sci-hub.mksa.top
Open in
urlscan Pro
2606:4700:3031::6815:4958
Malicious Activity!
Public Scan
Effective URL: https://sci-hub.mksa.top/
Submission: On August 17 via manual from GB — Scanned from GB
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 1st 2022. Valid for: a year.
This is the only time sci-hub.mksa.top was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sci-Hub (Consumer)Domain & IP information
ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com |
ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net | |
adservice.google.co.uk |
ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f2.1e100.net
partner.googleadservices.com |
ASN15169 (GOOGLE, US)
adservice.google.co.uk |
ASN15169 (GOOGLE, US)
tpc.googlesyndication.com |
ASN15169 (GOOGLE, US)
www.googletagservices.com |
ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net
cm.g.doubleclick.net |
ASN29990 (ASN-APPNEX, US)
PTR: 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
ib.adnxs.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
25 |
googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 123 tpc.googlesyndication.com — Cisco Umbrella Rank: 159 |
327 KB |
21 |
sci-hub.shop
img.sci-hub.shop — Cisco Umbrella Rank: 385126 |
582 KB |
11 |
doubleclick.net
3 redirects
googleads.g.doubleclick.net — Cisco Umbrella Rank: 52 cm.g.doubleclick.net — Cisco Umbrella Rank: 214 |
88 KB |
7 |
ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 361 |
133 KB |
5 |
casalemedia.com
3 redirects
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 525 |
4 KB |
4 |
pluso.ru
share.pluso.ru — Cisco Umbrella Rank: 166469 |
27 KB |
3 |
adnxs.com
2 redirects
ib.adnxs.com — Cisco Umbrella Rank: 230 |
3 KB |
3 |
google.com
adservice.google.com — Cisco Umbrella Rank: 88 www.google.com — Cisco Umbrella Rank: 9 |
2 KB |
2 |
yadro.ru
1 redirects
counter.yadro.ru — Cisco Umbrella Rank: 9849 |
1 KB |
2 |
google.co.uk
adservice.google.co.uk — Cisco Umbrella Rank: 5031 |
914 B |
2 |
wikicn.top
2 redirects
scihub.wikicn.top |
1 KB |
1 |
2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 280 |
78 KB |
1 |
googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 194 |
44 KB |
1 |
googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 882 |
642 B |
1 |
mksa.top
sci-hub.mksa.top — Cisco Umbrella Rank: 738724 |
7 KB |
0 |
kitbit.net
Failed
kitbit.net Failed |
|
80 | 16 |
Domain | Requested by | |
---|---|---|
21 | img.sci-hub.shop |
sci-hub.mksa.top
|
13 | pagead2.googlesyndication.com |
sci-hub.mksa.top
pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com |
12 | tpc.googlesyndication.com |
googleads.g.doubleclick.net
tpc.googlesyndication.com cdn.ampproject.org pagead2.googlesyndication.com |
7 | cdn.ampproject.org |
googleads.g.doubleclick.net
pagead2.googlesyndication.com |
7 | googleads.g.doubleclick.net |
pagead2.googlesyndication.com
googleads.g.doubleclick.net sci-hub.mksa.top |
5 | dsum-sec.casalemedia.com |
3 redirects
googleads.g.doubleclick.net
|
4 | share.pluso.ru |
img.sci-hub.shop
|
4 | cm.g.doubleclick.net |
3 redirects
googleads.g.doubleclick.net
|
3 | ib.adnxs.com |
2 redirects
googleads.g.doubleclick.net
|
2 | counter.yadro.ru | 1 redirects |
2 | adservice.google.com |
pagead2.googlesyndication.com
|
2 | adservice.google.co.uk |
pagead2.googlesyndication.com
|
2 | scihub.wikicn.top | 2 redirects |
1 | www.google.com |
tpc.googlesyndication.com
|
1 | s0.2mdn.net |
googleads.g.doubleclick.net
|
1 | www.googletagservices.com |
googleads.g.doubleclick.net
|
1 | partner.googleadservices.com |
pagead2.googlesyndication.com
|
1 | sci-hub.mksa.top | |
0 | kitbit.net Failed |
img.sci-hub.shop
|
80 | 19 |
This site contains links to these domains. Also see Links.
