tezaniadvocacia.com.br
Open in
urlscan Pro
50.116.87.244
Malicious Activity!
Public Scan
Submitted URL: http://delivery.eletroportseg.com.br/PBCSMX?id=174065=e0oCBQQGAQQBS18HAlQIXAEBBAYGVlEIAVQOAVBQUAQAUwADAANSUFJTXVUCBgtbVAcdQlgKAVVdSlc...
Effective URL: https://tezaniadvocacia.com.br/oooa/index.php
Submission: On October 25 via manual from IT — Scanned from US
Effective URL: https://tezaniadvocacia.com.br/oooa/index.php
Submission: On October 25 via manual from IT — Scanned from US
Summary
This website contacted 24 IPs
in 4 countries
across 16 domains to perform 60 HTTP transactions.
The main IP is 50.116.87.244, located in
United States and
belongs to NETWORK-SOLUTIONS-HOSTING, US.
The main domain is tezaniadvocacia.com.br.
TLS certificate: Issued by R3 on September 23rd 2023. Valid for: 3 months.
This is the only time tezaniadvocacia.com.br was scanned on urlscan.io!
TLS certificate: Issued by R3 on September 23rd 2023. Valid for: 3 months.
This is the only time tezaniadvocacia.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Libero (Online)Domain & IP information
1
34.117.197.73
(Kansas City, United States)
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 73.197.117.34.bc.googleusercontent.com
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 73.197.117.34.bc.googleusercontent.com
| delivery.eletroportseg.com.br |
1
50.116.87.244
(United States)
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 50-116-87-244.unifiedlayer.com
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 50-116-87-244.unifiedlayer.com
| tezaniadvocacia.com.br |
9
52.85.151.124
(United States)
ASN16509 (AMAZON-02, US)
PTR: server-52-85-151-124.iad89.r.cloudfront.net
ASN16509 (AMAZON-02, US)
PTR: server-52-85-151-124.iad89.r.cloudfront.net
| i0.plug.it | |
| i4.plug.it | |
| i3.plug.it |
1
13.249.42.27
(United States)
ASN16509 (AMAZON-02, US)
PTR: server-13-249-42-27.iad89.r.cloudfront.net
ASN16509 (AMAZON-02, US)
PTR: server-13-249-42-27.iad89.r.cloudfront.net
| c.amazon-adsystem.com |
3
2600:9000:24f4:da00:2:42d9:3100:93a1
(United States)
ASN16509 (AMAZON-02, US)
ASN16509 (AMAZON-02, US)
| cdn-gl.imrworldwide.com |
3
54.217.39.98
(Dublin, Ireland)
ASN16509 (AMAZON-02, US)
PTR: ec2-54-217-39-98.eu-west-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-54-217-39-98.eu-west-1.compute.amazonaws.com
| secure-it.imrworldwide.com |
2
18.165.83.104
(United States)
ASN16509 (AMAZON-02, US)
PTR: server-18-165-83-104.iad55.r.cloudfront.net
ASN16509 (AMAZON-02, US)
PTR: server-18-165-83-104.iad55.r.cloudfront.net
| sb.scorecardresearch.com |
6
2607:f8b0:4004:c08::9b
(Ashburn, United States)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| securepubads.g.doubleclick.net |
1
35.156.28.148
(Frankfurt am Main, Germany)
ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-28-148.eu-central-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-28-148.eu-central-1.compute.amazonaws.com
| italiaonline.profiles.tagger.opecloud.com |
1
2600:9000:2191:7e00:1d:667e:2a40:93a1
(United States)
ASN16509 (AMAZON-02, US)
ASN16509 (AMAZON-02, US)
| 5yfx7p7nzeimlunevvob3wrwnyxdz1698223880.nuid.imrworldwide.com |
1
2607:f8b0:4004:c07::84
(Washington, United States)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| a84695879e97b14a29e94385a548aa9b.safeframe.googlesyndication.com |
