![](/screenshots/3325c20a-d802-4090-9cfd-39c391f92902.png)
glossy.espreso.co.rs
Open in
urlscan Pro
185.80.68.6
Public Scan
Effective URL: https://glossy.espreso.co.rs/
Submission Tags: falconsandbox
Submission: On February 11 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on December 25th 2021. Valid for: 3 months.
This is the only time glossy.espreso.co.rs was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net
securepubads.g.doubleclick.net |
ASN16509 (AMAZON-02, US)
quantcast.mgr.consensu.org |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN32934 (FACEBOOK, US)
connect.facebook.net |
ASN16509 (AMAZON-02, US)
PTR: server-99-84-88-80.muc50.r.cloudfront.net
pym.nprapps.org |
ASN16509 (AMAZON-02, US)
static.chartbeat.com |
ASN16509 (AMAZON-02, US)
secure.quantserve.com |
ASN32934 (FACEBOOK, US)
www.facebook.com |
ASN16509 (AMAZON-02, US)
test.quantcast.mgr.consensu.org |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-226-221-131.compute-1.amazonaws.com
ping.chartbeat.net |
ASN16509 (AMAZON-02, US)
rules.quantcount.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-235-189-191.compute-1.amazonaws.com
audit-tcfv2.quantcast.mgr.consensu.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
espreso.co.rs
glossy.espreso.co.rs — Cisco Umbrella Rank: 434063 www.espreso.co.rs — Cisco Umbrella Rank: 252046 |
626 KB |
8 |
gstatic.com
fonts.gstatic.com |
246 KB |
7 |
kurir.rs
www.kurir.rs — Cisco Umbrella Rank: 161829 |
270 KB |
7 |
consensu.org
quantcast.mgr.consensu.org — Cisco Umbrella Rank: 2040 test.quantcast.mgr.consensu.org — Cisco Umbrella Rank: 5726 audit-tcfv2.quantcast.mgr.consensu.org — Cisco Umbrella Rank: 9863 |
172 KB |
5 |
gemius.pl
1 redirects
gars.hit.gemius.pl — Cisco Umbrella Rank: 102686 ls.hit.gemius.pl — Cisco Umbrella Rank: 13343 |
15 KB |
4 |
doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 stats.g.doubleclick.net — Cisco Umbrella Rank: 67 |
147 KB |
3 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31 |
20 KB |
3 |
adriamediacontent.com
www.adriamediacontent.com — Cisco Umbrella Rank: 239300 |
17 KB |
2 |
facebook.com
www.facebook.com — Cisco Umbrella Rank: 97 |
386 B |
2 |
facebook.net
connect.facebook.net — Cisco Umbrella Rank: 126 |
114 KB |
1 |
google.de
www.google.de — Cisco Umbrella Rank: 6342 |
501 B |
1 |
google.com
www.google.com — Cisco Umbrella Rank: 2 |
501 B |
1 |
quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 770 |
602 B |
1 |
chartbeat.net
ping.chartbeat.net — Cisco Umbrella Rank: 1099 |
201 B |
1 |
quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 829 |
10 KB |
1 |
chartbeat.com
static.chartbeat.com — Cisco Umbrella Rank: 1242 |
14 KB |
1 |
nprapps.org
pym.nprapps.org — Cisco Umbrella Rank: 22646 |
3 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35 |
1 KB |
1 |
espreso.rs
1 redirects
glossy.espreso.rs |
94 B |
67 | 19 |
Domain | Requested by | |
---|---|---|
18 | glossy.espreso.co.rs |
glossy.espreso.co.rs
|
8 | fonts.gstatic.com |
fonts.googleapis.com
|
7 | www.kurir.rs |
pym.nprapps.org
www.kurir.rs |
5 | quantcast.mgr.consensu.org |
glossy.espreso.co.rs
quantcast.mgr.consensu.org |
4 | gars.hit.gemius.pl |
1 redirects
glossy.espreso.co.rs
gars.hit.gemius.pl |
3 | www.google-analytics.com |
glossy.espreso.co.rs
www.google-analytics.com |
3 | www.adriamediacontent.com |
glossy.espreso.co.rs
www.adriamediacontent.com |
3 | securepubads.g.doubleclick.net |
glossy.espreso.co.rs
securepubads.g.doubleclick.net |
2 | www.facebook.com |
glossy.espreso.co.rs
|
2 | connect.facebook.net |
glossy.espreso.co.rs
connect.facebook.net |
1 | www.espreso.co.rs |
