urlscan.io logo urlscan.io
SecurityTrails logo

r3zky.jw.lt Open in urlscan Pro
54.36.158.41  Public Scan

Go To Rescan Add Verdict Report
URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=...
Submission: On November 18 via manual from UA — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 9 domains to perform 22 HTTP transactions. The main IP is 54.36.158.41, located in France and belongs to OVH, FR. The main domain is r3zky.jw.lt.
TLS certificate: Issued by R3 on September 22nd 2023. Valid for: 3 months.
This is the only time r3zky.jw.lt was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

2    54.36.158.41 (France)

ASN16276 (OVH, FR)
PTR: lb.xtgem.com
r3zky.jw.lt
8    54.36.158.42 (France)

ASN16276 (OVH, FR)
PTR: lb.xtgem.com
mackie.wapsite.me
mackie.sextgem.com
xaranx.xtgem.com
1    192.99.9.229 (Toronto, Canada)

ASN16276 (OVH, FR)
PTR: ns511531.ip-192-99-9.net
u-on.eu
5    141.94.172.213 (France)

ASN16276 (OVH, FR)
4.thumbs.xtstatic.com
enif.images.xtstatic.com
cif.images.xtstatic.com
xtgem.com
2    2620:116:800d:21:ef75:8280:f209:5ba1 (United States)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
pixel.quantserve.com
1    2600:9000:223c:3200:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
Apex Domain
Subdomains		 Transfer
4 xtgem.com
xaranx.xtgem.com
weezywap.xtgem.com Failed
xtgem.com — Cisco Umbrella Rank: 588025
6 KB
3 xtstatic.com
4.thumbs.xtstatic.com
enif.images.xtstatic.com
cif.images.xtstatic.com
2 KB
3 sextgem.com
mackie.sextgem.com
4 KB
3 wapsite.me
mackie.wapsite.me
611 B
2 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 1245
pixel.quantserve.com — Cisco Umbrella Rank: 964
9 KB
2 jw.lt
r3zky.jw.lt
134 KB
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 1212
643 B
1 u-on.eu
u-on.eu — Cisco Umbrella Rank: 794025
2 KB
0 mw.lt Failed
difan96.mw.lt Failed
22 9
Domain Requested by
3 mackie.sextgem.com r3zky.jw.lt
3 mackie.wapsite.me 3 redirects
2 xtgem.com r3zky.jw.lt
2 xaranx.xtgem.com r3zky.jw.lt
2 r3zky.jw.lt r3zky.jw.lt
1 pixel.quantserve.com r3zky.jw.lt
1 rules.quantcount.com secure.quantserve.com
1 cif.images.xtstatic.com r3zky.jw.lt
1 enif.images.xtstatic.com r3zky.jw.lt
1 secure.quantserve.com r3zky.jw.lt
1 4.thumbs.xtstatic.com r3zky.jw.lt
1 u-on.eu r3zky.jw.lt
0 weezywap.xtgem.com Failed r3zky.jw.lt
0 difan96.mw.lt Failed r3zky.jw.lt
22 14

This site contains links to these domains. Also see Links.

Domain
irpinservice.com
facebook.com
u-on.eu
xtgem.com
Subject Issuer Validity Valid
*.jw.lt
R3		 2023-09-22 -
2023-12-21		 3 months crt.sh
*.xtgem.com
R3		 2023-10-18 -
2024-01-16		 3 months crt.sh
u-on.eu
R3		 2023-09-27 -
2023-12-26		 3 months crt.sh
xtstatic.com
R3		 2023-10-19 -
2024-01-17		 3 months crt.sh
quantserve.com
R3		 2023-10-28 -
2024-01-26		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Frame ID: 55BED3A8772CA7090096AD8304261A88
Requests: 19 HTTP requests in this frame

Frame: https://enif.images.xtstatic.com/tp.gif
Frame ID: 170BF5847491CE5AB162513B5614537B
Requests: 1 HTTP requests in this frame