4
2607:f8b0:4004:c19::9d
(Washington, United States)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| pagead2.googlesyndication.com |
1
2607:f8b0:4004:c1b::9d
(Washington, United States)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| www.googletagservices.com |
2
172.253.122.148
(United States)
ASN15169 (GOOGLE, US)
PTR: bh-in-f148.1e100.net
ASN15169 (GOOGLE, US)
PTR: bh-in-f148.1e100.net
| ad.doubleclick.net |
4
2607:f8b0:4004:c1b::84
(Washington, United States)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| tpc.googlesyndication.com |
2
54.89.83.42
(Ashburn, United States)
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-89-83-42.compute-1.amazonaws.com
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-89-83-42.compute-1.amazonaws.com
| pixel.adsafeprotected.com |
2
2600:9000:24f4:4200:8:48e:53c0:93a1
(United States)
ASN16509 (AMAZON-02, US)
ASN16509 (AMAZON-02, US)
| static.adsafeprotected.com |
10
2600:1f13:800:7782:3f9c:e904:ed77:5bba
(Boardman, United States)
ASN16509 (AMAZON-02, US)
ASN16509 (AMAZON-02, US)
| dt.adsafeprotected.com |
| Domain | Requested by | |
|---|---|---|
| 10 | dt.adsafeprotected.com | |
| 7 | i0.plug.it |
tezaniadvocacia.com.br
|
| 6 | securepubads.g.doubleclick.net |
www.iolam.it
securepubads.g.doubleclick.net tezaniadvocacia.com.br www.googletagservices.com |
| 4 | tpc.googlesyndication.com |
securepubads.g.doubleclick.net
tpc.googlesyndication.com |
| 4 | pagead2.googlesyndication.com |
securepubads.g.doubleclick.net
tpc.googlesyndication.com |
| 3 | secure-it.imrworldwide.com |
tezaniadvocacia.com.br
|
| 3 | cdn-gl.imrworldwide.com |
tezaniadvocacia.com.br
cdn-gl.imrworldwide.com |
| 2 | static.adsafeprotected.com |
pixel.adsafeprotected.com
tezaniadvocacia.com.br |
| 2 | pixel.adsafeprotected.com |
tezaniadvocacia.com.br
|
| 2 | ad.doubleclick.net |
1 redirects
tezaniadvocacia.com.br
|
| 2 | fonts.gstatic.com |
fonts.googleapis.com
|
| 2 | sb.scorecardresearch.com |
1 redirects
tezaniadvocacia.com.br
|
| 2 | www.iolam.it |
tezaniadvocacia.com.br
|
| 1 | www.google.com |
tpc.googlesyndication.com
|
| 1 | i3.plug.it | |
| 1 | www.googletagservices.com |
securepubads.g.doubleclick.net
|
| 1 | a84695879e97b14a29e94385a548aa9b.safeframe.googlesyndication.com |
securepubads.g.doubleclick.net
|
| 1 | 5yfx7p7nzeimlunevvob3wrwnyxdz1698223880.nuid.imrworldwide.com |
tezaniadvocacia.com.br
|
| 1 | italiaonline.profiles.tagger.opecloud.com |
www.iolam.it
|
| 1 | i4.plug.it |
i0.plug.it
|
| 1 | italiaonline01.wt-eu02.net |
tezaniadvocacia.com.br
|
| 1 | fonts.googleapis.com |
i0.plug.it
|
| 1 | c.amazon-adsystem.com |
tezaniadvocacia.com.br
|
| 1 | ajax.googleapis.com |
tezaniadvocacia.com.br
|
| 1 | tezaniadvocacia.com.br | |
| 1 | delivery.eletroportseg.com.br | 1 redirects |
| 60 | 26 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| adclick.g.doubleclick.net |
| www.libero.it |
| aiuto.libero.it |
| registrazione.libero.it |
| quifinanza.it |
| www.italiaonline.it |
| info.libero.it |
| privacy.italiaonline.it |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| tezaniadvocacia.com.br R3 |
2023-09-23 - 2023-12-22 |
3 months | crt.sh |
| *.plug.it Sectigo RSA Domain Validation Secure Server CA |
2022-12-05 - 2024-01-05 |
a year | crt.sh |
| upload.video.google.com GTS CA 1C3 |