Domain |
---|
pluso.ru |
vk.com |
twitter.com |
www.facebook.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
mksa.top Cloudflare Inc ECC CA-3 |
2022-02-01 - 2023-01-31 |
a year | crt.sh |
sci-hub.shop Cloudflare Inc ECC CA-3 |
2022-05-23 - 2023-05-23 |
a year | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2022-07-18 - 2022-10-10 |
3 months | crt.sh |
*.googleadservices.com GTS CA 1C3 |
2022-07-18 - 2022-10-10 |
3 months | crt.sh |
*.google.co.uk GTS CA 1C3 |
2022-07-18 - 2022-10-10 |
3 months | crt.sh |
*.google.com GTS CA 1C3 |
2022-07-18 - 2022-10-10 |
3 months | crt.sh |
tpc.googlesyndication.com GTS CA 1C3 |
2022-08-01 - 2022-10-24 |
3 months | crt.sh |
misc-sni.google.com GTS CA 1C3 |
2022-07-18 - 2022-10-10 |
3 months | crt.sh |
*.doubleclick.net GTS CA 1C3 |
2022-07-18 - 2022-10-10 |
3 months | crt.sh |
*.pluso.ru R3 |
2021-05-11 - 2021-08-09 |
3 months | crt.sh |
www.google.com GTS CA 1C3 |
2022-07-18 - 2022-10-10 |
3 months | crt.sh |
This page contains 10 frames:
Primary Page:
https://sci-hub.mksa.top/
Frame ID: FE99D6136C39C9468C834F0B8CC89117
Requests: 42 HTTP requests in this frame
Frame:
https://googleads.g.doubleclick.net/pagead/html/r20220815/r20190131/zrt_lookup.html
Frame ID: B81FB7720A37E530FE688D00186453AE
Requests: 1 HTTP requests in this frame
Frame:
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5200551945029930&output=html&adk=1812271804&adf=3025194257&lmt=1660743681&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660743681117&bpp=7&bdt=660&idt=260&shv=r20220815&mjsv=m202208100101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=901324120718&frm=20&pv=2&ga_vid=200386016.1660743681&ga_sid=1660743681&ga_hid=8391680&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44771041%2C44761793&oid=2&pvsid=3726821929050564&tmod=1637922553&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=274
Frame ID: FF822328461A837B60D7574178093102
Requests: 1 HTTP requests in this frame
Frame:
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5200551945029930&output=html&h=280&slotname=2711088979&adk=2301864394&adf=2987723014&pi=t.ma~as.2711088979&w=528&fwrn=4&fwrnh=100&lmt=1660743681&rafmt=1&psa=0&format=528x280&url=https%3A%2F%2Fsci-hub.mksa.top%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660743681124&bpp=2&bdt=667&idt=272&shv=r20220815&mjsv=m202208100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=901324120718&frm=20&pv=1&ga_vid=200386016.1660743681&ga_sid=1660743681&ga_hid=8391680&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=536&ady=1552&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44771041%2C44761793&oid=2&pvsid=3726821929050564&tmod=1637922553&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=DiaDNFcWuV&p=https%3A//sci-hub.mksa.top&dtd=275
Frame ID: 1D6C65D4FB911CB1BB6072E16970F3E9
Requests: 2 HTTP requests in this frame
Frame:
https://googleads.g.doubleclick.net/pagead/html/r20220815/r20110914/zrt_lookup.html?fsb=1
Frame ID: 0EFC3AA680F1FB46685FA9B9E3332994
Requests: 10 HTTP requests in this frame
Frame:
https://googleads.g.doubleclick.net/xbbe/pixel?d=CITN6QEQnsDzARjr_-DBATAB&v=APEucNVQE1AodKWIap1Rd-KR1cpevQX0s3mOHi6jQCewjQOTVfat4PpALLzfvoArgWk69-sgSjTflNNStohhu9xxxVpXw2ANgtXFwt2CVHr5IEr6Ph_8SwfqPdB3SabWu4TXm9Hyq8rm1goSWSZ9cIf4mT0eEu7X8Pcl-WawUeqTwOW0jOks5jQ
Frame ID: AD1733084DBF227D458B43D44BDD58E8
Requests: 5 HTTP requests in this frame
Frame:
https://cdn.ampproject.org/rtv/012208081650000/amp4ads-v0.mjs
Frame ID: FE0347C10798B3496249E4E584771538
Requests: 12 HTTP requests in this frame
Frame:
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 6C842FF6FA3E92A83E9FADBD6EBECF51
Requests: 3 HTTP requests in this frame
Frame:
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 308FF274DDADDD3BAE07D49EE6A47EB4
Requests: 3 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/aframe
Frame ID: 2A796BBBCF4B9007961F73EBBD8560DB
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
Sci-HubPage URL History Show full URLs
-
http://scihub.wikicn.top/
HTTP 301
https://scihub.wikicn.top/ HTTP 301
https://sci-hub.mksa.top/ Page URL
Detected technologies
