darkagedefender.com
Open in
urlscan Pro
2a06:98c1:3120::3
Public Scan
Effective URL: https://darkagedefender.com/shocking-truth/NASA?affId=74&c1=ee123g050123&c2=123greetings&c3=strangedevicepoisedtostartahuges...
Submission: On May 01 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on March 29th 2023. Valid for: 3 months.
This is the only time darkagedefender.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-125.fra56.r.cloudfront.net
www.upqws.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-38-55.eu-central-1.compute.amazonaws.com
tr.howitgoesodown.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-84-34-24.compute-1.amazonaws.com
dbhtrkg.com |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN24940 (HETZNER-AS, DE)
PTR: cache-06.pushwoosh.com
cdn.pushwoosh.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-23-209-2.deploy.static.akamaitechnologies.com
analytics.tiktok.com |
ASN16509 (AMAZON-02, US)
PTR: server-52-222-206-6.fra56.r.cloudfront.net
cdn.amplitude.com |
ASN14618 (AMAZON-AES, US)
rp.liadm.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-44-194-121-192.compute-1.amazonaws.com
rp4.liadm.com |
ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-10-73-64.us-west-2.compute.amazonaws.com
api.amplitude.com |
ASN24940 (HETZNER-AS, DE)
PTR: r3-front-16.pushwoosh.com
cp.pushwoosh.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-64-135-86.eu-central-1.compute.amazonaws.com
x.bidswitch.net |
ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net
cm.g.doubleclick.net |
ASN29990 (ASN-APPNEX, US)
PTR: 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com |
ASN29990 (ASN-APPNEX, US)
PTR: 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
secure.adnxs.com |
ASN16625 (AKAMAI-AS, US)
PTR: a88-221-168-23.deploy.static.akamaitechnologies.com
contextual.media.net |
ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-70-251.eu-central-1.compute.amazonaws.com
match.sharethrough.com |
ASN16625 (AKAMAI-AS, US)
PTR: a104-102-35-84.deploy.static.akamaitechnologies.com
criteo-sync.teads.tv |
ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-226-112.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-7-236.eu-west-1.compute.amazonaws.com
ad.360yield.com |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 22.157.117.34.bc.googleusercontent.com
matching.ivitrack.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-206-176.eu-central-1.compute.amazonaws.com
exchange.mediavine.com |
ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com
sync.outbrain.com |
ASN14618 (AMAZON-AES, US)
criteo-partners.tremorhub.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-215-16-120.deploy.static.akamaitechnologies.com
ad.yieldlab.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-52-2.eu-west-1.compute.amazonaws.com
sync-criteo.ads.yieldmo.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-66-43.eu-west-1.compute.amazonaws.com
beacon.krxd.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-135-56-161.us-east-2.compute.amazonaws.com
s.thebrighttag.com |
ASN24940 (HETZNER-AS, DE)
PTR: r1-front-14.pushwoosh.com
redhotm.pushwoosh.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
darkagedefender.com
darkagedefender.com — Cisco Umbrella Rank: 767006 |
282 KB |
11 |
criteo.com
5 redirects
dynamic.criteo.com — Cisco Umbrella Rank: 3191 gum.criteo.com — Cisco Umbrella Rank: 442 mug.criteo.com — Cisco Umbrella Rank: 1686 sslwidget.criteo.com — Cisco Umbrella Rank: 1930 widget.us.criteo.com — Cisco Umbrella Rank: 17390 dis.criteo.com — Cisco Umbrella Rank: 941 |
29 KB |
7 |
pushwoosh.com
cdn.pushwoosh.com — Cisco Umbrella Rank: 41811 cp.pushwoosh.com — Cisco Umbrella Rank: 70132 redhotm.pushwoosh.com — Cisco Umbrella Rank: 355281 |
131 KB |
6 |
gstatic.com
fonts.gstatic.com |
96 KB |
6 |
tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 794 |
105 KB |
4 |
adnxs.com
3 redirects
ib.adnxs.com — Cisco Umbrella Rank: 319 secure.adnxs.com — Cisco Umbrella Rank: 604 |
4 KB |
4 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 607 fonts.googleapis.com — Cisco Umbrella Rank: 119 |
38 KB |
3 |
amplitude.com
cdn.amplitude.com — Cisco Umbrella Rank: 4665 api.amplitude.com — Cisco Umbrella Rank: 2061 |
20 KB |
3 |
liadm.com
1 redirects
b-code.liadm.com — Cisco Umbrella Rank: 3443 rp.liadm.com — Cisco Umbrella Rank: 2091 rp4.liadm.com — Cisco Umbrella Rank: 5523 |
15 KB |
2 |
360yield.com
1 redirects
ad.360yield.com — Cisco Umbrella Rank: 812 |
875 B |
2 |
demdex.net
1 redirects
dpm.demdex.net — Cisco Umbrella Rank: 277 |
2 KB |
2 |
casalemedia.com
1 redirects
r.casalemedia.com — Cisco Umbrella Rank: 1838 |
2 KB |
2 |
yahoo.com
1 redirects
ups.analytics.yahoo.com — Cisco Umbrella Rank: 402 |
508 B |
2 |
bidswitch.net
1 redirects
x.bidswitch.net — Cisco Umbrella Rank: 427 |
877 B |
2 |
doubleclick.net
1 redirects
googleads.g.doubleclick.net — Cisco Umbrella Rank: 67 cm.g.doubleclick.net — Cisco Umbrella Rank: 313 |
3 KB |
1 |
