urlscan.io logo urlscan.io
SecurityTrails logo

live4.news4more.com Open in urlscan Pro
2606:4700::6812:1a7e  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://email.mg.temptationtonight.com/c/eJx0kMtq8zAQRp9G3iWMP0mWtdDiv-DXKCNZsoVvwZbTPn5JIIsGuhz4DucwvdMpKKqiqxtjrTVNI6vRhaYBJ5ZtA9Wyji...
Effective URL: https://live4.news4more.com/landing/jmc6102?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c94a3efc-5660...
Submission: On April 03 via api from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 10 domains to perform 22 HTTP transactions. The main IP is 2606:4700::6812:1a7e, located in United States and belongs to CLOUDFLARENET, US. The main domain is live4.news4more.com. The Cisco Umbrella rank of the primary domain is 726451.
TLS certificate: Issued by E1 on February 4th 2023. Valid for: 3 months.
This is the only time live4.news4more.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 34.110.180.34 396982 (GOOGLE-CL...)
2 2 159.203.176.183 14061 (DIGITALOC...)
1 1 18.156.16.63 16509 (AMAZON-02)
2 2 34.107.223.80 396982 (GOOGLE-CL...)
2 2 52.213.121.49 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
10 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
6 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
22 6
1    34.110.180.34 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 34.180.110.34.bc.googleusercontent.com
email.mg.temptationtonight.com
2    159.203.176.183 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
tracking.temptationtonight.com
www.sendingpros.net
1    18.156.16.63 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-16-63.eu-central-1.compute.amazonaws.com
enents-buisten.com
2    34.107.223.80 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 80.223.107.34.bc.googleusercontent.com
www.xn3j2k.com
2    52.213.121.49 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-121-49.eu-west-1.compute.amazonaws.com
eu-adsrv.rtbsuperhub.com
1    2606:4700::6812:1a7e (United States)

ASN13335 (CLOUDFLARENET, US)
live4.news4more.com
10    2606:4700::6812:b95 (United States)

ASN13335 (CLOUDFLARENET, US)
lpmedia.servefilesonly.com
imedia.servefilesonly.com
1    2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
6    2606:4700::6812:d63b (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.onesignal.com
onesignal.com
img.onesignal.com
1    2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
3    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
10 servefilesonly.com
lpmedia.servefilesonly.com — Cisco Umbrella Rank: 182885
imedia.servefilesonly.com — Cisco Umbrella Rank: 221691
1 MB
6 onesignal.com
cdn.onesignal.com — Cisco Umbrella Rank: 3575
onesignal.com — Cisco Umbrella Rank: 1243
img.onesignal.com — Cisco Umbrella Rank: 6776
94 KB
3 gstatic.com
fonts.gstatic.com
47 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 47
ajax.googleapis.com — Cisco Umbrella Rank: 357
32 KB
2 rtbsuperhub.com
eu-adsrv.rtbsuperhub.com — Cisco Umbrella Rank: 64941
1 KB
2 xn3j2k.com
www.xn3j2k.com
768 B
2 temptationtonight.com
email.mg.temptationtonight.com
tracking.temptationtonight.com
687 B
1 news4more.com
live4.news4more.com — Cisco Umbrella Rank: 726451
8 KB
1 enents-buisten.com
enents-buisten.com
638 B
1 sendingpros.net
www.sendingpros.net
595 B
22 10
Domain Requested by
5 imedia.servefilesonly.com live4.news4more.com
5 lpmedia.servefilesonly.com live4.news4more.com
3 onesignal.com cdn.onesignal.com
3 fonts.gstatic.com fonts.googleapis.com
2 cdn.onesignal.com live4.news4more.com
cdn.onesignal.com
2 eu-adsrv.rtbsuperhub.com 2 redirects
2 www.xn3j2k.com 2 redirects
1 img.onesignal.com
1 ajax.googleapis.com live4.news4more.com
1 fonts.googleapis.com live4.news4more.com
1 live4.news4more.com
1 enents-buisten.com 1 redirects
1 www.sendingpros.net 1 redirects
1 tracking.temptationtonight.com 1 redirects
1 email.mg.temptationtonight.com 1 redirects
22 15

This site contains no links.

Subject Issuer Validity Valid
*.news4more.com
E1		 2023-02-04 -
2023-05-05		 3 months crt.sh
*.servefilesonly.com
E1		 2023-02-18 -
2023-05-19		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-03-13 -
2023-06-05		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-03 -
2023-06-02		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-03-13 -
2023-06-05		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://live4.news4more.com/landing/jmc6102?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c94a3efc-566063&uniqueid=f701087f8fb76ba61f1dc9481f819f84&name=4259_push_deu_desktop_FilthyAds_email&newservice=true&cmsid=landing--jmc6102--landing--da6035&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_deu_desktop_FilthyAds_email&uid=TP-642a5c94a3e127.30265505&campaign_lp=3:landing--jmc6102--landing--da6035&product=grannyzoneweb&zz=true&nextPage=/landing/da6035&ur-api-fetch-hitid=true
Frame ID: AD1D491CFFA6D496E38CE5EED2FCDABD
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