AppNexus (Advertising Networks) ExpandDetected patterns
- adnxs\.(?:net|com)
DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand
Detected patterns
- 2mdn\.net
Google AdSense (Advertising Networks) Expand
Detected patterns
- googlesyndication\.com/
- 2mdn\.net
Mautic (Marketing Automation) Expand
Detected patterns
- [^a-z]mtc.*\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- jquery-ui.*\.js
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://scihub.wikicn.top/
HTTP 301
https://scihub.wikicn.top/ HTTP 301
https://sci-hub.mksa.top/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 52- https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
- https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBfpOhJzlV_4lvgB_rTjF8c&google_cver=1 HTTP 302
- https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBfpOhJzlV_4lvgB_rTjF8c&google_cver=1&C=1
- https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
- https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
- https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YvzwAkgeyItA-hGkLoCUEAAA HTTP 302
- https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOE5-ZbaXYvsRXWfJyp_oI8&google_cver=1
- https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
- https://ib.adnxs.com/setuid?entity=101&code=CAESELNxVh4AafFZmoWyNBJDvc0&google_cver=1
- https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
- https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
- https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTA1MTc0NjkxNTE2OTgxODkzMw%3D%3D
- https://counter.yadro.ru/hit;PLUSO?r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1 HTTP 302
- https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1
80 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
sci-hub.mksa.top/ Redirect Chain
|
27 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.1.1.min.js
img.sci-hub.shop/scihub/ |
85 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-ui.min.js
img.sci-hub.shop/scihub/ |
248 KB 68 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
openapi.js
img.sci-hub.shop/scihub/ |
94 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
medal.png
img.sci-hub.shop/scihub/ |
22 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
key_1.png
img.sci-hub.shop/scihub/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ |
147 KB 51 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
top-back.jpg
img.sci-hub.shop/scihub/ |
184 KB 185 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_en.png
img.sci-hub.shop/scihub/ |
14 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
raven_1.png
img.sci-hub.shop/scihub/ |
59 KB 59 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
map.jpg
img.sci-hub.shop/scihub/ |
54 KB 55 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
about-marker_en.png
img.sci-hub.shop/scihub/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
quote.png
img.sci-hub.shop/scihub/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
quotenext_en.png
img.sci-hub.shop/scihub/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pone.png
img.sci-hub.shop/scihub/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ptwo.png
img.sci-hub.shop/scihub/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pthree.png
img.sci-hub.shop/scihub/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
AvenirLTW01-55Roman.woff2
img.sci-hub.shop/misc/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
people.jpg
img.sci-hub.shop/scihub/ |
50 KB 51 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
join_en.png
img.sci-hub.shop/scihub/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
joinvk.png
img.sci-hub.shop/scihub/ |
17 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jointwitter.png
img.sci-hub.shop/scihub/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
joinfacebook.png
img.sci-hub.shop/scihub/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pluso-like.js
img.sci-hub.shop/scihub/ |
41 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208100101/ |
340 KB 120 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220815/r20190131/ Frame B81F |