thebrighttag.com
s.thebrighttag.com — Cisco Umbrella Rank: 2576 |
268 B |
1 |
krxd.net
beacon.krxd.net — Cisco Umbrella Rank: 807 |
338 B |
1 |
yieldmo.com
sync-criteo.ads.yieldmo.com — Cisco Umbrella Rank: 2613 |
38 B |
1 |
yieldlab.net
ad.yieldlab.net — Cisco Umbrella Rank: 3632 |
400 B |
1 |
twiago.com
a.twiago.com — Cisco Umbrella Rank: 19048 |
153 B |
1 |
tremorhub.com
criteo-partners.tremorhub.com — Cisco Umbrella Rank: 2806 |
399 B |
1 |
pubmatic.com
simage2.pubmatic.com — Cisco Umbrella Rank: 976 |
579 B |
1 |
outbrain.com
sync.outbrain.com — Cisco Umbrella Rank: 987 |
145 B |
1 |
mediavine.com
exchange.mediavine.com — Cisco Umbrella Rank: 1620 |
882 B |
1 |
ivitrack.com
matching.ivitrack.com — Cisco Umbrella Rank: 2879 |
274 B |
1 |
id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 612 |
1 KB |
1 |
omnitagjs.com
visitor.omnitagjs.com — Cisco Umbrella Rank: 1151 |
235 B |
1 |
adform.net
cm.adform.net — Cisco Umbrella Rank: 1622 |
163 B |
1 |
3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 535 |
140 B |
1 |
teads.tv
criteo-sync.teads.tv — Cisco Umbrella Rank: 2185 |
172 B |
1 |
taboola.com
sync-t1.taboola.com — Cisco Umbrella Rank: 1472 |
99 B |
1 |
smartadserver.com
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 774 |
114 B |
1 |
sharethrough.com
match.sharethrough.com — Cisco Umbrella Rank: 777 |
359 B |
1 |
rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 447 |
239 B |
1 |
media.net
contextual.media.net — Cisco Umbrella Rank: 838 |
801 B |
1 |
google.de
www.google.de — Cisco Umbrella Rank: 3425 |
455 B |
1 |
google.com
www.google.com — Cisco Umbrella Rank: 16 |
455 B |
1 |
twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 912 |
724 B |
1 |
t.co
t.co — Cisco Umbrella Rank: 584 |
376 B |
1 |
ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 964 |
15 KB |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 114 |
51 KB |
1 |
darkagedefense.net
1 redirects
darkagedefense.net |
1 KB |
1 |
dbhtrkg.com
1 redirects
dbhtrkg.com — Cisco Umbrella Rank: 704905 |
370 B |
1 |
howitgoesodown.com
1 redirects
tr.howitgoesodown.com |
650 B |
1 |
upqws.com
1 redirects
www.upqws.com |
372 B |
79 | 45 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.networkadvertising.org |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.darkagedefender.com GTS CA 1P5 |
2023-03-29 - 2023-06-27 |
3 months | crt.sh |
*.liadm.com Amazon RSA 2048 M02 |
2023-02-28 - 2024-01-30 |
a year | crt.sh |
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-03-09 - 2023-06-03 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-04-03 - 2023-06-26 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-04-03 - 2023-06-26 |
3 months | crt.sh |
*.pushwoosh.com Sectigo RSA Domain Validation Secure Server CA |
2023-03-07 - 2024-04-05 |
a year | crt.sh |
*.tiktok.com RapidSSL TLS ECC CA G1 |
2023-03-13 - 2024-04-12 |
a year | crt.sh |
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-07-22 - 2023-08-22 |
a year | crt.sh |
cdn.amplitude.com Amazon RSA 2048 M01 |
2023-01-12 - 2024-02-11 |
a year | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2023-04-03 - 2023-06-26 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-04-03 - 2023-06-26 |
3 months | crt.sh |
*.amplitude.com COMODO RSA Domain Validation Secure Server CA |
2023-01-23 - 2024-02-14 |
a year | crt.sh |
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-02-05 - 2024-02-05 |
a year | crt.sh |
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-02-05 - 2024-02-05 |
a year | crt.sh |
www.google.com GTS CA 1C3 |
2023-04-03 - 2023-06-26 |
3 months | crt.sh |
www.google.de GTS CA 1C3 |
2023-04-03 - 2023-06-26 |
3 months | crt.sh |
*.media.net DigiCert TLS RSA SHA256 2020 CA1 |
2023-02-10 - 2024-02-18 |
a year | crt.sh |
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-03-05 - 2024-04-03 |
a year | crt.sh |
*.sharethrough.com Amazon RSA 2048 M02 |
2023-02-10 - 2023-08-12 |
6 months | crt.sh |
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-01-21 - 2024-01-23 |
a year | crt.sh |
*.taboola.com DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-12-08 - 2023-12-31 |
a year | crt.sh |
teads.tv R3 |
2023-02-21 - 2023-05-22 |
3 months | crt.sh |
*.3lift.com Amazon RSA 2048 M02 |
2023-04-13 - 2024-05-11 |
a year | crt.sh |
*.adform.net DigiCert TLS RSA SHA256 2020 CA1 |
2022-05-18 - 2023-06-16 |
a year | crt.sh |
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA |
2022-06-21 - 2023-07-21 |
a year | crt.sh |
*.id5-sync.com R3 |
2023-04-18 - 2023-07-17 |
3 months | crt.sh |
itm.ivitrack.com R3 |
2023-04-04 - 2023-07-03 |
3 months | crt.sh |
exchange.mediavine.com Amazon RSA 2048 M01 |
2023-02-11 - 2023-08-04 |
6 months | crt.sh |
*.outbrain.com Thawte RSA CA 2018 |
2022-11-06 - 2023-11-28 |
a year | crt.sh |
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1 |
2022-06-13 - 2023-07-14 |
a year | crt.sh |
*.tremorhub.com Amazon RSA 2048 M01 |
2023-02-22 - 2024-03-23 |
