pub-12ee0805977e4835ba4d2f46d0be1f20.r2.dev
Open in
urlscan Pro
104.18.2.35
Malicious Activity!
Public Scan
URL:
https://pub-12ee0805977e4835ba4d2f46d0be1f20.r2.dev/tm.htm
Submission: On August 04 via api from CA — Scanned from CA
Submission: On August 04 via api from CA — Scanned from CA
Summary
This website contacted 14 IPs
in 2 countries
across 13 domains to perform 44 HTTP transactions.
The main IP is 104.18.2.35, located in
and
belongs to CLOUDFLARENET, US.
The main domain is pub-12ee0805977e4835ba4d2f46d0be1f20.r2.dev.
TLS certificate: Issued by E1 on June 15th 2023. Valid for: 3 months.
This is the only time pub-12ee0805977e4835ba4d2f46d0be1f20.r2.dev was scanned on urlscan.io!
TLS certificate: Issued by E1 on June 15th 2023. Valid for: 3 months.
This is the only time pub-12ee0805977e4835ba4d2f46d0be1f20.r2.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Yahoo (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 | 104.18.2.35 104.18.2.35 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 22 | 69.147.92.12 69.147.92.12 | 10310 (YAHOO-1) (YAHOO-1) | |
| 1 | 66.218.87.15 66.218.87.15 | 26101 (YAHOO-BF1) (YAHOO-BF1) | |
| 1 | 152.199.24.48 152.199.24.48 | 15133 (EDGECAST) (EDGECAST) | |
| 1 | 34.236.83.94 34.236.83.94 | 14618 (AMAZON-AES) (AMAZON-AES) | |
| 2 | 3.92.156.8 3.92.156.8 | 14618 (AMAZON-AES) (AMAZON-AES) | |
| 4 10 | 34.200.65.202 34.200.65.202 | 14618 (AMAZON-AES) (AMAZON-AES) | |
| 1 | 52.203.193.166 52.203.193.166 | 14618 (AMAZON-AES) (AMAZON-AES) | |
| 4 5 | 172.217.13.162 172.217.13.162 | 15169 (GOOGLE) (GOOGLE) | |
| 3 | 52.86.94.138 52.86.94.138 | 14618 (AMAZON-AES) (AMAZON-AES) | |
| 1 1 | 204.79.197.200 204.79.197.200 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
| 3 3 | 8.28.7.82 8.28.7.82 | 62713 (AS-PUBMATIC) (AS-PUBMATIC) | |
| 1 1 | 162.248.18.37 162.248.18.37 | 62713 (AS-PUBMATIC) (AS-PUBMATIC) | |
| 1 1 | 162.248.18.34 162.248.18.34 | 62713 (AS-PUBMATIC) (AS-PUBMATIC) | |
| 1 | 68.67.160.132 68.67.160.132 | 29990 (ASN-APPNEX) (ASN-APPNEX) | |
| 3 4 | 52.223.22.214 52.223.22.214 | 16509 (AMAZON-02) (AMAZON-02) | |
| 3 3 | 15.197.193.217 15.197.193.217 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 1 | 69.173.151.100 69.173.151.100 | 26667 (RUBICONPR...) (RUBICONPROJECT) | |
| 1 1 | 74.119.119.73 74.119.119.73 | 19750 (AS-CRITEO) (AS-CRITEO) | |
| 1 | 74.119.119.150 74.119.119.150 | 19750 (AS-CRITEO) (AS-CRITEO) | |
| 1 2 | 142.250.65.198 142.250.65.198 | 15169 (GOOGLE) (GOOGLE) | |
| 44 | 14 |
22
69.147.92.12
(Ashburn, United States)
ASN10310 (YAHOO-1, US)
PTR: e2.ycpi.vip.dca.yahoo.com
ASN10310 (YAHOO-1, US)
PTR: e2.ycpi.vip.dca.yahoo.com
| s.yimg.com | |
| fc.yahoo.com | |
| cdn.js7k.com |
1
66.218.87.15
(United States)
ASN26101 (YAHOO-BF1, US)
PTR: media-router-brb71.prod.media.vip.bf1.yahoo.com
ASN26101 (YAHOO-BF1, US)
PTR: media-router-brb71.prod.media.vip.bf1.yahoo.com
| 3p-udc.yahoo.com |
1
34.236.83.94
(Ashburn, United States)
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-236-83-94.compute-1.amazonaws.com
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-236-83-94.compute-1.amazonaws.com
| oao-js-tag.onemobile.yahoo.com |
2
3.92.156.8
(Ashburn, United States)
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-92-156-8.compute-1.amazonaws.com
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-92-156-8.compute-1.amazonaws.com
