urlscan.io logo urlscan.io
SecurityTrails logo

havas.liftrelations.com Open in urlscan Pro
94.245.104.73  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://u23575444.ct.sendgrid.net/ls/click?upn=1fFmwOVCb4CfK1j9kwGMqA3w1YQpmVeMdF4HFo3iPSVYbfd5vI48vm-2B-2B3misZcwoa7kAhwXyPEi-2BQ...
Effective URL: https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
Submission: On November 07 via manual from MX — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 4 countries across 9 domains to perform 29 HTTP transactions. The main IP is 94.245.104.73, located in Dublin, Ireland and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is havas.liftrelations.com.
TLS certificate: Issued by GeoTrust Global TLS RSA4096 SHA256 20... on October 17th 2023. Valid for: 6 months.
This is the only time havas.liftrelations.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.115.147 11377 (SENDGRID)
3 18 94.245.104.73 8075 (MICROSOFT...)
2 2a00:1450:400... 15169 (GOOGLE)
2 2620:1ec:46::45 8075 (MICROSOFT...)
2 2001:4860:480... 15169 (GOOGLE)
1 2 68.219.88.97 8075 (MICROSOFT...)
1 1 2620:1ec:c11:... 8068 (MICROSOFT...)
1 20.62.48.180 8075 (MICROSOFT...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
29 10
1    167.89.115.147 (Herndon, United States)

ASN11377 (SENDGRID, US)
PTR: o16789115x147.outbound-mail.sendgrid.net
u23575444.ct.sendgrid.net
18    94.245.104.73 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
havas.liftrelations.com
2    2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2620:1ec:46::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.clarity.ms
2    2001:4860:4802:36::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    68.219.88.97 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.clarity.ms
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
1    20.62.48.180 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
e.clarity.ms
2    2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
2    2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
Apex Domain
Subdomains		 Transfer
18 liftrelations.com
havas.liftrelations.com
247 KB
5 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 827
c.clarity.ms — Cisco Umbrella Rank: 1405
e.clarity.ms — Cisco Umbrella Rank: 17761
27 KB
2 google.de
www.google.de — Cisco Umbrella Rank: 6862
515 B
2 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 3040
www.google.com — Cisco Umbrella Rank: 2
667 B
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 78
410 B
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
21 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
132 KB
1 bing.com
c.bing.com — Cisco Umbrella Rank: 236
761 B
1 sendgrid.net
u23575444.ct.sendgrid.net
319 B
29 9
Domain Requested by
18 havas.liftrelations.com 3 redirects havas.liftrelations.com
2 www.google.de
2 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
2 c.clarity.ms 1 redirects
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 www.clarity.ms havas.liftrelations.com
www.clarity.ms
2 www.googletagmanager.com havas.liftrelations.com
www.google-analytics.com
1 www.google.com
1 region1.analytics.google.com www.googletagmanager.com
1 e.clarity.ms www.clarity.ms
1 c.bing.com 1 redirects
1 u23575444.ct.sendgrid.net 1 redirects
29 12

This site contains no links.

Subject Issuer Validity Valid
havas.liftrelations.com
GeoTrust Global TLS RSA4096 SHA256 2022 CA1		 2023-10-17 -
2024-04-17		 6 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1		 2023-08-29 -
2024-08-29		 a year crt.sh
a.clarity.ms
Microsoft Azure TLS Issuing CA 06		 2023-02-13 -
2024-02-08		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
Frame ID: B8E72CF7055151E9F79232FA496CB105
Requests: 29 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Arena Media, Mexico

Page URL History Show full URLs

  1. https://u23575444.ct.sendgrid.net/ls/click?upn=1fFmwOVCb4CfK1j9kwGMqA3w1YQpmVeMdF4HFo3iPSVYbfd5vI48vm-2B-2B3mi... HTTP 302
    https://havas.liftrelations.com/Auth/login?email=dbenavidesl&token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwN... HTTP 302
    https://havas.liftrelations.com/Localize/Index/en?returnUrl=%2FAccount%2FSurvey%2FIndex%3Ftoken%3DMkZDM0ZEN0... HTTP 302
    https://havas.liftrelations.com/Localize/Set/en?returnUrl=%2FAccount%2FSurvey%2FIndex%3Ftoken%3DMkZDM0ZEN0Qt... HTTP 302
    https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Page Statistics