a year | crt.sh |
*.twiago.com Sectigo RSA Domain Validation Secure Server CA |
2022-11-28 - 2023-12-29 |
a year | crt.sh |
*.yieldlab.net DigiCert TLS RSA SHA256 2020 CA1 |
2022-11-16 - 2023-11-15 |
a year | crt.sh |
*.ads.yieldmo.com Amazon RSA 2048 M01 |
2023-04-04 - 2024-05-02 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://darkagedefender.com/shocking-truth/NASA?affId=74&c1=ee123g050123&c2=123greetings&c3=strangedevicepoisedtostartahugescandal&id=109582089&affid=74&cid=922&s1=ee123g050123&s2=123greetings&s3=strangedevicepoisedtostartahugescandal&s4=email0&s5=wd5nce7mefat6edoidjmse24&destination=watch/taliban
Frame ID: EA2F8648A39A10B497F4F572CF68EA42
Requests: 49 HTTP requests in this frame
Frame:
https://gum.criteo.com/syncframe?topUrl=darkagedefender.com&origin=onetag
Frame ID: 9C938B42AF7DCA95F674890466864045
Requests: 2 HTTP requests in this frame
Frame:
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k--70bIIuWZs2ewpBRaGQfpV9dlolBDuS7YHENnQ&expires=30
Frame ID: 32A2587B8CBEB832A7E8764C7F125316
Requests: 28 HTTP requests in this frame
Screenshot
Page Title
Shocking Truth About NASA Rapture WarningPage URL History Show full URLs
-
https://www.upqws.com/cgi-bin/click.pl?cid=17002L&lid=250957&uid=203615943
HTTP 302
https://tr.howitgoesodown.com/8a3107fc-55c8-48fe-a6ab-8869db79c5a1?s1=ee123g050123&s2=123greetings&s3=stra... HTTP 302
https://dbhtrkg.com/?a=74&c=300&s1=ee123g050123&s2=123greetings&s3=strangedevicepoisedtostartahu... HTTP 302
https://darkagedefense.net/?a=74&c=300&s1=ee123g050123&s2=123greetings&s3=strangedevicepoisedtostartahu... HTTP 302
https://darkagedefender.com/shocking-truth/NASA?affId=74&c1=ee123g050123&c2=123greetings&c3=strangedevic... Page URL
Detected technologies
Amplitude (Analytics) ExpandDetected patterns
- cdn\.amplitude\.com
AppNexus (Advertising Networks) Expand
Detected patterns
- adnxs\.(?:net|com)
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
- googleapis\.com/.+webfont
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
PubMatic (Advertising Networks) Expand
Detected patterns
- https?://[^/]*\.pubmatic\.com
Rubicon Project (Advertising Networks) Expand
Detected patterns
- https?://[^/]*\.rubiconproject\.com
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Network Advertising Initiative opt-out page
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.upqws.com/cgi-bin/click.pl?cid=17002L&lid=250957&uid=203615943
HTTP 302
https://tr.howitgoesodown.com/8a3107fc-55c8-48fe-a6ab-8869db79c5a1?s1=ee123g050123&s2=123greetings&s3=strangedevicepoisedtostartahugescandal&s4=email0&s5= HTTP 302
https://dbhtrkg.com/?a=74&c=300&s1=ee123g050123&s2=123greetings&s3=strangedevicepoisedtostartahugescandal&s4=email0&s5=wd5nce7mefat6edoidjmse24 HTTP 302
https://darkagedefense.net/?a=74&c=300&s1=ee123g050123&s2=123greetings&s3=strangedevicepoisedtostartahugescandal&s4=email0&s5=wd5nce7mefat6edoidjmse24&ckmguid=3ca9ee00-48bf-45cc-92d3-0695d1cd9fc5 HTTP 302
https://darkagedefender.com/shocking-truth/NASA?affId=74&c1=ee123g050123&c2=123greetings&c3=strangedevicepoisedtostartahugescandal&id=109582089&affid=74&cid=922&s1=ee123g050123&s2=123greetings&s3=strangedevicepoisedtostartahugescandal&s4=email0&s5=wd5nce7mefat6edoidjmse24&destination=watch/taliban Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 21- https://rp.liadm.com/j?dtstmp=1682950827052&aid=a-052o&se=e30&duid=097170483512--01gzbtzaxeqm160hfzgvztj13f&tna=v2.7.1&pu=https%3A%2F%2Fdarkagedefender.com%2Fshocking-truth%2FNASA%3FaffId%3D74%26c1%3Dee123g050123%26c2%3D123greetings%26c3%3Dstrangedevicepoisedtostartahugescandal%26id%3D109582089%26affid%3D74%26cid%3D922%26s1%3Dee123g050123%26s2%3D123greetings%26s3%3Dstrangedevicepoisedtostartahugescandal%26s4%3Demail0%26s5%3Dwd5nce7mefat6edoidjmse24%26destination%3Dwatch%2Ftaliban&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IiI- HTTP 302
- https://rp4.liadm.com/j?dtstmp=1682950827052&aid=a-052o&se=e30&duid=097170483512--01gzbtzaxeqm160hfzgvztj13f&tna=v2.7.1&pu=https%3A%2F%2Fdarkagedefender.com%2Fshocking-truth%2FNASA%3FaffId%3D74%26c1%3Dee123g050123%26c2%3D123greetings%26c3%3Dstrangedevicepoisedtostartahugescandal%26id%3D109582089%26affid%3D74%26cid%3D922%26s1%3Dee123g050123%26s2%3D123greetings%26s3%3Dstrangedevicepoisedtostartahugescandal%26s4%3Demail0%26s5%3Dwd5nce7mefat6edoidjmse24%26destination%3Dwatch%2Ftaliban&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IiI-&i6=MmEwMzoxYjIwOjY6ZjAxMTo6N2U%3D&n3pc=true
- https://gum.criteo.com/sid/json?origin=onetag&domain=darkagedefender.com&sn=ChromeSyncframe&so=0&topUrl=darkagedefender.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
- https://mug.criteo.com/sid?cpp=N8TLxnxjd1FoS3gzWVRIbHFNSzFyNTBKb2lVbEJ3WDFkOFUvZ0FhZkJibUZDajErNlVaZnkwam9vYloxYXJFSTB2SG4ySGhYYU1ZZjByeDQ1VTU4dVgrMGNUM2xvSVV4enlGam5Yc0FudnFTN003R25vRUNJWTkxNE1FMXJ6WGNtdjFjUHRmQU1YNHBOQ21EbjZhazR0azJtSjR5bHFvaWtuYThKK25nNWR1aXlDNEZyT2t6QzBZWjlldUVlS1IzbmZBMXVUUWRIVGs4VHpFVDVhbnJmalYvSzNFVE45bFFKMFlTNzkrSmNNekd5RmVlSkV3L29Ta0JhSFdSWE14SE02dnhlTlJYNklzS2FsYmg5eE1UKzl4ZGIxMTNSUnBIajVUUVpCRElXTlVydGpGbz18&cppv=2
