sci-hubtw.hkvisa.net
Open in
urlscan Pro
2a06:98c1:3121::c
Malicious Activity!
Public Scan
Submission: On March 02 via api from IE — Scanned from NL
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 8th 2023. Valid for: a year.
This is the only time sci-hubtw.hkvisa.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sci-Hub (Consumer)Domain & IP information
ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com | |
adservice.google.com |
ASN15169 (GOOGLE, US)
partner.googleadservices.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
24 |
criteo.net
static.criteo.net — Cisco Umbrella Rank: 625 csm.eu.criteo.net — Cisco Umbrella Rank: 8487 pix.eu.criteo.net — Cisco Umbrella Rank: 7936 |
331 KB |
21 |
sci-hub.shop
img.sci-hub.shop — Cisco Umbrella Rank: 351743 |
584 KB |
14 |
googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 140 |
265 KB |
6 |
doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 35 |
27 KB |
3 |
criteo.com
ads.eu.criteo.com — Cisco Umbrella Rank: 8414 cat.fr.eu.criteo.com — Cisco Umbrella Rank: 9640 rtb.nl3.eu.criteo.com — Cisco Umbrella Rank: 13386 |
45 KB |
3 |
google.com
adservice.google.com — Cisco Umbrella Rank: 73 www.google.com — Cisco Umbrella Rank: 2 |
2 KB |
2 |
yadro.ru
1 redirects
counter.yadro.ru — Cisco Umbrella Rank: 9857 |
1 KB |
2 |
google.nl
adservice.google.nl — Cisco Umbrella Rank: 14351 |
696 B |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 195 |
5 KB |
1 |
googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 183 |
49 KB |
1 |
googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 855 |
603 B |
1 |
hkvisa.net
sci-hubtw.hkvisa.net |
7 KB |
0 |
kitbit.net
Failed
kitbit.net Failed |
|
0 |
pluso.ru
Failed
share.pluso.ru Failed |
|
84 | 14 |
Domain | Requested by | |
---|---|---|
21 | img.sci-hub.shop |
sci-hubtw.hkvisa.net
|
14 | pix.eu.criteo.net | |
9 | pagead2.googlesyndication.com |
sci-hubtw.hkvisa.net
pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com |
8 | static.criteo.net |
ads.eu.criteo.com
|
6 | googleads.g.doubleclick.net |
pagead2.googlesyndication.com
|
5 | tpc.googlesyndication.com |
googleads.g.doubleclick.net
pagead2.googlesyndication.com tpc.googlesyndication.com |
2 | counter.yadro.ru | 1 redirects |
2 | csm.eu.criteo.net |
ads.eu.criteo.com
|
2 | adservice.google.com |
pagead2.googlesyndication.com
|
2 | adservice.google.nl |
pagead2.googlesyndication.com
|
1 | www.google.com |
tpc.googlesyndication.com
|
1 | rtb.nl3.eu.criteo.com | |
1 | cdnjs.cloudflare.com |
ads.eu.criteo.com
|
1 | cat.fr.eu.criteo.com |
ads.eu.criteo.com
|
1 | www.googletagservices.com |
googleads.g.doubleclick.net
|
1 | ads.eu.criteo.com |
googleads.g.doubleclick.net
|
1 | partner.googleadservices.com |
pagead2.googlesyndication.com
|
1 | sci-hubtw.hkvisa.net | |
0 | kitbit.net Failed |
img.sci-hub.shop
|
0 | share.pluso.ru Failed |
img.sci-hub.shop
|
84 | 20 |
This site contains links to these domains. Also see Links.