bl.news4more.com

Page URL History Show full URLs

  1. http://email.mg.temptationtonight.com/c/eJx0kMtq8zAQRp9G3iWMP0mWtdDiv-DXKCNZsoVvwZbTPn5JIIsGuhz4DucwvdMpKKqiqxtjrT... HTTP 302
    http://tracking.temptationtonight.com/campaigns/bk493lokfde9a/track-url/xc032hswlc9f3/cce274f70d2980b320eb79514b23... HTTP 301
    https://www.sendingpros.net/campaigns/bk493lokfde9a/track-url/xc032hswlc9f3/cce274f70d2980b320eb79514b23... HTTP 301
    https://enents-buisten.com/a1957b4a-d13c-47da-8c54-fdeb7c9edd2f?creative=bootycall1107&email=lisevv175@... HTTP 302
    https://www.xn3j2k.com/QL3F2/PHWPNC/?source_id=cq&sub1=bootycall1107&sub2=efc&sub3=lisevv175%40gmai... HTTP 302
    https://www.xn3j2k.com/cmp/DSWZQ/25D7F3/?__rpt=0&__po=414&__ptid=bd6fc98ffe614a678f2d3253ddde5f41&_... HTTP 302
    https://eu-adsrv.rtbsuperhub.com/ir/?placement=56e68d9f-3b86-423f-ba0c-291cb1bd5471&subPublisher=17 HTTP 302
    https://eu-adsrv.rtbsuperhub.com/click/?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c9... HTTP 302
    https://live4.news4more.com/landing/jmc6102?subPublisher=banner:17&zone=banner:17&adformat=push&auctioni... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • cdn\.onesignal\.com
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

22
Requests

100 %
HTTPS

55 %
IPv6

10
Domains

15
Subdomains

6
IPs

3
Countries

1399 kB
Transfer

1797 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://email.mg.temptationtonight.com/c/eJx0kMtq8zAQRp9G3iWMP0mWtdDiv-DXKCNZsoVvwZbTPn5JIIsGuhz4DucwvdMpKKqiqxtjrTVNI6vRhaYBJ5ZtA9WyjiSNDTYmA6ReW11lB4IkibYmqomuljU0mt4QKyVjKxQtw7XE5Va45G0t25qHsVzDtlSzG0u5CflHoBPoys5hyusva4Eu8HLjPKyHQOcnZeW8TamPll_w5dxnge4rkMR4fM7BJvngQoRRyVAP25KXoOiN1bXykDZF27InH2Oolli458JOmL8CePk-ztwL4BmKNzEE_gngOP0R9uzj_mP8VgJh_le7m_MR7_faaKFoWDjPz28U5895ujzu7wAAAP__BR16Tg HTTP 302
    http://tracking.temptationtonight.com/campaigns/bk493lokfde9a/track-url/xc032hswlc9f3/cce274f70d2980b320eb79514b239fe98ab0beec HTTP 301
    https://www.sendingpros.net/campaigns/bk493lokfde9a/track-url/xc032hswlc9f3/cce274f70d2980b320eb79514b239fe98ab0beec HTTP 301
    https://enents-buisten.com/a1957b4a-d13c-47da-8c54-fdeb7c9edd2f?creative=bootycall1107&email=lisevv175@gmail.com HTTP 302
    https://www.xn3j2k.com/QL3F2/PHWPNC/?source_id=cq&sub1=bootycall1107&sub2=efc&sub3=lisevv175%40gmail.com&sub4=&sub5= HTTP 302
    https://www.xn3j2k.com/cmp/DSWZQ/25D7F3/?__rpt=0&__po=414&__ptid=bd6fc98ffe614a678f2d3253ddde5f41&__rpa=1&__rc=1&sub1=bootycall1107&sub2=efc&sub3=lisevv175%40gmail.com&sub4=&sub5=&source_id=cq&__pcd=2 HTTP 302
    https://eu-adsrv.rtbsuperhub.com/ir/?placement=56e68d9f-3b86-423f-ba0c-291cb1bd5471&subPublisher=17 HTTP 302
    https://eu-adsrv.rtbsuperhub.com/click/?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c94a3efc-566063&uniqueid=f701087f8fb76ba61f1dc9481f819f84&name=4259_push_deu_desktop_FilthyAds_email&newservice=true&cmsid=landing--jmc6102--landing--da6035&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_deu_desktop_FilthyAds_email&uid=TP-642a5c94a3e127.30265505&campaign_lp=3:landing--jmc6102--landing--da6035&product=grannyzoneweb HTTP 302
    https://live4.news4more.com/landing/jmc6102?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c94a3efc-566063&uniqueid=f701087f8fb76ba61f1dc9481f819f84&name=4259_push_deu_desktop_FilthyAds_email&newservice=true&cmsid=landing--jmc6102--landing--da6035&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_deu_desktop_FilthyAds_email&uid=TP-642a5c94a3e127.30265505&campaign_lp=3:landing--jmc6102--landing--da6035&product=grannyzoneweb&zz=true&nextPage=/landing/da6035&ur-api-fetch-hitid=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request jmc6102
live4.news4more.com/landing/
Redirect Chain
  • http://email.mg.temptationtonight.com/c/eJx0kMtq8zAQRp9G3iWMP0mWtdDiv-DXKCNZsoVvwZbTPn5JIIsGuhz4DucwvdMpKKqiqxtjrTVNI6vRhaYBJ5ZtA9WyjiSNDTYmA6ReW11lB4IkibYmqomuljU0mt4QKyVjKxQtw7XE5Va45G0t25qHsVzDt...
  • http://tracking.temptationtonight.com/campaigns/bk493lokfde9a/track-url/xc032hswlc9f3/cce274f70d2980b320eb79514b239fe98ab0beec
  • https://www.sendingpros.net/campaigns/bk493lokfde9a/track-url/xc032hswlc9f3/cce274f70d2980b320eb79514b239fe98ab0beec
  • https://enents-buisten.com/a1957b4a-d13c-47da-8c54-fdeb7c9edd2f?creative=bootycall1107&email=lisevv175@gmail.com
  • https://www.xn3j2k.com/QL3F2/PHWPNC/?source_id=cq&sub1=bootycall1107&sub2=efc&sub3=lisevv175%40gmail.com&sub4=&sub5=
  • https://www.xn3j2k.com/cmp/DSWZQ/25D7F3/?__rpt=0&__po=414&__ptid=bd6fc98ffe614a678f2d3253ddde5f41&__rpa=1&__rc=1&sub1=bootycall1107&sub2=efc&sub3=lisevv175%40gmail.com&sub4=&sub5=&source_id=cq&__pcd=2
  • https://eu-adsrv.rtbsuperhub.com/ir/?placement=56e68d9f-3b86-423f-ba0c-291cb1bd5471&subPublisher=17
  • https://eu-adsrv.rtbsuperhub.com/click/?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c94a3efc-566063&uniqueid=f701087f8fb76ba61f1dc9481f819f84&name=4259_push_deu_desktop_Filth...
  • https://live4.news4more.com/landing/jmc6102?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c94a3efc-566063&uniqueid=f701087f8fb76ba61f1dc9481f819f84&name=4259_push_deu_desktop_F...
27 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://live4.news4more.com/landing/jmc6102?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c94a3efc-566063&uniqueid=f701087f8fb76ba61f1dc9481f819f84&name=4259_push_deu_desktop_FilthyAds_email&newservice=true&cmsid=landing--jmc6102--landing--da6035&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_deu_desktop_FilthyAds_email&uid=TP-642a5c94a3e127.30265505&campaign_lp=3:landing--jmc6102--landing--da6035&product=grannyzoneweb&zz=true&nextPage=/landing/da6035&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1a7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a3709d1f7ebaa4a2a7292fceae542c3d2ea9f3a7f9acbb136feb6da6fe8080fd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
X-Requested-With, Content-Type, Accept, Origin, Authorization
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD
access-control-allow-origin
*
cache-control
max-age=0, private, must-revalidate no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status
DYNAMIC
cf-ray
7b1eba41cfdf3a6a-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 03 Apr 2023 04:56:52 GMT
pragma
no-cache
server
cloudflare
vary
Accept-Encoding