- https://sslwidget.criteo.com/event?a=97536&v=5.15.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvp%26p%3D1%26tms%3Dcustom-guide&p2=e%3Ddis&adce=1&bundle=LTgKGV9hU0E5SkUlMkZkd0JZJTJCSkh5aDRrTlV0dkxqVlJJQXR2Qm41V1pZVzVrQ3lUb0xVRGozMUdhaFdmcGlnaUhkazBBTEZIMms5T2hDVXNCd3JMT2NMQ2M3QXBtQ3NDcWdTJTJCY2tpWkMlMkJ1bFQxRHNCWVAlMkJqcWdJdkVPJTJCOTdxZjNpenVJYjVyVUlvTVhINiUyRk10M2Q1NlhrbjAlMkJVTiUyRkNSem93YzJ2M1lYNE41WUQlMkZscyUzRA&tld=darkagedefender.com&dy=1&fu=https%253A%252F%252Fdarkagedefender.com%252Fshocking-truth%252FNASA%253FaffId%253D74%2526c1%253Dee123g050123%2526c2%253D123greetings%2526c3%253Dstrangedevicepoisedtostartahugescandal%2526id%253D109582089%2526affid%253D74%2526cid%253D922%2526s1%253Dee123g050123%2526s2%253D123greetings%2526s3%253Dstrangedevicepoisedtostartahugescandal%2526s4%253Demail0%2526s5%253Dwd5nce7mefat6edoidjmse24%2526destination%253Dwatch%252Ftaliban&ceid=220f85e6-dddb-4332-8190-4acaa21d4816&dtycbr=8395 HTTP 302
- https://widget.us.criteo.com/event?a=97536&v=5.15.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvp%26p%3D1%26tms%3Dcustom-guide&p2=e%3Ddis&adce=1&bundle=LTgKGV9hU0E5SkUlMkZkd0JZJTJCSkh5aDRrTlV0dkxqVlJJQXR2Qm41V1pZVzVrQ3lUb0xVRGozMUdhaFdmcGlnaUhkazBBTEZIMms5T2hDVXNCd3JMT2NMQ2M3QXBtQ3NDcWdTJTJCY2tpWkMlMkJ1bFQxRHNCWVAlMkJqcWdJdkVPJTJCOTdxZjNpenVJYjVyVUlvTVhINiUyRk10M2Q1NlhrbjAlMkJVTiUyRkNSem93YzJ2M1lYNE41WUQlMkZscyUzRA&tld=darkagedefender.com&dy=1&fu=https%253A%252F%252Fdarkagedefender.com%252Fshocking-truth%252FNASA%253FaffId%253D74%2526c1%253Dee123g050123%2526c2%253D123greetings%2526c3%253Dstrangedevicepoisedtostartahugescandal%2526id%253D109582089%2526affid%253D74%2526cid%253D922%2526s1%253Dee123g050123%2526s2%253D123greetings%2526s3%253Dstrangedevicepoisedtostartahugescandal%2526s4%253Demail0%2526s5%253Dwd5nce7mefat6edoidjmse24%2526destination%253Dwatch%252Ftaliban&ceid=220f85e6-dddb-4332-8190-4acaa21d4816&dtycbr=8395
- https://x.bidswitch.net/sync?dsp_id=46&user_id=k--70bIIuWZs2ewpBRaGQfpV9dlolBDuS7YHENnQ&expires=30 HTTP 302
- https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k--70bIIuWZs2ewpBRaGQfpV9dlolBDuS7YHENnQ&expires=30
- https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-QMtUP4uWZs2ewpBRaGQfpV9dlokkFRmC2aI77A&google_cm&google_hm=ay1RTXRVUDR1V1pzMmV3cEJSYUdRZnBWOWRsb2trRlJtQzJhSTc3QQ HTTP 302
- https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-QMtUP4uWZs2ewpBRaGQfpV9dlokkFRmC2aI77A&google_gid=CAESEPo8u7JnkfmjXx3AOXePylA&google_cver=1&google_ula=913071,0
- https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 307
- https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID HTTP 302
- https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=1931540562914631455
- https://secure.adnxs.com/setuid?entity=52&code=k-tR6c2ouWZs2ewpBRaGQfpV9dlokHsCt8rNuS4g HTTP 307
- https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-tR6c2ouWZs2ewpBRaGQfpV9dlokHsCt8rNuS4g
- https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-L26Z0YuWZs2ewpBRaGQfpV9dlokN-E-xvRygaQ HTTP 302
- https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-L26Z0YuWZs2ewpBRaGQfpV9dlokN-E-xvRygaQ&verify=true
- https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-saPvZYuWZs2ewpBRaGQfpV9dlon8xtcjvv-Abg HTTP 302
- https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-saPvZYuWZs2ewpBRaGQfpV9dlon8xtcjvv-Abg&C=1
- https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP 302
- https://dpm.demdex.net/ibs:dpid=28645&dpuuid=pXFvx6Dcd2J8IxO0ASkG9ZO6ypKJ9Mvs HTTP 302
- https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=pXFvx6Dcd2J8IxO0ASkG9ZO6ypKJ9Mvs
- https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-E6yH6ouWZs2ewpBRaGQfpV9dlomnmgoNe5RTBQ HTTP 302
- https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-E6yH6ouWZs2ewpBRaGQfpV9dlomnmgoNe5RTBQ
- https://gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40 HTTP 302
- https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=1jp2Fio13fxZ5t5i2rHiDf8wPokj7fjz
- https://gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40 HTTP 302
- https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=QSnl6yZIKXsznM8vVi6JnTuRREujI4OC
79 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
NASA
darkagedefender.com/shocking-truth/ Redirect Chain
|
90 KB 30 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a-052o.min.js
b-code.liadm.com/ |
42 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ld.js
dynamic.criteo.com/js/ld/ |
44 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
133 KB 51 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1.6.26/ |
13 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
global.css
darkagedefender.com/assets/style/ |
14 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
forms.css
darkagedefender.com/assets/style/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