29
Requests

97 %
HTTPS

67 %
IPv6

9
Domains

12
Subdomains

10
IPs

4
Countries

426 kB
Transfer

1202 kB
Size

18
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://u23575444.ct.sendgrid.net/ls/click?upn=1fFmwOVCb4CfK1j9kwGMqA3w1YQpmVeMdF4HFo3iPSVYbfd5vI48vm-2B-2B3misZcwoa7kAhwXyPEi-2BQIUHyuTgjFRSW9LFFJUULNnJuqCNoh500Ch-2FBC3Z2HPGSh3-2Fi6p6FyyuWsNgyhGO7ULSNwEtpAGNKVxty9ydvm-2FP-2FxKnnQU-3DL3v7_K2Eve4ImdLg7b5l5eB2Lw2Z-2FIb4UqGJfjiJDGMNWN8H6eHYx84s0FodAv4jERsA-2FC8JekZeKUjxovVEbkFayYfAsCbvM3QYgWT-2FfhPdJmBonbBrBgTDj-2Fdq83Ft7m8ZoUA4KdNxOxshWz5mCaY-2F-2Bj53b-2F50-2BeOSmu4IkVzGIHYCCRZ5uDBaFoAd-2FkhZ6w6NJ8RXuTFdLGED8xFLY-2B8h7OBrttNXwe4668x7q1-2BkqiMz-2BcaP88iIp2V6G1qpjDFeH8vC-2BWAkVWp3MexrG8liLYECfm736KVnvvDYur1MdYydMKpIuK51RYzXPS-2BOk-2F-2Bnpj7n-2Fh-2FjoRRoz9fRhXdFvAzOtBHni8UCIAJqUWSDeZ2xJp9WjH32A71-2FEpbmbz5kDGkGkDJApSzoCCVmi8Qv-2FLId0gq3AMRl9nkjpzZ0-2BgrM-3D HTTP 302
    https://havas.liftrelations.com/Auth/login?email=dbenavidesl&token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3 HTTP 302
    https://havas.liftrelations.com/Localize/Index/en?returnUrl=%2FAccount%2FSurvey%2FIndex%3Ftoken%3DMkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3 HTTP 302
    https://havas.liftrelations.com/Localize/Set/en?returnUrl=%2FAccount%2FSurvey%2FIndex%3Ftoken%3DMkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3 HTTP 302
    https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=FAB8EA20DCCB4F119227F528539F3E86&RedC=c.clarity.ms&MXFR=0310ABFB76B162A81CC7B83972B16C6F HTTP 302
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=FAB8EA20DCCB4F119227F528539F3E86&MUID=238035F1962765452CD72633974C649D

29 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Index
havas.liftrelations.com/Account/Survey/
Redirect Chain
  • https://u23575444.ct.sendgrid.net/ls/click?upn=1fFmwOVCb4CfK1j9kwGMqA3w1YQpmVeMdF4HFo3iPSVYbfd5vI48vm-2B-2B3misZcwoa7kAhwXyPEi-2BQIUHyuTgjFRSW9LFFJUULNnJuqCNoh500Ch-2FBC3Z2HPGSh3-2Fi6p6FyyuWsNgyhGO...
  • https://havas.liftrelations.com/Auth/login?email=dbenavidesl&token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
  • https://havas.liftrelations.com/Localize/Index/en?returnUrl=%2FAccount%2FSurvey%2FIndex%3Ftoken%3DMkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
  • https://havas.liftrelations.com/Localize/Set/en?returnUrl=%2FAccount%2FSurvey%2FIndex%3Ftoken%3DMkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
  • https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
14 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
94.245.104.73 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
877762ea54a7b4425f5a34936edaf5e7e4371103259c300f48491fada0668027
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, s-maxage=0
Content-Encoding
gzip
Content-Length
3552
Content-Type
text/html; charset=utf-8
Date
Tue, 07 Nov 2023 17:15:29 GMT
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=16070400; includeSubDomains
Vary
Accept-Encoding
X-AspNet-Version
4.0.30319
X-AspNetMvc-Version
5.2
X-Frame-Options
DENY
X-Powered-By
ASP.NET

