urlz.fr
Open in
urlscan Pro
2606:4700:3038::6815:ead7
Malicious Activity!
Private Scan
Submission: On February 02 via api from DE — Scanned from FR
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 11th 2022. Valid for: a year.
This is the only time urlz.fr was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-83-5-113.deploy.static.akamaitechnologies.com
cdn.forms.office.net |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.microsoftonline.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-32.deploy.static.akamaitechnologies.com
ced.sascdn.com |
ASN13335 (CLOUDFLARENET, US)
spl.zeotap.com | |
mwzeom.zeotap.com |
ASN16509 (AMAZON-02, US)
secure.quantserve.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-124-99.eu-west-1.compute.amazonaws.com
p.cpx.to |
ASN16509 (AMAZON-02, US)
PTR: server-52-222-137-45.ams50.r.cloudfront.net
d2zur9cc2gf1tx.cloudfront.net |
ASN16509 (AMAZON-02, US)
rules.quantcount.com |
ASN16625 (AKAMAI-AS, US)
PTR: a104-103-98-78.deploy.static.akamaitechnologies.com
static2.sharepointonline.com |
ASN16509 (AMAZON-02, US)
test.cmp.quantcast.com |
ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net
cm.g.doubleclick.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-10-160.eu-west-1.compute.amazonaws.com
adtrack.adleadevent.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-235-146.eu-central-1.compute.amazonaws.com
audit-tcfv2.cmp.quantcast.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
browser.events.data.microsoft.com |
ASN16625 (AKAMAI-AS, US)
PTR: a104-96-146-37.deploy.static.akamaitechnologies.com
cdn.odc.officeapps.live.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
23 |
live.com
2 redirects
login.live.com — Cisco Umbrella Rank: 93 odc.officeapps.live.com — Cisco Umbrella Rank: 239 cdn.odc.officeapps.live.com — Cisco Umbrella Rank: 1828 |
194 KB |
16 |
office.com
9 redirects
forms.office.com — Cisco Umbrella Rank: 5698 c.office.com — Cisco Umbrella Rank: 21801 |
31 KB |
10 |
office.net
cdn.forms.office.net — Cisco Umbrella Rank: 8090 |
392 KB |
10 |
themoneytizer.com
ads.themoneytizer.com — Cisco Umbrella Rank: 31968 |
278 KB |
8 |
microsoft.com
browser.events.data.microsoft.com — Cisco Umbrella Rank: 244 |
3 KB |
7 |
quantcast.com
cmp.quantcast.com — Cisco Umbrella Rank: 2796 test.cmp.quantcast.com — Cisco Umbrella Rank: 10347 audit-tcfv2.cmp.quantcast.com — Cisco Umbrella Rank: 11904 |
186 KB |
3 |
zeotap.com
spl.zeotap.com — Cisco Umbrella Rank: 2627 mwzeom.zeotap.com — Cisco Umbrella Rank: 2435 |
21 KB |
3 |
tmyzer.com
c.tmyzer.com — Cisco Umbrella Rank: 30449 |
812 B |
3 |
microsoftonline.com
login.microsoftonline.com — Cisco Umbrella Rank: 20 |
60 KB |
2 |
doubleclick.net
2 redirects
cm.g.doubleclick.net — Cisco Umbrella Rank: 211 |
1 KB |
2 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 21 |
20 KB |
2 |
azure.com
js.monitor.azure.com — Cisco Umbrella Rank: 1577 |
154 KB |
2 |
urlz.fr
urlz.fr — Cisco Umbrella Rank: 706342 |
7 KB |
1 |
id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 389 |
1 KB |
1 |
adleadevent.com
adtrack.adleadevent.com — Cisco Umbrella Rank: 34714 |
518 B |
1 |
sharepointonline.com
static2.sharepointonline.com — Cisco Umbrella Rank: 2463 |
36 KB |
1 |
quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 904 |
1 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 295 |
30 KB |
1 |
cloudfront.net
d2zur9cc2gf1tx.cloudfront.net |
26 KB |
1 |
cpx.to
p.cpx.to — Cisco Umbrella Rank: 9229 |
2 KB |
1 |
quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 979 |
10 KB |
1 |
onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 725 |
|
1 |
leadplace.fr
tag.leadplace.fr — Cisco Umbrella Rank: 33707 |
6 KB |
1 |
criteo.com
gum.criteo.com — Cisco Umbrella Rank: 388 |
291 B |
1 |
sascdn.com
ced.sascdn.com — Cisco Umbrella Rank: 9864 |
32 KB |
1 |
bing.com
1 redirects
c.bing.com — Cisco Umbrella Rank: 241 |
665 B |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40 |
43 KB |
95 | 27 |
Domain | Requested by | |
---|---|---|
14 | forms.office.com |
8 redirects
urlz.fr
cdn.forms.office.net forms.office.com |
12 | cdn.odc.officeapps.live.com |
odc.officeapps.live.com
|
10 | cdn.forms.office.net |
forms.office.com
cdn.forms.office.net |
10 | ads.themoneytizer.com |
urlz.fr
ads.themoneytizer.com |
9 | odc.officeapps.live.com |
cdn.forms.office.net
odc.officeapps.live.com |
8 | browser.events.data.microsoft.com |
js.monitor.azure.com
cdn.forms.office.net |
5 | cmp.quantcast.com |
urlz.fr
cmp.quantcast.com |
3 | c.tmyzer.com |
ads.themoneytizer.com
|
3 | login.microsoftonline.com |
cdn.forms.office.net
login.microsoftonline.com |
2 | login.live.com | 2 redirects |
2 | cm.g.doubleclick.net | 2 redirects |
2 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com |
2 | spl.zeotap.com |
ads.themoneytizer.com
spl.zeotap.com |
2 | c.office.com |
1 redirects
forms.office.com
|
2 | js.monitor.azure.com |