buttons.css
darkagedefender.com/assets/style/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.1/ |
88 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
global.js
darkagedefender.com/assets/scripts/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
shockingTruth.css
darkagedefender.com/assets/style/presells/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pushwoosh-web-notifications.js
cdn.pushwoosh.com/webpush/v3/ |
182 KB 45 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Logo-DAD.svg
darkagedefender.com/assets/images/logos/ |
22 KB 10 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
aftermath.jpg
darkagedefender.com/assets/images/presells/shockingTruth/ |
206 KB 207 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
button.png
darkagedefender.com/assets/images/presells/shockingTruth/ |
19 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
email-decode.min.js
darkagedefender.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
events.js
analytics.tiktok.com/i18n/pixel/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uwt.js
static.ads-twitter.com/ |
56 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
events.js
analytics.tiktok.com/i18n/pixel/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
amplitude-7.2.1-min.gz.js
cdn.amplitude.com/libs/ |
59 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
2 KB 961 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
16 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
j
rp4.liadm.com/ Redirect Chain
|
13 B 551 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/11088581196/ |
3 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2
fonts.gstatic.com/s/oswald/v49/ |
17 KB 18 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
import
darkagedefender.com/ajax/click/ |
77 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
syncframe
gum.criteo.com/ Frame 9C93 |
15 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
api.amplitude.com/ |
7 B 206 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adsct
t.co/1/i/ |
43 B 376 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adsct
analytics.twitter.com/1/i/ |
43 B 724 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sid
mug.criteo.com/ Frame 9C93 Redirect Chain
|
468 B 694 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.MTYwYzA3NDgwMQ.js
analytics.tiktok.com/i18n/pixel/static/ |
256 KB 69 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.com/pagead/1p-user-list/11088581196/ |
42 B 455 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.de/pagead/1p-user-list/11088581196/ |
42 B 455 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
identify_79a0c.js
analytics.tiktok.com/i18n/pixel/static/ |
114 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
pixel
analytics.tiktok.com/api/v2/ |
0 691 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
pixel
analytics.tiktok.com/api/v2/ |
0 691 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
event
widget.us.criteo.com/ Redirect Chain
|
8 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
getConfig
cp.pushwoosh.com/json/1.3/ |
1 KB 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
api.amplitude.com/ |
7 B 205 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
applicationOpen
cp.pushwoosh.com/json/1.3/ |
128 B 465 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sync
x.bidswitch.net/ul_cb/ Frame 32A2 Redirect Chain
|
43 B 345 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame 32A2 Redirect Chain
|
43 B 369 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame 32A2 Redirect Chain
|
43 B 371 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bounce
secure.adnxs.com/ Frame 32A2 Redirect Chain
|
43 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cksync.php
contextual.media.net/ Frame 32A2 |
61 B 801 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tap.php
pixel.rubiconproject.com/ Frame 32A2 |
0 239 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v1
match.sharethrough.com/sync/ Frame 32A2 |
0 359 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
rtb-csync.smartadserver.com/redir/ Frame 32A2 |
43 B 114 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame 32A2 |
0 99 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
um
criteo-sync.teads.tv/ Frame 32A2 |
23 B 172 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xuid
eb2.3lift.com/ Frame 32A2 |
37 B 140 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sync
ups.analytics.yahoo.com/ups/58301/ Frame 32A2 Redirect Chain
|
0 121 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pixel
cm.adform.net/ Frame 32A2 |
43 B 163 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sync
visitor.omnitagjs.com/visitor/ Frame 32A2 |
49 B 235 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rum
r.casalemedia.com/ Frame 32A2 Redirect Chain
|
43 B 766 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
demconf.jpg
dpm.demdex.net/ Frame 32A2 Redirect Chain