Frame: https://cif.images.xtstatic.com/tp.gif
Frame ID: 984F28C7AF594C295A806EE3381AE67A
Requests: 1 HTTP requests in this frame

Frame: https://xtgem.com/__xt_authbar?data=eyJ1cmwiOiJodHRwOlwvXC9yM3preS5qdy5sdFwvZmlsZVwvcmVnP3NpdGU9aXJwaW5zZXJ2aWNlLmNvbVwvdWtcL3NrdXBrYV92eXZpel91dHlsaXphdHNpeWFfcHJhbG55a2hfbWFzaHluXC8/Y2xhc3M9MjgmY2xhc3NuYW1lPT8/Pz8/Pz8/Pz8/Pz8iLCJsb2dnZWRfaW4iOmZhbHNlLCJkb21haW4iOiJyM3preS5qdy5sdCIsInBvc2l0aW9uIjp7ImFic29sdXRlIjoiZml4ZWQifX0=
Frame ID: 6CE73082544C7B1EE9AED264C8D08EFD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Wapmaster menu buat muXtGem.com

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js

Page Statistics

22
Requests

59 %
HTTPS

33 %
IPv6

9
Domains

14
Subdomains

7
IPs

3
Countries

158 kB
Transfer

190 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://mackie.wapsite.me/folder/icon/Remove20event.png HTTP 301
  • https://mackie.sextgem.com/folder/icon/Remove20event.png
Request Chain 2
  • https://mackie.wapsite.me/folder/icon/new/clock.png HTTP 301
  • https://mackie.sextgem.com/folder/icon/new/clock.png
Request Chain 4
  • https://mackie.wapsite.me/folder/icon/Home.png HTTP 301
  • https://mackie.sextgem.com/folder/icon/Home.png

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request reg
r3zky.jw.lt/file/ 		20 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
54.36.158.41 , France, ASN16276 (OVH, FR),
Reverse DNS
lb.xtgem.com
Software
/
Resource Hash
0180a8f4e6b80bcca555143f35e8cdb961f18b36fe0f0364ecd2850301e1a4be

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-Encoding
gzip
Content-Length
5426
Content-Type
text/html; charset=utf-8
Date
Sat, 18 Nov 2023 12:33:17 GMT
Expires
Wed, 17 Sep 1975 21:32:10 GMT
Pragma
no-cache
Vary
Host,Accept-Encoding
c.png
r3zky.jw.lt/g/ 		128 KB
128 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r3zky.jw.lt/g/c.png
Requested by
Host: r3zky.jw.lt
URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
54.36.158.41 , France, ASN16276 (OVH, FR),
Reverse DNS
lb.xtgem.com
Software
/
Resource Hash
91c2120aab37d83f7ea0a8ca4c61d9f097be61a70cdb5b9621dc5340465e27d2

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Sat, 18 Nov 2023 12:33:17 GMT
X-Ngz
1
Last-Modified
Thu, 29 Mar 2012 08:03:43 GMT
ETag
"20000-4bc5d299d55c0"
Content-Type
image/png
Cache-Control
max-age=2592000
Content-Length
131072
Expires
Mon, 18 Dec 2023 12:33:17 GMT
Remove20event.png
mackie.sextgem.com/folder/icon/
Redirect Chain
  • https://mackie.wapsite.me/folder/icon/Remove20event.png
  • https://mackie.sextgem.com/folder/icon/Remove20event.png
958 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mackie.sextgem.com/folder/icon/Remove20event.png
Requested by
Host: r3zky.jw.lt
URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Protocol
HTTP/1.1
Server
54.36.158.42 , France, ASN16276 (OVH, FR),
Reverse DNS
lb.xtgem.com
Software
/
Resource Hash
e82bb63815d3c60df313d223a3a8879dc1c09abd60b1d550565ba5d916c9eafa