Domain |
---|
pluso.ru |
vk.com |
twitter.com |
www.facebook.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
hkvisa.net Cloudflare Inc ECC CA-3 |
2023-02-08 - 2024-02-08 |
a year | crt.sh |
sci-hub.shop Cloudflare Inc ECC CA-3 |
2022-05-23 - 2023-05-23 |
a year | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2023-02-08 - 2023-05-03 |
3 months | crt.sh |
*.googleadservices.com GTS CA 1C3 |
2023-02-08 - 2023-05-03 |
3 months | crt.sh |
*.google.nl GTS CA 1C3 |
2023-02-08 - 2023-05-03 |
3 months | crt.sh |
*.google.com GTS CA 1C3 |
2023-02-08 - 2023-05-03 |
3 months | crt.sh |
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-12-22 - 2023-03-26 |
3 months | crt.sh |
tpc.googlesyndication.com GTS CA 1C3 |
2023-02-08 - 2023-05-03 |
3 months | crt.sh |
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-01-13 - 2023-04-15 |
3 months | crt.sh |
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-02-18 - 2023-05-20 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-01-13 - 2023-04-17 |
3 months | crt.sh |
*.nl3.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-01-04 - 2023-04-05 |
3 months | crt.sh |
www.google.com GTS CA 1C3 |
2023-02-08 - 2023-05-03 |
3 months | crt.sh |
This page contains 9 frames:
Primary Page:
https://sci-hubtw.hkvisa.net/
Frame ID: F7D2AEA07E5BBF01E4B9D3D090AFFFD4
Requests: 41 HTTP requests in this frame
Frame:
https://googleads.g.doubleclick.net/pagead/html/r20230227/r20190131/zrt_lookup.html
Frame ID: 74A3691D86A6CEE730E7D14479951E99
Requests: 1 HTTP requests in this frame
Frame:
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4788083219224278&output=html&h=90&slotname=4859960692&adk=1980608376&adf=2653041513&pi=t.ma~as.4859960692&w=970&lmt=1677728167&format=970x90&url=https%3A%2F%2Fsci-hubtw.hkvisa.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677728167651&bpp=7&bdt=706&idt=233&shv=r20230227&mjsv=m202302280101&ptt=9&saldr=aa&abxe=1&correlator=8766770406825&frm=20&pv=2&ga_vid=1025566421.1677728168&ga_sid=1677728168&ga_hid=1759639898&ga_fc=0&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=900&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44777877%2C44759842%2C44759875%2C31072742&oid=2&pvsid=2597787460747545&tmod=654738983&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OwAlMyxzuN&p=https%3A//sci-hubtw.hkvisa.net&dtd=277
Frame ID: 8CEDEC77097A76903C01A04535D7A86A
Requests: 1 HTTP requests in this frame
Frame:
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4788083219224278&output=html&h=280&slotname=4859960692&adk=4036303272&adf=2987723014&pi=t.ma~as.4859960692&w=1200&fwrn=4&fwrnh=100&lmt=1677728167&rafmt=1&format=1200x280&url=https%3A%2F%2Fsci-hubtw.hkvisa.net%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677728167658&bpp=2&bdt=713&idt=281&shv=r20230227&mjsv=m202302280101&ptt=9&saldr=aa&abxe=1&prev_fmts=970x90&correlator=8766770406825&frm=20&pv=1&ga_vid=1025566421.1677728168&ga_sid=1677728168&ga_hid=1759639898&ga_fc=0&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1498&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44777877%2C44759842%2C44759875%2C31072742&oid=2&pvsid=2597787460747545&tmod=654738983&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=id2tL6bDZN&p=https%3A//sci-hubtw.hkvisa.net&dtd=294
Frame ID: 97D740AB50F2618592B846D800454E7D
Requests: 1 HTTP requests in this frame
Frame:
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4788083219224278&output=html&adk=1812271804&adf=3025194257&lmt=1677728167&plat=1%3A16777216%2C3%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x540_r&format=0x0&url=https%3A%2F%2Fsci-hubtw.hkvisa.net%2F&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677728167676&bpp=2&bdt=732&idt=285&shv=r20230227&mjsv=m202302280101&ptt=9&saldr=aa&abxe=1&prev_fmts=970x90%2C1200x280&nras=1&correlator=8766770406825&frm=20&pv=1&ga_vid=1025566421.1677728168&ga_sid=1677728168&ga_hid=1759639898&ga_fc=0&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44777877%2C44759842%2C44759875%2C31072742&oid=2&pvsid=2597787460747545&tmod=654738983&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=300
Frame ID: 15C5F3B7C7F00C66B1DCCCBB9DBC9F94
Requests: 1 HTTP requests in this frame
Frame:
https://googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/zrt_lookup.html?fsb=1
Frame ID: 09998E5A254F364792FED313056E8657