Redirect headers

Cache-Control
private
Content-Length
193
Content-Type
text/html; charset=utf-8
Date
Tue, 07 Nov 2023 17:15:29 GMT
Location
/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-AspNet-Version
4.0.30319
X-AspNetMvc-Version
5.2
X-Frame-Options
DENY
X-Powered-By
ASP.NET
Common
havas.liftrelations.com/Content/Survey/ 		7 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://havas.liftrelations.com/Content/Survey/Common?v=zq6ahguKBRrRk-uov4SJfHO_WW4pzGoUDloZiNG2EGs1
Requested by
Host: havas.liftrelations.com
URL: https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
94.245.104.73 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
9d4df9c0ad6eb11c8e95e37a783411430b9fe7177f1cead744a482f602686976
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 17:15:30 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Tue, 07 Nov 2023 17:15:30 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
User-Agent,Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/css; charset=utf-8
Cache-Control
public
Content-Length
2408
Expires
Wed, 06 Nov 2024 17:15:30 GMT
popper.js
havas.liftrelations.com/Scripts/umd/ 		85 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://havas.liftrelations.com/Scripts/umd/popper.js
Requested by
Host: havas.liftrelations.com
URL: https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
94.245.104.73 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
27435a221e3a696543acfb828b3281ae78fdde2544729cae66a6979cd7c14080
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 17:15:30 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Mon, 30 Oct 2023 20:58:30 GMT
Server
Microsoft-IIS/10.0
ETag
"01ffbd573bda1:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/x-javascript
Accept-Ranges
bytes
Content-Length
21840
jquery
havas.liftrelations.com/Scripts/ 		194 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://havas.liftrelations.com/Scripts/jquery?v=K5Ek42SOeixP7TkrBotxAAsKNZOmMqGfz4sXo_0oQwc1
Requested by
Host: havas.liftrelations.com
URL: https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
94.245.104.73 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
9727a6a805bf36768d72ede5f519dab6376ad24fe95513ad8cdbd035bbd743c3
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 17:15:30 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Tue, 07 Nov 2023 17:15:30 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Transfer-Encoding
chunked
Vary
User-Agent,Accept-Encoding
Content-Type
text/javascript; charset=utf-8
X-Frame-Options
DENY
Cache-Control
public
Expires
Wed, 06 Nov 2024 17:15:30 GMT
Common
havas.liftrelations.com/Scripts/Survey/ 		58 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://havas.liftrelations.com/Scripts/Survey/Common?v=aW8LRtjx5Ci_ADqXL3_GWLU1l5xoTmIBVZHfYp1xD501
Requested by
Host: havas.liftrelations.com
URL: https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
94.245.104.73 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
86a7cb3a6b929a12179e707f8ded2c5efc0655f17ea8e98953077c3c524c6ed8
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 17:15:30 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Tue, 07 Nov 2023 17:15:30 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
User-Agent,Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/javascript; charset=utf-8
Cache-Control
public
Content-Length
22220
Expires
Wed, 06 Nov 2024 17:15:30 GMT
font.css
havas.liftrelations.com/Fonts/ 		396 B
664 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://havas.liftrelations.com/Fonts/font.css
Requested by
Host: havas.liftrelations.com
URL: https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
94.245.104.73 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
5ca328e975c1b4b38c55a1920c281ee48b7d5070204a77994f66f6641b65e65a
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 17:15:30 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Mon, 30 Oct 2023 20:58:30 GMT
Server
Microsoft-IIS/10.0
ETag
"5fd5fed573bda1:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
284
liftrelations.survey.index.css
havas.liftrelations.com/Content/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://havas.liftrelations.com/Content/liftrelations.survey.index.css?modified=20231030085829
Requested by
Host: havas.liftrelations.com
URL: https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
94.245.104.73 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
86593f8462032736c25b59fe75c413ef85143141f486e5a6686daf41feca65ca
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 17:15:30 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Mon, 30 Oct 2023 20:58:29 GMT
Server
Microsoft-IIS/10.0
ETag
"7eadf7d573bda1:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
661
bootstrap-select.min.css
havas.liftrelations.com/Content/ 		10 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://havas.liftrelations.com/Content/bootstrap-select.min.css?modified=20231030085829
Requested by
Host: havas.liftrelations.com
URL: https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
94.245.104.73 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
8f0244538a7561db7298b17002361f6a6e4f8f934e9f2966b3ade4ecb610f499
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 17:15:30 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Mon, 30 Oct 2023 20:58:29 GMT
Server
Microsoft-IIS/10.0
ETag
"808862d573bda1:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
2145
bootstrap.min.css
havas.liftrelations.com/Content/ 		152 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://havas.liftrelations.com/Content/bootstrap.min.css?modified=20231030085829
Requested by
Host: havas.liftrelations.com
URL: https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
94.245.104.73 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
ae576713bc196098f7438dede6ff1f835a23291c32b745ad7e6fb6db809a719b
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 17:15:30 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Mon, 30 Oct 2023 20:58:29 GMT
Server
Microsoft-IIS/10.0
ETag
"808862d573bda1:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
23230
hainsight.common.js
havas.liftrelations.com/Scripts/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://havas.liftrelations.com/Scripts/hainsight.common.js?modified=20231030085830
Requested by
Host: havas.liftrelations.com
URL: https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
94.245.104.73 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
2c6064ce1d247950bdf7f47cd670a80ab58c08ce059f363a93133c1db2ecbe6d
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 17:15:30 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Mon, 30 Oct 2023 20:58:30 GMT
Server
Microsoft-IIS/10.0
ETag
"f622ad673bda1:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/x-javascript
Accept-Ranges
bytes
Content-Length
783
bootstrap-select.js
havas.liftrelations.com/Scripts/ 		111 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://havas.liftrelations.com/Scripts/bootstrap-select.js?modified=20231030085830
Requested by
Host: havas.liftrelations.com
URL: https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
94.245.104.73 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
1b000cb512aaf28719c817609b5c17fadcdddbf9c36dbd941ae94876a388b625
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 17:15:30 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Mon, 30 Oct 2023 20:58:30 GMT
Server
Microsoft-IIS/10.0
ETag
"01ffbd573bda1:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/x-javascript
Accept-Ranges
bytes
Content-Length
25717
bootstrap.min.js
havas.liftrelations.com/Scripts/ 		57 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://havas.liftrelations.com/Scripts/bootstrap.min.js
Requested by
Host: havas.liftrelations.com
URL: https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
94.245.104.73 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
3bcd802e9f77849e7c1e93c87279fbbb04d45949d2be79b03566ceacde29b158
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 17:15:30 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Mon, 30 Oct 2023 20:58:30 GMT
Server
Microsoft-IIS/10.0
ETag
"01ffbd573bda1:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/x-javascript
Accept-Ranges
bytes
Content-Length
15443
gtm.js
www.googletagmanager.com/ 		133 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NJHWDFF
Requested by
Host: havas.liftrelations.com
URL: https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f9af43575539ef5f21eeef6848bd695d062cfd86ce985b17e12158b00b847507
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 17:15:31 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51851
x-xss-protection
0
last-modified
Tue, 07 Nov 2023 15:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 07 Nov 2023 17:15:31 GMT
inrrgm8yk9
www.clarity.ms/tag/ 		650 B
1012 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/inrrgm8yk9
Requested by
Host: havas.liftrelations.com
URL: https://havas.liftrelations.com/Account/Survey/Index?token=MkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1de866281c9eb33f14dbe43ba315bfb2ed68016695b75376fd17b3b857372381