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://r3zky.jw.lt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires
Mon, 18 Dec 2023 12:33:18 GMT
Date
Sat, 18 Nov 2023 12:33:18 GMT
Cache-Control
max-age=2592000
X-Ngz
1
Content-Length
958
Content-Type
image/png

Redirect headers

Location
https://mackie.sextgem.com/folder/icon/Remove20event.png
Date
Sat, 18 Nov 2023 12:33:18 GMT
X-Ngz
1
Content-Length
0
Content-Type
text/html; charset=UTF-8
clock.png
mackie.sextgem.com/folder/icon/new/
Redirect Chain
  • https://mackie.wapsite.me/folder/icon/new/clock.png
  • https://mackie.sextgem.com/folder/icon/new/clock.png
1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mackie.sextgem.com/folder/icon/new/clock.png
Requested by
Host: r3zky.jw.lt
URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Protocol
HTTP/1.1
Server
54.36.158.42 , France, ASN16276 (OVH, FR),
Reverse DNS
lb.xtgem.com
Software
/
Resource Hash
7a4a3b4d5f4f3aa4cc62d6e8203b221850512faa7d215d2243e82a9fdba53a22

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://r3zky.jw.lt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires
Mon, 18 Dec 2023 12:33:18 GMT
Date
Sat, 18 Nov 2023 12:33:18 GMT
Cache-Control
max-age=2592000
X-Ngz
1
Content-Length
1094
Content-Type
image/png

Redirect headers

Location
https://mackie.sextgem.com/folder/icon/new/clock.png
Date
Sat, 18 Nov 2023 12:33:18 GMT
X-Ngz
1
Content-Length
0
Content-Type
text/html; charset=UTF-8
i73.png
xaranx.xtgem.com/icon/ 		754 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xaranx.xtgem.com/icon/i73.png
Requested by
Host: r3zky.jw.lt
URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
54.36.158.42 , France, ASN16276 (OVH, FR),
Reverse DNS
lb.xtgem.com
Software
/
Resource Hash
d04567c47bf6f2cc266f7675381e548d9ed5123384753ec5c83fe6b5b8049ed2

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://r3zky.jw.lt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires
Mon, 18 Dec 2023 12:33:17 GMT
Date
Sat, 18 Nov 2023 12:33:17 GMT
Cache-Control
max-age=2592000
X-Ngz
1
Content-Length
754
Content-Type
image/png
Home.png
mackie.sextgem.com/folder/icon/
Redirect Chain
  • https://mackie.wapsite.me/folder/icon/Home.png
  • https://mackie.sextgem.com/folder/icon/Home.png
1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mackie.sextgem.com/folder/icon/Home.png
Requested by
Host: r3zky.jw.lt
URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Protocol
HTTP/1.1
Server
54.36.158.42 , France, ASN16276 (OVH, FR),
Reverse DNS
lb.xtgem.com
Software
/
Resource Hash
a1f281e74e94bf91e9efbe84c24d44dad7fea3803012b33e2cd12a6d6b4234a6

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://r3zky.jw.lt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires
Mon, 18 Dec 2023 12:33:18 GMT
Date
Sat, 18 Nov 2023 12:33:18 GMT
Cache-Control
max-age=2592000
X-Ngz
1
Content-Length
1031
Content-Type
image/png

Redirect headers

Location
https://mackie.sextgem.com/folder/icon/Home.png
Date
Sat, 18 Nov 2023 12:33:18 GMT
X-Ngz
1
Content-Length
0
Content-Type
text/html; charset=UTF-8
Fb2.png
xaranx.xtgem.com/icon/ 		597 B
930 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xaranx.xtgem.com/icon/Fb2.png
Requested by
Host: r3zky.jw.lt
URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
54.36.158.42 , France, ASN16276 (OVH, FR),
Reverse DNS
lb.xtgem.com
Software
/
Resource Hash
d7c72eb089fa1b3501b16a66abb9e3dff1f05ed12072c924e5b865cc3d7812e0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://r3zky.jw.lt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires
Mon, 18 Dec 2023 12:33:17 GMT
Date
Sat, 18 Nov 2023 12:33:17 GMT
Cache-Control
max-age=2592000
X-Ngz
1
Content-Length
597
Content-Type
image/png
c.php
u-on.eu/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-on.eu/c.php?u=3433
Requested by
Host: r3zky.jw.lt
URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
192.99.9.229 Toronto, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns511531.ip-192-99-9.net
Software
Apache/2.4.55 (Ubuntu) /
Resource Hash
212ea694602ff4bf79a8251f4cce615f8db613bf7d76ff6d525ae9e836546630