|
42 B 942 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
9.gif
id5-sync.com/s/966/ Frame 32A2 |
43 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
match
ad.360yield.com/ul_cb/ Frame 32A2 Redirect Chain
|
43 B 446 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sync
matching.ivitrack.com/ Frame 32A2 |
42 B 274 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
push
exchange.mediavine.com/usersync/ Frame 32A2 |
0 882 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cookie-sync
sync.outbrain.com/ Frame 32A2 |
0 145 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Pug
simage2.pubmatic.com/AdServer/ Frame 32A2 |
42 B 579 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sync
criteo-partners.tremorhub.com/ Frame 32A2 |
43 B 399 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
getusermatch.php
a.twiago.com/rtb/ Frame 32A2 |
43 B 153 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
m
ad.yieldlab.net/ Frame 32A2 |
0 400 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sync
sync-criteo.ads.yieldmo.com/ Frame 32A2 |
0 38 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
manifest.json
darkagedefender.com/ |
868 B 787 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
usermatch.gif
beacon.krxd.net/ Frame 32A2 Redirect Chain
|
0 338 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cs
s.thebrighttag.com/ Frame 32A2 Redirect Chain
|
35 B 268 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
checkDevice
redhotm.pushwoosh.com/json/1.3/ |
145 B 475 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
getInboxMessages
redhotm.pushwoosh.com/json/1.3/ |
92 B 529 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chrome.jpg
cdn.pushwoosh.com/webpush/img/ |
37 KB 38 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chrome_unlock.jpg
cdn.pushwoosh.com/webpush/img/ |
45 KB 45 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
75 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 boolean| credentialless string| TiktokAnalyticsObject object| ttq function| twq function| gtag object| dataLayer object| WebFontConfig object| Criteo object| criteo_q object| LI object| __li__evt_bus object| liQ object| liQ_instances function| $ function| jQuery string| testIP string| deviceType string| ipAddress function| validEmail boolean| exitPopEnabled function| setExitPop function| unsetExitPop function| getCookie function| setCookie function| lightbox function| lity function| getCookieAmplitude function| setCookieAmplitude object| userID object| identify object| amplitude object| WebFont object| google_tag_manager object| google_tag_data object| GooglebQhCsO boolean| pushAvailable boolean| permissionGranted boolean| permissionDenied object| pushTags object| pushEvents number| delay object| Pushwoosh function| promptPush function| hidePushWidget function| showPushWidget function| subscribePush function| unsubscribePush function| onPushSubscribeSuccess function| addPushTags function| addPushEventsBulk function| addPushEvent string| h string| t function| _0x1c7dfa function| _0x3a74 function| _0x29491e function| _0x2259ef function| _0x4013c7 function| _0x24b015 function| _0x39f8 boolean| windowExit object| regeneratorRuntime object| twttr object| webpackJsonp.TiktTokAnalytics object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks60 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
darkagedefender.com/shocking-truth | Name: Affiliate Value: a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22cake%22%3Bs%3A4%3A%22AFID%22%3Bs%3A2%3A%2274%22%3Bs%3A6%3A%22subIDs%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A12%3A%22ee123g050123%22%3Bs%3A2%3A%22s2%22%3Bs%3A12%3A%22123greetings%22%3Bs%3A2%3A%22s3%22%3Bs%3A38%3A%22strangedevicepoisedtostartahugescandal%22%3Bs%3A2%3A%22s4%22%3Bs%3A6%3A%22email0%22%3Bs%3A2%3A%22s5%22%3Bs%3A24%3A%22wd5nce7mefat6edoidjmse24%22%3B%7Ds%3A9%3A%22requestID%22%3Bs%3A9%3A%22109582089%22%3Bs%3A6%3A%22campID%22%3Bs%3A3%3A%22922%22%3B%7D |
|
darkagedefender.com/ajax/click | Name: Affiliate Value: a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22cake%22%3Bs%3A4%3A%22AFID%22%3Bs%3A2%3A%2274%22%3Bs%3A6%3A%22subIDs%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A12%3A%22ee123g050123%22%3Bs%3A2%3A%22s2%22%3Bs%3A12%3A%22123greetings%22%3Bs%3A2%3A%22s3%22%3Bs%3A38%3A%22strangedevicepoisedtostartahugescandal%22%3Bs%3A2%3A%22s4%22%3Bs%3A6%3A%22email0%22%3Bs%3A2%3A%22s5%22%3Bs%3A24%3A%22wd5nce7mefat6edoidjmse24%22%3B%7Ds%3A9%3A%22requestID%22%3Bs%3A9%3A%22109582089%22%3Bs%3A6%3A%22campID%22%3Bs%3A3%3A%22922%22%3B%7D |
|
.tr.howitgoesodown.com/ | Name: 8a3107fc-55c8-48fe-a6ab-8869db79c5a1-v4 Value: RfrjAoUmrbUqCqt43tdD7BA4c8IwvWpPF-QH-9O51Wk |
|
.tr.howitgoesodown.com/ | Name: cc-v4 Value: wXamHHINAAvHaqwJH1EcssYNKf1J6pmFym8jfu5tU8Q5iL6Bl9Sh7Uw852ZPI2F13kMaZ2rEwTWASsYxBF57HWvs6xAP1JV9EgrhmBrG6CAV2RpxpEFMwyI6%2B%2FWY6LXHRDacXe6d9EtymOZfMEoaow%3D%3D |
|