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Mon, 03 Apr 2023 04:56:52 GMT
Location
https://live4.news4more.com/landing/jmc6102?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c94a3efc-566063&uniqueid=f701087f8fb76ba61f1dc9481f819f84&name=4259_push_deu_desktop_FilthyAds_email&newservice=true&cmsid=landing--jmc6102--landing--da6035&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_deu_desktop_FilthyAds_email&uid=TP-642a5c94a3e127.30265505&campaign_lp=3:landing--jmc6102--landing--da6035&product=grannyzoneweb&zz=true&nextPage=/landing/da6035&ur-api-fetch-hitid=true
Server
nginx/1.20.0
styles.min.css
lpmedia.servefilesonly.com/build/widgets/registrationFormBuilder/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/build/widgets/registrationFormBuilder/styles.min.css?1030075
Requested by
Host: live4.news4more.com
URL: https://live4.news4more.com/landing/jmc6102?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c94a3efc-566063&uniqueid=f701087f8fb76ba61f1dc9481f819f84&name=4259_push_deu_desktop_FilthyAds_email&newservice=true&cmsid=landing--jmc6102--landing--da6035&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_deu_desktop_FilthyAds_email&uid=TP-642a5c94a3e127.30265505&campaign_lp=3:landing--jmc6102--landing--da6035&product=grannyzoneweb&zz=true&nextPage=/landing/da6035&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92efabd0cc8550e8dfd323bc6ea787a2cf250f437a7f6d1349fe187d73f5c895

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://live4.news4more.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 04:56:52 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Mar 2023 07:37:43 GMT
server
cloudflare
age
333228
etag
W/"64253c47-133a"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=691200
cf-ray
7b1eba42ca062c51-FRA
expires
Tue, 11 Apr 2023 04:56:52 GMT
corner.css
lpmedia.servefilesonly.com/widgets/corner/ 		170 B
608 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/widgets/corner/corner.css?1030075
Requested by
Host: live4.news4more.com
URL: https://live4.news4more.com/landing/jmc6102?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c94a3efc-566063&uniqueid=f701087f8fb76ba61f1dc9481f819f84&name=4259_push_deu_desktop_FilthyAds_email&newservice=true&cmsid=landing--jmc6102--landing--da6035&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_deu_desktop_FilthyAds_email&uid=TP-642a5c94a3e127.30265505&campaign_lp=3:landing--jmc6102--landing--da6035&product=grannyzoneweb&zz=true&nextPage=/landing/da6035&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af20ecf90d909e4e11697221b69426777e9570321c28455ff39ed4e421fcb181