glossy.espreso.co.rs
|
1 | audit-tcfv2.quantcast.mgr.consensu.org |
quantcast.mgr.consensu.org
|
1 | www.google.de |
glossy.espreso.co.rs
|
1 | www.google.com |
glossy.espreso.co.rs
|
1 | rules.quantcount.com |
secure.quantserve.com
|
1 | ping.chartbeat.net |
glossy.espreso.co.rs
|
1 | test.quantcast.mgr.consensu.org |
quantcast.mgr.consensu.org
|
1 | stats.g.doubleclick.net |
www.google-analytics.com
|
1 | ls.hit.gemius.pl |
gars.hit.gemius.pl
|
1 | secure.quantserve.com |
quantcast.mgr.consensu.org
|
1 | static.chartbeat.com |
glossy.espreso.co.rs
|
1 | pym.nprapps.org |
glossy.espreso.co.rs
|
1 | fonts.googleapis.com |
glossy.espreso.co.rs
|
1 | glossy.espreso.rs | 1 redirects |
67 | 24 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
espreso.rs R3 |
2021-12-25 - 2022-03-25 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-01-17 - 2022-04-11 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2022-01-17 - 2022-04-11 |
3 months | crt.sh |
www.adriamediacontent.com R3 |
2021-12-25 - 2022-03-25 |
3 months | crt.sh |
quantcast.mgr.consensu.org Amazon |
2021-04-24 - 2022-05-23 |
a year | crt.sh |
*.hit.gemius.pl Sectigo ECC Domain Validation Secure Server CA |
2021-09-08 - 2022-09-25 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2022-01-17 - 2022-04-11 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2021-11-21 - 2022-02-19 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-01-17 - 2022-04-11 |
3 months | crt.sh |
pym.nprapps.org Amazon |
2021-05-06 - 2022-06-04 |
a year | crt.sh |
*.chartbeat.com Thawte RSA CA 2018 |
2021-05-20 - 2022-06-03 |
a year | crt.sh |
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-09-22 - 2022-09-21 |
a year | crt.sh |
*.chartbeat.net Thawte RSA CA 2018 |
2021-12-01 - 2022-12-30 |
a year | crt.sh |
*.kurir.rs Sectigo RSA Domain Validation Secure Server CA |
2021-10-05 - 2022-10-05 |
a year | crt.sh |
www.google.com GTS CA 1C3 |
2022-01-17 - 2022-04-11 |
3 months | crt.sh |
www.google.de GTS CA 1C3 |
2022-01-17 - 2022-04-11 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://glossy.espreso.co.rs/
Frame ID: D4CF9CEF51DACF65DC000C7BDA2FA417
Requests: 59 HTTP requests in this frame
Frame:
https://ls.hit.gemius.pl/lsget.html
Frame ID: 348205F406C7217BC196D5B7FBA500F0
Requests: 1 HTTP requests in this frame
Frame:
https://www.kurir.rs/news_widget_amc/?website=glossy&source=widget&campaign=adria_internal&initialWidth=300&childId=kurir-sidebar-widget&parentTitle=Glossy&parentUrl=https%3A%2F%2Fglossy.espreso.co.rs%2F
Frame ID: 664F0DDB4E09CCAAE53F17EC15052D10
Requests: 7 HTTP requests in this frame
Screenshot
![](/screenshots/3325c20a-d802-4090-9cfd-39c391f92902.png)
Page Title
Glossyicon-arrowicon-closeicon-commentsicon-galleryicon-nexticon-previcon-searchicon-totopglossy_logosoc-commentsoc-fbsoc-gplussoc-inssoc-mailsoc-rsssoc-twittersoc-vibersoc-wupsoc-ytPage URL History Show full URLs
-
http://glossy.espreso.rs/
HTTP 301
https://glossy.espreso.co.rs/ Page URL
Detected technologies
![](/vendor/wappa/icons/Chartbeat.png)
Detected patterns
- chartbeat\.js
Detected patterns
- //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
![](/vendor/wappa/icons/Gemius.png)
Detected patterns
- hit\.gemius\.pl/xgemius\.js
- hit\.gemius\.pl
- xgemius\.js
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
![](/vendor/wappa/icons/Google Font API.png)
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
![](/vendor/wappa/icons/Quantcast.png)
Detected patterns
- quantcast\.mgr\.consensu\.org
![](/vendor/wappa/icons/Quantcast.png)
Detected patterns
- \.quantserve\.com/quant\.js
