povorotnetuda.ru
Open in
urlscan Pro
87.236.16.107
Public Scan
Submission Tags: phishtake
Submission: On May 07 via api from JP
Summary
TLS certificate: Issued by R3 on May 7th 2021. Valid for: 3 months.
This is the only time povorotnetuda.ru was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
ASN198610 (BEGET-AS, RU)
PTR: ssl.spectre.beget.com
povorotnetuda.ru | |
xn--80adgd3bebafnxcn.xn--p1ai |
ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f2.1e100.net
www.googleadservices.com |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU)
PTR: srv194-139-240-87.vk.com
vk.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net |
ASN199524 (GCORE, LU)
code.jivosite.com | |
code-ya.jivosite.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
25 |
function sub() { [native code] }. |
2 MB |
8 |
jivosite.com
code.jivosite.com node-ya10.jivosite.com code-ya.jivosite.com |
367 KB |
7 |
yandex.com
3 redirects
mc.yandex.com |
3 KB |
5 |
facebook.com
www.facebook.com |
440 B |
4 |
vk.com
vk.com |
23 KB |
4 |
povorotnetuda.ru
povorotnetuda.ru |
52 KB |
3 |
facebook.net
connect.facebook.net |
168 KB |
2 |
doubleclick.net
stats.g.doubleclick.net googleads.g.doubleclick.net |
1 KB |
2 |
yandex.ru
1 redirects
mc.yandex.ru |
43 KB |
2 |
google-analytics.com
www.google-analytics.com |
19 KB |
1 |
google.de
www.google.de |
108 B |
1 |
google.com
www.google.com |
108 B |
1 |
googletagmanager.com
www.googletagmanager.com |
32 KB |
1 |
googleadservices.com
www.googleadservices.com |
17 KB |
1 |
jquery.com
code.jquery.com |
66 KB |
67 | 15 |
Domain | Requested by | |
---|---|---|
25 | xn--80adgd3bebafnxcn.xn--p1ai |
povorotnetuda.ru
xn--80adgd3bebafnxcn.xn--p1ai |
7 | mc.yandex.com |
3 redirects
povorotnetuda.ru
|
5 | code-ya.jivosite.com |
code.jivosite.com
povorotnetuda.ru |
5 | www.facebook.com |
povorotnetuda.ru
|
4 | vk.com |
povorotnetuda.ru
|
4 | povorotnetuda.ru |
povorotnetuda.ru
|
3 | connect.facebook.net |
povorotnetuda.ru
connect.facebook.net |
2 | code.jivosite.com |
povorotnetuda.ru
code.jivosite.com |
2 | mc.yandex.ru |
1 redirects
povorotnetuda.ru
|
2 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com |
1 | node-ya10.jivosite.com |
code.jivosite.com
|
1 | www.google.de |
povorotnetuda.ru
|
1 | www.google.com |
povorotnetuda.ru
|
1 | googleads.g.doubleclick.net |
www.googleadservices.com
|
1 | stats.g.doubleclick.net |
www.google-analytics.com
|
1 | www.googletagmanager.com |
povorotnetuda.ru
|
1 | www.googleadservices.com |
povorotnetuda.ru
|
1 | code.jquery.com |
povorotnetuda.ru
|
67 | 18 |
This site contains links to these domains. Also see Links.