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://live4.news4more.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 04:56:52 GMT
content-encoding
gzip
cf-cache-status
HIT
cf-bgj
minify
last-modified
Thu, 30 Mar 2023 07:38:47 GMT
server
cloudflare
age
333229
cf-polished
origSize=246
etag
W/"64253c87-f6"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=691200
cf-ray
7b1eba42ca072c51-FRA
expires
Tue, 11 Apr 2023 04:56:52 GMT
css2
fonts.googleapis.com/ 		11 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Montserrat:wght@400;700;800&family=Roboto:wght@400;700;900&display=swap
Requested by
Host: live4.news4more.com
URL: https://live4.news4more.com/landing/jmc6102?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c94a3efc-566063&uniqueid=f701087f8fb76ba61f1dc9481f819f84&name=4259_push_deu_desktop_FilthyAds_email&newservice=true&cmsid=landing--jmc6102--landing--da6035&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_deu_desktop_FilthyAds_email&uid=TP-642a5c94a3e127.30265505&campaign_lp=3:landing--jmc6102--landing--da6035&product=grannyzoneweb&zz=true&nextPage=/landing/da6035&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6ca494dde741be1e01881daa474e06b6f7827670446602d5595fb0742f78c2f5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://live4.news4more.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 03 Apr 2023 04:56:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 03 Apr 2023 03:06:15 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 03 Apr 2023 04:56:53 GMT
style-videoChoose.min.css
lpmedia.servefilesonly.com/build/templates/MB/JMobileChat/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/build/templates/MB/JMobileChat/style-videoChoose.min.css?1030075
Requested by
Host: live4.news4more.com
URL: https://live4.news4more.com/landing/jmc6102?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c94a3efc-566063&uniqueid=f701087f8fb76ba61f1dc9481f819f84&name=4259_push_deu_desktop_FilthyAds_email&newservice=true&cmsid=landing--jmc6102--landing--da6035&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_deu_desktop_FilthyAds_email&uid=TP-642a5c94a3e127.30265505&campaign_lp=3:landing--jmc6102--landing--da6035&product=grannyzoneweb&zz=true&nextPage=/landing/da6035&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4aa8152bb91fe409160fde0d5c0e77282c03c6759a19324c3ea22683122374bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://live4.news4more.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 04:56:52 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Mar 2023 07:37:43 GMT
server
cloudflare
age
331991
etag
W/"64253c47-1930"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=691200
cf-ray
7b1eba42ca082c51-FRA
expires
Tue, 11 Apr 2023 04:56:52 GMT
OneSignalSDK.js
cdn.onesignal.com/sdks/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by
Host: live4.news4more.com
URL: https://live4.news4more.com/landing/jmc6102?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c94a3efc-566063&uniqueid=f701087f8fb76ba61f1dc9481f819f84&name=4259_push_deu_desktop_FilthyAds_email&newservice=true&cmsid=landing--jmc6102--landing--da6035&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_deu_desktop_FilthyAds_email&uid=TP-642a5c94a3e127.30265505&campaign_lp=3:landing--jmc6102--landing--da6035&product=grannyzoneweb&zz=true&nextPage=/landing/da6035&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
194addf8fd862999286b33cf83116babe8c700ba3a28111777f49ca72c429970
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://live4.news4more.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 04:56:53 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
3062
etag
W/"06f50014011c1fcd9e21b6b0481979de"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
7b1eba43a8f03a5e-FRA
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 06 Apr 2023 04:56:53 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: live4.news4more.com
URL: https://live4.news4more.com/landing/jmc6102?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c94a3efc-566063&uniqueid=f701087f8fb76ba61f1dc9481f819f84&name=4259_push_deu_desktop_FilthyAds_email&newservice=true&cmsid=landing--jmc6102--landing--da6035&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_deu_desktop_FilthyAds_email&uid=TP-642a5c94a3e127.30265505&campaign_lp=3:landing--jmc6102--landing--da6035&product=grannyzoneweb&zz=true&nextPage=/landing/da6035&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://live4.news4more.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Thu, 30 Mar 2023 11:27:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
322158
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31017
x-xss-protection
0
last-modified
Wed, 10 Mar 2021 14:28:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 29 Mar 2024 11:27:35 GMT
scripts.min.js
lpmedia.servefilesonly.com/build/widgets/registrationFormBuilder/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/build/widgets/registrationFormBuilder/scripts.min.js?1030075
Requested by
Host: live4.news4more.com
URL: https://live4.news4more.com/landing/jmc6102?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c94a3efc-566063&uniqueid=f701087f8fb76ba61f1dc9481f819f84&name=4259_push_deu_desktop_FilthyAds_email&newservice=true&cmsid=landing--jmc6102--landing--da6035&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_deu_desktop_FilthyAds_email&uid=TP-642a5c94a3e127.30265505&campaign_lp=3:landing--jmc6102--landing--da6035&product=grannyzoneweb&zz=true&nextPage=/landing/da6035&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1dca8107ce4f619cc1b33257c1f1cbacd657697d91a0551c1feef4803627c45