| us-east-1-web-oao.ssp.yahoo.com |
10
34.200.65.202
(Ashburn, United States)
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-65-202.compute-1.amazonaws.com
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-65-202.compute-1.amazonaws.com
| service.idsync.analytics.yahoo.com | |
| ups.analytics.yahoo.com |
1
52.203.193.166
(Ashburn, United States)
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-203-193-166.compute-1.amazonaws.com
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-203-193-166.compute-1.amazonaws.com
| onevideosync.uplynk.com |
5
172.217.13.162
(United States)
ASN15169 (GOOGLE, US)
PTR: yul03s04-in-f2.1e100.net
ASN15169 (GOOGLE, US)
PTR: yul03s04-in-f2.1e100.net
| cm.g.doubleclick.net |
3
52.86.94.138
(Ashburn, United States)
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-86-94-138.compute-1.amazonaws.com
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-86-94-138.compute-1.amazonaws.com
| pr-bh.ybp.yahoo.com |
1
204.79.197.200
(United States)
ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
PTR: a-0001.a-msedge.net
ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
PTR: a-0001.a-msedge.net
| c.bing.com |
1
68.67.160.132
(New York, United States)
ASN29990 (ASN-APPNEX, US)
PTR: 674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
ASN29990 (ASN-APPNEX, US)
PTR: 674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
| ib.adnxs.com |
4
52.223.22.214
(Seattle, United States)
ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com
ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com
| eb2.3lift.com |
3
15.197.193.217
(Seattle, United States)
ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
| match.adsrvr.org |
2
142.250.65.198
(United States)
ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f6.1e100.net
ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f6.1e100.net
| ad.doubleclick.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 20 |
yimg.com
s.yimg.com — Cisco Umbrella Rank: 572 |
1 MB |
| 19 |
yahoo.com
4 redirects
3p-udc.yahoo.com — Cisco Umbrella Rank: 12274 fc.yahoo.com — Cisco Umbrella Rank: 3637 opus.analytics.yahoo.com — Cisco Umbrella Rank: 3129 oao-js-tag.onemobile.yahoo.com — Cisco Umbrella Rank: 10338 us-east-1-web-oao.ssp.yahoo.com — Cisco Umbrella Rank: 3469 service.idsync.analytics.yahoo.com — Cisco Umbrella Rank: 1620 ups.analytics.yahoo.com — Cisco Umbrella Rank: 329 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 491 |
21 KB |
| 7 |
doubleclick.net
5 redirects
cm.g.doubleclick.net — Cisco Umbrella Rank: 244 ad.doubleclick.net — Cisco Umbrella Rank: 196 |
3 KB |
| 5 |
pubmatic.com
5 redirects
image8.pubmatic.com — Cisco Umbrella Rank: 713 image2.pubmatic.com — Cisco Umbrella Rank: 1030 image4.pubmatic.com — Cisco Umbrella Rank: 1270 |
2 KB |
| 4 |
3lift.com
3 redirects
eb2.3lift.com — Cisco Umbrella Rank: 429 |
2 KB |
| 3 |
adsrvr.org
3 redirects
match.adsrvr.org — Cisco Umbrella Rank: 385 |
1 KB |
| 2 |
criteo.com
1 redirects
ssp-sync.criteo.com — Cisco Umbrella Rank: 1214 dis.criteo.com — Cisco Umbrella Rank: 664 |
772 B |
| 2 |
r2.dev
pub-12ee0805977e4835ba4d2f46d0be1f20.r2.dev |
16 KB |
| 1 |
rubiconproject.com
1 redirects
pixel.rubiconproject.com — Cisco Umbrella Rank: 393 |
821 B |
| 1 |
adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 265 |
520 B |
| 1 |
bing.com