Page Statistics
16 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://glossy.espreso.rs/
HTTP 301
https://glossy.espreso.co.rs/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 58- https://gars.hit.gemius.pl/_1644605385951/rexdot.js?l=100&id=.Wqab_7.PymlI6QznIZAr5eCDkaUbycwxOudM3_kSXz.M7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fglossy.espreso.co.rs%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200<ime=201&lsdata=M0hw0UMfb3HN_GkChGVcvqAvb0aVBvLxBUmj8Xw0pmr.h7vWPO8wyEK.2pqm3eJV1s2t9GJKSRW9R9DhqgXBexygkGAm/BJfJCR0FdmQ2P/&fpdata=6_Ur9QCYoEGkDdNTOTaaNooJJVRsxld573gw1e9ev0n.67&vis=1&fpcap= HTTP 301
- https://gars.hit.gemius.pl/__/_1644605385951/rexdot.js?l=100&id=.Wqab_7.PymlI6QznIZAr5eCDkaUbycwxOudM3_kSXz.M7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fglossy.espreso.co.rs%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200<ime=201&lsdata=M0hw0UMfb3HN_GkChGVcvqAvb0aVBvLxBUmj8Xw0pmr.h7vWPO8wyEK.2pqm3eJV1s2t9GJKSRW9R9DhqgXBexygkGAm/BJfJCR0FdmQ2P/&fpdata=6_Ur9QCYoEGkDdNTOTaaNooJJVRsxld573gw1e9ev0n.67&vis=1&fpcap=
67 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
glossy.espreso.co.rs/ Redirect Chain
|
114 KB 26 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-v-1637670258939.js
glossy.espreso.co.rs/resources/js/ |
216 KB 64 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-v-1637670258939.css
glossy.espreso.co.rs/resources/css/ |
85 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gpt.js
securepubads.g.doubleclick.net/tag/js/ |
80 KB 27 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pubjelly.js
www.adriamediacontent.com/js/pubjelly/main/ |
42 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.svg
glossy.espreso.co.rs/resources/images/svg/ |
5 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
335343_104115632-383297195972730-8367571528555983622-n_po-s.jpg
glossy.espreso.co.rs/data/images/2022/02/11/15/ |
54 KB 55 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
335344_zaveseshutterstock-622589276_sq-s.jpg
glossy.espreso.co.rs/data/images/2022/02/11/15/ |
17 KB 17 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
335338_andjelinadzoli03_sq-s.jpg
glossy.espreso.co.rs/data/images/2022/02/11/15/ |
39 KB 40 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lazy.png
glossy.espreso.co.rs/resources/images/ |
936 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
choice.js
quantcast.mgr.consensu.org/choice/pLW1P-3X_Ppr5/www.espreso.co.rs/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xgemius.js
gars.hit.gemius.pl/ |
40 KB 11 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fbevents.js
connect.facebook.net/en_US/ |
99 KB 26 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v16/ |
44 KB 44 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v16/ |
46 KB 46 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EJRSQgYoZZY2vCFuvAnt66qSVys.woff2
fonts.gstatic.com/s/ptserif/v16/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EJRVQgYoZZY2vCFuvAFWzr8.woff2
fonts.gstatic.com/s/ptserif/v16/ |
32 KB 32 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jizfRExUiTo99u79B_mh0OCtLQ0Z.woff2
fonts.gstatic.com/s/ptsans/v16/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EJRSQgYoZZY2vCFuvAnt66qcVyvHpA.woff2
fonts.gstatic.com/s/ptserif/v16/ |
19 KB 19 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EJRVQgYoZZY2vCFuvAFYzr-tdg.woff2
fonts.gstatic.com/s/ptserif/v16/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
322513038446696
connect.facebook.net/signals/config/ |
307 KB 88 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pym.v1.min.js