forms.office.com
|
2 | urlz.fr |
urlz.fr
|
1 | audit-tcfv2.cmp.quantcast.com |
cmp.quantcast.com
|
1 | id5-sync.com | |
1 | adtrack.adleadevent.com |
ajax.googleapis.com
|
1 | mwzeom.zeotap.com | |
1 | test.cmp.quantcast.com |
cmp.quantcast.com
|
1 | static2.sharepointonline.com |
cdn.forms.office.net
|
1 | rules.quantcount.com |
secure.quantserve.com
|
1 | ajax.googleapis.com |
d2zur9cc2gf1tx.cloudfront.net
|
1 | d2zur9cc2gf1tx.cloudfront.net |
ads.themoneytizer.com
|
1 | p.cpx.to |
ads.themoneytizer.com
|
1 | secure.quantserve.com |
ads.themoneytizer.com
|
1 | onetag-sys.com |
ads.themoneytizer.com
|
1 | tag.leadplace.fr |
ads.themoneytizer.com
|
1 | gum.criteo.com |
ads.themoneytizer.com
|
1 | ced.sascdn.com |
ads.themoneytizer.com
|
1 | c.bing.com | 1 redirects |
1 | www.googletagmanager.com |
urlz.fr
|
95 | 33 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-11 - 2023-06-11 |
a year | crt.sh |
forms.office.com Microsoft Azure TLS Issuing CA 02 |
2022-07-20 - 2023-07-15 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-01-09 - 2023-04-03 |
3 months | crt.sh |
1266287590.rsc.cdn77.org R3 |
2022-12-21 - 2023-03-21 |
3 months | crt.sh |
cdn.forms.office.net Microsoft Azure TLS Issuing CA 06 |
2022-09-28 - 2023-09-23 |
a year | crt.sh |
js.monitor.azure.com Microsoft Azure TLS Issuing CA 05 |
2022-12-23 - 2023-12-18 |
a year | crt.sh |
stamp2.login.microsoftonline.com DigiCert SHA2 Secure Server CA |
2022-12-01 - 2023-12-01 |
a year | crt.sh |
cmp.quantcast.com R3 |
2023-01-08 - 2023-04-08 |
3 months | crt.sh |
c.tmyzer.com R3 |
2023-01-25 - 2023-04-25 |
3 months | crt.sh |
*.sascdn.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-09-08 - 2023-09-11 |
a year | crt.sh |
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-01-04 - 2023-03-31 |
3 months | crt.sh |
*.leadplace.fr Gandi Standard SSL CA 2 |
2022-09-13 - 2023-09-13 |
a year | crt.sh |
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-12-28 - 2024-01-28 |
a year | crt.sh |
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-08-09 - 2023-09-09 |
a year | crt.sh |
p.cpx.to Sectigo RSA Domain Validation Secure Server CA |
2023-01-12 - 2024-01-13 |
a year | crt.sh |
*.cloudfront.net Amazon RSA 2048 M01 |
2022-12-08 - 2023-12-07 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-01-09 - 2023-04-03 |
3 months | crt.sh |
quantserve.com R3 |
2023-01-10 - 2023-04-10 |
3 months | crt.sh |
privatecdn.sharepointonline.com DigiCert SHA2 Secure Server CA |
2022-09-19 - 2023-09-19 |
a year | crt.sh |
adtrack.adleadevent.com Amazon |
2022-06-13 - 2023-07-12 |
a year | crt.sh |
*.id5-sync.com R3 |
2023-01-25 - 2023-04-25 |
3 months | crt.sh |
odc.officeapps.live.com Microsoft Azure TLS Issuing CA 05 |
2022-12-07 - 2023-12-02 |
a year | crt.sh |
*.events.data.microsoft.com Microsoft Azure TLS Issuing CA 05 |
2022-12-07 - 2023-12-02 |
a year | crt.sh |
cdn.odc.officeapps.live.com Microsoft Azure TLS Issuing CA 05 |
2022-10-12 - 2023-10-07 |
a year | crt.sh |
This page contains 10 frames:
Primary Page:
https://urlz.fr/kDRf
Frame ID: CF06F78632A310AACBD447F2C027AB62
Requests: 38 HTTP requests in this frame
Frame:
https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fpages%2fdesignpagev2.aspx%3flang%3dfr-FR%26origin%3dOfficeDotCom%26route%3dStart%26subpage%3ddesign%26id%3dzTuuOHmV1E-t2rQuFJXVWgK7Da06YJxKkuBR63Q016tUNkZMWkc0T1NTQkJFMDU2NFZTTDRLNFNMSS4u
Frame ID: F9BD087C4E8A3BC7AB44BA63E7FF03F0
Requests: 11 HTTP requests in this frame
Frame:
https://forms.office.com/pages/silentsignincomplete.aspx
Frame ID: A308252FA1AA0F53ADDD0CC8BB57A4AA
Requests: 3 HTTP requests in this frame
Frame:
https://onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1675333973010
Frame ID: 3D761913D17D2133A70A987D829076D3
Requests: 1 HTTP requests in this frame
Frame:
https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fpages%2fdesignpagev2.aspx%3flang%3dfr-FR%26origin%3dOfficeDotCom%26route%3dStart%26subpage%3ddesign%26id%3dzTuuOHmV1E-t2rQuFJXVWgK7Da06YJxKkuBR63Q016tUNkZMWkc0T1NTQkJFMDU2NFZTTDRLNFNMSS4u
Frame ID: A29989BAD98DA049A385A306C875DA24
Requests: 11 HTTP requests in this frame
Frame:
https://forms.office.com/pages/silentsignincomplete.aspx
Frame ID: C96B088A980F222DFFE831C99AA17B3F
Requests: 2 HTTP requests in this frame
Frame:
https://forms.office.com/Pages/SilentSignInComplete.aspx?fromAR=1
Frame ID: C1593FA0A553CF2A16A04733E3615502
Requests: 1 HTTP requests in this frame
Frame:
https://forms.office.com/Pages/SilentSignInComplete.aspx?fromAR=1
Frame ID: FFECE908841363D83A4DE032D18060D5
Requests: 1 HTTP requests in this frame
Frame:
https://odc.officeapps.live.com/odc/v2.1/hrd?rs=fr-FR&Ver=16&app=111&p=6&hm=0&fpEnabled=1
Frame ID: 74B9DDEDC726F6E2A71BB8E74EE92434
Requests: 10 HTTP requests in this frame
Frame:
https://odc.officeapps.live.com/odc/v2.1/hrd?rs=fr-FR&Ver=16&app=111&p=6&hm=0&fpEnabled=1