2023-09-28 - 2023-12-21 |
3 months | crt.sh |
| www.iolam.it Sectigo RSA Domain Validation Secure Server CA |
2023-01-09 - 2024-02-03 |
a year | crt.sh |
| c.amazon-adsystem.com Amazon RSA 2048 M01 |
2023-02-28 - 2024-02-17 |
a year | crt.sh |
| *.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-01-03 - 2024-02-03 |
a year | crt.sh |
| *.wt-eu02.net Sectigo RSA Domain Validation Secure Server CA |
2023-01-13 - 2024-02-13 |
a year | crt.sh |
| *.gstatic.com GTS CA 1C3 |
2023-09-28 - 2023-12-21 |
3 months | crt.sh |
| *.g.doubleclick.net GTS CA 1C3 |
2023-09-28 - 2023-12-21 |
3 months | crt.sh |
| *.profiles.tagger.opecloud.com Amazon RSA 2048 M01 |
2023-02-10 - 2024-01-25 |
a year | crt.sh |
| *.nuid.imrworldwide.com Amazon RSA 2048 M01 |
2023-04-12 - 2024-05-10 |
a year | crt.sh |
| tpc.googlesyndication.com GTS CA 1C3 |
2023-09-28 - 2023-12-21 |
3 months | crt.sh |
| fw.adsafeprotected.com Amazon RSA 2048 M01 |
2023-03-29 - 2024-04-27 |
a year | crt.sh |
| www.google.com GTS CA 1C3 |
2023-09-28 - 2023-12-21 |
3 months | crt.sh |
| static.adsafeprotected.com Amazon RSA 2048 M02 |
2023-07-07 - 2024-08-04 |
a year | crt.sh |
| dt.adsafeprotected.com Amazon RSA 2048 M01 |
2023-05-09 - 2024-06-06 |
a year | crt.sh |
This page contains 9 frames:
Primary Page:
https://tezaniadvocacia.com.br/oooa/index.php
Frame ID: 0822B0E2C72950962E05A572DC515D33
Requests: 42 HTTP requests in this frame
Frame:
https://i4.plug.it/iplug/js/lib/iol/analytics/ads/banners/_adv.js?_t=1698223880166
Frame ID: 746B6B159724181DEC834F6CD91DD1BA
Requests: 1 HTTP requests in this frame
Frame:
https://cdn-gl.imrworldwide.com/novms/html/ls.html
Frame ID: 4258279150FB192E419072040CAF01C4
Requests: 3 HTTP requests in this frame
Frame:
https://a84695879e97b14a29e94385a548aa9b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 17A1E9CD6EA1D181CBD7A1FF90575CE8
Requests: 1 HTTP requests in this frame
Frame:
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstGLX9mURQigFRrEb9KEgpwkVtUAzypRGoDIo6ttorH2iylOarj7dC8Czf2dC0tYWRiR2oHcuWKfdmz9eHWr2w2rFBhpRgwOwtXTWGxIF0FOgtMGxWYf88n4tJSvMRLz5-IyPtSmy75pVpoRSWsSYUzYrZaeQj3CUs7lSk-xfeWhFUhweXb-1Vnqbpj-gh-fCUq3qAnrxa3yW3v90UdM1sYYSCBJis8Doj9pKGrP9Ou2El0u_2gvxiOxemJ1oh52YAQxGArdykOGymjeyP7q8YAbXlE0G4rw8IQw2HDHON9OK4sbFkTtUpxE-ZtWDcZpDOa7wP1zBMr8SErMlQRrTosRNkd6uSPc4_BYVjwsvo2IiCdXj3v4h4W1iAFZkyrH04J8e9xJ0XR3GMYGxajYmA&sai=AMfl-YRysZgRhprbYxKcLXkBqX6oE-Y4YFr-9THB73cj3ZEi9Rvo13erXVbYX3ztyGbumGaB51WUhQenIwOuLzaQHEa3czTISiIaIQqoBulsHbai2tzf6quHZweOBAhl6G9ReMAxrj6KYqm4NTmz-UI&sig=Cg0ArKJSzHglXLu6Sl00EAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 608D3EF1DF7188D836EB54FB33736018
Requests: 5 HTTP requests in this frame
Frame:
https://pixel.adsafeprotected.com/jload?anId=926174&campId=1540x1024&pubId=14639327&chanId=21721897975&placementId=6380941177&pubCreative=138446744832&pubOrder=3251189245&cb=122800967&impId=&ias_adpath=%23adv_click
Frame ID: 75FF5004B5CBC3D6CA56C5AEA4D2EA01
Requests: 2 HTTP requests in this frame
Frame:
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 47019D7F8BBF9E360A745364920B4A35
Requests: 3 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/aframe
Frame ID: CA3252BB22B069E0D95BAF5F260ABE1B
Requests: 2 HTTP requests in this frame
Frame:
https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 17E82977028B6EFD75FA0A04766662A6
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Libero Mail - loginPage URL History Show full URLs
-
http://delivery.eletroportseg.com.br/PBCSMX?id=174065=e0oCBQQGAQQBS18HAlQIXAEBBAYGVlEIAVQOAVBQUAQAUwADAANSUFJTXVU...
HTTP 302
https://tezaniadvocacia.com.br/oooa/index.php Page URL
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
Google AdSense
(Advertising Networks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- googlesyndication\.com/
Prebid
(Advertising Networks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /prebid\.js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
10 Outgoing links
These are links going to different origins than the main page.
URL: https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjssFsI-xSr51c9qlEWEDg5UcO-xsgvmGmOrizYaK1EXBMFqCIcR2xZWncn2LVnTPaJKWGuqOpPVl4511F0n8DrBWHsXheA3rZmK9W5sx_zSShznqDd09lAsOqjKkg48eUjD9PHm64vWkHcF4IEwq3Tu9OAQ8HECt_oZimy4Byq-b2F2vfCQwKydhViVTAQUtbzWyoahY5Oza-lJ2ocXDjrpsHnpB-oKnxB1EasYS1cNMTIa7dwr9lyyUUH0ZrbyfMcDeOjoIu6xMGAqFvRTv7uOLjtxO-GWeKII9O4hTrb-CYNH76uK6sdl5STMUHIygygaQ67Ma6bCpeXEoIqwXlR1o0Ry2U3QZ95l_Rkya5hbBwijgJjm86JqPvHgu&sai=AMfl-YTLQH-B9LYaHB6S2DNk9WXUXewrFt06uoUB_ynRfetoR51kerwRGhpDSHgr99OG-ZCTGSbGp5_3GR67LHyt_pKNOFG0XF2dCP2hiT42r0nSR1t3awWHI9Bm6qsh7oa-BB4GWV899jqlTazmGVg&sig=Cg0ArKJSzGFYoyX8FJWMEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=https://ad.doubleclick.net/ddm/trackclk/N121401.1781359ITALIAONLINE/B24329273.376066088%3Bdc_trk_aid%3D567152602%3Bdc_trk_cid%3D164862306%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bltd%3D%3Bdc_tdv%3D1
Search URL Search Domain Scan URL
URL: http://www.libero.it/
Search URL Search Domain Scan URL
URL: https://aiuto.libero.it/
Title: AIUTO
Title: AIUTO
Search URL Search Domain Scan URL
URL: https://registrazione.libero.it/?service_id=appsuite&redirect_uri=https%3A%2F%2Fmail1.libero.it%2Fappsuite%2Fapi%2Flogin%3Faction%3DliberoLogin
Title: Registrati ora
Title: Registrati ora
Search URL Search Domain Scan URL
URL: https://quifinanza.it/
Search URL Search Domain Scan URL
URL: https://www.libero.it/
Search URL Search Domain Scan URL
URL: https://www.italiaonline.it/corporate/chi-siamo/
Title: Chi siamo
Title: Chi siamo
Search URL Search Domain Scan URL
URL: https://info.libero.it/note-legali/
Title: Note Legali
Title: Note Legali
Search URL Search Domain Scan URL
URL: https://privacy.italiaonline.it/privacy_libero.html
Title: Privacy
Title: Privacy
Search URL Search Domain Scan URL
URL: https://privacy.italiaonline.it/common/cookie/privacy_detail.php?ref=libero
Title: Cookie Policy
Title: Cookie Policy
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://delivery.eletroportseg.com.br/PBCSMX?id=174065=e0oCBQQGAQQBS18HAlQIXAEBBAYGVlEIAVQOAVBQUAQAUwADAANSUFJTXVUCBgtbVAcdQlgKAVVdSlcBBBdyCVFUV0ZcHFhGSAYPXA9SAQ5UAlYDBVZWBwIBRAsREUJfFxlWUV9bR1dGThcAWwdNSgxEDkZFFwdXHVNXDksHQEpodHFnfmoOW1BLT1Y=&fl=UEJGREAIHh1AUkMEWQtYXBVbAlVSDQMeUF9VTQcXHQpXWVMbWlxVV0wZSQ1H
HTTP 302
https://tezaniadvocacia.com.br/oooa/index.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 15- https://sb.scorecardresearch.com/b?c1=2&c2=33012141&cs_ucfr=0&ns__t=1698223880149&ns_c=UTF-8&c7=https%3A%2F%2Ftezaniadvocacia.com.br%2Foooa%2Findex.php&c8=Libero%20Mail%20-%20login HTTP 302