Domain |
---|
xn--80adgd3bebafnxcn.xn--p1ai |
vk.com |
instagram.com |
www.jivo.ru |
Subject Issuer | Validity | Valid | |
---|---|---|---|
povorotnetuda.ru R3 |
2021-05-07 - 2021-08-05 |
3 months | crt.sh |
xn--80adgd3bebafnxcn.xn--p1ai R3 |
2021-04-04 - 2021-07-03 |
3 months | crt.sh |
jquery.org Sectigo RSA Domain Validation Secure Server CA |
2020-10-06 - 2021-10-16 |
a year | crt.sh |
www.googleadservices.com GTS CA 1C3 |
2021-04-13 - 2021-07-06 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2021-04-13 - 2021-07-06 |
3 months | crt.sh |
*.vk.com GlobalSign Organization Validation CA - SHA256 - G2 |
2020-06-09 - 2022-06-10 |
2 years | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2021-04-06 - 2021-07-03 |
3 months | crt.sh |
*.google.com GTS CA 1O1 |
2021-04-13 - 2021-07-06 |
3 months | crt.sh |
mc.yandex.ru Yandex CA |
2021-02-27 - 2021-08-09 |
5 months | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2021-04-13 - 2021-07-06 |
3 months | crt.sh |
www.google.com GTS CA 1C3 |
2021-04-13 - 2021-07-06 |
3 months | crt.sh |
www.google.de GTS CA 1C3 |
2021-04-13 - 2021-07-06 |
3 months | crt.sh |
*.jivosite.com Go Daddy Secure Certificate Authority - G2 |
2020-04-05 - 2022-06-04 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://povorotnetuda.ru/login.php
Frame ID: DC28A75FC6ED5733F452F596F1F8C1CF
Requests: 70 HTTP requests in this frame
11 Outgoing links
These are links going to different origins than the main page.
Title: Франшиза
Search URL Search Domain Scan URL
Title: Сертификат
Search URL Search Domain Scan URL
Title: Поворот не туда
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Квесты
Search URL Search Domain Scan URL
Title: Расписание
Search URL Search Domain Scan URL
Title: Корпоратив
Search URL Search Domain Scan URL
Title: Детский праздник
Search URL Search Domain Scan URL
Title: Контакты
Search URL Search Domain Scan URL
Title: Бизнес-мессенджер
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 51- https://mc.yandex.com/sync_cookie_image_check HTTP 302
- https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9266.MTxVGuZNXQ_BZwkc68yJgPmptE3gr12RTpMj4QCAwIMksSfhDcDSte6Ze4n09hFv.nLRmR-WPB1chwEWYbhHS2GqcFfo%2C HTTP 302
- https://mc.yandex.com/sync_cookie_image_decide?token=9266.Y5TF7X8ZxSswMYnpYL71Z-ae0aNa-rSCqcg6xdfnB5vY7e8oCTeVqVSzbnYQBdeL9rT4qcxYadwcigtTYMOOkg%2C%2C.qYLo2vG2ahCzCRi0Jq-9lUYg9nY%2C
- https://mc.yandex.com/watch/31361493?wmode=7&page-url=https%3A%2F%2Fpovorotnetuda.ru%2Flogin.php&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Abx1nzewshzamry4%3Afp%3A464%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A504%3Acn%3A1%3Adp%3A0%3Als%3A138141547974%3Ahid%3A972590676%3Az%3A120%3Ai%3A20210507155738%3Aet%3A1620395858%3Ac%3A1%3Arn%3A725433135%3Au%3A1620395858194914867%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1620395857418%3Ads%3A0%2C113%2C192%2C1%2C0%2C0%2C%2C238%2C4%2C%2C%2C%2C548%3Adsn%3A0%2C112%2C193%2C0%2C0%2C0%2C%2C241%2C5%2C%2C%2C%2C548%3Arqnl%3A1%3Aadb%3A2%3Ati%3A2%3Ast%3A1620395858%3At%3A HTTP 302
- https://mc.yandex.com/watch/31361493/1?wmode=7&page-url=https%3A%2F%2Fpovorotnetuda.ru%2Flogin.php&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Abx1nzewshzamry4%3Afp%3A464%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A504%3Acn%3A1%3Adp%3A0%3Als%3A138141547974%3Ahid%3A972590676%3Az%3A120%3Ai%3A20210507155738%3Aet%3A1620395858%3Ac%3A1%3Arn%3A725433135%3Au%3A1620395858194914867%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1620395857418%3Ads%3A0%2C113%2C192%2C1%2C0%2C0%2C%2C238%2C4%2C%2C%2C%2C548%3Adsn%3A0%2C112%2C193%2C0%2C0%2C0%2C%2C241%2C5%2C%2C%2C%2C548%3Arqnl%3A1%3Aadb%3A2%3Ati%3A2%3Ast%3A1620395858%3At%3A