.darkagedefense.net/ | Name: sl Value: rt9WvcrsiIPq6sbnW+71iwPgrRgDG5AuOfCPjJ/0rfyG4HBn/9Tz7Q== |
|
.darkagedefense.net/ | Name: tib Value: 5NLVQKinTtnXR9jhT+LZBUenWg2exlc2iAxesXUi0NwsGSwCUj/9xw== |
|
.darkagedefense.net/ | Name: c35 Value: rt9WvcrsiINHrqCozV6+nDBtGQRqGtGyO8rEKTWfYzOaBTi2irFWZw== |
|
.darkagedefender.com/ | Name: PHPSESSID Value: mt19k7ts711j7v3acld80b65ap |
|
.darkagedefender.com/ | Name: _li_dcdm_c Value: .darkagedefender.com |
|
.darkagedefender.com/ | Name: _lc2_fpi Value: 097170483512--01gzbtzaxeqm160hfzgvztj13f |
|
.darkagedefender.com/ | Name: _gcl_au Value: 1.1.1446597731.1682950827 |
|
.criteo.com/ | Name: uid Value: 864b40bd-2651-4ce1-bb5d-ffd03a9a324d |
|
.darkagedefender.com/ | Name: amp_0a2f9a Value: 1N-HkYOWxvCRPnlNwB2K6Y...1gvbqvb9a.1gvbqvb9j.1.1.2 |
|
.tiktok.com/ | Name: _ttp Value: 2PCAjoJgH2of9RdWRe7y4gL52zv |
|
.t.co/ | Name: muc_ads Value: 650b5238-6c3d-45ea-8bdc-a2cbdb5ad730 |
|
.liadm.com/ | Name: lidid Value: 18f4aa3c-e4ba-4ea2-90af-23943bbcaced |
|
.twitter.com/ | Name: guest_id_marketing Value: v1%3A168295082747755402 |
|
.twitter.com/ | Name: guest_id_ads Value: v1%3A168295082747755402 |
|
.twitter.com/ | Name: personalization_id Value: "v1_GQC52A94UwbuPD7sFc9fwQ==" |
|
.twitter.com/ | Name: guest_id Value: v1%3A168295082747755402 |
|
.darkagedefender.com/ | Name: _tt_enable_cookie Value: 1 |
|
.darkagedefender.com/ | Name: _ttp Value: jS09lQFF-wf62ZXPPB0eKtDdCiO |
|
.darkagedefender.com/ | Name: cto_bundle Value: LTgKGV9hU0E5SkUlMkZkd0JZJTJCSkh5aDRrTlV0dkxqVlJJQXR2Qm41V1pZVzVrQ3lUb0xVRGozMUdhaFdmcGlnaUhkazBBTEZIMms5T2hDVXNCd3JMT2NMQ2M3QXBtQ3NDcWdTJTJCY2tpWkMlMkJ1bFQxRHNCWVAlMkJqcWdJdkVPJTJCOTdxZjNpenVJYjVyVUlvTVhINiUyRk10M2Q1NlhrbjAlMkJVTiUyRkNSem93YzJ2M1lYNE41WUQlMkZscyUzRA |
|
match.sharethrough.com/ | Name: AWSALBCORS Value: WlvubWq7wJM0bQ1umxIf2tKBvV6OPZ0Kx3frabv/UkJxENkw0gDG1dBZAajOsbmIoeRabvEBUb1X5E2/JyfElTcPzlb74kvgcXw4NWiC8xsMz3oWbbkbGICWJnSc |
|
.adnxs.com/ | Name: uuid2 Value: 7982490433739780407 |
|
.adnxs.com/ | Name: anj Value: dTM7k!M4/rCxrEQF']wIg2E>3ja@Ap!]tbPl@/D!9hy6]/Cv[(fAU!rcKN)UkM72CcfYa_7^[zagZGMq8QQxhaay8e^?Jq[C!yv/wNX?V*bpRz*qF1`*bdYp+uWIe |
|
.bidswitch.net/ | Name: tuuid Value: 4838cf9e-cd9f-4554-99d2-6db5395e37f7 |
|
.bidswitch.net/ | Name: c Value: 1682950828 |
|
.bidswitch.net/ | Name: tuuid_lu Value: 1682950828 |
|
.media.net/ | Name: visitor-id Value: 3259524288400128000V10 |
|
.media.net/ | Name: data-c-ts Value: 1682950828 |
|
.media.net/ | Name: data-c Value: k-JAQyfouWZs2ewpBRaGQfpV9dlomw6QQO7RBk5A~~3 |
|
.id5-sync.com/ | Name: cf Value: |
|
.id5-sync.com/ | Name: cip Value: |
|
.id5-sync.com/ | Name: cnac Value: |
|
.id5-sync.com/ | Name: car Value: |
|
.id5-sync.com/ | Name: gdpr Value: |
|
.id5-sync.com/ | Name: callback Value: |
|
.doubleclick.net/ | Name: IDE Value: AHWqTUkvPiQzkzzPmRScTNgcUPRUJ3zhpYtjjW5we4V7wXKb3CtqhqZap3fcGwX-4Qo |
|
.yahoo.com/ | Name: A3 Value: d=AQABBKzKT2QCEFKh_eRQwRZjUGAi2nbGtXkFEgEBAQEcUWRZZAAAAAAA_eMAAA&S=AQAAAgC3RkxtdbEcgFYvMEXKtrI |
|
.demdex.net/ | Name: demdex Value: 59775954236231720110057038044682260679 |
|
exchange.mediavine.com/ | Name: mv_tokens Value: %7B%22mv_uuid%22%3A%22528ec740-e82b-11ed-9661-ef1a5b61d947%22%2C%22version%22%3A%22eu-v1%22%7D |
|
exchange.mediavine.com/ | Name: mv_tokens_eu-v1 Value: %7B%22mv_uuid%22%3A%22528ec740-e82b-11ed-9661-ef1a5b61d947%22%2C%22version%22%3A%22eu-v1%22%7D |
|
exchange.mediavine.com/ | Name: am_tokens Value: %7B%22mv_uuid%22%3A%22528ec740-e82b-11ed-9661-ef1a5b61d947%22%2C%22version%22%3A%22eu-v1%22%7D |
|
exchange.mediavine.com/ | Name: am_tokens_eu-v1 Value: %7B%22mv_uuid%22%3A%22528ec740-e82b-11ed-9661-ef1a5b61d947%22%2C%22version%22%3A%22eu-v1%22%7D |
|
exchange.mediavine.com/ | Name: criteo Value: %7B%22id%22%3A%22k-EM9mPYuWZs2ewpBRaGQfpV9dlolSzABu2GDA1A%22%2C%22version%22%3A%22criteo%22%7D |
|
.analytics.yahoo.com/ | Name: IDSYNC Value: 18zh~2bee |
|
.dpm.demdex.net/ | Name: dpm Value: 59775954236231720110057038044682260679 |
|
.pubmatic.com/ | Name: KRTBCOOKIE_97 Value: 3385-uid:k-CUVLo4uWZs2ewpBRaGQfpV9dlolYFW9GAYxoNg&KRTB&23144-uid:k-CUVLo4uWZs2ewpBRaGQfpV9dlolYFW9GAYxoNg&KRTB&23286-uid:k-CUVLo4uWZs2ewpBRaGQfpV9dlolYFW9GAYxoNg&KRTB&23287-uid:k-CUVLo4uWZs2ewpBRaGQfpV9dlolYFW9GAYxoNg |
|
.pubmatic.com/ | Name: PugT Value: 1682950827 |
|
.360yield.com/ | Name: tuuid Value: 7a92c59f-7562-42cd-ac33-752b0948cf84 |
|
.360yield.com/ | Name: tuuid_lu Value: 1682950828 |
|
.360yield.com/ | Name: um Value: !38,J0QnpsgFI7ShF2E5otQ3QgyjDvw8Oaxj-1APE1o8d6T8usJ.6CHw.8B-vsqIDJt.ooVsk1RC,1690726828 |
|
.360yield.com/ | Name: umeh Value: !38,0,1745158828,-1 |
|
.casalemedia.com/ | Name: CMID Value: ZE-KrKbnDAZu-dAN4PP1YAAA |
|
.casalemedia.com/ | Name: CMPS Value: 5166 |
|
.casalemedia.com/ | Name: CMPRO Value: 5166 |
|
.krxd.net/ | Name: _kuid_ Value: Ph0wJ3AU |
|
.tremorhub.com/ | Name: tvid Value: 269d489d7c574776a4b47d8311c1a119 |
|
.tremorhub.com/ | Name: tv_UICR Value: k-yb9I6ouWZs2ewpBRaGQfpV9dlokHDA3AMWvyow |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