10 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cookie.js
partner.googleadservices.com/gampad/ |
212 B 642 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
integrator.js
adservice.google.co.uk/adsid/ |
107 B 792 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
integrator.js
adservice.google.com/adsid/ |
107 B 549 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gen_204
pagead2.googlesyndication.com/pagead/ |
0 20 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ads
googleads.g.doubleclick.net/pagead/ Frame FF82 |
38 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ads
googleads.g.doubleclick.net/pagead/ Frame 1D6C |
176 KB 34 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
reactive_library_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208100101/ |
150 KB 53 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
integrator.js
adservice.google.co.uk/adsid/ |
107 B 122 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
integrator.js
adservice.google.com/adsid/ |
107 B 122 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220815/r20110914/ Frame 0EFC |
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pixel
googleads.g.doubleclick.net/xbbe/ Frame AD17 |
624 B 300 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ad
googleads.g.doubleclick.net/dbm/ Frame 0EFC |
62 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gen_204
pagead2.googlesyndication.com/pagead/ Frame 0EFC |
42 B 63 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220815/r20110914/client/ Frame 0EFC |
3 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220815/r20110914/client/ Frame 0EFC |
17 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 0EFC |
140 KB 44 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
transparent.png
tpc.googlesyndication.com/pagead/images/ Frame 1D6C |
67 B 171 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012208081650000/ Frame FE03 |
220 KB 61 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012208081650000/v0/ Frame FE03 |
14 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012208081650000/v0/ Frame FE03 |
94 KB 28 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
amp-animation-0.1.mjs
cdn.ampproject.org/rtv/012208081650000/v0/ Frame FE03 |
72 KB 16 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012208081650000/v0/ Frame FE03 |
5 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012208081650000/v0/ Frame FE03 |
40 KB 13 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame FE03 |
211 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FE03 |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FE03 |
295 B 424 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
adview
googleads.g.doubleclick.net/pagead/ Frame FE03 |
0 17 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
rum
dsum-sec.casalemedia.com/ Frame AD17 Redirect Chain
|
43 B 941 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
rum
dsum-sec.casalemedia.com/ Frame AD17 Redirect Chain
|
43 B 913 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
setuid
ib.adnxs.com/ Frame AD17 Redirect Chain
|
43 B 1020 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pixel
cm.g.doubleclick.net/ Frame AD17 Redirect Chain
|
170 B 188 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220815/r20110914/ Frame 0EFC |
30 KB 12 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220815/r20110914/elements/html/ Frame 0EFC |
8 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 0EFC |
41 KB 15 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
15208513074308741485
s0.2mdn.net/simgad/ Frame 0EFC |
78 KB 78 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 6C84 |
22 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
amp4ads-host-v0.js
cdn.ampproject.org/rtv/012208081650000/ |
23 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FE03 |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FE03 |
295 B 319 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
KwAXiUICCFvapwcrMozVyugq_Wx4YR6m3c26cyMGyPI.js
pagead2.googlesyndication.com/bg/ Frame 6C84 |