Requests: 8 HTTP requests in this frame
Frame:
https://ads.eu.criteo.com/delivery/r/afr.php?z=ZAAZqAAAYxcKd6kPAA_ZTDIFrVLOuELB81ojIA&u=%7CYh76Dk1zVw5EsuzwkEPylEKgMSntjHnxcDfE8K6K43s%3D%7C&c1=VEd5MTeK-DVtvwpxQwkatQ5fNcsqqVzrSzdAvklCiymh-AmoIDed1ipUT25GSf4krQyHSRYdaHg7S2txPrKTY-qxq3TjMcaR0yTnhTiCAW3cZKn_3h_alRdLuw-toS-__UmLK5Vl0qrpNhG4MUSm2Rv_i3HLbIITz4HV7LvFM5OdOHDI19xyPmEBWavKnRC9ficjGqgoyC0P2okS7yAiY0AN5LLMbQWfSc05x5RGfMrJ51BF-L_ygmQMX4EoRsoxYGioQGRckWwLBBjb29BGKH44HPO2VB3aJl_S3fMypjD7TfPOUL-xYsH8QV8xgOgbNg9WdaV6-I1EVgPrFOHoaOdr9UHzzsIAVCCyLBosXZTiaSK3t4E6S4YA1IDzRpklgfi7gtHnm06Rv_t0nGn147SiNZy1F4_C94ayEV2G7RVtoy5UXAMAkpbEHe3dtH-E1pTtaYhSwQ1s2aZ7P_AIILDLYi09Tx6mKWZ-CPEQn0fjDyzB2c9YK5lcsX2_z1x7IoN693Ve8QCsvnpDckzrO2XGbXiy8QP1CRrxQ_iQqQAhISEvsazYHa_FqQCNn8YLfJBBU9SON2Q45NhrB1wj-O7Gw5KRv4mevMtQ0bNjnqgxbEKvkcygSvQoEvAZUsdHwbgs6mSca-4&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCWlm7qBkAZJfGAY_S3gPMsr-wAsme0rFc1Z2R93DAjbcBEAEgAGCRhKCFjBiCARdjYS1wdWItNDc4ODA4MzIxOTIyNDI3OMgBCakCLvsrhMnlsT6oAwGqBM0BT9C-rNcaoNmQeJoVJOSQR6UHt05nbhgetxSiu41LXFSqvEZ45OKlCktRCayXAByPH3e7Qv_loPhR20mPxV1RL1MEtTFgqyjds2Gg8dsDLGcJGIxPMdZm0u4nzwdzQ9KOk6VmkXq-gxfUnxo1H8tEK_crBJltdvK__8lSqHKvpYIVTW_JTXIeMZEDQoZnhzJvHQ33sn_I9sUe93EcXnXmYV_J6-_yd_qIyZiJ53cXtdcpTbn3npZu_5Qs9yXswtqRA3mCm5oP1LsVT7lV14AG6fyjgsCJgInHAaAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1K5SdJvLRPS4qDieFOUSO0XS16HA%26client%3Dca-pub-4788083219224278%26adurl%3D
Frame ID: 454CB03F8F93D89C78704E0663DB5760
Requests: 27 HTTP requests in this frame
Frame:
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 514DDCA7465009D78607DF9FAFC3F18F
Requests: 3 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/aframe
Frame ID: 4DC8611E409E1723C73E0CD11CDD5CEC
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
Sci-HubDetected technologies
Google AdSense (Advertising Networks) ExpandDetected patterns
- googlesyndication\.com/
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- jquery-ui.*\.js
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 54- https://counter.yadro.ru/hit;PLUSO?r;s1600*1200*24;uhttps%3A//sci-hubtw.hkvisa.net/;hSci-Hub;1 HTTP 302
- https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hubtw.hkvisa.net/;hSci-Hub;1
84 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
sci-hubtw.hkvisa.net/ |
27 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.1.1.min.js
img.sci-hub.shop/scihub/ |
85 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-ui.min.js
img.sci-hub.shop/scihub/ |
248 KB 68 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
openapi.js
img.sci-hub.shop/scihub/ |
94 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
medal.png
img.sci-hub.shop/scihub/ |
22 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
key_1.png
img.sci-hub.shop/scihub/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ |
140 KB 47 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
top-back.jpg
img.sci-hub.shop/scihub/ |
184 KB 185 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_en.png
img.sci-hub.shop/scihub/ |
14 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
raven_1.png
img.sci-hub.shop/scihub/ |
59 KB 59 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
map.jpg
img.sci-hub.shop/scihub/ |
54 KB 55 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
about-marker_en.png
img.sci-hub.shop/scihub/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
quote.png
img.sci-hub.shop/scihub/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
quotenext_en.png
img.sci-hub.shop/scihub/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pone.png
img.sci-hub.shop/scihub/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ptwo.png
img.sci-hub.shop/scihub/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pthree.png
img.sci-hub.shop/scihub/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
AvenirLTW01-55Roman.woff2
img.sci-hub.shop/misc/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
people.jpg
img.sci-hub.shop/scihub/ |
50 KB 51 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
join_en.png
img.sci-hub.shop/scihub/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
joinvk.png
img.sci-hub.shop/scihub/ |
17 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jointwitter.png
img.sci-hub.shop/scihub/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