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires
-1
date
Tue, 07 Nov 2023 17:15:31 GMT
x-azure-ref
20231107T171531Z-9s02r76ps92ct9c64au0pwd9d400000001300000000123ha
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
650
request-context
appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NJHWDFF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 07 Nov 2023 16:43:57 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
1894
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Tue, 07 Nov 2023 18:43:57 GMT
lift-logo-poweredby.png
havas.liftrelations.com/Images/Common/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://havas.liftrelations.com/Images/Common/lift-logo-poweredby.png
Requested by
Host: havas.liftrelations.com
URL: https://havas.liftrelations.com/Content/Survey/Common?v=zq6ahguKBRrRk-uov4SJfHO_WW4pzGoUDloZiNG2EGs1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
94.245.104.73 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e95bf5f90cf4fb24fd9e72dfb068713138402a111c946aa4b0ed79f28c380a60
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/Content/Survey/Common?v=zq6ahguKBRrRk-uov4SJfHO_WW4pzGoUDloZiNG2EGs1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 17:15:30 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Mon, 30 Oct 2023 20:58:30 GMT
Server
Microsoft-IIS/10.0
ETag
"92dfad673bda1:0"
X-Powered-By
ASP.NET
X-Frame-Options
DENY
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
5170
Montserrat-Regular.woff
havas.liftrelations.com/Fonts/ 		23 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://havas.liftrelations.com/Fonts/Montserrat-Regular.woff
Requested by
Host: havas.liftrelations.com
URL: https://havas.liftrelations.com/Fonts/font.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
94.245.104.73 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
dd65545505bce94615dd3dabd95e8cde5f3095703c740c7afd8ccfb4be42c486
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