Frame ID: C06A39F9E3ECED270FAA270787F893D5
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
Microsoft Forms - Easily create surveys, quizzes, and polls.Detected technologies
Google Analytics (Analytics) ExpandDetected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
Prebid (Advertising Networks) Expand
Detected patterns
- /prebid\.js
Quantcast Measure (Analytics) Expand
Detected patterns
- \.quantserve\.com/quant\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://forms.office.com/pages/designpagev2.aspx?lang=fr-FR&origin=OfficeDotCom&route=Start&subpage=design&id=zTuuOHmV1E-t2rQuFJXVWgK7Da06YJxKkuBR63Q016tUNkZMWkc0T1NTQkJFMDU2NFZTTDRLNFNMSS4u HTTP 302
- https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fpages%2fdesignpagev2.aspx%3flang%3dfr-FR%26origin%3dOfficeDotCom%26route%3dStart%26subpage%3ddesign%26id%3dzTuuOHmV1E-t2rQuFJXVWgK7Da06YJxKkuBR63Q016tUNkZMWkc0T1NTQkJFMDU2NFZTTDRLNFNMSS4u
- https://c.office.com/c.gif HTTP 302
- https://c.bing.com/c.gif?CtsSyncId=FC65C862E55B418D8BF9DFC77328DCF1&RedC=c.office.com&MXFR=06C1E8738EB264F90C60FADF8AB26FCE HTTP 302
- https://c.office.com/c.gif?CtsSyncId=FC65C862E55B418D8BF9DFC77328DCF1&MUID=06C1E8738EB264F90C60FADF8AB26FCE
- https://forms.office.com/oidcLogin?IdentityProvider=aad&ru=%2FPages%2FSilentSignInComplete.aspx&prompt=none HTTP 302
- https://login.microsoftonline.com/common/oauth2/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&resource=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DeyJ2ZXJzaW9uIjoxLCJkYXRhIjp7IklkZW50aXR5UHJvdmlkZXIiOiJBVm5UZ3FXUkxKNEw2N005dm1WdUlSdENncmltdTRyT3JlbzBYYl9yVHdBZV9POUJuc0pkU19lejJ5bUVlekEwUTZRNnBSdTJDYkxxVmdoVngyaHZna00iLCJwcm9tcHQiOiJBVjRGcmdOZjlvNm1SMFRxbl9PNlRqYVgxQTZSaTF0T1dtRG12YVNSTGV2WWl4Q3gtWHBjdG5EUDFyWmdEeTJiaHRhZW41TjBPZXd4aDFlWkltdGtPelkiLCIucmVkaXJlY3QiOiIvUGFnZXMvU2lsZW50U2lnbkluQ29tcGxldGUuYXNweCJ9fQ&response_mode=form_post&nonce=638109307726667575.OTk1NTgzNGMtNzQ5My00YmNhLWE3YzItMTc2NTY2OGMxNGE1ODE5NDBlM2UtZjkwOS00ZTU0LWEyNDItODRmOTRmMDJhYjBi&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&msafed=0&prompt=none&x-client-SKU=ID_NET472&x-client-ver=6.16.0.0
- https://forms.office.com/pages/designpagev2.aspx?lang=fr-FR&origin=OfficeDotCom&route=Start&subpage=design&id=zTuuOHmV1E-t2rQuFJXVWgK7Da06YJxKkuBR63Q016tUNkZMWkc0T1NTQkJFMDU2NFZTTDRLNFNMSS4u HTTP 302
- https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fpages%2fdesignpagev2.aspx%3flang%3dfr-FR%26origin%3dOfficeDotCom%26route%3dStart%26subpage%3ddesign%26id%3dzTuuOHmV1E-t2rQuFJXVWgK7Da06YJxKkuBR63Q016tUNkZMWkc0T1NTQkJFMDU2NFZTTDRLNFNMSS4u
- https://forms.office.com/landing HTTP 302
- https://forms.office.com/pages/silentsignincomplete.aspx
- https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=b8e37562-3603-4209-6427-947c14b850fd&reqId=62e079a4-aeb1-42ff-60e0-aab58bbf24e6&zdid=1258 HTTP 302
- https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=b8e37562-3603-4209-6427-947c14b850fd&reqId=62e079a4-aeb1-42ff-60e0-aab58bbf24e6&zdid=1258&google_tc= HTTP 302
- https://mwzeom.zeotap.com/mw?google_gid=CAESECExGK6anGzwJU8MnySbPU0&google_cver=1&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=b8e37562-3603-4209-6427-947c14b850fd&reqId=62e079a4-aeb1-42ff-60e0-aab58bbf24e6&zdid=1258
- https://forms.office.com/oidcLogin?IdentityProvider=aad&ru=%2FPages%2FSilentSignInComplete.aspx&prompt=none HTTP 302
- https://login.microsoftonline.com/common/oauth2/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&resource=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DeyJ2ZXJzaW9uIjoxLCJkYXRhIjp7IklkZW50aXR5UHJvdmlkZXIiOiJBV2Q3RTlIekp4c09iY19nYUpRRGRVOVV5NV9FTEJocXlYN3pPR1poeWdTUTNrTXkwTFBlUk5ibFFETGRMYkJTTnJtdFN5ckxLQ0pPNjVtUHRGRUtWcGsiLCJwcm9tcHQiOiJBY1Iyd0k1T0U4WGlZcHVMejlqbUJ4VHhtZVBPNmFWeGFMRTZpUmJGY1BScVFmbDltYzdEUWlaWnRvLTRMa1ExZFd3Z0pKbktfTktLNktyekRJaXNuVmciLCIucmVkaXJlY3QiOiIvUGFnZXMvU2lsZW50U2lnbkluQ29tcGxldGUuYXNweCJ9fQ&response_mode=form_post&nonce=638109307732941112.OGM4YzlkNDgtYTRhNC00OTk4LTliM2ItNGY3YWU4OWQ5ZjM4ZTdiYjIxYTItZWQxMi00N2I5LWE1NjctNDJkNDU3ODE1ZTlm&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&msafed=0&prompt=none&x-client-SKU=ID_NET472&x-client-ver=6.16.0.0
- https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1675333972&rver=7.3.6963.0&wp=MBI_SSL&wreply=https%3A%2F%2Fforms.office.com%2FrpsLanding%3FRpsAuthState%3DCQNySxPgQePSC7pXu1cYcygtNff8oadRMF_zBoAKgWFH0ZhF6nt_sGWA9YRwQYJCHyl5Clao6PJ4wRdckWa1jbMjtREGksdlQfNP5RxQrUrFWRqV-mLxe_V2TAI60VfM-ssyqXW89uo4fxhhqk-BzCheQVPjXlwEYR9eVk6tcIrpzQk_-l4ML0Xtqtl3DVB64LZlANLx91knPWjwgNIVEwoxNDGoiDQwOW-KtfgPIFF06ZqDSMWvmjc5tjU4UyaKgrD5VjmEKkeAqzBeBtbgA0AvwDIWwyKMSlnI-rDnkaE4M8MI-uozctKlc45NNtX0_fFQtRbDRl7UMr9AggccB9eoezZjSEVWV9O-jklQBY4&id=295313&checkda=1 HTTP 302