a.twiago.com
ad.360yield.com
ad.yieldlab.net
ajax.googleapis.com
analytics.tiktok.com
analytics.twitter.com
api.amplitude.com
b-code.liadm.com
beacon.krxd.net
cdn.amplitude.com
cdn.pushwoosh.com
cm.adform.net
cm.g.doubleclick.net
contextual.media.net
cp.pushwoosh.com
criteo-partners.tremorhub.com
criteo-sync.teads.tv
darkagedefender.com
darkagedefense.net
dbhtrkg.com
dis.criteo.com
dpm.demdex.net
dynamic.criteo.com
eb2.3lift.com
exchange.mediavine.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
id5-sync.com
match.sharethrough.com
matching.ivitrack.com
mug.criteo.com
pixel.rubiconproject.com
r.casalemedia.com
redhotm.pushwoosh.com
rp.liadm.com
rp4.liadm.com
rtb-csync.smartadserver.com
s.thebrighttag.com
secure.adnxs.com
simage2.pubmatic.com
sslwidget.criteo.com
static.ads-twitter.com
sync-criteo.ads.yieldmo.com
sync-t1.taboola.com
sync.outbrain.com
t.co
tr.howitgoesodown.com
ups.analytics.yahoo.com
visitor.omnitagjs.com
widget.us.criteo.com
www.google.com
www.google.de
www.googletagmanager.com
www.upqws.com
x.bidswitch.net
104.102.35.84
104.244.42.131
104.244.42.197
13.32.27.125
141.226.228.48
142.250.186.162
146.75.116.157
162.19.138.119
178.250.1.9
178.250.7.11
178.250.7.13
18.184.38.55
185.255.84.152
185.64.189.110
185.80.39.216
185.86.139.104
185.89.210.82
195.201.193.122
2.23.209.2
23.215.16.120
2600:1f18:612b:4264:6c:c3c9:9f4:8015
2600:1f18:730:b120:ab75:64db:b6e2:17e3
2600:9000:223c:6200:8:8845:1500:93a1
2606:4700:3032::ac43:82f1
2a00:1450:4001:806::200a
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:80e::2008
2a00:1450:4001:80f::2003
2a00:1450:4001:810::200a
2a00:1450:4001:831::2004
2a02:2638:d::10
2a02:2638:d::d
2a06:98c1:3120::3
3.123.206.176
3.135.56.161
3.64.135.86
3.75.62.37
34.117.157.22
34.250.66.43
35.158.70.251
37.157.6.252
37.252.171.52
44.194.121.192
52.10.73.64
52.222.206.6
52.48.226.112
54.72.52.2
54.76.7.236
54.84.34.24
64.202.112.127
69.173.144.139
74.119.119.150
76.223.111.18
85.215.5.31
88.198.209.124
88.198.239.117
88.221.168.23
1a2faad9e23a45680077cababac9ebb83650d946ccdb4513424c5f703eb07ef6
1d9d7ae5da2739bb3c90c97c41799f0555a7711122deebad64ff48789b30671e
1e60e30e3c53f6fcec5bb79f04330358502edb75329e9bdf4c78f96711f0e5e0
1e8af1c8306411c684130fcf7d46fa10b1906898bcc781a822e5d4a38ae2cce8
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
3236ffaf384946e839d440c279b625f5f3068c6fa0ec9836271b28b85e537e27
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
353f88bfbade832c52165a0e7593a6c8ee486a753be310c285ef8a75a83e500e
374658f922905e087f6bc61a44c7a64357b408e875caf37e9e2e2b8478493e76
3dbe5712642fb53d3f716ec989adeaef00c95124c5baec6e8503c9f8fdfd8902
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4cf6e848e33259be37270940325f323d4a3a9c4a324ee8e9653c200b02181726
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
50fc5d546ac8f254511a4821f68a58da891c832e6f46db27c9b9195df5480c84
51f34be76200c4d35c36a9217a9845151477ae582502f7d598f57bd63a2bb51d
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc
5ca2a7a09d966893ef7cf9284c7b05f734aeb2d8613378f2ddfc0d36d3755028
6297213a68d2b752267a3db9e14c7f4840fc8d0b8e427663fa1a87d04f398241
66953ec36df0521f570c15ba683310ed68e95ddb31f41b9db9e4108e2db29423
6a976576c30c8355b268f0503b84d260c4f3856bc7b5ce55cacc0ff4b5904595
6b6d0e0d3385c7c5ee6ff76f605dc36e75955184ee8325a0a4c567960ce2505c
6cc759c6e538f6034931582f29727b31eb4dfe51eb9e600d409f18b41fb820ff
7941bdd6e9a47deed782bab18eccfbf84a7bb77fdabdf6fb264c2ad070074f8b
7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e
7e31677f0b54b5fd213474d196a4a43bf13122bd317d160ad470ef0c566a25f0
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8e15ff0823504cea6a1c8d9ecb5de7d2611188249944c97e88ea94789b028f41
8ef70c0e19db7c821befe0d370e7034c398129d3b959429f5a435f1cefa5d2be
97cf4206e208ceee4baa88c1d02f47176d84c5c84f85f63bca9d23aa9f077dc4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
ab124775fec26df3819b69e6ddbad542a2c52602d5958c8af915563ef268e75a
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bda0488cafa2fa2eac0079294db23250768172ab0e36269db46a1fdc99d51f67
c29f41d6ce230b713eeb2d0eab37b29927acb50b69e4bb52b4084250a25b5a55
c414737386a55fa1d726ea0c68759c0102c271dcdc5eb41ce5363e8399fc12d5
c9c4b6ee5cd74a8dae3caa85f95678aa592c060d18c6f21e37c0d0e1446dc4af
cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7
cef0a3ffb6993fc1ec7b5b67a16377ec1ec0a858b3cabb834033d7458ff0e4bc
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
d8543b5dcaea1fc4a0301dc12b5b2adc9079e0794dd6a45879588fb844f3438e
dea63765705d7439ed85c21f5e64f4bc9cb552d0f3973c9f850aa8491948a6b0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8e00cef9a7ac838c6205af9ec481fe96cbc6e7282163d97d166edf074b6f893
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef6e13231ec40eac8229a1af785e63b6e9b501d10e2b99fa6c301ddebd983692
efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f97d20080e34ce65b3bb63c8b226cda930d457ac7ed4f8494199025b3dc5c905