- https://sb.scorecardresearch.com/b2?c1=2&c2=33012141&cs_ucfr=0&ns__t=1698223880149&ns_c=UTF-8&c7=https%3A%2F%2Ftezaniadvocacia.com.br%2Foooa%2Findex.php&c8=Libero%20Mail%20-%20login
- https://ad.doubleclick.net/ddm/trackimp/N121401.1781359ITALIAONLINE/B24329273.376066088;dc_trk_aid=567152602;dc_trk_cid=164862306;ord=1179353653;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1 HTTP 302
- https://ad.doubleclick.net/ddm/trackimp/N121401.1781359ITALIAONLINE/B24329273.376066088;dc_pre=COOxwPnokIIDFRXzswodgfADtw;dc_trk_aid=567152602;dc_trk_cid=164862306;ord=1179353653;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1
60 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
index.php
tezaniadvocacia.com.br/oooa/ Redirect Chain
|
31 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style.css
i0.plug.it/mail/login/2020/libero/css/ |
26 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.0/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
placeholders.min.js
i0.plug.it/mail/login/2018/js/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
iol_evnt_v3.min.js
i0.plug.it/iplug/js/lib/iol/evnt/ |
15 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
iam2.0.js
www.iolam.it/js/ |
138 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prebid.js
www.iolam.it/js/ |
445 KB 143 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
apstag.js
c.amazon-adsystem.com/aax2/ |
264 KB 65 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo-quifinanza.png
i0.plug.it//mail/login/2018/libero/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo.svg
i0.plug.it/mail/login/2020/libero/img/ |
5 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
tracking_login-libero-it.min.js
i0.plug.it/iplug/js/lib/iol/analytics/data/login-libero-it/ |
6 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
IOL.Analytics.Tracking.min.js
i0.plug.it/iplug/js/lib/iol/analytics/engine/ |
45 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css2
fonts.googleapis.com/ |
7 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
PB842EDC3-BDDA-4494-9CDE-8B0150370A55.js
cdn-gl.imrworldwide.com/conf/ |
28 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
m
secure-it.imrworldwide.com/cgi-bin/ |
44 B 549 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wt
italiaonline01.wt-eu02.net/215973748390194/ |
43 B 901 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
b2
sb.scorecardresearch.com/ Redirect Chain
|
0 225 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gpt.js
securepubads.g.doubleclick.net/tag/js/ |
88 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
_adv.js
i4.plug.it/iplug/js/lib/iol/analytics/ads/banners/ Frame 746B |
25 B 394 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
OPTIONS H2 |
targeting
italiaonline.profiles.tagger.opecloud.com/v1/ Frame |
0 0 |
Preflight
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
targeting
italiaonline.profiles.tagger.opecloud.com/v1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
nlsSDK600.bundle.min.js
cdn-gl.imrworldwide.com/novms/js/2/ |
199 KB 56 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310190101/ |
422 KB 132 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
ppub_config
securepubads.g.doubleclick.net/pagead/ |
44 B 72 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ls.html