- https://forms.office.com/rpsLanding?RpsAuthState=CQNySxPgQePSC7pXu1cYcygtNff8oadRMF_zBoAKgWFH0ZhF6nt_sGWA9YRwQYJCHyl5Clao6PJ4wRdckWa1jbMjtREGksdlQfNP5RxQrUrFWRqV-mLxe_V2TAI60VfM-ssyqXW89uo4fxhhqk-BzCheQVPjXlwEYR9eVk6tcIrpzQk_-l4ML0Xtqtl3DVB64LZlANLx91knPWjwgNIVEwoxNDGoiDQwOW-KtfgPIFF06ZqDSMWvmjc5tjU4UyaKgrD5VjmEKkeAqzBeBtbgA0AvwDIWwyKMSlnI-rDnkaE4M8MI-uozctKlc45NNtX0_fFQtRbDRl7UMr9AggccB9eoezZjSEVWV9O-jklQBY4 HTTP 302
- https://forms.office.com/Pages/SilentSignInComplete.aspx?fromAR=1
- https://forms.office.com/landing HTTP 302
- https://forms.office.com/pages/silentsignincomplete.aspx
- https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1675333973&rver=7.3.6963.0&wp=MBI_SSL&wreply=https%3A%2F%2Fforms.office.com%2FrpsLanding%3FRpsAuthState%3DA196bhI6htixXMLvwQ6F8x28L-xwib3CHGtkLM5xkk6P8RvjAkFNiilkFTp5F1b8Zf_YONUGsK1aCVFCHzNp_cGNuGtYxHLUMRn5bgCN8O-Tw7zwIheyDMvai4MreaB3VnlyCMf30BDsH0qL2ynIJf0rTcKisMssx1n2aRwLMvLGQUqSiv-PwbbasAHQTWhInUAaITjtrztGxEFjXCATpDJIGp05uAeW6K0Y_hIUsImSzi7_0hVEMum2SX4XYSfhbOGR_kZlE3hIJVg7yKnnZKpiOKZd3VoRCg6zWpzwLHO5UtRFqPp2sChb0aCd4gTTB8b-HfBs0RaRZeKNAuzZ6mndkv5DqBSzjD47U3jdJ7Y&id=295313&checkda=1 HTTP 302
- https://forms.office.com/rpsLanding?RpsAuthState=A196bhI6htixXMLvwQ6F8x28L-xwib3CHGtkLM5xkk6P8RvjAkFNiilkFTp5F1b8Zf_YONUGsK1aCVFCHzNp_cGNuGtYxHLUMRn5bgCN8O-Tw7zwIheyDMvai4MreaB3VnlyCMf30BDsH0qL2ynIJf0rTcKisMssx1n2aRwLMvLGQUqSiv-PwbbasAHQTWhInUAaITjtrztGxEFjXCATpDJIGp05uAeW6K0Y_hIUsImSzi7_0hVEMum2SX4XYSfhbOGR_kZlE3hIJVg7yKnnZKpiOKZd3VoRCg6zWpzwLHO5UtRFqPp2sChb0aCd4gTTB8b-HfBs0RaRZeKNAuzZ6mndkv5DqBSzjD47U3jdJ7Y HTTP 302
- https://forms.office.com/Pages/SilentSignInComplete.aspx?fromAR=1
95 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
kDRf
urlz.fr/ |
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rocket-loader.min.js
urlz.fr/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
forms.office.com/ Frame F9BD Redirect Chain
|
38 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
110 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
requestform.js
ads.themoneytizer.com/s/ |
123 KB 19 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gen.js
ads.themoneytizer.com/s/ |
5 KB 3 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
requestform.js
ads.themoneytizer.com/s/ |
123 KB 19 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gen.js
ads.themoneytizer.com/s/ |
5 KB 3 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
requestform.js
ads.themoneytizer.com/s/ |
123 KB 19 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gen.js
ads.themoneytizer.com/s/ |
5 KB 3 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
default-page.min.5112b27.css
cdn.forms.office.net/forms/css/dist/ Frame F9BD |
364 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
basics_osi_v3_m1_j3.min.6aa1f3d.js
cdn.forms.office.net/forms/scripts/vendors/combinedmin/ Frame F9BD |
235 KB 70 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aria_odata_v2.min.29dbe8c.js
cdn.forms.office.net/forms/scripts/vendors/combinedmin/ Frame F9BD |
125 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
default-page.min.fc3e1bb.js
cdn.forms.office.net/forms/scripts/dists/ Frame F9BD |
118 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ms.jsll-3.min.js
js.monitor.azure.com/scripts/c/ Frame F9BD |
179 KB 77 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
default-page.chunk.1ds.6dc5e5d.js
cdn.forms.office.net/forms/scripts/dists/ Frame F9BD |
92 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
c.gif
c.office.com/ Frame F9BD Redirect Chain
|
42 B 259 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
authorize
login.microsoftonline.com/common/oauth2/ Frame A308 Redirect Chain
|
152 KB 55 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
choice.js
cmp.quantcast.com/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
IIQUniversalID.js
ads.themoneytizer.com/ |
51 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
moneybile.js
ads.themoneytizer.com/ |
38 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
authorize
login.microsoftonline.com/common/oauth2/ Frame A308 |
1 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
c.tmyzer.com/c/ |
0 271 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
smart.js
ced.sascdn.com/tag/1097/ |
96 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sync
gum.criteo.com/ |
49 B 291 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mapper.js
spl.zeotap.com/ |
61 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
libJsLP.js
tag.leadplace.fr/ |
5 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
onetag-sys.com/usync/ Frame 3D76 |
0 0 |
Document
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
quant.js
secure.quantserve.com/ |
26 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
px.js
p.cpx.to/p/12773/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
notifyme.js
d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/ |
25 KB 26 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
prebid.js
ads.themoneytizer.com/moneybid7_28/build/dist/ |