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://r3zky.jw.lt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Sat, 18 Nov 2023 12:33:17 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
Apache/2.4.55 (Ubuntu)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
1397
Content-Type
image/png
pair-of-vintage-old-school-fru-25084.jpg
4.thumbs.xtstatic.com/100/50/-/495fbca2b631df32fdf495de8d15a2a4/backtooldschool.xtgem.com/images/blog/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4.thumbs.xtstatic.com/100/50/-/495fbca2b631df32fdf495de8d15a2a4/backtooldschool.xtgem.com/images/blog/pair-of-vintage-old-school-fru-25084.jpg
Requested by
Host: r3zky.jw.lt
URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
141.94.172.213 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
429055c01b680b376f31d440bd4e3cc3980542f90e2366e7c5125dd7e0e79ed0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://r3zky.jw.lt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Sat, 18 Nov 2023 12:33:17 GMT
X-Ngz
1
Last-Modified
Fri, 29 Sep 2023 05:44:10 GMT
ETag
"400-0"
Sent-XS
0.000
Content-Type
image/jpeg
Cache-Control
max-age=172800, pre-check=172800
Content-Length
1024
Expires
Mon, 20 Nov 2023 12:33:17 GMT
quant.js
secure.quantserve.com/ 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: r3zky.jw.lt
URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:ef75:8280:f209:5ba1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
77daa4388c965a3e23b5a6c800727d8025ab108f89cf5679e79136986d5b4561

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://r3zky.jw.lt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 18 Nov 2023 12:33:17 GMT
content-encoding
gzip
etag
"e23JaXq4HVtlOmThpFhluQ=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Sat, 25 Nov 2023 12:33:17 GMT
tp.gif
enif.images.xtstatic.com/ Frame 170B 		42 B
309 B 		Document
General
Check archive.org
Download Go to
Full URL
https://enif.images.xtstatic.com/tp.gif
Requested by
Host: r3zky.jw.lt
URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
141.94.172.213 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://r3zky.jw.lt/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=2592000
Content-Length
42
Content-Type
image/gif
Date
Sat, 18 Nov 2023 12:33:17 GMT
ETag
"2a-59774aa04e000"
Expires
Mon, 18 Dec 2023 12:33:17 GMT
Last-Modified
Sat, 16 Nov 2019 11:03:28 GMT
tp.gif
cif.images.xtstatic.com/ Frame 984F 		42 B
309 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cif.images.xtstatic.com/tp.gif
Requested by
Host: r3zky.jw.lt
URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
141.94.172.213 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://r3zky.jw.lt/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=2592000
Content-Length
42
Content-Type
image/gif
Date
Sat, 18 Nov 2023 12:33:17 GMT
ETag
"2a-59774aa04e000"
Expires
Mon, 18 Dec 2023 12:33:17 GMT
Last-Modified
Sat, 16 Nov 2019 11:03:28 GMT
birdtwittery.js
r3zky.jw.lt/wapmaster/twittget/ 		0
0
style.css
r3zky.jw.lt/css/hijau/ 		0
0
list.css
r3zky.jw.lt/ 		0
0
date1.js
difan96.mw.lt/file/javascript/ 		0
0
ucapan.js
weezywap.xtgem.com/Javascript/Date/ 		0
0
fblike.js
r3zky.jw.lt/file/js/share/ 		0
0
__xt_authbar
xtgem.com/ Frame 6CE7 		13 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://xtgem.com/__xt_authbar?data=eyJ1cmwiOiJodHRwOlwvXC9yM3preS5qdy5sdFwvZmlsZVwvcmVnP3NpdGU9aXJwaW5zZXJ2aWNlLmNvbVwvdWtcL3NrdXBrYV92eXZpel91dHlsaXphdHNpeWFfcHJhbG55a2hfbWFzaHluXC8/Y2xhc3M9MjgmY2xhc3NuYW1lPT8/Pz8/Pz8/Pz8/Pz8iLCJsb2dnZWRfaW4iOmZhbHNlLCJkb21haW4iOiJyM3preS5qdy5sdCIsInBvc2l0aW9uIjp7ImFic29sdXRlIjoiZml4ZWQifX0=
Requested by
Host: r3zky.jw.lt
URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
141.94.172.213 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
b3b68e7d965dee943cab2f30c45dea5953a9446e26e85f1c9a2320c33bdde861