pym.nprapps.org/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
network_sprite.svg
glossy.espreso.co.rs/resources/images/footer/ |
61 KB 27 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jizaRExUiTo99u79D0yExdGM.woff2
fonts.gstatic.com/s/ptsans/v16/ |
26 KB 26 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chartbeat.js
static.chartbeat.com/js/ |
36 KB 14 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
quant.js
secure.quantserve.com/ |
24 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cmp2.js
quantcast.mgr.consensu.org/tcfv2/ |
178 KB 43 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
335332_kraljicamaksima_sq-s.jpg
glossy.espreso.co.rs/data/images/2022/02/11/14/ |
50 KB 51 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
335328_271629637-407086297876475-402156013970033609-n.webp_sq-s.jpg
glossy.espreso.co.rs/data/images/2022/02/11/14/ |
63 KB 63 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
194791_amjaaaa_sq-s.jpg
glossy.espreso.co.rs/data/images/2017/11/05/19/ |
33 KB 33 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
317857_ovakonistepravilidosadnajboljireceptzasarmesa2tajnasastojka640x427_sq-s.jpg
glossy.espreso.co.rs/data/images/2021/03/08/16/ |
53 KB 54 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
308901_zvezde-granda-26102020-0040_sq-s.jpg
glossy.espreso.co.rs/data/images/2020/10/27/11/ |
30 KB 31 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
330176_kimkardasijanprofimedia0559550603_sq-s.jpg
glossy.espreso.co.rs/data/images/2021/10/27/12/ |
63 KB 64 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
335346_zena-shutterstock-1581641116_sq-s.jpg
glossy.espreso.co.rs/data/images/2022/02/11/17/ |
30 KB 30 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
311701_1732429-anapaunkovic03damirdervisagic-ff_sq-s.jpg
glossy.espreso.co.rs/data/images/2020/11/27/13/ |
42 KB 43 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
check_if_user_is_logged_in
glossy.espreso.co.rs/profil/ |
115 B 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
manifest.js
www.adriamediacontent.com/js/pubjelly/main/noc/ |
583 B 803 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
glossyespresocors.js
www.adriamediacontent.com/js/pubjelly/main/cfg/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.facebook.com/tr/ |
44 B 295 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pubads_impl_2022020801.js
securepubads.g.doubleclick.net/gpt/ |
357 KB 119 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ppub_config
securepubads.g.doubleclick.net/pagead/ |
75 B 103 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fpdata.js
gars.hit.gemius.pl/ |
282 B 395 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lsget.html
ls.hit.gemius.pl/ Frame 3482 |
5 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
4 B 445 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
collect
www.google-analytics.com/j/ |
2 B 22 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
collect
www.google-analytics.com/ |
35 B 55 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cmp-list.json
test.quantcast.mgr.consensu.org/GVL-v2/ |
9 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ping
ping.chartbeat.net/ |
43 B 201 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.kurir.rs/news_widget_amc/ Frame 664F |
20 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rules-p-pLW1P-3X_Ppr5.js
rules.quantcount.com/ |
147 B 602 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.com/ads/ |
42 B 501 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ |
42 B 501 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cmp2ui-en.js