577 KB 183 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
c.tmyzer.com/c/ |
0 271 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
c.tmyzer.com/c/ |
0 270 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lib_fs_close.js
ads.themoneytizer.com/ |
667 B 764 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
forms.office.com/ Frame A299 Redirect Chain
|
38 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
default-page.min.5112b27.css
cdn.forms.office.net/forms/css/dist/ Frame A299 |
364 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
basics_osi_v3_m1_j3.min.6aa1f3d.js
cdn.forms.office.net/forms/scripts/vendors/combinedmin/ Frame A299 |
235 KB 70 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aria_odata_v2.min.29dbe8c.js
cdn.forms.office.net/forms/scripts/vendors/combinedmin/ Frame A299 |
125 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
default-page.min.fc3e1bb.js
cdn.forms.office.net/forms/scripts/dists/ Frame A299 |
118 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ms.jsll-3.min.js
js.monitor.azure.com/scripts/c/ Frame A299 |
179 KB 77 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cmp2.js
cmp.quantcast.com/tcfv2/42/ |
177 KB 47 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
silentsignincomplete.aspx
forms.office.com/pages/ Frame A308 Redirect Chain
|
8 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
spl.zeotap.com/ |
429 B 612 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.0.0/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rules-p-6Fv0cGNfc_bw8.js
rules.quantcount.com/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ |
2 B 202 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
segoeui-regular.woff2
static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/ Frame A299 |
35 KB 36 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cmp-list.json
test.cmp.quantcast.com/GVL-v2/ |
10 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mw
mwzeom.zeotap.com/ Redirect Chain
|
95 B 163 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
default-page.chunk.1ds.6dc5e5d.js
cdn.forms.office.net/forms/scripts/dists/ Frame A299 |
92 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
authorize
login.microsoftonline.com/common/oauth2/ Frame C96B Redirect Chain
|
1 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SilentSignInComplete.aspx
forms.office.com/Pages/ Frame C159 Redirect Chain
|
8 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
notifyme.php
adtrack.adleadevent.com/ |
0 518 B |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cmp2ui-en.js
cmp.quantcast.com/tcfv2/42/ |
230 KB 56 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor-list-trimmed-v1.json
cmp.quantcast.com/GVL-v2/ |
350 KB 43 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
9.gif
id5-sync.com/i/12/ |
43 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
google-atp-list.json
cmp.quantcast.com/tcfv2/ |
151 KB 36 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
audit-tcfv2.cmp.quantcast.com/ |
2 B 101 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
silentsignincomplete.aspx
forms.office.com/pages/ Frame C96B Redirect Chain
|
8 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SilentSignInComplete.aspx
forms.office.com/Pages/ Frame FFEC Redirect Chain
|
8 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hrd
odc.officeapps.live.com/odc/v2.1/ Frame 74B9 |
8 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
browser.events.data.microsoft.com/OneCollector/1.0/ Frame F9BD |
153 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
/
browser.events.data.microsoft.com/OneCollector/1.0/ Frame |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hrd
odc.officeapps.live.com/odc/v2.1/ Frame C06A |
8 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hrd.css
odc.officeapps.live.com/odc/stat/ Frame C06A |
22 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo.svg
cdn.odc.officeapps.live.com/odc/stat/images/hrd/ Frame C06A |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
picker-account-aad.svg
cdn.odc.officeapps.live.com/odc/stat/images/hrd/ Frame C06A |
756 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
picker-account-msa.svg
cdn.odc.officeapps.live.com/odc/stat/images/hrd/ Frame C06A |
379 B 839 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.12.4.1.min.js
cdn.odc.officeapps.live.com/odc/stat/ Frame C06A |
95 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
knockout-3.4.2.js
cdn.odc.officeapps.live.com/odc/stat/ Frame C06A |
59 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CommonDiagnostics.js
cdn.odc.officeapps.live.com/odc/stat/ Frame C06A |
40 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jsonstrings
odc.officeapps.live.com/odc/ Frame C06A |
4 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hrd.min.js
odc.officeapps.live.com/odc/stat/ Frame C06A |
15 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hrd.css