joinfacebook.png
img.sci-hub.shop/scihub/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pluso-like.js
img.sci-hub.shop/scihub/ |
41 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302280101/ |
362 KB 119 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20230227/r20190131/ Frame 74A3 |
10 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cookie.js
partner.googleadservices.com/gampad/ |
387 B 603 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
integrator.js
adservice.google.nl/adsid/ |
107 B 531 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
integrator.js
adservice.google.com/adsid/ |
107 B 456 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ads
googleads.g.doubleclick.net/pagead/ Frame 8CED |
436 B 411 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ads
googleads.g.doubleclick.net/pagead/ Frame 97D7 |
436 B 383 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gen_204
pagead2.googlesyndication.com/pagead/ |
0 20 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ads
googleads.g.doubleclick.net/pagead/ Frame 15C5 |
57 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
reactive_library_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302280101/ |
150 KB 51 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
integrator.js
adservice.google.nl/adsid/ |
107 B 165 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
integrator.js
adservice.google.com/adsid/ |
107 B 165 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/ Frame 0999 |
10 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
afr.php
ads.eu.criteo.com/delivery/r/ Frame 454C |
129 KB 44 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/ Frame 0999 |
3 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/ Frame 0999 |
20 KB 9 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 0999 |
158 KB 49 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
privacy_small.svg
static.criteo.net/flash/icon/ Frame 454C |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adchoices_nl.svg
static.criteo.net/flash/icon/ Frame 454C |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
close_button.svg
static.criteo.net/flash/icon/ Frame 454C |
308 B 636 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
back_button2.svg
static.criteo.net/flash/icon/ Frame 454C |
293 B 622 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lg.php
cat.fr.eu.criteo.com/delivery/ Frame 454C |
43 B 348 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webfontloader.js
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 454C |
12 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
animejs.js
static.criteo.net/animejs/ Frame 454C |
12 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
all
csm.eu.criteo.net/ Frame 454C |
0 128 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
privacy.svg
static.criteo.net/flash/icon/ Frame 454C |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
19b6feaf7bb04307a5ed79d69ca28780_gotham-bold.woff
static.criteo.net/design/dt/ Frame 454C |
15 KB 15 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b4338c429b884dd1a41cf5d47720754c_gotham-regular.woff
static.criteo.net/design/dt/ Frame 454C |
31 KB 31 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 0999 |
206 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
process
share.pluso.ru/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
process
share.pluso.ru/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hit;PLUSO
counter.yadro.ru/ Redirect Chain
|
43 B 528 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sodar
pagead2.googlesyndication.com/getconfig/ |
14 KB 11 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
06.png
share.pluso.ru/img/pluso-like/square/medium/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
plus.png
share.pluso.ru/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
adview
googleads.g.doubleclick.net/pagead/ Frame 0999 |
0 22 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 0999 |
0 126 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img
pix.eu.criteo.net/img/ Frame 454C |
69 KB 69 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img
pix.eu.criteo.net/img/ Frame 454C |
11 KB 11 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img
pix.eu.criteo.net/img/ Frame 454C |