Referer
https://havas.liftrelations.com/Fonts/font.css
Origin
https://havas.liftrelations.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 17:15:30 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Mon, 30 Oct 2023 20:58:30 GMT
Server
Microsoft-IIS/10.0
ETag
"5fd5fed573bda1:0"
X-Powered-By
ASP.NET
X-Frame-Options
DENY
Content-Type
application/font-woff
Accept-Ranges
bytes
Content-Length
23756
clarity.js
www.clarity.ms/s/0.7.13/ 		59 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/s/0.7.13/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/inrrgm8yk9
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
74e69ccf2f5cb32c175e328707c515fc9116ddd5cb3c92882d9bd53d3a742d63

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 17:15:31 GMT
content-encoding
br
last-modified
Tue, 17 Oct 2023 11:58:02 GMT
etag
W/"0x8DBCF0850CC9F3D"
vary
Accept-Encoding
x-azure-ref
20231107T171531Z-9s02r76ps92ct9c64au0pwd9d400000001300000000123k3
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
x-ms-request-id
497c5790-901e-006b-7d07-11a92f000000
cache-control
public, max-age=86400
x-cache
TCP_HIT
x-ms-version
2018-03-28
united-kingdom.png
havas.liftrelations.com/Images/Flags/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://havas.liftrelations.com/Images/Flags/united-kingdom.png
Requested by
Host: havas.liftrelations.com
URL: https://havas.liftrelations.com/Content/Survey/Common?v=zq6ahguKBRrRk-uov4SJfHO_WW4pzGoUDloZiNG2EGs1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
94.245.104.73 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
9e705f3783a7d7ec8bb7da6c3eba34ab3b0b4b81f3c6ee7450ab4e3b1a47374b
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/Content/Survey/Common?v=zq6ahguKBRrRk-uov4SJfHO_WW4pzGoUDloZiNG2EGs1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 17:15:30 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Mon, 30 Oct 2023 20:58:30 GMT
Server
Microsoft-IIS/10.0
ETag
"c4a4fd673bda1:0"
X-Powered-By
ASP.NET
X-Frame-Options
DENY
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
8744
collect
www.google-analytics.com/j/ 		16 B
227 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1069288205&t=pageview&_s=1&dl=https%3A%2F%2Fhavas.liftrelations.com%2FAccount%2FSurvey%2FIndex%3Ftoken%3DMkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3&ul=en-us&de=UTF-8&dt=Arena%20Media%2C%20Mexico&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=219818101&gjid=8684644&cid=834185206.1699377331&tid=UA-58364987-2&_gid=143744411.1699377331&_r=1&_slc=1&gtm=45He3b60n81NJHWDFFv852999010&gcd=11l1l1l1l1&z=740804724
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
9c2332cce095ba7a6fe828c7cdb69efc45084784942fd19352fb6053e9109005
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://havas.liftrelations.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 07 Nov 2023 17:15:31 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://havas.liftrelations.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
expires
Fri, 01 Jan 1990 00:00:00 GMT
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=FAB8EA20DCCB4F119227F528539F3E86&RedC=c.clarity.ms&MXFR=0310ABFB76B162A81CC7B83972B16C6F
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=FAB8EA20DCCB4F119227F528539F3E86&MUID=238035F1962765452CD72633974C649D
42 B
443 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=FAB8EA20DCCB4F119227F528539F3E86&MUID=238035F1962765452CD72633974C649D
Protocol
H2
Server
68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Nov 2023 17:15:31 GMT
last-modified
Wed, 30 Aug 2023 19:01:41 GMT
server
Microsoft-IIS/10.0
etag
"8d59566974dbd91:0"
x-powered-by
ASP.NET
content-type
image/gif
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42