1 redirects
c.bing.com — Cisco Umbrella Rank: 224 |
628 B |
| 1 |
uplynk.com
onevideosync.uplynk.com — Cisco Umbrella Rank: 4552 |
195 B |
| 1 |
js7k.com
cdn.js7k.com — Cisco Umbrella Rank: 1441 |
16 KB |
| 44 | 13 |
| Domain | Requested by | |
|---|---|---|
| 20 | s.yimg.com |
pub-12ee0805977e4835ba4d2f46d0be1f20.r2.dev
s.yimg.com fc.yahoo.com oao-js-tag.onemobile.yahoo.com |
| 8 | ups.analytics.yahoo.com |
4 redirects
s.yimg.com
|
| 5 | cm.g.doubleclick.net |
4 redirects
s.yimg.com
|
| 4 | eb2.3lift.com |
3 redirects
s.yimg.com
|
| 3 | match.adsrvr.org | 3 redirects |
| 3 | image8.pubmatic.com | 3 redirects |
| 3 | pr-bh.ybp.yahoo.com |
s.yimg.com
|
| 2 | ad.doubleclick.net |
1 redirects
s.yimg.com
|
| 2 | service.idsync.analytics.yahoo.com |
s.yimg.com
oao-js-tag.onemobile.yahoo.com |
| 2 | us-east-1-web-oao.ssp.yahoo.com |
s.yimg.com
oao-js-tag.onemobile.yahoo.com |
| 2 | pub-12ee0805977e4835ba4d2f46d0be1f20.r2.dev |
s.yimg.com
|
| 1 | dis.criteo.com |
s.yimg.com
|
| 1 | ssp-sync.criteo.com | 1 redirects |
| 1 | pixel.rubiconproject.com | 1 redirects |
| 1 | ib.adnxs.com |
s.yimg.com
|
| 1 | image4.pubmatic.com | 1 redirects |
| 1 | image2.pubmatic.com | 1 redirects |
| 1 | c.bing.com | 1 redirects |
| 1 | onevideosync.uplynk.com |
s.yimg.com
|
| 1 | cdn.js7k.com |
s.yimg.com
|
| 1 | oao-js-tag.onemobile.yahoo.com |
s.yimg.com
|
| 1 | opus.analytics.yahoo.com |
s.yimg.com
|
| 1 | fc.yahoo.com |
s.yimg.com
|
| 1 | 3p-udc.yahoo.com |
s.yimg.com
|
| 44 | 24 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| uk.yahoo.com |
| help.yahoo.com |
| www.verizonmedia.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.r2.dev E1 |
2023-06-15 - 2023-09-13 |
3 months | crt.sh |
| *.api.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA |
2023-07-03 - 2023-08-23 |
2 months | crt.sh |
| yahoo.com DigiCert SHA2 High Assurance Server CA |
2023-05-02 - 2023-10-25 |
6 months | crt.sh |
| opus.analytics.yahoo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-04-27 - 2024-05-27 |
a year | crt.sh |
| web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA |
2023-05-23 - 2023-11-15 |
6 months | crt.sh |
| ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA |
2023-07-18 - 2024-01-10 |
6 months | crt.sh |
| onevideosync.uplynk.com DigiCert SHA2 High Assurance Server CA |
2023-05-10 - 2023-08-09 |
3 months | crt.sh |
This page contains 5 frames:
Primary Page:
https://pub-12ee0805977e4835ba4d2f46d0be1f20.r2.dev/tm.htm
Frame ID: E86C8EBC226FF330CEE177CCC5463BED
Requests: 18 HTTP requests in this frame
Frame:
https://s.yimg.com/rq/darla/4-11-1/html/r-csc.html
Frame ID: 9CDF8425FF72FD6B4431C7026C5C63F7
Requests: 1 HTTP requests in this frame
Frame:
https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html
Frame ID: CB52FD5C7FA94E3BCCD8CBEB8082C07E
Requests: 20 HTTP requests in this frame
Frame:
https://s.yimg.com/cv/apiv2/default/houseAdsExchange/index.html?geo=us&size=1440x1024&pe=aonly
Frame ID: 77DDBAE3A29C1153EA308627FE5377C4
Requests: 2 HTTP requests in this frame
Frame:
https://s.yimg.com/cv/apiv2/default/20181213/DCM_AV_US_No_Targeting_SUSI_Filler_Mail_Login_Users__1440x1024_Static_Dont_Mess_Platform___Yahoo_Mail_Plus_yonly.html
Frame ID: BAC3388108DC534DAD2792978E1CD000
Requests: 3 HTTP requests in this frame
4 Outgoing links
These are links going to different origins than the main page.