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://live4.news4more.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 04:56:52 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Mar 2023 07:37:43 GMT
server
cloudflare
age
333228
etag
W/"64253c47-53e2"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=691200
cf-ray
7b1eba42ca092c51-FRA
expires
Tue, 11 Apr 2023 04:56:52 GMT
popwin.js
lpmedia.servefilesonly.com/js/ 		854 B
768 B 		Script
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/js/popwin.js?1030075
Requested by
Host: live4.news4more.com
URL: https://live4.news4more.com/landing/jmc6102?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c94a3efc-566063&uniqueid=f701087f8fb76ba61f1dc9481f819f84&name=4259_push_deu_desktop_FilthyAds_email&newservice=true&cmsid=landing--jmc6102--landing--da6035&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_deu_desktop_FilthyAds_email&uid=TP-642a5c94a3e127.30265505&campaign_lp=3:landing--jmc6102--landing--da6035&product=grannyzoneweb&zz=true&nextPage=/landing/da6035&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10f46a9e64c756a7af5ec1e9793f711be5c81aa8b473edd28f6a0e419cfd0299

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://live4.news4more.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 04:56:52 GMT
content-encoding
gzip
cf-cache-status
HIT
cf-bgj
minify
last-modified
Thu, 30 Mar 2023 07:38:45 GMT
server
cloudflare
age
333229
cf-polished
origSize=1177
etag
W/"64253c85-499"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=691200
cf-ray
7b1eba42ca0a2c51-FRA
expires
Tue, 11 Apr 2023 04:56:52 GMT
cc34453b-af8c-4382-b714-f9c7b52dad93.jpg
imedia.servefilesonly.com/ 		262 KB
263 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imedia.servefilesonly.com/cc34453b-af8c-4382-b714-f9c7b52dad93.jpg
Requested by
Host: live4.news4more.com
URL: https://live4.news4more.com/landing/jmc6102?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c94a3efc-566063&uniqueid=f701087f8fb76ba61f1dc9481f819f84&name=4259_push_deu_desktop_FilthyAds_email&newservice=true&cmsid=landing--jmc6102--landing--da6035&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_deu_desktop_FilthyAds_email&uid=TP-642a5c94a3e127.30265505&campaign_lp=3:landing--jmc6102--landing--da6035&product=grannyzoneweb&zz=true&nextPage=/landing/da6035&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27c658cad023ee70ac5531884a0eb0a28c1527687ff58216f184973d2fd139b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://live4.news4more.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 04:56:53 GMT
via
1.1 d16428714e022976873ccc980fdc1288.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
FRA53-C1
age
399884
x-cache
Miss from cloudfront
content-length
268270
cf-bgj
h2pri
last-modified
Wed, 16 Nov 2022 09:18:26 GMT
server
cloudflare
etag
"0920ed32035a2a6d2cccb943776ae395"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=691200
accept-ranges
bytes
cf-ray
7b1eba439ac72c51-FRA
x-amz-cf-id
KQQmpbFYfVfJM7XGT-VLSrLko5DPLYEQTXMsLuOP94IOewRSK6rSxg==
expires
Tue, 11 Apr 2023 04:56:53 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@400;700;800&family=Roboto:wght@400;700;900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://live4.news4more.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 28 Mar 2023 10:31:03 GMT
x-content-type-options
nosniff
age
498350
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Mar 2024 10:31:03 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@400;700;800&family=Roboto:wght@400;700;900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://live4.news4more.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 28 Mar 2023 10:31:00 GMT
x-content-type-options
nosniff
age
498353
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Mar 2024 10:31:00 GMT
KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@400;700;800&family=Roboto:wght@400;700;900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://live4.news4more.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 28 Mar 2023 10:31:05 GMT
x-content-type-options
nosniff
age
498348
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15752
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Mar 2024 10:31:05 GMT
1729e9d9-8ba1-4c1e-86d0-b44700e14f07.mp4
imedia.servefilesonly.com/ 		227 KB
228 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://imedia.servefilesonly.com/1729e9d9-8ba1-4c1e-86d0-b44700e14f07.mp4?1030075
Requested by
Host: live4.news4more.com
URL: https://live4.news4more.com/landing/jmc6102?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c94a3efc-566063&uniqueid=f701087f8fb76ba61f1dc9481f819f84&name=4259_push_deu_desktop_FilthyAds_email&newservice=true&cmsid=landing--jmc6102--landing--da6035&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_deu_desktop_FilthyAds_email&uid=TP-642a5c94a3e127.30265505&campaign_lp=3:landing--jmc6102--landing--da6035&product=grannyzoneweb&zz=true&nextPage=/landing/da6035&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
840a6c1320c1c01775b9f363fe559cb38d483f3e16603712d89b3a07b43485fd

Request headers

Referer
https://live4.news4more.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Range
bytes=0-