Request headers

Referer
https://r3zky.jw.lt/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Encoding
gzip
Content-Length
2950
Content-Type
text/html; charset=UTF-8
Date
Sat, 18 Nov 2023 12:33:17 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
no-cache
Vary
Accept-Encoding
close2.png
xtgem.com/images/ 		564 B
843 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xtgem.com/images/close2.png?v=0.01
Requested by
Host: r3zky.jw.lt
URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
141.94.172.213 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
bc5dcb35fc074321d66b9d7809e286e4afe72c7b08d1e799672126c92150ecd3

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://r3zky.jw.lt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Sat, 18 Nov 2023 12:33:17 GMT
X-Ngz
1
Last-Modified
Sat, 16 Nov 2019 11:03:28 GMT
ETag
"234-59774aa04e000"
Content-Type
image/png
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Content-Length
564
Expires
Mon, 18 Dec 2023 12:33:17 GMT
rules-p-0cfM8Oh7M9bVQ.js
rules.quantcount.com/ 		160 B
643 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-0cfM8Oh7M9bVQ.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223c:3200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
01e8c64b761cce7a14c9a7f82d4fa2162138e5e6e556350df4730498ea6417bf

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://r3zky.jw.lt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 18 Nov 2023 12:21:09 GMT
via
1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
age
743
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
160
last-modified
Fri, 14 Oct 2022 00:42:04 GMT
server
AmazonS3
etag
"2440f0fe7f89d580c051f453f7cc5d22"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
x-amz-cf-id
FU-vH4SWsWUpqJKDxyzzlu9hpNTMJurKXh-ET7sIjsT53MWrFAiMKA==
pixel;r=1244679460;rf=0;a=p-0cfM8Oh7M9bVQ;url=https%3A%2F%2Fr3zky.jw.lt%2Ffile%2Freg%3Fsite%3Dirpinservice.com%2Fuk%2Fskupka_vyviz_utylizatsiya_pralnykh_mashyn%2F%3Fclass%3D28%26classname%3D%3F%3F%...
pixel.quantserve.com/ 		35 B
372 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=1244679460;rf=0;a=p-0cfM8Oh7M9bVQ;url=https%3A%2F%2Fr3zky.jw.lt%2Ffile%2Freg%3Fsite%3Dirpinservice.com%2Fuk%2Fskupka_vyviz_utylizatsiya_pralnykh_mashyn%2F%3Fclass%3D28%26classname%3D%3F%3F%3F%3F%3F%3F%3F%3F%3F%3F%3F%3F%3F;uht=2;fpan=1;fpa=P0-1526770473-1700310797509;pbc=;ns=0;ce=1;qjs=1;qv=6076e8c2-20231114150359;cm=;gdpr=0;ref=;d=jw.lt;dst=1;et=1700310797604;tzo=-60;ogl=;ses=b071f457-95ed-451e-bbfb-74064fe89190;mdl=
Requested by
Host: r3zky.jw.lt
URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:ef75:8280:f209:5ba1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://r3zky.jw.lt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 18 Nov 2023 12:33:17 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type
image/gif
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
r3zky.jw.lt
URL
http://r3zky.jw.lt/wapmaster/twittget/birdtwittery.js
Domain
r3zky.jw.lt
URL
http://r3zky.jw.lt/css/hijau/style.css
Domain
r3zky.jw.lt
URL
http://r3zky.jw.lt/list.css
Domain
difan96.mw.lt
URL
http://difan96.mw.lt/file/javascript/date1.js
Domain
weezywap.xtgem.com
URL
http://weezywap.xtgem.com/Javascript/Date/ucapan.js
Domain
r3zky.jw.lt
URL
http://r3zky.jw.lt/file/js/share/fblike.js