URL: https://uk.yahoo.com/
Search URL Search Domain Scan URL
URL: https://help.yahoo.com/kb/index?locale=zh_HK&page=product&y=PROD_ACCT
Title: Help
Title: Help
Search URL Search Domain Scan URL
URL: https://www.verizonmedia.com/policies/ie/en/verizonmedia/terms/otos/index.html
Title: Terms
Title: Terms
Search URL Search Domain Scan URL
URL: https://www.verizonmedia.com/policies/ie/en/verizonmedia/privacy/index.html
Title: Privacy
Title: Privacy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 28- https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1nWVJhS1NORTJ1RXFxVXpIQzVaR0I2UUNMTk1ZQVJOdX5B&gdpr=0&gdpr_consent=&gpp=&gpp_sid= HTTP 302
- https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1nWVJhS1NORTJ1RXFxVXpIQzVaR0I2UUNMTk1ZQVJOdX5B&gdpr=0&gdpr_consent=&gpp=&gpp_sid=&google_tc=
- https://ups.analytics.yahoo.com/ups/56465/sync?_origin=0&redir=true&gpp=&gpp_sid= HTTP 302
- https://pr-bh.ybp.yahoo.com/sync/adtech/y-C8VwmglE2uLZt8IfZMRAyWAW61KtAzM-~A
- https://c.bing.com/c.gif?Red3=OATHMS_pd&gdpr=0&gdpr_consent=&gpp=&gpp_sid= HTTP 302
- https://pr-bh.ybp.yahoo.com/sync/msn/126D0FAE5F8162A207941CCD5E2B63F2
- https://image8.pubmatic.com/AdServer/ImgSync?p=156078&gdpr=0&gdpr_consent=&gpp_sid=&gpp=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D156078%26xid%3Dy-VQUTPFBE2uWJcslFlCfJe4UeekQokpo-~A%26gdpr%3d0%26gdpr_consent%3d%26gpp_sid%3D%26gpp%3D%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fups.analytics.yahoo.com%252Fups%252F58292%252Fsync%253F_origin%253D0%2526gdpr%253D0%2526gdpr_consent%253D%2526gpp_sid%253D%2526gpp%253D%2526uid%253D%2523PMUID%2526redir2%253Dtrue HTTP 302
- https://image8.pubmatic.com/AdServer/ImgSync?p=156078&gdpr=0&gdpr_consent=&gpp_sid=&gpp=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D156078%26xid%3Dy-VQUTPFBE2uWJcslFlCfJe4UeekQokpo-~A%26gdpr%3d0%26gdpr_consent%3d%26gpp_sid%3D%26gpp%3D%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fups.analytics.yahoo.com%252Fups%252F58292%252Fsync%253F_origin%253D0%2526gdpr%253D0%2526gdpr_consent%253D%2526gpp_sid%253D%2526gpp%253D%2526uid%253D%2523PMUID%2526redir2%253Dtrue&rdf=1 HTTP 302
- https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QUIzNzU4QjYtMkYxRi00RDM2LUIyNDAtNjZEMEE2RDU1QjE4&gdpr=0&gdpr_consent= HTTP 302
- https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
- https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY} HTTP 302
- https://image4.pubmatic.com/AdServer/SPug?gdpr=0&gdpr_consent=&gpp=&gpp_sid=&partnerID=156078&pmc=1&pr=https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F58292%2Fsync%3F_origin%3D0%26gdpr%3D0%26gdpr_consent%3D%26gpp_sid%3D%26gpp%3D%26uid%3DAB3758B6-2F1F-4D36-B240-66D0A6D55B18%26redir2%3Dtrue&us_privacy=%24%7BUS_PRIVACY%7D&xid=y-VQUTPFBE2uWJcslFlCfJe4UeekQokpo-~A HTTP 302
- https://ups.analytics.yahoo.com/ups/58292/sync?_origin=0&gdpr=0&gdpr_consent=&gpp_sid=&gpp=&uid=AB3758B6-2F1F-4D36-B240-66D0A6D55B18&redir2=true HTTP 302
- https://pr-bh.ybp.yahoo.com/sync/pubmatic/AB3758B6-2F1F-4D36-B240-66D0A6D55B18&gdpr=0
- https://ups.analytics.yahoo.com/ups/58230/sync?_origin=0&redir=true&gdpr=0&gdpr_consent=&gpp=&gpp_sid= HTTP 302
- https://ib.adnxs.com/prebid/setuid?bidder=verizonmedia&uid=y-HJlGGbBE2uFqTkkAdsVZ68OhdSLaRw--~A&gdpr=0
- https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1tckRvTGc1RTJ1RVBmMEN5WGpONEtrVmlRMm5nUFhPbH5B&gdpr=0&gdpr_consent=&_origin=0&gpp=&gpp_sid= HTTP 302
- https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1tckRvTGc1RTJ1RVBmMEN5WGpONEtrVmlRMm5nUFhPbH5B&gdpr=0&gdpr_consent=&_origin=0&gpp=&gpp_sid=&google_tc= HTTP 302
- https://ups.analytics.yahoo.com/ups/58281/sync?redir=false&gdpr=0&gdpr_consent=&_origin=0&gpp=&gpp_sid=