Response headers

date
Mon, 03 Apr 2023 04:56:53 GMT
via
1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
FRA56-P2
age
330171
x-cache
Hit from cloudfront
Content-Range
bytes 0-232499/232500
Content-Length
232500
last-modified
Tue, 15 Nov 2022 11:49:21 GMT
server
cloudflare
etag
"bbf410363ee731bb0611ca72d2593011"
vary
Accept-Encoding
content-type
video/mp4
cache-control
public, max-age=691200
cf-ray
7b1eba43daff2c51-FRA
x-amz-cf-id
UtQ0ubg2PTEZiOLMQdqATb5j_uR795OZIdGBQuWpgRbowN_hXz9G6Q==
expires
Tue, 11 Apr 2023 04:56:53 GMT
0e18aa48-81a0-4b24-ab0f-07357fb0a887.mp4
imedia.servefilesonly.com/ 		198 KB
199 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://imedia.servefilesonly.com/0e18aa48-81a0-4b24-ab0f-07357fb0a887.mp4?1030075
Requested by
Host: live4.news4more.com
URL: https://live4.news4more.com/landing/jmc6102?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c94a3efc-566063&uniqueid=f701087f8fb76ba61f1dc9481f819f84&name=4259_push_deu_desktop_FilthyAds_email&newservice=true&cmsid=landing--jmc6102--landing--da6035&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_deu_desktop_FilthyAds_email&uid=TP-642a5c94a3e127.30265505&campaign_lp=3:landing--jmc6102--landing--da6035&product=grannyzoneweb&zz=true&nextPage=/landing/da6035&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b39a4a4d66e4a34c74a6a59bff6652eba3ea903ecf5e9c79d4a1696ebc688b74

Request headers

Referer
https://live4.news4more.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Range
bytes=0-

Response headers

date
Mon, 03 Apr 2023 04:56:53 GMT
via
1.1 22993faf725ff29c940e58cb14ddf668.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
FRA56-P2
age
330171
x-cache
Hit from cloudfront
Content-Range
bytes 0-203191/203192
Content-Length
203192
last-modified
Tue, 15 Nov 2022 11:49:27 GMT
server
cloudflare
etag
"14825268dc5fbc39d50f04c9157e5256"
vary
Accept-Encoding
content-type
video/mp4
cache-control
public, max-age=691200
cf-ray
7b1eba43db012c51-FRA
x-amz-cf-id
IvdWGuVKI6akzw4m2K5S3s3w3UgaKxxweOC3krczYCqqZRILWMmbrA==
expires
Tue, 11 Apr 2023 04:56:53 GMT
6c3e20f2-f4bd-4abc-9285-6829a10d4b79.mp4
imedia.servefilesonly.com/ 		210 KB
211 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://imedia.servefilesonly.com/6c3e20f2-f4bd-4abc-9285-6829a10d4b79.mp4?1030075
Requested by
Host: live4.news4more.com
URL: https://live4.news4more.com/landing/jmc6102?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c94a3efc-566063&uniqueid=f701087f8fb76ba61f1dc9481f819f84&name=4259_push_deu_desktop_FilthyAds_email&newservice=true&cmsid=landing--jmc6102--landing--da6035&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_deu_desktop_FilthyAds_email&uid=TP-642a5c94a3e127.30265505&campaign_lp=3:landing--jmc6102--landing--da6035&product=grannyzoneweb&zz=true&nextPage=/landing/da6035&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
12216aa46f09641edf424f4b9f264485fed3eb32882719eae173a0d2a2a26eb1

Request headers

Referer
https://live4.news4more.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Range
bytes=0-

Response headers

date
Mon, 03 Apr 2023 04:56:53 GMT
via
1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
FRA56-P2
age
330171
x-cache
Hit from cloudfront
Content-Range
bytes 0-215405/215406
Content-Length
215406
last-modified
Tue, 15 Nov 2022 11:49:32 GMT
server
cloudflare
etag
"5167012b53db1a668464e19c77d5232b"
vary
Accept-Encoding
content-type
video/mp4
cache-control
public, max-age=691200
cf-ray
7b1eba43db042c51-FRA
x-amz-cf-id
Avft7xTngItSsmGTUB0NIAS3-T_QbfLKAneMpvjVmkLK3NqzMU4ARg==
expires
Tue, 11 Apr 2023 04:56:53 GMT
f9a5fe32-16af-4e50-a089-47846b4c1c6e.mp4
imedia.servefilesonly.com/ 		305 KB
305 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://imedia.servefilesonly.com/f9a5fe32-16af-4e50-a089-47846b4c1c6e.mp4?1030075
Requested by
Host: live4.news4more.com
URL: https://live4.news4more.com/landing/jmc6102?subPublisher=banner:17&zone=banner:17&adformat=push&auctionid=642a5c94a3efc-566063&uniqueid=f701087f8fb76ba61f1dc9481f819f84&name=4259_push_deu_desktop_FilthyAds_email&newservice=true&cmsid=landing--jmc6102--landing--da6035&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_deu_desktop_FilthyAds_email&uid=TP-642a5c94a3e127.30265505&campaign_lp=3:landing--jmc6102--landing--da6035&product=grannyzoneweb&zz=true&nextPage=/landing/da6035&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ceaf24ee2774720b8582fa2ad3e84732309008ebf71fc629685f13eddb76dc3

Request headers

Referer
https://live4.news4more.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Range
bytes=0-