- https://mc.yandex.com/watch/31051446?wmode=7&page-url=https%3A%2F%2Fpovorotnetuda.ru%2Flogin.php&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Abx1nzewshzamry4%3Afp%3A464%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A504%3Acn%3A2%3Adp%3A0%3Als%3A144817181955%3Ahid%3A972590676%3Az%3A120%3Ai%3A20210507155738%3Aet%3A1620395858%3Ac%3A1%3Arn%3A202753135%3Au%3A1620395858194914867%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1620395857418%3Ads%3A0%2C113%2C192%2C1%2C0%2C0%2C%2C238%2C4%2C%2C%2C%2C548%3Adsn%3A0%2C112%2C193%2C0%2C0%2C0%2C%2C241%2C5%2C%2C%2C%2C548%3Arqnl%3A1%3Aadb%3A2%3Ati%3A2%3Ast%3A1620395858%3At%3A HTTP 302
- https://mc.yandex.com/watch/31051446/1?wmode=7&page-url=https%3A%2F%2Fpovorotnetuda.ru%2Flogin.php&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Abx1nzewshzamry4%3Afp%3A464%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A504%3Acn%3A2%3Adp%3A0%3Als%3A144817181955%3Ahid%3A972590676%3Az%3A120%3Ai%3A20210507155738%3Aet%3A1620395858%3Ac%3A1%3Arn%3A202753135%3Au%3A1620395858194914867%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1620395857418%3Ads%3A0%2C113%2C192%2C1%2C0%2C0%2C%2C238%2C4%2C%2C%2C%2C548%3Adsn%3A0%2C112%2C193%2C0%2C0%2C0%2C%2C241%2C5%2C%2C%2C%2C548%3Arqnl%3A1%3Aadb%3A2%3Ati%3A2%3Ast%3A1620395858%3At%3A
67 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.php
povorotnetuda.ru/ |
35 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
easy-modal-site.css
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/plugins/easy-modal/assets/styles/ |
1 KB 676 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/plugins/contact-form-7/includes/css/ |
1 KB 663 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
slick.css
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/plugins/wp-slick-slider-and-image-carousel/assets/css/ |
6 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
slick-slider-style.css
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/plugins/wp-slick-slider-and-image-carousel/assets/css/ |
8 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
xn--80adgd3bebafnxcn.xn--p1ai/wp-includes/js/jquery/ |
94 KB 33 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-migrate.min.js
xn--80adgd3bebafnxcn.xn--p1ai/wp-includes/js/jquery/ |
7 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
slick.min.js
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/plugins/wp-slick-slider-and-image-carousel/assets/js/ |
39 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.reveal.js
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/themes/povorot/js/ |
5 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/themes/povorot/ |
31 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-ui.min.js
code.jquery.com/ui/1.12.1/ |
248 KB 66 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg-adr.png
povorotnetuda.ru/wp-content/themes/povorot/i/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
psychotherapy.jpg
povorotnetuda.ru/i/ |
5 KB 5 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
horror.jpg
povorotnetuda.ru/i/ |
35 KB 35 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
core.min.js
xn--80adgd3bebafnxcn.xn--p1ai/wp-includes/js/jquery/ui/ |
4 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
position.min.js
xn--80adgd3bebafnxcn.xn--p1ai/wp-includes/js/jquery/ui/ |
6 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.transit.min.js
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/plugins/easy-modal/assets/scripts/ |
8 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
easy-modal-site.js
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/plugins/easy-modal/assets/scripts/ |
22 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.form.min.js