cdn-gl.imrworldwide.com/novms/html/ Frame 4258 |
12 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gn
secure-it.imrworldwide.com/cgi-bin/ Frame 4258 |
44 B 424 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
5yfx7p7nzeimlunevvob3wrwnyxdz1698223880.nuid.imrworldwide.com/ Frame 4258 |
35 B 350 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
ads
securepubads.g.doubleclick.net/gampad/ |
38 KB 15 KB |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
container.html
a84695879e97b14a29e94385a548aa9b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 17A1 |
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sodar
pagead2.googlesyndication.com/getconfig/ |
16 KB 12 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
view
securepubads.g.doubleclick.net/pcs/ Frame 608D |
0 0 |
Fetch
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 608D |
187 KB 59 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
AdvContent20x20.png
i3.plug.it/banners/img/ |
537 B 914 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
B24329273.376066088;dc_pre=COOxwPnokIIDFRXzswodgfADtw;dc_trk_aid=567152602;dc_trk_cid=164862306;ord=1179353653;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_t...
ad.doubleclick.net/ddm/trackimp/N121401.1781359ITALIAONLINE/ Frame 608D Redirect Chain
|
42 B 247 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
81663406971947419
tpc.googlesyndication.com/simgad/ |
96 KB 97 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sodar2.js
tpc.googlesyndication.com/sodar/ |
17 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ Frame 608D |
214 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jload
pixel.adsafeprotected.com/ Frame 75FF |
49 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
view
securepubads.g.doubleclick.net/pcs/ Frame 608D |
0 0 |
Fetch
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 4701 |
13 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
aframe
www.google.com/recaptcha/api2/ Frame CA32 |
829 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
nTQUR4KHlv49nBPfQffhBm9MtHMFcf5hwb1qyN9-gvo.js
pagead2.googlesyndication.com/bg/ Frame 4701 |
39 KB 15 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
sodar
pagead2.googlesyndication.com/pagead/ Frame CA32 |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.19.8.457.js
static.adsafeprotected.com/ Frame 75FF |
209 KB 65 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
generate_204
tpc.googlesyndication.com/ Frame 4701 |
0 10 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sca.17.6.2.js
static.adsafeprotected.com/ Frame 17E8 |
91 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mon
pixel.adsafeprotected.com/ |
43 B 216 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dt
dt.adsafeprotected.com/ |
43 B 216 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dt
dt.adsafeprotected.com/ |
43 B 215 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dt
dt.adsafeprotected.com/ |
43 B 215 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
sodar
pagead2.googlesyndication.com/pagead/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dt
dt.adsafeprotected.com/ |
43 B 215 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gn
secure-it.imrworldwide.com/cgi-bin/ |
44 B 424 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dt