Response headers

date
Mon, 03 Apr 2023 04:56:53 GMT
via
1.1 83f1b8f73f37458f38e2ee1fc0b9e68c.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
FRA56-P2
age
330171
x-cache
Hit from cloudfront
Content-Range
bytes 0-312114/312115
Content-Length
312115
last-modified
Tue, 15 Nov 2022 11:49:36 GMT
server
cloudflare
etag
"c63771b20300ef895b0d27f2455335ab"
vary
Accept-Encoding
content-type
video/mp4
cache-control
public, max-age=691200
cf-ray
7b1eba43db062c51-FRA
x-amz-cf-id
aTNp45pDbIQhZgn2YIc5WxKf1b3liD4iVq-rUfO2aSmaI_Csjfv2Og==
expires
Tue, 11 Apr 2023 04:56:53 GMT
OneSignalPageSDKES6.js
cdn.onesignal.com/sdks/ 		284 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151601
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c868ebeb22a6d2945834c14da4641969a62e35a6cfa434a974339df068324b6e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://live4.news4more.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 04:56:53 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
3062
etag
W/"2cf94922e2d551e8dc7c38c022a9a3ca"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
7b1eba44194e3a5e-FRA
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 06 Apr 2023 04:56:53 GMT
web
onesignal.com/api/v1/sync/4ff9937a-386a-4f82-a4cf-967b520ac346/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/api/v1/sync/4ff9937a-386a-4f82-a4cf-967b520ac346/web?callback=__jp0
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151601
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2fde3552f34aa62bb5e22e09297680146ac09066a244d30f1f642af60674a60
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://live4.news4more.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 04:56:53 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=15552000; includeSubDomains
age
2485
cf-polished
origSize=3367
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
5f2fa5ab-4ee4-4ca7-990e-9d6ed85aef73
x-runtime
0.030457
referrer-policy
strict-origin-when-cross-origin
cf-bgj
minify
server
cloudflare
etag
W/"cefdd991ef4d4a1b0182ba1b8fb46bfd"
x-download-options
noopen
vary
Origin, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600
cf-ray
7b1eba44fa0d3a5e-FRA
access-control-allow-headers
SDK-Version
expires
Mon, 03 Apr 2023 05:56:53 GMT
OneSignalSDKStyles.css
onesignal.com/sdks/ 		82 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151601
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://live4.news4more.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 04:56:53 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
3058
etag
W/"4e9aaefffd5f8ae7dc83361aa2294190"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=2592000
cf-ray
7b1eba455f6abb71-FRA
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Wed, 03 May 2023 04:56:53 GMT
icon
onesignal.com/api/v1/apps/4ff9937a-386a-4f82-a4cf-967b520ac346/ 		184 B
774 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/api/v1/apps/4ff9937a-386a-4f82-a4cf-967b520ac346/icon
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151601
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
329b9d0e0d538b88fd37553ebcb281221ea999c905f0040e9ff8554c0d88cce8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://live4.news4more.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 04:56:53 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=15552000; includeSubDomains
age
21
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
ecdbb993-bcdc-4559-acb0-b2e19a3e33bb
x-runtime
0.031351
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"329b9d0e0d538b88fd37553ebcb28122"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept, Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=0, private, must-revalidate
cf-ray
7b1eba45af7a695e-FRA
access-control-allow-headers
SDK-Version
39fe712d-7b3f-4c00-aa6e-d4b79c81bf4e
img.onesignal.com/permanent/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.onesignal.com/permanent/39fe712d-7b3f-4c00-aa6e-d4b79c81bf4e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afb61b7d333ca96af47d36a167dd0af56d6ab22b70b82869ea19be9a7f8e5438
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://live4.news4more.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-goog-encryption-kms-key-name
projects/core-infra-onesignal/locations/europe-west4/keyRings/keyring-kms-onesignal/cryptoKeys/img-persistence-bucket-onesignal/cryptoKeyVersions/1
date
Mon, 03 Apr 2023 04:56:53 GMT
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
1925
x-guploader-uploadid
ADPycdv1KPPpHYWTYd781s5VKyqla420yHcPDF3z8kUM1KB3nkWSd74wiA9qcoqAqBTW_HJSO6hUjxfXr3QqBqHr1Ux6Ikjp_QEz
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
11075
pragma
no-cache
last-modified
Sun, 26 Mar 2023 06:49:10 GMT
server
cloudflare
etag
"-CMOKzLCA+f0CEAE="
vary
Origin, Accept-Encoding
x-goog-generation
1679813350982979
content-type
application/octet-stream
x-goog-hash
crc32c=sZIMPA==, md5=EkEaIy5aDVKnzC+kE7DJQg==
cache-control
public, max-age=2678400
x-goog-stored-content-length
11075
accept-ranges
bytes
cf-ray
7b1eba45eac13a5e-FRA
expires
Thu, 04 May 2023 04:56:53 GMT

Verdicts & Comments Add Verdict or Comment

49 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| OneSignal function| $ function| jQuery object| x undefined| j undefined| ll undefined| selElmnt undefined| a undefined| b undefined| c function| closeAllSelect undefined| typingTimer object| dataCountries object| $country undefined| $countryName object| $zipCity undefined| $btnLocation undefined| $btnValidateLocation undefined| $displayErrorLocation boolean| isLocationByGeolocation number| doneTyping object| countries undefined| curLanguage function| _eventClickAutocomplete function| findCountryCode function| displayCountry function| findCountryName function| buildAutocomplete function| getCurentLocation function| getCurentLocationByIp function| sendCurrentLocation function| sendValidateLocation function| fillLocationValidated function| validateLocation function| validateLocationMessage function| getCurrentLink function| goToStep function| countdownToNextStep function| activeProgressBar function| Validator object| Popwin function| populateLinks function| deeplinkQueryStringToArray function| deeplinkAddParametersToURL function| rotateImg function| LoadVideo number| __oneSignalSdkLoadCount function| __jp0