odc.officeapps.live.com/odc/stat/ Frame 74B9 |
22 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo.svg
cdn.odc.officeapps.live.com/odc/stat/images/hrd/ Frame 74B9 |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
picker-account-aad.svg
cdn.odc.officeapps.live.com/odc/stat/images/hrd/ Frame 74B9 |
756 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
picker-account-msa.svg
cdn.odc.officeapps.live.com/odc/stat/images/hrd/ Frame 74B9 |
379 B 839 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.12.4.1.min.js
cdn.odc.officeapps.live.com/odc/stat/ Frame 74B9 |
95 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
knockout-3.4.2.js
cdn.odc.officeapps.live.com/odc/stat/ Frame 74B9 |
59 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CommonDiagnostics.js
cdn.odc.officeapps.live.com/odc/stat/ Frame 74B9 |
40 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jsonstrings
odc.officeapps.live.com/odc/ Frame 74B9 |
4 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hrd.min.js
odc.officeapps.live.com/odc/stat/ Frame 74B9 |
15 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Background-blurryGradient.svg
odc.officeapps.live.com/odc/stat/images/hrd/ Frame C06A |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
browser.events.data.microsoft.com/OneCollector/1.0/ Frame A299 |
153 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
/
browser.events.data.microsoft.com/OneCollector/1.0/ Frame |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
browser.events.data.microsoft.com/OneCollector/1.0/ Frame F9BD |
153 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
/
browser.events.data.microsoft.com/OneCollector/1.0/ Frame |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
/
browser.events.data.microsoft.com/OneCollector/1.0/ Frame A299 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
/
browser.events.data.microsoft.com/OneCollector/1.0/ Frame |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
/
browser.events.data.microsoft.com/OneCollector/1.0/ Frame |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
/
browser.events.data.microsoft.com/OneCollector/1.0/ Frame F9BD |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS |
/
browser.events.data.microsoft.com/OneCollector/1.0/ Frame |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
/
browser.events.data.microsoft.com/OneCollector/1.0/ Frame A299 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- browser.events.data.microsoft.com
- URL
- https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
- Domain
- browser.events.data.microsoft.com
- URL
- https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
- Domain
- browser.events.data.microsoft.com
- URL
- https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
- Domain
- browser.events.data.microsoft.com
- URL
- https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)163 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| oncontentvisibilityautostatechange object| __cfQR function| __tcfapi function| __uspapi object| intentiq_tag function| confiantWrap number| themoneytizer_async object| eucountries object| sas function| whenFormatFctDefined function| whenDefined object| http string| url number| ab_test_iiq number| random_cent_iiq undefined| s undefined| x number| tmzr_siteid number| random_cent number| enable_sco function| criteoCallback object| generic object| criteo_gum object| smart_csync object| zeotap object| node object| pwidget_config object| iframe object| tagsObject string| website number| random undefined| pubstack object| headelement object| notifyme object| tmzr object| d object| pbs number| random_sw object| format_size object| format_size_ix object| format_w_adform object| format_h_adform object| format_size_rubicon object| between_w object| between_h object| counter_refresh object| smart_prebid2 function| refreshVisibility26322 string| crtg_content object| mydiv object| creatediv undefined| paragraphs undefined| counter undefined| temp undefined| myP undefined| myPNumber undefined| coeffFilterBegin undefined| coeffFilterEnd undefined| filterBegin undefined| filterEnd undefined| limitPargraphs undefined| filteringParagraphs undefined| number undefined| divs undefined| coeffFilterBeginDiv undefined| filterBeginDiv function| isEmpty function| loadScriptTemelio function| GetMobileDesktop function| GetMobileDesktopId function| GetRichAudienceZone function| GetmnameAdform function| GetwAdform function| GethAdform function| Getsize function| GetsizeRubicon function| Timeout function| refreshSlot function| refreshSlotFooter undefined| convertHtmlToText number| nugg_iiq string| pubstack_ab function| whatToLoad object| sublime object| _qevents boolean| moneycaching object| params number| nugg function| Adcall_26322 function| refreshVisibility30012 function| Adcall_30012 function| refreshVisibility26328 