8 KB 8 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img
pix.eu.criteo.net/img/ Frame 454C |
12 KB 12 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img
pix.eu.criteo.net/img/ Frame 454C |
10 KB 11 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img
pix.eu.criteo.net/img/ Frame 454C |
7 KB 8 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img
pix.eu.criteo.net/img/ Frame 454C |
18 KB 18 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
kb.js
kitbit.net/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img
pix.eu.criteo.net/img/ Frame 454C |
8 KB 8 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sodar2.js
tpc.googlesyndication.com/sodar/ |
17 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img
pix.eu.criteo.net/img/ Frame 454C |
69 KB 69 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img
pix.eu.criteo.net/img/ Frame 454C |
12 KB 12 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img
pix.eu.criteo.net/img/ Frame 454C |
10 KB 11 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img
pix.eu.criteo.net/img/ Frame 454C |
11 KB 11 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img
pix.eu.criteo.net/img/ Frame 454C |
7 KB 8 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img
pix.eu.criteo.net/img/ Frame 454C |
18 KB 18 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 514D |
13 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aframe
www.google.com/recaptcha/api2/ Frame 4DC8 |
783 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
YeyVZ0EhAtcDFQuhm4W2HTvLIH7JypmBfS93VbjkVpU.js
pagead2.googlesyndication.com/bg/ Frame 514D |
36 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
generate_204
tpc.googlesyndication.com/ Frame 514D |
0 10 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sodar
pagead2.googlesyndication.com/pagead/ Frame 4DC8 |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
all
csm.eu.criteo.net/ Frame 454C |
0 127 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
activeview
pagead2.googlesyndication.com/pcs/ Frame 0999 |
42 B 64 B |
Fetch
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sodar
pagead2.googlesyndication.com/pagead/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- img.sci-hub.shop
- URL
- https://img.sci-hub.shop/misc/fonts/AvenirLTW01-55Roman.woff2
- Domain
- share.pluso.ru
- URL
- https://share.pluso.ru/process?act=counter&u=https%3A%2F%2Fsci-hubtw.hkvisa.net%2F&w=1600&h=1200&ref=&uid=5473046666911051876&k=3oRVILcUeEDqundefinedZQV&first=1
- Domain
- share.pluso.ru
- URL
- https://share.pluso.ru/process?act=counter&u=https%3A%2F%2Fsci-hubtw.hkvisa.net%2F&w=1600&h=1200&ref=&uid=5473046666911051876&k=6yvT6I8kck1ThnAs
- Domain
- share.pluso.ru
- URL
- https://share.pluso.ru/img/pluso-like/square/medium/06.png
- Domain
- share.pluso.ru
- URL
- https://share.pluso.ru/img/plus.png
- Domain
- kitbit.net
- URL
- https://kitbit.net/kb.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sci-Hub (Consumer)56 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 boolean| credentialless function| $ function| jQuery function| obj2qs object| fastXDM object| VK function| slideQuote function| colorMenu function| go string| allurl object| adsbygoogle number| ifpluso object| pluso object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_persistent_state_async boolean| google_measure_js_timing object| google_tag_data object| google_reactive_ads_global_state boolean| _gfp_a_ object| google_sa_queue function| google_process_slots boolean| google_apltlad function| google_spfd number| google_lpabyc number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages object| google_image_requests object| google_llp object| googletag object| k string| pt object| s object| GoogleGcLKhOms5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.hkvisa.net/ | Name: __gads Value: ID=5189ce3ae6f3c5df-225614e138dd00fd:T=1677728168:RT=1677728168:S=ALNI_MbQe7NtUOH7Xc5-jMb5IPo0kqJ0EA |
|
.hkvisa.net/ | Name: __gpi Value: UID=00000bbd87cd079f:T=1677728168:RT=1677728168:S=ALNI_MZ7UGTNVwh3jhbA3xZBAsjAG-1n4w |
|
.doubleclick.net/ | Name: IDE Value: AHWqTUnhRAoqQCYbZvNyDpaJ7kiYI0yLw-8HS0dfYtbdpH_pLPj0KwC4-vP5V0HAmv0 |
|
.yadro.ru/ | Name: FTID Value: 1a01cf1B6ouW1a01cf003GsI |
|
.yadro.ru/ | Name: VID Value: 1lzm1i31SM8W1a01cg003Gsb |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ads.eu.criteo.com