- https://eb2.3lift.com/getuid?&gdpr=0&cmp_cs=&gpp_sid=&gpp=&redir=https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F58382%2Fsync%3F_origin%3D0%26ums2%3D0%26redir%3Dtrue%26uid%3D%24UID%26gdpr%3D0%26gdpr_consent%3D%26gpp_sid%3D%26gpp%3D HTTP 302
- https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F58382%2Fsync%3F_origin%3D0%26ums2%3D0%26redir%3Dtrue%26uid%3D%24UID%26gdpr%3D0%26gdpr_consent%3D%26gpp_sid%3D%26gpp%3D HTTP 302
- https://ups.analytics.yahoo.com/ups/58382/sync?_origin=0&ums2=0&redir=true&uid=2026982973523089014325&gdpr=0&gdpr_consent=&gpp_sid=&gpp= HTTP 302
- https://eb2.3lift.com/sync?px=1&gdpr=0&axid=y-akrAuNxE2uJSHmn9EDHytXJZGa699n0a~A&ums2=1 HTTP 302
- https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
- https://eb2.3lift.com/xuid?mid=3658&xuid=b2414cb2-beef-4da0-bc8b-11032090259d&dongle=0cfd&gdpr=0&gdpr_consent=
- https://match.adsrvr.org/track/cmf/generic?ttd_pid=aoladtech&gdpr=0&gdpr_consent=&gpp=&gpp_sid= HTTP 302
- https://match.adsrvr.org/track/cmb/generic?ttd_pid=aoladtech&gdpr=0&gdpr_consent=&gpp=&gpp_sid= HTTP 302
- https://ups.analytics.yahoo.com/ups/55953/sync?uid=b2414cb2-beef-4da0-bc8b-11032090259d&_origin=0&gdpr=0&gdpr_consent=
- https://pixel.rubiconproject.com/exchange/sync.php?p=oath&gdpr=0&gdpr_consent=&gpp=&gpp_sid= HTTP 302
- https://ups.analytics.yahoo.com/ups/58160/sync?_origin=0&uid=LKWQ7X1V-1V-EHPT&gdpr=0
- https://ssp-sync.criteo.com/user-sync/redirect?profile=73&gdprapplies=0&gdpr=&gpp=&gpp_sid= HTTP 302
- https://dis.criteo.com/dis/usersync.aspx?r=12&p=73&dis=0&url=https%3a%2f%2fssp-sync.criteo.com%2fuser-sync%2fredirect%3fprofile%3d73%26gdprapplies%3d0%26gdpr%3d%26gpp%3d%26gpp_sid%3d%26uid%3d%40%40CRITEO_USERID%40%40%26dised%3dtrue&gdpr=&gdpr_consent=&gpp=
- https://ad.doubleclick.net/ddm/trackimp/N360801.1913355YAHOOADMANAGER/B23644564.347394095;dc_trk_aid=537850690;dc_trk_cid=178313166;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd= HTTP 302
- https://ad.doubleclick.net/ddm/trackimp/N360801.1913355YAHOOADMANAGER/B23644564.347394095;dc_pre=CNi78Mmlw4ADFcm5nwodPpAFtA;dc_trk_aid=537850690;dc_trk_cid=178313166;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=
44 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
tm.htm
pub-12ee0805977e4835ba4d2f46d0be1f20.r2.dev/ |
40 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
yahoo-main.css
s.yimg.com/wm/mbr/2d60832854c4065ca1288f070ffba14e0e4a2577/ |
475 KB 104 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png
s.yimg.com/rz/p/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
yahoo_frontpage_en-US_s_f_w_bestfit_frontpage_2x.png
s.yimg.com/rz/p/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rapid-3.53.30.js
s.yimg.com/ss/ |
49 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bundle.js
s.yimg.com/wm/mbr/2d60832854c4065ca1288f070ffba14e0e4a2577/ |
179 KB 49 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Yahoo_Sans-Regular.woff2
s.yimg.com/cv/ae/sports/fonts/2017/ |
28 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
hide-v0.0.1.svg
s.yimg.com/wm/mbr/images/ |
860 KB 646 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
checkbox-checked.svg
s.yimg.com/wm/mbr/images/ |
1 KB 912 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Yahoo_Sans-Semibold.woff2
s.yimg.com/cv/ae/sports/fonts/2017/ |
28 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Yahoo_Sans-Medium.woff2
s.yimg.com/cv/ae/sports/fonts/2017/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Yahoo_Sans-ExtraBold.woff2
s.yimg.com/cv/ae/sports/fonts/2017/ |
28 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
yql
3p-udc.yahoo.com/v2/public/ |
0 553 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
client.php
fc.yahoo.com/sdarla/php/ |
12 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