Redirect headers

pragma
no-cache
date
Tue, 07 Nov 2023 17:15:31 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: C4BA511C3FF04FB9A4E5026B11D514D5 Ref B: FRAEDGE1512 Ref C: 2023-11-07T17:15:31Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=FAB8EA20DCCB4F119227F528539F3E86&MUID=238035F1962765452CD72633974C649D
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
collect
e.clarity.ms/ 		0
303 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://e.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.13/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.62.48.180 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://havas.liftrelations.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://havas.liftrelations.com
Date
Tue, 07 Nov 2023 17:15:31 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608
collect
stats.g.doubleclick.net/j/ 		4 B
354 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-58364987-2&cid=834185206.1699377331&jid=219818101&gjid=8684644&_gid=143744411.1699377331&_u=YEBAAEAAAAAAACAAI~&z=279441210
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://havas.liftrelations.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Tue, 07 Nov 2023 17:15:31 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://havas.liftrelations.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		229 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-P8R16M26JX&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a24709f4282ca8fe781c814b008d5ddd831ab66cce98e02a4cdb6b156438f165
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 17:15:31 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
83110
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 07 Nov 2023 17:15:31 GMT
collect
region1.analytics.google.com/g/ 		0
259 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-P8R16M26JX&gtm=45je3b60v9126314638&_p=1699377330793&_gaz=1&gcd=11l1l1l1l2&ul=en-us&sr=1600x1200&cid=834185206.1699377331&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBAI&_s=1&dl=https%3A%2F%2Fhavas.liftrelations.com%2FAccount%2FSurvey%2FIndex%3Ftoken%3DMkZDM0ZEN0QtMUFENC00NTlGLUJERjctODE4MTEwNDQ2ODk3&dt=Arena%20Media%2C%20Mexico&sid=1699377331&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2882
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P8R16M26JX&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Nov 2023 17:15:32 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://havas.liftrelations.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
56 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-P8R16M26JX&cid=834185206.1699377331&gtm=45je3b60v9126314638&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P8R16M26JX&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Nov 2023 17:15:32 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://havas.liftrelations.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-P8R16M26JX&cid=834185206.1699377331&gtm=45je3b60v9126314638&aip=1&z=593585809
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Nov 2023 17:15:32 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-58364987-2&cid=834185206.1699377331&jid=219818101&_u=YEBAAEAAAAAAACAAI~&z=1738405871
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Nov 2023 17:15:32 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-58364987-2&cid=834185206.1699377331&jid=219818101&_u=YEBAAEAAAAAAACAAI~&z=1738405871
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://havas.liftrelations.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Nov 2023 17:15:32 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| dataLayer function| clarity object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| Popper function| $ function| jQuery function| commit function| ShowErrorMessage string| root string| commitUrl string| cancelUrl boolean| skipWarning object| formTimeoutHandle object| bootstrap function| SetCheckboxValue function| GetCheckboxValue function| ShowSystemNotification string| SetLanguageUrl object| gaplugins object| gaGlobal object| gaData