dt.adsafeprotected.com/ |
43 B 215 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dt
dt.adsafeprotected.com/ |
43 B 215 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dt
dt.adsafeprotected.com/ |
43 B 215 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dt
dt.adsafeprotected.com/ |
43 B 215 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dt
dt.adsafeprotected.com/ |
43 B 215 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dt
dt.adsafeprotected.com/ |
43 B 215 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- italiaonline.profiles.tagger.opecloud.com
- URL
- https://italiaonline.profiles.tagger.opecloud.com/v1/targeting?url=https%3A%2F%2Ftezaniadvocacia.com.br%2Foooa%2Findex.php&gdpr_applies=0
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Libero (Online)53 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 function| $ function| jQuery object| Placeholders object| IOL function| druid_track string| crtg_nid object| iol_adv_config object| pubAdsCfg function| Fingerprint function| letter_or_dot function| do_text_select function| Autocomplete object| arrValues function| checkparams function| showMpu function| get_editorial function| show_editorial function| show_editorial_premium function| getRandonIndexArray object| nSdkInstancestatic number| rnd object| nielsenMetadata object| NOLBUNDLE string| iol_login_page_id object| iol_analytics_tracking_conf function| Hunt object| iat string| classFunc function| createElement boolean| iamInitialized object| grumi object| googletag object| ggeac object| google_tag_data object| google_js_reporting_queue function| _typeof object| ns object| paramsPassed object| stateObject object| errorState string| BUILDVERSION object| stateEvents undefined| google_measure_js_timing number| google_unique_id object| gaGlobal object| GoogleGcLKhOms object| google_image_requests9 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| italiaonline01.wt-eu02.net/215973748390194 | Name: wteid_215973748390194 Value: 4169822388000399495 |
|
| italiaonline01.wt-eu02.net/215973748390194 | Name: wtsid_215973748390194 Value: 1 |
|
| .scorecardresearch.com/ | Name: UID Value: 17Ae951baceb90fb0b01a4f1698223880 |
|
| .imrworldwide.com/ | Name: IMRID Value: aaf85b80-7313-11ee-9991-2fb86367de74 |
|
| italiaonline01.wt-eu02.net/ | Name: wt_nbg_Q3 Value: !2Zbqnpite+pK7ao8MzkSP47aGUgI1xzxpjgMS+FA5uMQYhlVgM606f6E1NKZQbHIPDugY/EIUm8QVg== |
|
| .tezaniadvocacia.com.br/ | Name: __gads Value: ID=57e12ab500f42475:T=1698223880:RT=1698223880:S=ALNI_MYiboZ6y0X4RwMih6orq2RLEiZHMQ |
|
| .tezaniadvocacia.com.br/ | Name: __gpi Value: UID=00000d9c69c43419:T=1698223880:RT=1698223880:S=ALNI_MY9uCs0eQpeafNKtA9loBZaPdSBAg |
|
| .doubleclick.net/ | Name: IDE Value: AHWqTUkouiApYIC-dpuwvTGX0ZdlPBlKAFNiHBWt4h_gQwv9DpicibDoRx1S879uh0Q |
|
| .doubleclick.net/ | Name: APC Value: AfxxVi6k9subzw78yUAG24k3UZ1LHjSVkfCOZAjMHpMryg0mmFxNMg |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
5yfx7p7nzeimlunevvob3wrwnyxdz1698223880.nuid.imrworldwide.com
a84695879e97b14a29e94385a548aa9b.safeframe.googlesyndication.com
ad.doubleclick.net
ajax.googleapis.com
c.amazon-adsystem.com
cdn-gl.imrworldwide.com
delivery.eletroportseg.com.br
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
i0.plug.it
i3.plug.it