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| documentPictureInPicture object| _qevents boolean| cookies string| birdSprite object| targetElems string| twitterAccount string| tweetThisText object| d number| yr number| len function| quantserve function| __qc object| ezt object| _qoptions

5 Cookies

Domain/Path Name / Value
r3zky.jw.lt/file Name:
Value: test
.jw.lt/ Name: _xta_uid
Value: df643921d6ffc63523ae361a471baceb
.jw.lt/ Name: _xta_vid
Value: 278e4bcdb4c7e9bdf21617d713b4e397-1700310797
.quantserve.com/ Name: mc
Value: 6558af0d-9b545-c76c5-36da0
.jw.lt/ Name: __qca
Value: P0-1526770473-1700310797509

21 Console Messages

Source Level URL
Text
security warning URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Message:
Mixed Content: The page at 'https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????' was loaded over HTTPS, but requested an insecure element 'http://r3zky.jw.lt/g/c.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Message:
Mixed Content: The page at 'https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????' was loaded over HTTPS, but requested an insecure element 'http://mackie.wapsite.me/folder/icon/Remove20event.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Message:
Mixed Content: The page at 'https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????' was loaded over HTTPS, but requested an insecure element 'http://mackie.wapsite.me/folder/icon/new/clock.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Message:
Mixed Content: The page at 'https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????' was loaded over HTTPS, but requested an insecure element 'http://xaranx.xtgem.com/icon/i73.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Message:
Mixed Content: The page at 'https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????' was loaded over HTTPS, but requested an insecure element 'http://mackie.wapsite.me/folder/icon/Home.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Message:
Mixed Content: The page at 'https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????' was loaded over HTTPS, but requested an insecure element 'http://xaranx.xtgem.com/icon/Fb2.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Message:
Mixed Content: The page at 'https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????' was loaded over HTTPS, but requested an insecure element 'http://u-on.eu/c.php?u=3433'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security error URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Message:
Mixed Content: The page at 'https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????' was loaded over HTTPS, but requested an insecure script 'http://r3zky.jw.lt/wapmaster/twittget/birdtwittery.js'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????(Line 35)
Message:
Mixed Content: The page at 'https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????' was loaded over HTTPS, but requested an insecure stylesheet 'http://r3zky.jw.lt/css/hijau/style.css'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????(Line 37)
Message:
Mixed Content: The page at 'https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????' was loaded over HTTPS, but requested an insecure stylesheet 'http://r3zky.jw.lt/list.css'. This request has been blocked; the content must be served over HTTPS.
security warning URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????(Line 39)
Message:
Mixed Content: The page at 'https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????' was loaded over HTTPS, but requested an insecure element 'http://r3zky.jw.lt/g/c.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????(Line 39)
Message:
Mixed Content: The page at 'https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????' was loaded over HTTPS, but requested an insecure element 'http://mackie.wapsite.me/folder/icon/Remove20event.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security error URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Message:
Mixed Content: The page at 'https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????' was loaded over HTTPS, but requested an insecure script 'http://difan96.mw.lt/file/javascript/date1.js'. This request has been blocked; the content must be served over HTTPS.
security warning URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????(Line 39)
Message:
Mixed Content: The page at 'https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????' was loaded over HTTPS, but requested an insecure element 'http://mackie.wapsite.me/folder/icon/new/clock.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????(Line 39)
Message:
Mixed Content: The page at 'https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????' was loaded over HTTPS, but requested an insecure element 'http://xaranx.xtgem.com/icon/i73.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security error URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Message:
Mixed Content: The page at 'https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????' was loaded over HTTPS, but requested an insecure script 'http://weezywap.xtgem.com/Javascript/Date/ucapan.js'. This request has been blocked; the content must be served over HTTPS.
security warning URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????(Line 39)
Message:
Mixed Content: The page at 'https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://r3zky.jw.lt/file/hasil_menu.php'. This endpoint should be made available over a secure connection.
security warning URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????(Line 43)
Message:
Mixed Content: The page at 'https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????' was loaded over HTTPS, but requested an insecure element 'http://mackie.wapsite.me/folder/icon/Home.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????(Line 43)
Message:
Mixed Content: The page at 'https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????' was loaded over HTTPS, but requested an insecure element 'http://xaranx.xtgem.com/icon/Fb2.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security error URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????
Message:
Mixed Content: The page at 'https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????' was loaded over HTTPS, but requested an insecure script 'http://r3zky.jw.lt/file/js/share/fblike.js'. This request has been blocked; the content must be served over HTTPS.
security warning URL: https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????(Line 52)
Message:
Mixed Content: The page at 'https://r3zky.jw.lt/file/reg?site=irpinservice.com/uk/skupka_vyviz_utylizatsiya_pralnykh_mashyn/?class=28&classname=?????????????' was loaded over HTTPS, but requested an insecure element 'http://u-on.eu/c.php?u=3433'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4.thumbs.xtstatic.com
cif.images.xtstatic.com
difan96.mw.lt
enif.images.xtstatic.com
mackie.sextgem.com
mackie.wapsite.me
pixel.quantserve.com
r3zky.jw.lt
rules.quantcount.com
secure.quantserve.com
u-on.eu
weezywap.xtgem.com
xaranx.xtgem.com
xtgem.com
difan96.mw.lt
r3zky.jw.lt
weezywap.xtgem.com
141.94.172.213
192.99.9.229
2600:9000:223c:3200:6:44e3:f8c0:93a1
2620:116:800d:21:ef75:8280:f209:5ba1
54.36.158.41
54.36.158.42
0180a8f4e6b80bcca555143f35e8cdb961f18b36fe0f0364ecd2850301e1a4be
01e8c64b761cce7a14c9a7f82d4fa2162138e5e6e556350df4730498ea6417bf
212ea694602ff4bf79a8251f4cce615f8db613bf7d76ff6d525ae9e836546630
429055c01b680b376f31d440bd4e3cc3980542f90e2366e7c5125dd7e0e79ed0
77daa4388c965a3e23b5a6c800727d8025ab108f89cf5679e79136986d5b4561
7a4a3b4d5f4f3aa4cc62d6e8203b221850512faa7d215d2243e82a9fdba53a22
91c2120aab37d83f7ea0a8ca4c61d9f097be61a70cdb5b9621dc5340465e27d2
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1f281e74e94bf91e9efbe84c24d44dad7fea3803012b33e2cd12a6d6b4234a6
b3b68e7d965dee943cab2f30c45dea5953a9446e26e85f1c9a2320c33bdde861
bc5dcb35fc074321d66b9d7809e286e4afe72c7b08d1e799672126c92150ecd3
d04567c47bf6f2cc266f7675381e548d9ed5123384753ec5c83fe6b5b8049ed2
d7c72eb089fa1b3501b16a66abb9e3dff1f05ed12072c924e5b865cc3d7812e0
e82bb63815d3c60df313d223a3a8879dc1c09abd60b1d550565ba5d916c9eafa
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629