quantcast.mgr.consensu.org/tcfv2/39/ |
227 KB 55 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor-list-trimmed-v1.json
quantcast.mgr.consensu.org/GVL-v2/ |
283 KB 33 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
google-atp-list.json
quantcast.mgr.consensu.org/tcfv2/ |
154 KB 36 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
audit-tcfv2.quantcast.mgr.consensu.org/ |
2 B 101 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
www.espreso.co.rs/resources/images/header/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rexdot.js
gars.hit.gemius.pl/__/_1644605385951/ Redirect Chain
|
169 B 474 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pym.v1.min.js
www.kurir.rs/resources/js/ Frame 664F |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
976005_aerodrom-dubai_ls-s.jpg
www.kurir.rs/data/images/2016/08/23/08/ Frame 664F |
53 KB 53 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2899385_djenova-droga-mrtav-srbin-brod-foto-gdf-4--2_ls-s.jpg
www.kurir.rs/data/images/2022/02/09/11/ Frame 664F |
73 KB 73 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2420161_profimedia0297070096_ls-s.jpg
www.kurir.rs/data/images/2020/12/30/11/ Frame 664F |
38 KB 39 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2902215_h-57465140_ls-s.jpg
www.kurir.rs/data/images/2022/02/11/10/ Frame 664F |
36 KB 36 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2902837_marjanovic_ls-s.jpg
www.kurir.rs/data/images/2022/02/11/17/ Frame 664F |
58 KB 59 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
www.facebook.com/tr/ |
44 B 91 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
135 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 function| structuredClone undefined| sharewindow function| processGoogleABTestToken function| searchHeaderBtn function| searchHeader function| searchForm function| sideBoxTabs object| $window object| $mediaSlider object| $mediaThumb number| get_tpl_i function| get_tpl function| removeElement function| nl2br function| socFollow function| stickyHead function| equalHeight function| trim function| isEmail function| loadAntibot function| poll_init function| poll_check_votes function| poll_vote function| poll_show_results function| poll_show_answers function| getImagesFromLive function| slideToSlide function| setMediaDescription function| _slice function| _slicedToArray function| _extends function| _toConsumableArray function| checkIfUserIsLoggedIn function| checkUserPreviousScrollPosition function| checkStrength function| addendLoader function| removeLoader function| setCookie function| checkCookie function| getCookie function| openLoginModal function| logOut function| resetAllValidationFields function| userProfile function| openRegisterModal function| showErrorMessage function| hideErrorMessage function| uploadAvatar function| getUrlVars function| removeHash boolean| com_loading function| com_load_more function| com_list number| antibot_id object| antibot_timeout function| com_form_init function| com_preview_init function| com_close_reply function| com_reset_antibot function| dataSet function| dataPush function| dataGet function| $ function| jQuery object| ParsleyExtend object| ParsleyConfig object| psly object| Parsley object| ParsleyUtils object| ParsleyValidator object| ParsleyUI string| inputEventPatched object| parsley string| loader boolean| finishLoding object| toastr function| __tcfapi function| __uspapi string| addr string| server_request_uri string| server_href boolean| comment_report_reqire_login string| login_system string| login_server