nightrush.com/DE/welcome/1405/css/style.css
Connection
keep-alive
Cache-Control
no-cache
Referer
http://lp.nightrush.com/DE/welcome/1405/css/style.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Sat, 02 Jun 2018 15:53:07 GMT
Last-Modified
Thu, 14 Dec 2017 13:42:41 GMT
Server
Apache/2.4.6 (CentOS) PHP/5.4.16
ETag
"15110-5604d0ed48faa"
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
86288
mem8YaGs126MiZpBA-UFVZ0e.ttf
fonts.gstatic.com/s/opensans/v15/ 		26 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0e.ttf
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
SPDY
Server
216.58.207.67 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s25-in-f3.1e100.net
Software
sffe /
Resource Hash
927658fe940c899225567ad7885c40a7871dee09c2b9f00d31f7ca62d1f424fc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:400,600,700
Origin
http://lp.nightrush.com

Response headers

date
Mon, 12 Feb 2018 15:00:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
9507140
status
200
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
17857
x-xss-protection
1; mode=block
last-modified
Wed, 11 Oct 2017 21:49:44 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Feb 2019 15:00:48 GMT
mem5YaGs126MiZpBA-UNirkOUuhs.ttf
fonts.gstatic.com/s/opensans/v15/ 		27 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UNirkOUuhs.ttf
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
SPDY
Server
216.58.207.67 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s25-in-f3.1e100.net
Software
sffe /
Resource Hash
74461248f0a3edd43acbe67fbd98bb8bc6f26bb6b2e8b948c4757724717bde5c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:400,600,700
Origin
http://lp.nightrush.com

Response headers

date
Mon, 12 Feb 2018 19:52:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
9489649
status
200
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
18442
x-xss-protection
1; mode=block
last-modified
Wed, 11 Oct 2017 21:49:53 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Feb 2019 19:52:19 GMT
mem5YaGs126MiZpBA-UN7rgOUuhs.ttf
fonts.gstatic.com/s/opensans/v15/ 		28 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN7rgOUuhs.ttf
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
SPDY
Server
216.58.207.67 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s25-in-f3.1e100.net
Software
sffe /
Resource Hash
0782a52179d0e25f19c39b43253795b25787d65abdbd8bfa38be0f21a4512748
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:400,600,700
Origin
http://lp.nightrush.com

Response headers

date
Thu, 24 May 2018 12:30:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
789782
status
200
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
18670
x-xss-protection
1; mode=block
last-modified
Wed, 11 Oct 2017 21:49:43 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 24 May 2019 12:30:06 GMT
analytics.js
www.google-analytics.com/ 		34 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-107352757-2
Protocol
SPDY
Server
172.217.21.238 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s13-in-f238.1e100.net
Software
Golfe2 /
Resource Hash
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://lp.nightrush.com/DE/welcome/1405/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 18 May 2018 01:10:24 GMT
server
Golfe2
age
4203
date
Sat, 02 Jun 2018 14:43:05 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
14386
expires
Sat, 02 Jun 2018 16:43:05 GMT
modules-44098c22a71c467adcd148459b0b92fe.js
script.hotjar.com/ 		380 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules-44098c22a71c467adcd148459b0b92fe.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-648366.js?sv=6
Protocol
HTTP/1.1
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
2c8d4c64d0ce894841800b720128a398cffa9a2499157de001e0c99435b9d31c

Request headers

Referer
http://lp.nightrush.com/DE/welcome/1405/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Sat, 02 Jun 2018 15:53:08 GMT
Content-Encoding
gzip
Last-Modified
Fri, 01 Jun 2018 20:46:19 GMT
ETag
"1527885979"
X-HW
1527954788.dop001.fr8.shc,1527954788.dop001.fr8.t,1527954788.cds015.fr8.c
Content-Type
application/javascript
Cache-Control
max-age=31467217
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
76213
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j68&a=231742620&t=pageview&_s=1&dl=http%3A%2F%2Flp.nightrush.com%2FDE%2Fwelcome%2F1405%2F&ul=en-us&de=UTF-8&dt=NightRush%20Willkommensbonus-Paket%2...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-107352757-2&cid=725572380.1527954789&jid=1060960704&_gid=1792869102.1527954789&gjid=1469832878&_v=j68&z=1929375097
35 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-107352757-2&cid=725572380.1527954789&jid=1060960704&_gid=1792869102.1527954789&gjid=1469832878&_v=j68&z=1929375097
Requested by
Host: lp.nightrush.com
URL: http://lp.nightrush.com/DE/welcome/1405/
Protocol
SPDY
Server
173.194.76.156 Portage, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
ws-in-f156.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://lp.nightrush.com/DE/welcome/1405/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Sat, 02 Jun 2018 15:53:08 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 02 Jun 2018 15:53:08 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
302
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-107352757-2&cid=725572380.1527954789&jid=1060960704&_gid=1792869102.1527954789&gjid=1469832878&_v=j68&z=1929375097
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
420
expires
Fri, 01 Jan 1990 00:00:00 GMT
rcj-99d43ead6bdf30da8ed5ffcb4f17100c.html
vars.hotjar.com/ Frame 3683 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/rcj-99d43ead6bdf30da8ed5ffcb4f17100c.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-648366.js?sv=6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.10 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash

Request headers

Host
vars.hotjar.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://lp.nightrush.com/DE/welcome/1405/
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
C6694C9E99AA6E005255E8488BB625A1
Referer
http://lp.nightrush.com/DE/welcome/1405/

Response headers

Date
Sat, 02 Jun 2018 15:53:08 GMT
Connection
Keep-Alive
Accept-Ranges
bytes
ETag
"1527087014"
Cache-Control
max-age=30687313
Content-Encoding
gzip
Content-Length
869
Content-Type
text/html
Last-Modified
Wed, 23 May 2018 14:50:14 GMT
X-HW
1527954788.dop001.fr8.shc,1527954788.dop001.fr8.t,1527954788.cds004.fr8.c

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| hj object| _hjSettings function| gtag object| dataLayer function| $ function| jQuery object| google_tag_manager string| GoogleAnalyticsObject function| ga object| hjSiteSettings function| hjBootstrap object| gaplugins object| gaGlobal object| gaData

4 Cookies

Domain/Path Name / Value
.authorisation.mga.org.mt/ Name: ARRAffinity
Value: 4a94332188ca85c51edec7f75ce626053099c754beca68e86359a9b7d504f38b
.nightrush.com/ Name: _gat_gtag_UA_107352757_2
Value: 1
.nightrush.com/ Name: _gid
Value: GA1.2.1792869102.1527954789
.nightrush.com/ Name: _ga
Value: GA1.2.725572380.1527954789

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

authorisation.mga.org.mt
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
goldenetweb.com
lp.nightrush.com
script.hotjar.com
static.hotjar.com
stats.g.doubleclick.net
vars.hotjar.com
www.google-analytics.com
www.googletagmanager.com
172.217.21.238
173.194.76.156
205.185.208.52
205.185.216.10
205.185.216.42
216.58.207.67
216.58.207.72
216.58.207.74
40.68.208.131
49.51.86.95
94.130.106.52
0408664eab8ed6cca8aa9924638a7afa67c0b399bfc29b8dbf4df83bc0eeb9fa
0782a52179d0e25f19c39b43253795b25787d65abdbd8bfa38be0f21a4512748
2c8d4c64d0ce894841800b720128a398cffa9a2499157de001e0c99435b9d31c
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
60604904a1b3815555a5e02f9ed80f2663f739601180f6d20ef2aefffebc49db
67eb1041fbf1467e104c101749f05dc041677066f17e081ab34478cc533bfa11
680dc19dbbda4cd4e79f09a04e08d6a955c549869c81ea4b53c6c1d79a44297e
74461248f0a3edd43acbe67fbd98bb8bc6f26bb6b2e8b948c4757724717bde5c
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40
800f5873ca6ca9d2b5052d862adef3ef1b526a4e42450016e213fc46095fac24
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8627e01beff65b3dbddf53ee19cc04832225f7cb2d138473ebeb50ee4e6c62ed
927658fe940c899225567ad7885c40a7871dee09c2b9f00d31f7ca62d1f424fc
a6b774d1722b797b51d8acde49b44e031bcc5800ce07d431aa016dbdbb96b083
c6d2859eca7e87474bf4190dbd2f364246fa43a4b8cc8f4b46eb7c3c122dd758
d971ed3ca02093e36c6cd0f6920d6fcb1690beb687a20853baf8becb7169bc91
ed23264dad1878d050a423cca57790d3020fc90062099df9f95cd1dc367b986e
fa947a196468c87e69f19ab0778f7672b71674b4c54d9c707474af844f9a2737