function| Adcall_26328 string| page boolean| timepast function| gtag object| dataLayer boolean| __cfRLUnblockHandlers object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| _typeof function| _createForOfIteratorHelper function| _unsupportedIterableToArray function| _arrayLikeToArray function| IntentIqObject function| PartnersWinEvent function| MobileDetect object| md function| verbose object| tmzrChunk object| _pbjsGlobals object| ADAGIO object| placementBids string| nobidVersion object| nobid undefined| Adcall_48311 undefined| Adcall_80234 object| pubstack_publica number| bidder_geo function| mapperjs object| __core-js_shared__ boolean| sas_usePostStandard object| ID5 function| SasIabApi number| intervalCounterNumberCMP V2 number| intervalCounterNumberCCPA object| sas_ads boolean| sas_ajax object| sas_manager object| sas_unrenderedFormats undefined| sas_callAd undefined| sas_callAds function| sas_render function| SmartAdServerAjaxOneCall function| SmartAdServer_iframe function| SmartAdServer function| SmartAdServerAjax function| sas_gcf function| sas_appendToContainer function| sascc function| sasmobile function| sas_addCleanListener function| sas_cleanAds function| sas_cleanAd number| sas_renderMode object| libJsLeadPlace function| quantserve function| __qc object| ezt object| _qoptions object| gaplugins object| gaGlobal object| gaData object| regeneratorRuntime function| __tcfapiui undefined| $ undefined| jQuery32 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.forms.office.com/ | Name: FormsWebSessionId Value: a2647143-7103-41b1-8669-35a183843e99 |
|
.forms.office.com/ | Name: usenewauthrollout Value: True |
|
.forms.office.com/ | Name: RpsAuthNonce Value: 15972e8c-afcb-4186-9853-e6c63545d0cb |
|
forms.office.com/ | Name: MicrosoftApplicationsTelemetryDeviceId Value: 441b03a8-270d-4bf5-93a9-6befb8534321 |
|
.office.com/ | Name: MUID Value: 06C1E8738EB264F90C60FADF8AB26FCE |
|
login.microsoftonline.com/ | Name: x-ms-gateway-slice Value: estsfd |
|
login.microsoftonline.com/ | Name: stsservicecookie Value: estsfd |
|
.bing.com/ | Name: MUID Value: 06C1E8738EB264F90C60FADF8AB26FCE |
|
.c.bing.com/ | Name: SRM_B Value: 06C1E8738EB264F90C60FADF8AB26FCE |
|
.c.office.com/ | Name: SM Value: C |
|
.c.office.com/ | Name: ANONCHK Value: 0 |
|
.login.microsoftonline.com/ | Name: AADSSO Value: NA|NoExtension |
|
login.microsoftonline.com/ | Name: SSOCOOKIEPULLED Value: 1 |
|
.login.microsoftonline.com/ | Name: esctx Value: PAQABAAEAAAD--DLA3VO7QrddgJg7Wevr7xXkXlIq8ZQOztTfBBBLrp44AMjHmULrBdvj0_LEaBbd0L6nJuJiWdtrPNz5c9HOzttJjFqW6Rdg-dez_DBki_48Zg-QzAKH0ruHjzb9R0WYl5i0s2b1UmkH4qsilOeNZqdnjv2HMzofAZ87dji8P3KMjKOtm3699TXBYpncEgAgAA |
|
.urlz.fr/ | Name: _ga Value: GA1.2.52912828.1675333973 |
|
.urlz.fr/ | Name: _gid Value: GA1.2.1907188079.1675333973 |
|
.urlz.fr/ | Name: _gat_gtag_UA_162669458_1 Value: 1 |
|
.zeotap.com/ | Name: zc Value: b8e37562-3603-4209-6427-947c14b850fd |
|
.zeotap.com/ | Name: zsc Value: 3h7%5B%DC0%13%3A%D7%90%A8%2B%00%DA%97%5Bp%C2%B09%BE%8C%09K%B9%CF%FF%A1%9C%CF%06iS%EF0g%A7%09%7B%C3%D3a%D3%A0U%B8%C4%8B%8D%8E%A0%DA%AD%07E%16%FF%05%A4%95%08%92%CCD%3C%DE%26%C5%BE%E2%E4.m%CBa%29%EF%CA%DA%D6%8B%86%B5 |
|
forms.office.com/ | Name: OpenIdConnect.nonce.xxVbJjKI1o6sOQo6L5xcnOM0FG2DGAEkezFc4M1VE2I%3D Value: ZXlKMlpYSnphVzl1SWpveExDSmtZWFJoSWpwN0lrNGlPaUpCWldJd2NsWTVSbWRoUldGalNqQTVha1pmYm5CZmRVSk9aSGd0WlVGdlpuaHplRTlVVEdSaFRUbHZXRTlNUlU1MVUzTTVZWG90YlRsVmN5MDJhRmhOTW1nNE1EQnlhekJuYVVSTlVUSXdiVGxDWDNsdFVVeElRbXBLTFVNdFJuazVOVGRZU0V0cVpEZGtka2x0ZUhkUmNFMXpiemRhVFhGa1dtcFdiSHBOU25aWFRrTnVlbU0wWWtnME5rUTBXSHBNTW5CUmNuWllOa3huYW5ReVlVWTVTa3hDTjJWUFJtaHVlVnBKT1RSNmFuTlNTM0JCTlVod1FpMVhSM2Q2VUZFNWFHZFNiV04wYjBkd1EwdzNhRzFWU1ZkalNtazBWWEE1UzJZellYaFBhVkZpZUhkWFpIUnVVM0F5WWlKOWZR |
|
.doubleclick.net/ | Name: IDE Value: AHWqTUlQ84XLayPIm-P4qsfOl8wRlj8LwnrjvvaFYCiJ8CoyKLB1HqytLozAwdMUylY |
|
login.microsoftonline.com/ | Name: buid Value: 0.AXoAMe_N-B6jSkuT5F9XHpElWtJZpcmrehNPpu3n6cUq7IcBAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevrdtY2ygwH1rnUFB762n0cO0fJ_Xh9j2DuMc11pWQLw4OwztcE_jjHTzR342kBhE6jxQog5zpqOetdwY8nMB4NpzRc68rpPlXxwkmhaUeYkWEgAA |
|
login.microsoftonline.com/ | Name: fpc Value: AqfQVBNjFnhCqzGXE1MFC-tiQQPhAgAAAFSIbdsOAAAA |
|
.id5-sync.com/ | Name: cf Value: |
|
.id5-sync.com/ | Name: cip Value: |
|
.id5-sync.com/ | Name: cnac Value: |
|
.id5-sync.com/ | Name: car Value: |
|
.id5-sync.com/ | Name: gdpr Value: |
|
.id5-sync.com/ | Name: callback Value: |
|
forms.office.com/ | Name: ai_session Value: R1FiKmsEIC9jHLsI1Tx+vJ|1675333972679|1675333973538 |
|
.login.live.com/ | Name: MSPRequ Value: id=295313<=1675333973&co=1 |
|
.login.live.com/ | Name: uaid Value: 192989560c524655a6c6b0ba29f51a59 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ads.themoneytizer.com
adtrack.adleadevent.com
ajax.googleapis.com
audit-tcfv2.cmp.quantcast.com