boot.js
s.yimg.com/rq/darla/ |
7 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
g-r-min.js
s.yimg.com/rq/darla/4-11-1/js/ |
204 KB 86 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
opus.js
opus.analytics.yahoo.com/tag/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
r-csc.html
s.yimg.com/rq/darla/4-11-1/html/ Frame 9CDF |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
r-sf.html
s.yimg.com/rq/darla/4-11-1/html/ Frame CB52 |
2 KB 963 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sfext-min.js
s.yimg.com/rq/darla/4-11-1/js/ Frame CB52 |
63 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
adServe.do
oao-js-tag.onemobile.yahoo.com/admax/ Frame CB52 |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
adEvent.do
us-east-1-web-oao.ssp.yahoo.com/admax/ Frame CB52 |
43 B 317 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
pixels
service.idsync.analytics.yahoo.com/sp/v0/ Frame CB52 |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
talon-1.0.40.js
cdn.js7k.com/ix/ Frame CB52 |
69 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
index.html
s.yimg.com/cv/apiv2/default/houseAdsExchange/ Frame 77DD |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
pixels
service.idsync.analytics.yahoo.com/sp/v0/ Frame CB52 |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
adEvent.do
us-east-1-web-oao.ssp.yahoo.com/admax/ Frame CB52 |
43 B 70 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ads.js
s.yimg.com/cv/apiv2/default/houseAdsExchange/ Frame 77DD |
33 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
usync
onevideosync.uplynk.com/ Frame CB52 |
0 195 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
pixel
cm.g.doubleclick.net/ Frame CB52 Redirect Chain
|
170 B 243 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
y-C8VwmglE2uLZt8IfZMRAyWAW61KtAzM-~A
pr-bh.ybp.yahoo.com/sync/adtech/ Frame CB52 Redirect Chain
|
43 B 426 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
126D0FAE5F8162A207941CCD5E2B63F2
pr-bh.ybp.yahoo.com/sync/msn/ Frame CB52 Redirect Chain
|
43 B 602 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
AB3758B6-2F1F-4D36-B240-66D0A6D55B18&gdpr=0
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame CB52 Redirect Chain
|
43 B 602 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sync
ups.analytics.yahoo.com/ups/56613/ Frame CB52 |
0 216 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
setuid
ib.adnxs.com/prebid/ Frame CB52 Redirect Chain
|
43 B 520 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sync
ups.analytics.yahoo.com/ups/58281/ Frame CB52 Redirect Chain
|
0 17 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
xuid
eb2.3lift.com/ Frame CB52 Redirect Chain
|
37 B 354 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sync
ups.analytics.yahoo.com/ups/55953/ Frame CB52 Redirect Chain
|
0 17 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sync
ups.analytics.yahoo.com/ups/58160/ Frame CB52 Redirect Chain
|
0 17 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
usersync.aspx
dis.criteo.com/dis/ Frame CB52 Redirect Chain
|
43 B 363 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
DCM_AV_US_No_Targeting_SUSI_Filler_Mail_Login_Users__1440x1024_Static_Dont_Mess_Platform___Yahoo_Mail_Plus_yonly.html
s.yimg.com/cv/apiv2/default/20181213/ Frame BAC3 |
693 B 924 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
YahooMailPlus_Filler_SUSI_don_t_mess_-1.png
s.yimg.com/cv/apiv2/default/20181213/ Frame BAC3 |
42 KB 42 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
B23644564.347394095;dc_pre=CNi78Mmlw4ADFcm5nwodPpAFtA;dc_trk_aid=537850690;dc_trk_cid=178313166;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consen...