18 Cookies

Domain/Path Name / Value
havas.liftrelations.com/ Name: ASP.NET_SessionId
Value: hykdtthitdbudn5dat3gdepk
havas.liftrelations.com/ Name: .ASPXAUTH
Value: 1CA52B5306627E579C3FB877F235E962D898ADB1F694B46B884CFFA0F108100BDF140AC272390FFD7DD4B1BCEDD62FE841A2001252B39CCBE9E99930D0841E85550046EB6745EE762F2BA74B1BEFA7B9C720BAC3FFB7804BBF42BE7B3294DCB9929E158F20BC8494A35025B1ADE31530
.havas.liftrelations.com/ Name: ARRAffinity
Value: 63d50692f07c5e72749eac6d09e5ef6313391debbdc58f900362bbaa6abdbd51
.havas.liftrelations.com/ Name: ARRAffinitySameSite
Value: 63d50692f07c5e72749eac6d09e5ef6313391debbdc58f900362bbaa6abdbd51
www.clarity.ms/ Name: CLID
Value: 3ee149904d4342c0b9620d270f396fa2.20231107.20241106
.liftrelations.com/ Name: _clck
Value: v7ol5s|2|fgi|0|1406
.liftrelations.com/ Name: _ga
Value: GA1.2.834185206.1699377331
.liftrelations.com/ Name: _gid
Value: GA1.2.143744411.1699377331
.liftrelations.com/ Name: _gat_UA-58364987-2
Value: 1
.liftrelations.com/ Name: _ga_P8R16M26JX
Value: GS1.2.1699377331.1.0.1699377331.60.0.0
.liftrelations.com/ Name: _clsk
Value: 1l3okzk|1699377332020|1|1|e.clarity.ms/collect
.bing.com/ Name: MUID
Value: 238035F1962765452CD72633974C649D
.c.bing.com/ Name: MR
Value: 0
.c.bing.com/ Name: SRM_B
Value: 238035F1962765452CD72633974C649D
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 238035F1962765452CD72633974C649D
.c.clarity.ms/ Name: MR
Value: 0
.c.clarity.ms/ Name: ANONCHK
Value: 0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.bing.com
c.clarity.ms
e.clarity.ms
havas.liftrelations.com
region1.analytics.google.com
stats.g.doubleclick.net
u23575444.ct.sendgrid.net
www.clarity.ms
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
167.89.115.147
20.62.48.180
2001:4860:4802:34::36
2001:4860:4802:36::178
2620:1ec:46::45
2620:1ec:c11::200
2a00:1450:4001:830::2004
2a00:1450:4001:831::2003
2a00:1450:4001:831::2008
2a00:1450:400c:c00::9c
68.219.88.97
94.245.104.73
1b000cb512aaf28719c817609b5c17fadcdddbf9c36dbd941ae94876a388b625
1de866281c9eb33f14dbe43ba315bfb2ed68016695b75376fd17b3b857372381
27435a221e3a696543acfb828b3281ae78fdde2544729cae66a6979cd7c14080
2c6064ce1d247950bdf7f47cd670a80ab58c08ce059f363a93133c1db2ecbe6d
3bcd802e9f77849e7c1e93c87279fbbb04d45949d2be79b03566ceacde29b158
5ca328e975c1b4b38c55a1920c281ee48b7d5070204a77994f66f6641b65e65a
74e69ccf2f5cb32c175e328707c515fc9116ddd5cb3c92882d9bd53d3a742d63
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86593f8462032736c25b59fe75c413ef85143141f486e5a6686daf41feca65ca
86a7cb3a6b929a12179e707f8ded2c5efc0655f17ea8e98953077c3c524c6ed8
877762ea54a7b4425f5a34936edaf5e7e4371103259c300f48491fada0668027
8f0244538a7561db7298b17002361f6a6e4f8f934e9f2966b3ade4ecb610f499
9727a6a805bf36768d72ede5f519dab6376ad24fe95513ad8cdbd035bbd743c3
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9c2332cce095ba7a6fe828c7cdb69efc45084784942fd19352fb6053e9109005
9d4df9c0ad6eb11c8e95e37a783411430b9fe7177f1cead744a482f602686976
9e705f3783a7d7ec8bb7da6c3eba34ab3b0b4b81f3c6ee7450ab4e3b1a47374b
a24709f4282ca8fe781c814b008d5ddd831ab66cce98e02a4cdb6b156438f165
ae576713bc196098f7438dede6ff1f835a23291c32b745ad7e6fb6db809a719b
dd65545505bce94615dd3dabd95e8cde5f3095703c740c7afd8ccfb4be42c486
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e95bf5f90cf4fb24fd9e72dfb068713138402a111c946aa4b0ed79f28c380a60
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f9af43575539ef5f21eeef6848bd695d062cfd86ce985b17e12158b00b847507