string| pp_gemius_identifier function| gemius_pending function| gemius_hit function| gemius_event function| pp_gemius_hit function| pp_gemius_event string| cdSiteContentCategory string| GoogleAnalyticsObject function| ga object| googletag object| pubjelly function| fbq function| _fbq string| userFirstLastName string| userAvatar object| userProfileLink object| container object| script object| _sf_async_config object| _qevents object| $jscomp function| $jscomp$lookupPolyfilledValue object| __pubJellyRuntime object| pbjs object| ggeac object| google_js_reporting_queue object| gemius_cmpclient object| gemius_hcconn number| pp_gemius_cnt object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| regeneratorRuntime function| __tcfapiui object| _cb_shared object| pSUPERFLY_mab object| _cbq object| pSUPERFLY string| cmd string| pjSlotID object| pym function| quantserve function| __qc object| ezt object| _qoptions function| qtrack undefined| google_measure_js_timing14 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.espreso.co.rs/ | Name: _fbp Value: fb.2.1644605385733.2000213079 |
|
.espreso.co.rs/ | Name: _ga Value: GA1.3.648584937.1644605386 |
|
.espreso.co.rs/ | Name: _gid Value: GA1.3.1684012757.1644605386 |
|
.espreso.co.rs/ | Name: _gat Value: 1 |
|
.espreso.co.rs/ | Name: _gat_tstTracker Value: 1 |
|
glossy.espreso.co.rs/ | Name: _cb_ls Value: 1 |
|
glossy.espreso.co.rs/ | Name: _cb Value: CZDlVhCW6Xg7BVqkE9 |
|
glossy.espreso.co.rs/ | Name: _chartbeat2 Value: .1644605385811.1644605385811.1.CTRAeoDRa_evCn2UKZCXhxGEBQGX0H.1 |
|
glossy.espreso.co.rs/ | Name: _cb_svref Value: null |
|
.espreso.co.rs/ | Name: espreso_front_session Value: 3h2it4sr7rmkj68vfgkseo31o5 |
|
glossy.espreso.co.rs/ | Name: X-Proxy-To Value: glossy-web1 |
|
.espreso.co.rs/ | Name: __gfp_64b Value: 6_Ur9QCYoEGkDdNTOTaaNooJJVRsxld573gw1e9ev0n.67|1644605385 |
|
.hit.gemius.pl/ | Name: Gtest Value: KlSrOMGGQMQGHRNy-RVZyoGissGMXP8c25nSGhKQzHLIXBG. |
|
.hit.gemius.pl/ | Name: Gdyn Value: KlShaMMGQMQGHRNy-RVZyoGissGMe19oL6nxmGtALCsbypaiGsRPtP7iGKGGqn6RgGllle82GGUrxFs_RFyGsG.. |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
audit-tcfv2.quantcast.mgr.consensu.org
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
gars.hit.gemius.pl
glossy.espreso.co.rs
glossy.espreso.rs
ls.hit.gemius.pl
ping.chartbeat.net
pym.nprapps.org
quantcast.mgr.consensu.org
rules.quantcount.com
secure.quantserve.com
securepubads.g.doubleclick.net
static.chartbeat.com
stats.g.doubleclick.net
test.quantcast.mgr.consensu.org
www.adriamediacontent.com
www.espreso.co.rs
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.kurir.rs
142.250.185.162
146.59.30.100
185.80.68.11
185.80.68.6
2600:9000:20eb:d000:18:1fcd:34f:cdc1
2600:9000:2156:c400:3:a4cd:8380:93a1
2600:9000:2315:2200:6:44e3:f8c0:93a1
2600:9000:2315:3e00:9:46dc:4700:93a1
2620:116:800d:21:36a9:ecb:e518:b308
2a00:1450:4001:801::2004
2a00:1450:4001:803::2003
2a00:1450:4001:80f::2003
2a00:1450:4001:810::200e
2a00:1450:4001:82b::200a
2a00:1450:400c:c08::9c
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
34.235.189.191
51.15.154.187
51.159.89.0
54.226.221.131
87.237.206.236
99.84.88.80
047ed5c1bcaea807f1edb61af9be9d808c474d7ae00dd2577067ad4adbcffd29
07a60e842ddb4218facf1a1932a8342ca6c3bea33fb3b504ec7a9e88d46a6a74
08ac255037275d07aab7f5e059a6fb573e59aa5a805e9c61f5a7a2823d1b6402
097d9c11043021da07e61067010b7d0b572e8f5a37eaeed512a261a9c858812e
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1250cac1df26eff62cb52c6732a01bad753ba6c8299329177da2e43c714564f8
141f0c53e457585d4ac7426eb3d757666d250ee6fbf0e9c0878128e4c627f0b1