adservice.google.com
adservice.google.nl
cat.fr.eu.criteo.com
cdnjs.cloudflare.com
counter.yadro.ru
csm.eu.criteo.net
googleads.g.doubleclick.net
img.sci-hub.shop
kitbit.net
pagead2.googlesyndication.com
partner.googleadservices.com
pix.eu.criteo.net
rtb.nl3.eu.criteo.com
sci-hubtw.hkvisa.net
share.pluso.ru
static.criteo.net
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
img.sci-hub.shop
kitbit.net
share.pluso.ru
178.250.0.160
2606:4700:3033::ac43:a162
2606:4700::6811:190e
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2004
2a00:1450:400d:803::2002
2a00:1450:400d:804::2002
2a00:1450:400d:80a::2001
2a00:1450:400d:80c::2002
2a00:1450:400d:80e::2002
2a02:2638:3::1a
2a02:2638:3::9
2a02:2638:3::f
2a02:2638::3
2a02:2638::b
2a06:98c1:3121::c
88.212.202.52
04e8409a13fe19247cf7c55cda100bb4097f3fe49e326a04302a30ba4ccb0333
0560adeb934f33bfce2fe82b603f09af5ec2c80541bc3dfae2892c06e6023d43
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
125ef9e8cac071be547016f215e726b1f17be04068441bb35847bf565c89e4c3
14e6508482a47b942549d487294e164dbe8684e79a6a00410dfb966acffa9570
176e7e640296906a87b72a752172e2dd119090f40318177d34b19277fd288d39
1aa870572136d3fcc2d3562d515d35ff53042111a7add99bd98f94c6aec6204e
1f6720f9b1b728e80c6f618a5aac450c6f6df834dd8f0e8b4059ac78a90af7af
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3860c6aa1cdef6ed8bf7315bbfbdc1237d14f68ea2e7a55bcccb9e77662d1b7f
424e11b87cf0ea020cf56a92c8d2cdb6b04189c131101f1aab820d0f1bc6fcb1
42a76fd2624f05547f281c293e2390c7516cfb74d3c5ed237975f295046459e4
44e857b78e5b61610566603bed79bceb9a60415b2795cfdf907346cb026d2450
454e4bc03b54bff4716e23ac8be68737dffd664ea64400effdc9ff4581e89586
460b964d7227b7963094c56a6449ed520818785ccb2eb6ecfe8be595fee74232
46dcb8cb7d4d80220baa300c65817e9a4a324c15ddb1e3955d222175eb6cf8c9
4b225ff2e35c8db5378d2ac271c993cbdf6c900aceec3a3eee1c31421e4dc44a
4bec55ae238e9490e7a00afc438d133d08b7a66cc48bdf99761f5c4b36586cb0
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fff4ab2a2155135871b9a36bc3326e7b66f56bf871b4158140f00da3ef125d3
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61ec9567412102d703150ba19b85b61d3bcb207ec9ca99817d2f7755b8e45695
64fdded9ab4b4066a71232c0d8c7e2416ec277f566adb122776af14c21831fc3
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
779126f6a53ed7bfb8e2665938cf3510184b21e5e0a82f95c1beed1958aaefd5
7a23019e05865bc30aba9f21bb29caa5bad9e71bce5ce055aefd46d6494e6b96
7f3abdf0859cf36c2821963a7266a955fd4bd5fe491f997d9d8dae3f3957cf75
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8a50dba2bfbbfe01d25c025c5ee5acb8ce80af1707fb3b50ce82ff434be6b98f
8dd6c570e8d8c98ebe983228777f11a9f0e195c2d2f8298c034766ccd2d3087c
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
9306d2c90a415f9c6fc9be07af4074737692847b5f0b5f6dd673d3408134d6b8
9583f52c65a392ca13c606fee2cb70878b563144548bfa51f040380ce35cd313
9bc4755dd88c30907af9f9670916ca26c3f60f4456b2cf21d249c25dff00b5b8
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6c19d8875246d4def23e273e3c6d2887aeba815c80128b91c8b86dc35e38e25
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a73e31bcecf9e05a426418cbfd354d215b57ca10961ee3b85e84f7caa3e9d4ca
ade7225dc575a8fc8d486b3afea56ecad57ee7e7cae5989858c467a75c0fa157
af4b954cf45e99d5eccbea113dc2b66799cf8db96c3e8dfc33d145398743727b
b857a8577563ab015fa8361516b713010286674b7dceea7258e0e88486dd80d7
b8e3e37a00f298198fe34abc7c237a0b3c21659f668e142dcf5bc467bae0de23
c065fb78b0e08dfcca754d46f64414bff72a17836b5da8f717e48423fd4e5952
c7dad6d1bc76bcbe6697529e9c72581df4b4bfa9cb0cd3f2f940c9b4b4037edb
c930cfd1a633df3f92e6104e291b65534f21a32f3e1fe1d4bfb3b5eb7df17c74
c976023edd17ce89501bb6a4cd50277b50fc4ef4045d61b52854da88d36cb202
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
cd158c47df6903e6df3e7331e43be311547b49e4cefaf0ab715b20bccd8bb747
dabaf1eee4ae1c1db524c66d6950221386ef064a71d29b9f799d1905d64456b6
dd3786819ee434771fb75d29eca8ebde5104b68401a00211c409195d466d3053
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e319892f7f2a6e0a6790ff3274eaec39df67d671429aef64ae798ef6792b6fe3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f34f7105cd770679d13ebfc9edcfebd082e0f5217a3e3f7293dcb57cacb4fa11
f9d374ef87ca2b8179870daa8739f8b060fc77446a4109ec87dc523bd8059ea4
ff03fb35159e9cc4104b52e40b4153040df127e8cbeb3a7f351a4951b0008c28