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/plugins/contact-form-7/includes/js/ |
15 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scripts.js
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/plugins/contact-form-7/includes/js/ |
11 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
conversion.js
www.googleadservices.com/pagead/ |
43 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
82 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rtrg
vk.com/ |
49 B 445 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fbevents.js
connect.facebook.net/en_US/ |
92 KB 24 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
openapi.js
vk.com/js/api/ |
100 KB 22 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg-head3.png
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/themes/povorot/i/ |
733 KB 734 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fran.png
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/themes/povorot/i/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg-prise.png
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/themes/povorot/i/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo2.png
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/themes/povorot/i/ |
48 KB 49 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/themes/povorot/ |
31 KB 31 KB |
Image
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mail_icon.png
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/themes/povorot/i/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vk.png
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/themes/povorot/i/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
in.png
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/themes/povorot/i/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg-nav.png
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/themes/povorot/i/ |
178 KB 179 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg-foot1.png
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/themes/povorot/i/ |
491 KB 492 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
BebasBold.woff
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/themes/povorot/fonts/BebasBold/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
BebasRegular.woff
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/themes/povorot/fonts/BebasRegular/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
1484479458276977
connect.facebook.net/signals/config/ |
254 KB 72 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
48 KB 19 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3-29 |
collect
www.google-analytics.com/j/ |
2 B 22 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
watch.js
mc.yandex.ru/metrika/ |
123 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rtrg
vk.com/ |
49 B 363 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
688232001310482
connect.facebook.net/signals/config/ |
254 KB 72 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
/
www.facebook.com/tr/ |
44 B 88 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
1 B 85 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/970697919/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
/
www.facebook.com/tr/ |
44 B 88 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
/
www.facebook.com/tr/ |
44 B 88 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.com/pagead/1p-user-list/970697919/ |
42 B 108 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.de/pagead/1p-user-list/970697919/ |
42 B 108 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rtrg
vk.com/ |
49 B 363 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
BebasBold.ttf