36 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6C84 |
0 20 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
process
share.pluso.ru/ |
120 B 467 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
process
share.pluso.ru/ |
120 B 467 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hit;PLUSO
counter.yadro.ru/ Redirect Chain
|
43 B 528 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sodar
pagead2.googlesyndication.com/getconfig/ |
14 KB 11 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
06.png
share.pluso.ru/img/pluso-like/square/medium/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
plus.png
share.pluso.ru/img/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
kb.js
kitbit.net/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sodar2.js
tpc.googlesyndication.com/sodar/ |
17 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 308F |
13 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aframe
www.google.com/recaptcha/api2/ Frame 2A79 |
783 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
KwAXiUICCFvapwcrMozVyugq_Wx4YR6m3c26cyMGyPI.js
pagead2.googlesyndication.com/bg/ Frame 308F |
36 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sodar
pagead2.googlesyndication.com/pagead/ Frame 2A79 |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
generate_204
tpc.googlesyndication.com/ Frame 308F |
0 10 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sodar
pagead2.googlesyndication.com/pagead/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- img.sci-hub.shop
- URL
- https://img.sci-hub.shop/misc/fonts/AvenirLTW01-55Roman.woff2
- Domain
- kitbit.net
- URL
- https://kitbit.net/kb.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sci-Hub (Consumer)68 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| 4 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| obj2qs object| fastXDM object| VK function| slideQuote function| colorMenu function| go object| adsbygoogle number| ifpluso object| pluso object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_persistent_state_async boolean| google_measure_js_timing object| google_tag_data object| google_reactive_ads_global_state boolean| _gfp_a_ object| google_sa_queue function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map number| google_lpabyc number| google_rum_task_id_counter string| google_user_agent_client_hint function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ object| google_image_requests function| processGoogleToken number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages object| google_llp object| googletag object| __AMP_LOG object| __AMP_ERRORS boolean| ampInaboxInitialized object| __AMP_MODE function| __AMP_REPORT_ERROR object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| AMP object| k string| pt object| s object| GoogleGcLKhOms10 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.mksa.top/ | Name: __gads Value: ID=f8143bf52c933d26-22f130b0f4cd006f:T=1660743681:RT=1660743681:S=ALNI_MZ1kYKG7NTzSMvzl5JTzcgD6e-53g |
|
.doubleclick.net/ | Name: IDE Value: AHWqTUmu_UvCDTHyLA7NKtE6CORXRW-byKzT5tqRJ3JzJ15yX3lUpCpi-sAxv0InEz0 |
|
.adnxs.com/ | Name: uuid2 Value: 9051746915169818933 |
|
.adnxs.com/ | Name: anj Value: dTM7k!M41.D>6NRF']wIg2HaNn?'`C!@wnfH8K6pQK`!5=E<*L5?%M#^=KS<e'f!p2PnaHb`K0NgKChG8gVE]pRUiv%nugO%v4VB%nn=)*0Q[y |
|
.casalemedia.com/ | Name: CMPS Value: 4343 |
|
.casalemedia.com/ | Name: CMID Value: YvzwAkgeyItA-hGkLoCUEAAA |
|
.casalemedia.com/ | Name: CMPRO Value: 4481 |
|
.casalemedia.com/ | Name: CMTS Value: 4341 |
|
.yadro.ru/ | Name: FTID Value: 1Y_F020If58N1Y_F02001NLW |
|
.yadro.ru/ | Name: VID Value: 21yFRc3R038N1Y_F02001NMH |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
adservice.google.co.uk
adservice.google.com
cdn.ampproject.org
cm.g.doubleclick.net
counter.yadro.ru
dsum-sec.casalemedia.com
googleads.g.doubleclick.net
ib.adnxs.com
img.sci-hub.shop
kitbit.net
pagead2.googlesyndication.com
partner.googleadservices.com
s0.2mdn.net
sci-hub.mksa.top
scihub.wikicn.top
share.pluso.ru
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
img.sci-hub.shop
kitbit.net
104.18.18.126
142.250.184.226