1998b7ba96c5a0c7425c195f106112379e7f1f2c254c1a19808efb52f7b17487
1a8635c7077b20e45b38d58f63b6562a47630e137c0e2c68b5b31611a8524a15
22882a69a2cd613b25bc774dded2d9d71c97bf0677d764e8bd270402a6802688
27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8
32ed95b190974ab3c06dcbfe84decbe46ba5bf9ef759aaad201b053d06342d9e
39e110d013cee5277b6be02ea51c5b08319dd79697aa19bd2a191f47d7ca26fb
3ec5374a644b10bdc31592eafb811f727a57f403125991b5fed36c60ef627ce7
40d891fa0f3e22a5626ccd14a0a096bf5e06538457b1412d33503cd1c25a3800
48d26cc2842252e4ba6662fdc7baa493c1558e059e2c86b73601ed4505e0f87b
4a9337bf6da81f33115899dc2e7ae5c50c313a357c46643b52c5bed7db9a88b1
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5a7349d9db4dd091d5be132e03e374cede3329ab0cd918f0e146ddd0ac95d531
65022d5f76d6e8ca21971c6b00bd7af6533c705aedfbae57a94d44a9f4839e3c
67c9df4ca932fac2379e97fcf5d0922b17b1721add1b5ecad1415bca1da3f519
6b2d11670cff76fc4afe72ffe4f784af63c5ee6ae3ba2a16c276a2ca9ff80be9
6b601f48ca9d3bec6b3ce12eef3fab7e619630c1ac7558cb2d4024645fb39962
6ddba1f102cb48d395bbf224367107ae24c018cb19c035f716572a1f8523f462
6e9efe16cd7f2e983f454f8181f054ba8d36dd2b5a27b582b8e707fdda03549f
7ebf3024d7091007d0635f6f729158fd7168e2af56748254e80a0389f98a4abf
7f8dfc8b239e9d5349b3cf0be8e02172e74f13ab3553ebdcd87cec391c72b0f0
7f9694a5641741d04e1c98eb1011059826aa5feb34e47d2b2f95bdb47cb0c2f5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8bd5d4c222c02f04991874ce321a05428be09b19114a102516db09a28d52b89f
8c5a62c74692dd5d707767c763842fa3a199c5d50b526f2a138747af21ba6202
8ce6fbc35322bbe9ad338e7ede8bcd287f4ff0af6f24fd5abda05ea196776f17
8f4b70778aa21c1c093c6acbad70c70b2e69d4d22e47d9405ee137db16ca050b
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a1140d57421ae5baa9e14a690f2bac09054b2a9d355829623cbd719d845f3639
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2a7e84e30693db8152b92c109dfd015a8b7bd68072133addb575d90f8d2f09c
a6bdf620e64f6f9481b0b273e6365a133ce173c2feb8839cfb99542f0f7f518e
a9130bc6cc24f6533c8b31b7d6814967bb76fc236eee4bf10b6c1cd221fc6f9e
b236dccee1a0d5280842bdff52b4005e2b0c9ee5d74a15db3e939c53306576d3
b7f736144a4c3c86a1e620f94d91b3c0eedcadac33888203e554dc2e7c3cfa66
c31782bff6916a9e48ab67c43f0b9f4794c2dbf8338992aca7f28d6a9cde041e
c3ab6d1977949eba1de30a7cd9e94d2b1d3ca5d8163559cd6f32d5fbaddbf9b6
c7e20af98f367fe28dd5bb1ec82941c7774a1c2e5320a657932bd55a35dbf0a6
c97bb3ca107ce9dff21b27d98703b6b7e6cd813d252ce8b1afb1bca174ce49fb
cf2f7b53c06288ca8c245e434d204eb881d2271d16d6a37193d811026b1f93ff
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d1c401c18d01ea3cea40a72448c8edd9177cfca769892ec53a07d57a850d1f40
d25690d08c08f3b223bc3fc14435b9afe19439cf2c04ff8050b12da2997ced23
d355afb9705c3f8651f6a1f813b4670b758d59a17783830f534e7a8839c5b666
d3eee9e4ebf3283e4e03867700f591840bb9f2d23ba4b957589b0f88381d28c9
e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d
e1f210cac687ba041cabc5cfc0d7a31f1c2a6b15c63f5c3249a86b68c0cc9193
e2b6f37a535934d13d20f567f2f5f8c40948458646d73643cebd6898d1360cea
e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c
e58c336ddb901273b6715d1465f36410f55eae8487bdade2a8fabb300d6b39d1
e60627b9984215494a08fe79e5ea12ad6e7850bee20335015b2971ca1bc7215b
e7c40e7cbfae5a7e273d42a9fa5dc6496e97757a3d497db3869efa7e5bfc8951
ea2cfd052397a2a777ace87690d76dc8caa81d75a37d35639401e7e995bff377
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3ab62226a3c4a980d0ad698e4b6d1c23a3f036b9c57466cdf4d5415d9d511fa
f678b874995dad863e64e75ecf95bd11acdc0b498dc398a04d1f2f1149568f93
fe51695a4ec686cc0bff2f425ec3f773c5be272d63d079eca59f40e8ce23e02f
ff3587135389fc0f7399474f84d6bff086059dbcb13d9b4e64b495d72ba4e4c7