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/themes/povorot/fonts/BebasBold/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sync_cookie_image_decide
mc.yandex.com/ Redirect Chain
|
75 B 75 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
BebasRegular.ttf
xn--80adgd3bebafnxcn.xn--p1ai/wp-content/themes/povorot/fonts/BebasRegular/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
advert.gif
mc.yandex.com/metrika/ |
43 B 136 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xA6QUWUgQ5
code.jivosite.com/script/widget/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1
mc.yandex.com/watch/31361493/ Redirect Chain
|
184 B 215 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1
mc.yandex.com/watch/31051446/ Redirect Chain
|
184 B 293 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
/
www.facebook.com/tr/ |
44 B 88 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
/
www.facebook.com/tr/ |
44 B 88 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xA6QUWUgQ5
code.jivosite.com/script/widget/config/ |
2 KB 878 B |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xA6QUWUgQ5
node-ya10.jivosite.com/widget/status/812169/ |
80 B 175 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle_ru_RU.js
code-ya.jivosite.com/js/ |
1 MB 317 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
widget.css
code-ya.jivosite.com/css/2325b35c/ |
192 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
393 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
447 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
agent_message.mp3
code-ya.jivosite.com/sounds/ |
4 KB 4 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
notification.mp3
code-ya.jivosite.com/sounds/ |
6 KB 6 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
outgoing_message.mp3
code-ya.jivosite.com/sounds/ |
5 KB 5 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- xn--80adgd3bebafnxcn.xn--p1ai
- URL
- https://xn--80adgd3bebafnxcn.xn--p1ai/wp-content/themes/povorot/fonts/BebasBold/BebasBold.woff
- Domain
- xn--80adgd3bebafnxcn.xn--p1ai
- URL
- https://xn--80adgd3bebafnxcn.xn--p1ai/wp-content/themes/povorot/fonts/BebasRegular/BebasRegular.woff
- Domain
- xn--80adgd3bebafnxcn.xn--p1ai
- URL
- https://xn--80adgd3bebafnxcn.xn--p1ai/wp-content/themes/povorot/fonts/BebasBold/BebasBold.ttf
- Domain
- xn--80adgd3bebafnxcn.xn--p1ai
- URL
- https://xn--80adgd3bebafnxcn.xn--p1ai/wp-content/themes/povorot/fonts/BebasRegular/BebasRegular.ttf
Verdicts & Comments Add Verdict or Comment
93 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| _wpemojiSettings undefined| $ function| jQuery object| dataLayer function| fbq function| _fbq object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData object| emodal_themes object| _wpcf7 object| google_conversion_id object| google_custom_params object| google_remarketing_only function| GooglemKTybQhCsO object| google_conversion_date object| google_conversion_time number| google_conversion_snippets number| google_conversion_first_time object| google_conversion_js_version object| google_conversion_format object| google_enable_display_cookie_match object| google_conversion_type object| google_conversion_order_id object| google_conversion_language object| google_conversion_value object| google_conversion_currency object| google_conversion_domain object| google_conversion_label object| google_conversion_color object| google_disable_viewthrough object| google_gtag_event_data object| google_conversion_linker object| google_tag_for_child_directed_treatment object| google_tag_for_under_age_of_consent object| google_allow_ad_personalization_signals object| google_restricted_data_processing object| google_conversion_items object| google_conversion_merchant_id object| google_user_id object| onload_callback