172.217.16.194
185.89.210.141
2606:4700:3031::6815:1e4
2606:4700:3031::6815:4958
2606:4700:3033::ac43:a162
2a00:1450:4001:802::2006
2a00:1450:4001:803::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:80f::2001
2a00:1450:4001:811::2004
2a00:1450:4001:812::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2001
2a00:1450:4001:831::2002
37.200.67.210
88.212.201.198
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
125ef9e8cac071be547016f215e726b1f17be04068441bb35847bf565c89e4c3
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
14e6508482a47b942549d487294e164dbe8684e79a6a00410dfb966acffa9570
1e14ddde632bad66a3f79d6dc2c6a212d3b1b5cd8100cb6b73984b8797c5ed86
1f6720f9b1b728e80c6f618a5aac450c6f6df834dd8f0e8b4059ac78a90af7af
2b0017894202085bdaa7072b328cd5cae82afd6c78611ea6ddcdba732306c8f2
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3860c6aa1cdef6ed8bf7315bbfbdc1237d14f68ea2e7a55bcccb9e77662d1b7f
4139220cef70b0dc6ec26232020d4ddb52acef1afcbf2e5b32ed00b7eef62ec7
42d87e9dc59fd8e176dd999cfecb842bc42a8ac8f25bf537e9be1bd04ca1faa2
44e857b78e5b61610566603bed79bceb9a60415b2795cfdf907346cb026d2450
454e4bc03b54bff4716e23ac8be68737dffd664ea64400effdc9ff4581e89586
460b964d7227b7963094c56a6449ed520818785ccb2eb6ecfe8be595fee74232
46dcb8cb7d4d80220baa300c65817e9a4a324c15ddb1e3955d222175eb6cf8c9
4b225ff2e35c8db5378d2ac271c993cbdf6c900aceec3a3eee1c31421e4dc44a
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
585abdd62ba6bd142314a2e62e13574d6848b4b8fd7284ebc6352c02f4ecd036
5a9fc7d6d2aa8a363ae98e9f0a32fdd02bfd46169e3fb8bdbef41864107eecc6
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
70fa25d0cd4744b6b91054ad55e3e931dad31cc85915b13e33e4e674426c7cc1
715698c075d30c44ff0b648f76ca036788733ef430005e1c7fefdb690cbd5d4a
784eb14774a9a419af32c02c2d16cf197ef2701afc2ea65b58c3a574ed5458bd
7d9be8bca8e99d3e4df920b526377cdc77fe018083325fa9ca149dd4844b7b28
7f3abdf0859cf36c2821963a7266a955fd4bd5fe491f997d9d8dae3f3957cf75
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8170b66f8cc5d201df19fec156a119a9364c035992f47b4dd42371bcd0347227
84220b478479e364c5040718312d95cdda842b93d88fd991a0dd7eb4f576ca2c
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8a50dba2bfbbfe01d25c025c5ee5acb8ce80af1707fb3b50ce82ff434be6b98f
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8d200dc372fb333c0ca488fba2a569a686cbf5f1ba0cc0544a4a8c96a4f91de3
8dd6c570e8d8c98ebe983228777f11a9f0e195c2d2f8298c034766ccd2d3087c
902565ce7f27f6e504ee3790458fa3e9137a1c2b3d63d58ce6cd2fbcbf9db7ca
9de2daf51f5832e97e8f1e97b0c63c68a59fa3a438723deece35ad1c086bea50
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a3ff58f53e639fe59a66866b8ba121bb0f5e27f3f086492373378fa751d62fdd
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a88d699bbf9f25fa9a614e4af43982e1096bd9f918a3f5adcaace243ae5cfebc
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1b0541f82f31cab4d9c95f9e0ed760d579580a0dde81bfa342effb6c8b677d6
b2ca5692aa3cfbacdb2ea3c59ea9c24a0735b57a010f0d98fd924886012771ef
b5d314bcc2ee4bacc348236e8dd61526ba98d4cb155bce2b712b2873b3323730
b8e3e37a00f298198fe34abc7c237a0b3c21659f668e142dcf5bc467bae0de23
bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66
c065fb78b0e08dfcca754d46f64414bff72a17836b5da8f717e48423fd4e5952
c0d0b5ecf5aa2cd5475929aefcb44d67c5d5cc8cbcdb3991e45f0944f0344619
c930cfd1a633df3f92e6104e291b65534f21a32f3e1fe1d4bfb3b5eb7df17c74
c9499ea51a2956fd2c1600591ae117fe9ad81065d625b1b2c593c7720e5b228f
c976023edd17ce89501bb6a4cd50277b50fc4ef4045d61b52854da88d36cb202
d2e5722cf0b8d8df31200550801d755733c56d9ca2758b7041fbed009e0c9d08
dabaf1eee4ae1c1db524c66d6950221386ef064a71d29b9f799d1905d64456b6
de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f
e319892f7f2a6e0a6790ff3274eaec39df67d671429aef64ae798ef6792b6fe3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e63d6307d643bdf5f99ddf6949444ac1d611029878e0c9603c18b4032b55f624
ec61d9fd1b3609a3a53f377ed07059c3dc7d2cb1502022e0623b4ebc1ea0f35e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fccb5edfb22402a5806b5c3066e2b40c77509bf873f8d5247642fb64f2eaa3cc
ff03fb35159e9cc4104b52e40b4153040df127e8cbeb3a7f351a4951b0008c28