10 Cookies

Domain/Path Name / Value
eu-adsrv.rtbsuperhub.com/ir Name: srtbid
Value: TP-642a5c94a3e127.30265505
.enents-buisten.com/ Name: a1957b4a-d13c-47da-8c54-fdeb7c9edd2f-v4
Value: FXDUkj3W_0ICCilOn5atGKWFrOpOA9-IwGUo2LRbHEA
.enents-buisten.com/ Name: cc-v4
Value: T2TbDkU9NuCnypQnUfA7TyVKqk%2BQOErEjarVJ64MlDHHeNYPAL3XHRFlN6f9i0JglFVwD%2FAH%2BdXvMnGjjw8Os0PUJf%2Fi6TfKcsW3QXAHVvxQMTy9fC9BqH1z4THl5T4s9JvioH4uh%2FcYAeOk2YS03w%3D%3D
www.xn3j2k.com/ Name: uniqueClick_PHWPNC
Value: 3cdf7266-9c87-45c3-8fdf-be0f79a57a5b:1680497812
www.xn3j2k.com/ Name: uniqueClick_25D7F3
Value: 93ed6242-7294-46ee-a7ca-b6acbe0b0b74:1680497812
www.xn3j2k.com/ Name: transaction_id
Value: 6248c6f522c1440d9f62aa36b3197d83
live4.news4more.com/ Name: PHPSESSID
Value: 3tpd8bianpo13u18pve4maecnd
.news4more.com/ Name: __cf_bm
Value: rGpZcz5q7MHgAm3hnI0RxnUqjdNj0FN5wvqzET7LQvQ-1680497812-0-AXyoi8DvvxGCHFVT1Zk+qwvG2p3NISZ+Og0NIzMxuDACNpJyF99746vDY9l/Ke/tn7xyczp/YMV9vnaR6nWeoRo=
.servefilesonly.com/ Name: __cf_bm
Value: xgqv4PWLghn.biiB9ClPAhB2P9IRDs2MPVCz3fqAXDU-1680497812-0-AQNXsztOUNZYlNyID768btB97zBQplITfuQ0DoTLH8bwkLmvmV5faYuy6W/jdsCkDeu7I7VQllBzGbD6d91pjsk=
.onesignal.com/ Name: __cf_bm
Value: 7QlbZxb6q8UlYLEh3XZ4Xfcr6M0BrbEbMkNRg2VWNxk-1680497813-0-Aa/v8TPQgu1dODV2AXBUNesVifBhmViezmc3xYIsXYrsLCzIyPvXtQF2FZN7ai7HbE++4gsx9E0cowUaXLn8ghQ=

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.onesignal.com
email.mg.temptationtonight.com
enents-buisten.com
eu-adsrv.rtbsuperhub.com
fonts.googleapis.com
fonts.gstatic.com
imedia.servefilesonly.com
img.onesignal.com
live4.news4more.com
lpmedia.servefilesonly.com
onesignal.com
tracking.temptationtonight.com
www.sendingpros.net
www.xn3j2k.com
159.203.176.183
18.156.16.63
2606:4700::6812:1a7e
2606:4700::6812:b95
2606:4700::6812:d63b
2a00:1450:4001:80f::200a
2a00:1450:4001:812::200a
2a00:1450:4001:827::2003
34.107.223.80
34.110.180.34
52.213.121.49
10f46a9e64c756a7af5ec1e9793f711be5c81aa8b473edd28f6a0e419cfd0299
12216aa46f09641edf424f4b9f264485fed3eb32882719eae173a0d2a2a26eb1
194addf8fd862999286b33cf83116babe8c700ba3a28111777f49ca72c429970
27c658cad023ee70ac5531884a0eb0a28c1527687ff58216f184973d2fd139b4
329b9d0e0d538b88fd37553ebcb281221ea999c905f0040e9ff8554c0d88cce8
3ceaf24ee2774720b8582fa2ad3e84732309008ebf71fc629685f13eddb76dc3
4aa8152bb91fe409160fde0d5c0e77282c03c6759a19324c3ea22683122374bc
6ca494dde741be1e01881daa474e06b6f7827670446602d5595fb0742f78c2f5
7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e
840a6c1320c1c01775b9f363fe559cb38d483f3e16603712d89b3a07b43485fd
92efabd0cc8550e8dfd323bc6ea787a2cf250f437a7f6d1349fe187d73f5c895
a1dca8107ce4f619cc1b33257c1f1cbacd657697d91a0551c1feef4803627c45
a2fde3552f34aa62bb5e22e09297680146ac09066a244d30f1f642af60674a60
a3709d1f7ebaa4a2a7292fceae542c3d2ea9f3a7f9acbb136feb6da6fe8080fd
af20ecf90d909e4e11697221b69426777e9570321c28455ff39ed4e421fcb181
afb61b7d333ca96af47d36a167dd0af56d6ab22b70b82869ea19be9a7f8e5438
b39a4a4d66e4a34c74a6a59bff6652eba3ea903ecf5e9c79d4a1696ebc688b74
c868ebeb22a6d2945834c14da4641969a62e35a6cfa434a974339df068324b6e
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e