object| opt_image_generator object| google_gtm_url_processor object| google_conversion_page_url object| google_conversion_referrer_url object| google_gtm object| google_gcl_cookie_prefix object| google_gcl_cookie_path object| google_gcl_cookie_flags object| google_gcl_cookie_domain object| google_gcl_cookie_max_age_seconds object| google_read_gcl_cookie_opt_out object| google_basket_feed_country object| google_basket_feed_language object| google_basket_discount object| google_basket_transaction_type object| google_additional_conversion_params object| google_additional_params object| google_transport_url object| google_gtm_experiments object| jQuery1112022582696289590598 function| obj2qs object| fastXDM object| VK object| Ya object| yaCounter31361493 object| yaCounter31051446 function| __jivoOnError boolean| __hasStorage boolean| jivo_magic_var function| __jivoBundleOnLoad function| __jivoBundleInit function| jivo_init function| jivo_destroy object| jivo_config string| jivo_version object| jivo_api11 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.povorotnetuda.ru/ | Name: _ym_isad Value: 2 |
|
.povorotnetuda.ru/ | Name: _gid Value: GA1.2.1364317098.1620395858 |
|
.povorotnetuda.ru/ | Name: _gat_UA-114395671-1 Value: 1 |
|
.povorotnetuda.ru/ | Name: _ga Value: GA1.2.1012695808.1620395858 |
|
povorotnetuda.ru/ | Name: jv_history_xA6QUWUgQ5 Value: %5B%7B%22url%22%3A%22http%3A%2F%2Fpovorotnetuda.ru%2F%22%2C%22title%22%3A%22%D0%93%D0%BE%D1%82%D0%BE%D0%B2%D1%8B%20%D1%81%D0%B2%D0%B5%D1%80%D0%BD%D1%83%D1%82%D1%8C%20%D0%BF%D0%BE%D0%B4%20%D0%B7%D0%B0%D0%BF%D1%80%D0%B5%D1%89%D0%B0%D1%8E%D1%89%D0%B8%D0%B9%20%D0%B7%D0%BD%D0%B0%D0%BA%3F%22%2C%22time%22%3A1620395857438%7D%5D |
|
.povorotnetuda.ru/ | Name: _fbp Value: fb.1.1620395857598.960851736 |
|
.povorotnetuda.ru/ | Name: _ym_d Value: 1620395858 |
|
.povorotnetuda.ru/ | Name: _ym_uid Value: 1620395858194914867 |
|
povorotnetuda.ru/ | Name: jv_store_xA6QUWUgQ5_client_xA6QUWUgQ5 Value: %7B%22jv_sess_id%22%3Anull%2C%22client_id%22%3Anull%2C%22pa_id%22%3Anull%2C%22is_introduced%22%3Afalse%2C%22client_info%22%3A%7B%22client_name%22%3Anull%2C%22phone%22%3Anull%2C%22email%22%3Anull%2C%22description%22%3Anull%7D%2C%22cw_call%22%3A%7B%22status%22%3Afalse%2C%22error%22%3Afalse%7D%2C%22cw_call_enabled%22%3Afalse%2C%22cw_call_delayed%22%3Afalse%2C%22cw_call_delayed_status%22%3Anull%2C%22cw_call_delayed_periods%22%3A%5B%5D%2C%22cw_call_delayed_tz%22%3Anull%2C%22department_id%22%3Anull%2C%22evaluate%22%3Afalse%2C%22last_message%22%3Anull%2C%22has_integration%22%3Afalse%2C%22utm%22%3A%7B%22campaign%22%3A%22(direct)%22%2C%22source%22%3A%22(direct)%22%2C%22medium%22%3Anull%2C%22keyword%22%3Anull%2C%22content%22%3Anull%7D%2C%22visitorId%22%3A%228cd9a4b3f9e455b8%22%2C%22avatar_url%22%3Anull%2C%22display_name%22%3Anull%2C%22assigned_agent_id%22%3Anull%2C%22user_token%22%3Anull%2C%22activeWebRTCCallMessageId%22%3Anull%2C%22webRTCCallStatus%22%3Anull%7D |
|
povorotnetuda.ru/ | Name: jv_temp_visits_count_xA6QUWUgQ5 Value: %7B%22val%22%3A1%2C%22expire%22%3A1651952809437%7D |
|
povorotnetuda.ru/ | Name: jv_temp_sess_enter_ts_xA6QUWUgQ5 Value: %7B%22val%22%3A1620395857436%2C%22expire%22%3A1620439057436%7D |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code-ya.jivosite.com
code.jivosite.com
code.jquery.com
connect.facebook.net
googleads.g.doubleclick.net
mc.yandex.com
mc.yandex.ru
node-ya10.jivosite.com
povorotnetuda.ru
stats.g.doubleclick.net
vk.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
xn--80adgd3bebafnxcn.xn--p1ai
xn--80adgd3bebafnxcn.xn--p1ai
172.217.23.98
2001:4de0:ac18::1:a:1a
2a00:1450:4001:801::2002
2a00:1450:4001:808::2004
2a00:1450:4001:80e::200e
2a00:1450:4001:811::2008
2a00:1450:4001:829::2003