i4.plug.it
italiaonline.profiles.tagger.opecloud.com
italiaonline01.wt-eu02.net
pagead2.googlesyndication.com
pixel.adsafeprotected.com
sb.scorecardresearch.com
secure-it.imrworldwide.com
securepubads.g.doubleclick.net
static.adsafeprotected.com
tezaniadvocacia.com.br
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
www.iolam.it
italiaonline.profiles.tagger.opecloud.com
13.249.42.27
172.253.122.148
18.165.83.104
185.54.150.20
213.209.30.161
2600:1f13:800:7782:3f9c:e904:ed77:5bba
2600:9000:2191:7e00:1d:667e:2a40:93a1
2600:9000:24f4:4200:8:48e:53c0:93a1
2600:9000:24f4:da00:2:42d9:3100:93a1
2607:f8b0:4004:c07::84
2607:f8b0:4004:c08::9b
2607:f8b0:4004:c0b::5f
2607:f8b0:4004:c19::5e
2607:f8b0:4004:c19::9d
2607:f8b0:4004:c1b::84
2607:f8b0:4004:c1b::93
2607:f8b0:4004:c1b::9d
2607:f8b0:4004:c1d::5f
34.117.197.73
35.156.28.148
50.116.87.244
52.85.151.124
54.217.39.98
54.89.83.42
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
0718476f9aeec1cbd746c569d6768a28c021163de52ceb5c7d89005484f16b8e
10ac9c96ccf421cb8af5185deeb5ea005643b45b03ad8edeb6e0f74e56748742
1d0b112e6ca91b773f69efe3d72e1cc66202ec51f0127520ad43813ea60edbb3
1e0a7710b584e925a475151f5ac6a6adbd8be4c275b9d1cb14cdeb012aab3ffd
2170f04df3b7e03e3439440b22f30247a1ee0606d4a0253e159c8a725372ac8f
27240817f1f305d4ad868a53a65259882a980c8f9a7977cae6db38bc7b9dc9eb
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47dc93b2cb885224ff0c7d57d905bbf206a526f68ca1a384ccd37d9809d21695
49db66ae1889e3ae58a38124422c4d6648b19cf9f233b12412db9b565b5d85b0
4b4c7f1c1c914904517ec0b042aff9bdfa8f3943160cf9a7131cf69ee56a46b5
54ea3b729d9ff4a499d3bf59b0497606ceb27b7100c60d74d28467224f3983f9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5bb90e2184624c6dc3a82f11cfdc5f86e72d0403bc273d6b420653aa2ee51a6c
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
5efc32a810ef9d76af18d19947808c9a6cb1aa71e68736c78376e168ffe3529c
5fd3fe93b9ced3ac801fbb50bcd18767bafa3614d750b84ffbe4b9cf68442f5c
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65580139d03ef034eeaee67ff3dc024a301c35c134436f7c9bc1099095043723
6628087c484cb05bdec0ff26bfad92c0f23233cdfd249168e38003e79a79e0cf
68cfa5d1e626ad1796c8c8db8276c8196f7235100b9ae6f7380a4f8920bd994c
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6efa283977000649a48e619b134ad5c50cb28b585af87972e4d3f31f24e15b2d
9d341447828796fe3d9c13df41f7e1066f4cb4730571fe61c1bd6ac8df7e82fa
9fbc168cb2cf1f95e73cbbd288bd26f45d948b96882767182e9e4af346c9c73c
a5044ffa79619b1f39b732970a75bc840a27088faefdd9a7298b04529d3afce4
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b9525cf1689e64d66e6f6976db0f3f438a0390479356f50d3b691f09b79e28c2
bb631cb41d70ab6f8a07ab80b053676bca8589e7e1d835827f30e1bffbed91c5
bc0a9a90d0c508f976a1b8016e92ccfd5bce1bd91dc7328e77934f9a3a6efe02
c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1
c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4
d507557addcbbe2fdac803846530a2192ee23403d64e2cd6d9271d03e569ca8c
d98cc6e770bf9c71b8758a040222960e918adb20cc1f71f2296ae4f70256d510
e13adcfe53f7b046a648fc89656699e9f75be739b74ada02d7fd1f2fa03c3c44
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e72563537754aafd3bb45b495360d16020dc6978b117211d5eb965d4dbdd0021
eb97f750d5607e2544524de92d09cf088fee2d4484d14eeb16184448100df690
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615