ad.doubleclick.net/ddm/trackimp/N360801.1913355YAHOOADMANAGER/ Frame BAC3 Redirect Chain
|
42 B 245 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logads
pub-12ee0805977e4835ba4d2f46d0be1f20.r2.dev/ |
27 KB 7 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Yahoo (Online)28 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 number| pageStartTime object| oldError boolean| isGoodJS object| YUI_config string| COMET_URL object| I13N_config string| mKeyPrefix object| darlaConfig object| challenge string| currentURL object| COUNTRY_CODES_MAP boolean| enforceCountryCodeDropDown boolean| isIOSDevice function| mbrSendError object| YAHOO object| rapidInstance object| jsModules boolean| mbrJSLoaded function| checkAssets number| lastApvTime object| DARLA_CONFIG object| DARLA object| $sf undefined| $yac boolean| sf_auto_5-4-7-2023 object| _Y20 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .3lift.com/sync | Name: sync Value: CgkIOhCN-vOInDE= |
|
| .pub-12ee0805977e4835ba4d2f46d0be1f20.r2.dev/ | Name: rxx Value: 5hztm8pw0x8.384fm9i3&v=1 |
|
| .yahoo.com/ | Name: A3 Value: d=AQABBMAVzWQCED9eZXk0NR1fYp6zTZBp6G0FEgEBAQFnzmTWZCXaxyMA_eMAAA&S=AQAAAgB-t1Tc4BQ5lmWOFxcBb3I |
|
| .analytics.yahoo.com/ | Name: IDSYNC Value: "18qt~2d5r:18yl~2d5r:18vj~2d5r:190j~2d5r:18z8~2d5r:17ol~2d5r:18xn~2d5r:18yx~2d5r:191q~2d5r:1769~2d5r:18vk~2d5r:19a3~2d5r" |
|
| .3lift.com/ | Name: tluid Value: 2026982973523089014325 |
|
| .adsrvr.org/ | Name: TDID Value: b2414cb2-beef-4da0-bc8b-11032090259d |
|
| .pubmatic.com/ | Name: KTPCACOOKIE Value: YES |
|
| .bing.com/ | Name: MUID Value: 126D0FAE5F8162A207941CCD5E2B63F2 |
|
| .c.bing.com/ | Name: MR Value: 0 |
|
| .uplynk.com/ | Name: COMBOID Value: "comboid=y-mkdSfdlE2uEg6EwKz2OeDnub2fRpTCwm~A|expires_at=1698938049" |
|
| .pubmatic.com/ | Name: SyncRTB3 Value: 1692316800%3A220 |
|
| .pubmatic.com/ | Name: KADUSERCOOKIE Value: AB3758B6-2F1F-4D36-B240-66D0A6D55B18 |
|
| .doubleclick.net/ | Name: IDE Value: AHWqTUkntTD91_w9xMC3-oqhYpUEWLFzxCzVezBtmOREQOM-0kF5Tcm-Y0YCzw-Pzac |
|
| .rubiconproject.com/ | Name: khaos Value: LKWQ7X1V-1V-EHPT |
|
| .rubiconproject.com/ | Name: audit Value: 1|2UqKCAL+nke6KFfnsczvRizau41sUQL3RTpUTZ3ex2XWwnqaNf+hUcPRLJ2GYshlxBX2lAVJQ60kEa5N2k7U1SEEFoCDRlfYgsGSPFouQ53b70SqqeJtg9ES+wzatrvcxGZLyAazrKXMayPfYpUGPWRM4Hfc9hXhFUeqAVE/0YfQD5U7tEfUTQ== |
|
| .adsrvr.org/ | Name: TDCPM Value: CAESFgoHc3Z4OXQ1MBILCLzOjsbvwYo8EAUYASABKAIyCwi8xpHzhcKKPBAFOAFaB3N2eDl0NTBgAg.. |
|
| .doubleclick.net/ | Name: APC Value: AfxxVi6alTcgDdcBzoCdvAm2I6-WCcSpmt44ZlKi38IzgCdDqb8Dww |
|
| .pubmatic.com/ | Name: pi Value: 156078:3 |
|
| .pubmatic.com/ | Name: chkChromeAb67Sec Value: 2 |
|
| .pubmatic.com/ | Name: SPugT Value: 1691162048 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
3p-udc.yahoo.com
ad.doubleclick.net
c.bing.com
cdn.js7k.com