2a00:1450:400c:c04::9d
2a02:6b8::1:119
2a03:2880:f008:8:face:b00c:0:1
2a03:2880:f108:83:face:b00c:0:25de
2a03:90c0:41:2801::254
84.201.147.165
87.236.16.107
87.240.139.194
00528942400593edaa03cdca6778bec9fbf267df70aff9d0fad6f9d180207628
02c4639cfcedda1fb2353d2ca7cd4597f7eac7012042411c9faa22caecbedde5
0933e0c550e23364476c44047c0d7e52ff94b1bbe680f66f92bf4eb2a65584e1
0dc25fa3b32fcdcb0c8d6960ce7a9ec11627d8769d78a0fcc5c8d06a8a4a757d
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1112436abea08c851302bba4d4e37a27e25e5ec26b20474667a3369d41154bab
15a6b347a9b93f8c94848ee620184cd4a893c6238a7267aa380a1c9d69a5a8e7
15eeae30bff8a86e63fa76d27b556ab4059cb4313e4d33cb9fee0293364bbc90
191622240e7646a2e888eb318557bcca854828b59b5b2e960545ee08ae142382
1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d
1fdcbc103efd36c93cec22826c56503704e3f4ea9defe97c43521c562d6ce140
2210b7e6d726c9d273fbb76890845c5054bdcc03ce803fe9b153ac7dac1dd646
229e5c85f951e93a5447f7dd03f9cfe9c1c5e5b3a6f34cca22b5da8f54075b86
25fe45f80deb3a5943695bb19674ddaf60340575dd353fd3b2d227fb62a7e42b
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
309335fbb91309606e55fc7f28c76b979c62ecb99d0f9e4d7b75d574962deb16
3dbc832de930e5b39820c0fc94f59c8c89b134dbbe02c7e4dc31aeda65d604de
3fa6f131c82ce0a6b6647b746d78a14cff411a72a72027244e62b52bfdf1c846
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
56bab4312d57027e314de1d04483d708d95ffc1433d568d37af426d4106c7907
5f581486e9d21f8615522c58d3356d4f8b70d93c6fc8386c5c641b3466aa3401
5f626d986cb2b012e03225573f87ce60ecb1a44c997a24032cf905482faef82b
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d2b109a76164f78748127e2fcac439ea51f75befbbb92b2c95118b359cc2eaa
77272949e068ee9459287f707d250a93da595992b051605f4bd72de432cc0f1f
7a3eca6361c114ba5ac314cbd4397f9e0329ec9fc5f5845e7a14800d469a19ec
7c57d6bb233afec5de2620f1aae77ee4764d4089021e30ec1f4029dffbeaf32a
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
8719e7caa8c8992a1d546c7a38c708d4929dd04bde1be9381def52752fd2a97f
8735e92b5feadb262b74ea3084cc6fb579120a280396e5d10c66895173393618
96f1810d96a208f1b98ce9ba49368fcb9b8334105e87554602275b978c2c170a
977315eedf53531b879f0b2e8104d85fbf75742043bc5c10b90fdd76278a8b65
9b1b195900c079b2a8859cb8ded918d2e179c49fbb2a3aab3491e68d33fbaa54
a236a43883e55479a2c5b6e18dda928d4b9ade7687c09b0842a7c751e3c2a601
a27c246df6c64b929864ef626f370de4654c126f7bd4328542896e9474bfb084
a517525b8a7d39bcaf1cf5f9695c5be8fce7a6b920a3924c1a4f70e8ea748c05
a6121617bd9a18d9f9fbf7d09ab7303661860fbeb52098fe3bafd054c53491a7
a7ed189b56d152e60a5ff5f0e80fe59e629af259a2d3f1aea0736d8ec29183bf
b128bad7626d4fa6c496eecbdcf0bbd7c77753c8767867fb1709af0a5a000e73
b259de534ce1ec151a383c5cfbc69f8fc568399e0d400b60f2d9534d072c76e0
c0315495e45a67b1f71b619c7ccda4abe14fac36f7c04cbc723c5da1b4e5be48
c66b5eadbc121cef27de174430ad219f445c82ff938916a34582c712d4bf76d5
c90f0e501d2948fbc2b61bffd654fa4ab64741fd48923782419eeb14d3816fb8
cd68a6ccb6fa272288142ff7cb41b6693a0ce0fe5ff0819de0ab83668a8bf5d4
d44244617bf21df7a137694fa762d5cab3b82cb9fae8f33de5917977b02b2a11
dd052d575957f7d321a98d99c1ac60d54fec29f543a81c380605edb95fca3082
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e0d79b1d24d974bd3b5adc50a4ebe5a6e8c24a11a1761f3d7e982f64bb8688b0
e35d1ea5fa4b9ec9ba7e65f2723121342772ba5dcef5f36217119c6df52dbbb7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d1b2ba4625a92027069cdbfb473fa982a95579be8f0f17183502b71b8e278c
e98acdbbb6b063691a35ff24b01ee3bbc439bbec4dc2e133d600489b6102b9d0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef3162728f25f19aecdd2eb12279035869b10d78cb6875f5692c2d8bc6c8414c
fcab264e99079508ea218caaa0be0185340c2558353ad024b183ed46d633d682
ff81aad05612f90cf97c238f219765884e5cbf49351d8dc96a4a063c598c3f43