browser.events.data.microsoft.com
c.bing.com
c.office.com
c.tmyzer.com
cdn.forms.office.net
cdn.odc.officeapps.live.com
ced.sascdn.com
cm.g.doubleclick.net
cmp.quantcast.com
d2zur9cc2gf1tx.cloudfront.net
forms.office.com
gum.criteo.com
id5-sync.com
js.monitor.azure.com
login.live.com
login.microsoftonline.com
mwzeom.zeotap.com
odc.officeapps.live.com
onetag-sys.com
p.cpx.to
rules.quantcount.com
secure.quantserve.com
spl.zeotap.com
static2.sharepointonline.com
tag.leadplace.fr
test.cmp.quantcast.com
urlz.fr
www.google-analytics.com
www.googletagmanager.com
browser.events.data.microsoft.com
104.103.98.78
104.46.162.226
104.83.5.113
104.96.146.37
142.250.186.162
145.239.192.166
162.19.138.119
18.184.235.146
2.16.186.32
20.190.159.23
20.190.159.74
20.234.93.27
2600:9000:20eb:1e00:6:44e3:f8c0:93a1
2600:9000:211e:ac00:9:46dc:4700:93a1
2600:9000:21f3:5000:3:a4cd:8380:93a1
2606:4700:10::6816:1957
2606:4700:3038::6815:ead7
2620:116:800d:21:7eb1:3826:be7e:d981
2620:1ec:4e:1::44
2620:1ec:a92::194
2620:1ec:c11::200
2a00:1450:4001:801::200a
2a00:1450:4001:806::2008
2a00:1450:400d:806::200e
2a02:2638:1::13
2a02:6ea0:c700::19
34.252.124.99
51.38.120.206
52.109.68.59
52.222.137.45
54.154.10.160
54.38.64.100
005c3133bf387e1b00a5ec25effc468f7752591adac19a3782d200bf68a970f0
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
1016d0b9bf41f4fcefa7e9b7de510107def3e64bbeaa39aac00f7b164f642ba9
16c60cd6aff6a6febabbc48e9b7692a9c3b369d12d31749f8117d6d0851d5296
174d9cc46df9a2152ea9f852eb4c02f43d16924fcb9a21ade6a9db279d228ff1
1cc6de1a4f6a561a6aa75d08bae33388b2e8905d01753aa41e4886a466d7c28c
21242594693da0bfeb4576691cb26e9e215127448e17d204b1af253498f5e301
266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d
2ff09ddce3a55505346a551874b4a1cac73120c05f1207f47d973c4e952b0987
31d1a8b234ef7e3fcd967fe38bb63298be8faf869e0dcd5352c330ed5c18964b
34d8da073f47030ee94b99d84fbe68e3345bd8aaa37ea909ff2da00238447486
3ac82b5a773ea82258a30c60d277acffa832ce446397fcb6abf39726c4330fb5
3d3083e4d532426021bab4591b757ee5bd5ec33f3e914ae319071d7aeaf53d3c
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
4006e0481f9cfffd3a579c3dcbdad1b6953e844c1e3c76a8d9f86844c98d87a3
47e3590d50e4b930960d1c0deb3fc7d453f2f38a2fc5c0f24b9862eac7169a75
52d507688e76dfbe48fce79beb89be7f30101e95e9e06c121c461e30517ab36f
54a2f5eca1b0e7eda5cd0863fe8acbc23825a3d93108f11a2f654d537687f963
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5bb06f052a7fa32f471f2e65b09f3a294b6fd633ea7e6989f6fd6b9f799fc995
5d3357bd875b7335ace42e8ee3a64578e4253bed1a4e279109de403eedae3a69
62a9ab66cac0afdced4732a27d4e2139d6975a0e92816f638c16d60a544faa2c
65efeac160ccc469ad55cfaa6fb94254f1bf8f89ae913b3e50407021c3f42ed4
67dd96644fcce9cc703ebf1ede6a7a96b42fe909d024f0eee3e826ae0a59f66d
6a5f7b93d67537c9484ae5a33c7b69146eb548fa520d7807361172b7c5040b19
70ee840253a7cb7c07edabed96e9a7cf14e2099c8ee00fc0e1bebd6628d773fe
773a678845579e6334f19d4e62f29446e7898bd816359c74574e37884503f909
7a70bcdb522c036279a39ff1c8637cc19b9080688e7d3acacf718008378c9b52
7bb23de30daa7e81e2fafc5d2fbcada4b6fefc10c3251661952a341d6864aa8e
80fccb00db57a177d26368cda09f8a540cf1aa641b8b6837047e86d3bd8d6333
80fd4cf05bd80846d467d08abcb621742769fe832f83fa40c9816b8eb3a7e831
8c979ed3785f184174cba3c38dd0ebbd5b244add676982d9aeafb57b3e53b1a4
92d6f5778771045a266e65061cc52d40ddbf9037e2e23638240afccb0386feba
94ef87ee295c67526205d67124f404e246226105e939e14c435a20c29a956f49
99bfece6cb4ae74dd28d281e2988079ae8ccd7f7f0d2be518856725494444f88
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a305fbb2ba223bf3b56bb8776b85f6f40d60dd082a74dbe28d143b5794c7e393
a4f3df368cb788bf3ed15324ed8a6089538c67c4f9ef04f36b3f4b57bfdf6680
a8efe51cbecdad4bc99bcab6208c535224c81077f92247249f93ce079be3b4a7
ad07c6b24e5575bc7fea432515d21d7ada9aeee0bdd5518b1d5fe24b98a091e3
b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213
b52ad46ce393602be0dcc61bf96cf97052d1e2c74f97bb85104a0889f690d4c8
b628942e8ff712de0d166d8704f779bd3860800817549c8a375868977e117863
b66a5c41dda8640ef2fb42901bee5437dcdc746f018ab7bfa42fa6cfddc830f8
bdaed87455d44bedfed27515f3ec4d5c0ba95c6dd3d1ee0a80e0e98168302784
c5f0ba26f2680ccc3d5df6a91f1f7ace14d2a8d021ad311472617d367a03322c
cacd215430aa66f1391abd136f23ddb729b3fe44c6385a43b62d7a9e8479ea03
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d2581f2491c811e1e503e840938053e668884798e5dcc5eb43de83d146a7ed89
d4d110e8a9fe26f1b2ef2b740141aa2d689495776e048f511a784b2eeccb476c
e04d8bf6cee881ad0cef30e96394941a795549d0876bf508a4763f065fa4a698
e06ee82491c143dae8e935c009852ea5840da91b7b4fe8ad83b61edb01ff22cf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d4192e517aa3b92d58434636b6fae1e2f51dd09d5598b10dfa9f9deb65cb8
e5014bac0fa3e49a6eab8b146d9d57d5ef82b624aa3593900ce1cac72cb97882
ea2a9fd6d1e3ce307d9bf610802a2139a2bd134e9a3e8e8bfb0bc8ef97f0097e
f19aeb615472c877093fe373b0011ce3c251d4547b7e405a4eb7732b650bf045
fd8d066831042197f4829d33095327e91b746a726b554327e6832e195ec51934