cm.g.doubleclick.net
dis.criteo.com
eb2.3lift.com
fc.yahoo.com
ib.adnxs.com
image2.pubmatic.com
image4.pubmatic.com
image8.pubmatic.com
match.adsrvr.org
oao-js-tag.onemobile.yahoo.com
onevideosync.uplynk.com
opus.analytics.yahoo.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
pub-12ee0805977e4835ba4d2f46d0be1f20.r2.dev
s.yimg.com
service.idsync.analytics.yahoo.com
ssp-sync.criteo.com
ups.analytics.yahoo.com
us-east-1-web-oao.ssp.yahoo.com
104.18.2.35
142.250.65.198
15.197.193.217
152.199.24.48
162.248.18.34
162.248.18.37
172.217.13.162
204.79.197.200
3.92.156.8
34.200.65.202
34.236.83.94
52.203.193.166
52.223.22.214
52.86.94.138
66.218.87.15
68.67.160.132
69.147.92.12
69.173.151.100
74.119.119.150
74.119.119.73
8.28.7.82
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0fdefe26bac6a6b0b06fe67984582f887af70b7da25d6cb1b401f9074db58338
119acd68e288f17e86722a67e341ec74f7f6a377ec8e15b3914245f57caf6fbf
11b4310df6e27428e7cf86f316abdc10148ac5cf3c8bbbd5b85c88b9f6290c59
261365e2dc61d75918d0e64e9e36a0af5a7f4f45622741b02f999532d545cc40
2f3839c6bb4d24bd37693d5da89330deabcf5d9307b22dc8be1f5553ae09534e
3f1fdef4f502d2db072df997a1b83e977c3e257521551a9e4de98b1c28fa8a39
457e66b525826d433b5bacf080d25e0d79c4947e1946a65a1e8447ff6163d6bc
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f47ef8ff3dad2a78360ab207cf35ff2905622511c0426109f6e225052cf5637
570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499
60d695ebfb8891875444d4f4b8fb0ed3983a25b6ff0521e88ad8e28a83979394
748fa6b72e8306328ceee28d0724328638bfd63a25320c26355fc274b5674b78
7bc917ebee12bcd521ae88840228032579459c25a3ccf8953d8a2dbe5e085be9
7d37e4dba15553e415964bdcfe79d03446b33994a057887b6309222b0175cbfa
7ed7ebc3bbf16ce38cbd381307134cc967492a873f5e48520b95daf020c19f40
80b93774db9b77c14361a4e09f11790f92ebb609fef3f065595e0a5fffe5d55f
856189d481ed2d854451c028fac29309629eed3301211fe4fe582058f13a3f92
9ee718b59f9b2434cfe72bff8f0ae33d6b96d71f86dc18d52aff0afb16f814f0
b3a1231790be53aa5210678e207c61bc8376c752f0c5a33df9e3eae23cc3b0a3
b8989e0be6a0c3a8a407d8b69b7884eb5ebf401b7eee8b8b98c5eeec3ba497fa
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
ccbc7dfef689bdf1699866b475312f85ff8c72fa5d3b245a1d46ce5905074dac
d28377f1af0c55467353355bf408fc6faf7d9de21ddbf99513ccade70a2ea7cf
d5312dacbe6f248c6c4b60251d7acf77bc3bc891cd9b880dead36d9babb288c4
e0ceb2e4e42a000a3b3043f738a1d7f18849a5b75303fda5c69894ada12072e6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b229d1d0e49226f929a219c007a701c2c2646ef75c215e427a28e36466ab1b
e50af8d9e692d8e8f00fd50c1ae5dfa9188bc73f4b4e46f280fdf237458b678b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f28236cf9fb53f0f4f4f35faf320aafaebca7c2f0679e6f13f8a4283ec5ed10b
f3ed839dbe401163cc42eefd49f1830320259416d7b1d54176651c094a649704
fc0e2df417e7959509df87df6b4de2eb1479c8718bc2d8ab0bc70d3753c68560