urlscan.io logo urlscan.io
SecurityTrails logo

xurl.pl Open in urlscan Pro
37.187.29.229  Public Scan

Go To Rescan Add Verdict Report
URL: http://xurl.pl/foLU
Submission: On July 04 via manual from AE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 6 countries across 10 domains to perform 17 HTTP transactions. The main IP is 37.187.29.229, located in France and belongs to OVH, FR. The main domain is xurl.pl.
This is the only time xurl.pl was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 37.187.29.229 16276 (OVH)
1 5 136.243.87.209 24940 (HETZNER-AS)
2 2a00:1450:400... 15169 (GOOGLE)
1 2 138.201.139.207 24940 (HETZNER-AS)
4 4 148.251.158.105 24940 (HETZNER-AS)
1 2 138.201.230.75 24940 (HETZNER-AS)
4 4 35.156.205.11 16509 (AMAZON-02)
1 1 188.165.27.173 16276 (OVH)
2 2 85.194.243.23 57367 (ECO-ATMAN...)
2 2 52.210.188.213 16509 (AMAZON-02)
1 1 94.23.144.220 16276 (OVH)
1 46.4.70.55 24940 (HETZNER-AS)
17 7
7    37.187.29.229 (France)

ASN16276 (OVH, FR)
PTR: opteron.god.pl
xurl.pl
5    136.243.87.209 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 26-hprx.funcns.net
adsearch.adkontekst.pl
2    2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
2    138.201.139.207 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 6-bt-spd-d.funcns.net
api.spoldzielnia.nsaudience.pl
4    148.251.158.105 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 23-hprx.funcns.net
mis.em.nscontext.eu
2    138.201.230.75 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 29-hprx.funcns.net
cm.em.nscontext.eu
4    35.156.205.11 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-156-205-11.eu-central-1.compute.amazonaws.com
x.bidswitch.net
1    188.165.27.173 (Lithuania)

ASN16276 (OVH, FR)
PTR: ip173.ip-188-165-27.eu
green.erne.co
2    85.194.243.23 (Krakow, Poland)

ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL)
PTR: ip-2.85-194-243-22.net.eco.atman.pl
pixel.onaudience.com
2    52.210.188.213 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-210-188-213.eu-west-1.compute.amazonaws.com
sync.crwdcntrl.net
1    94.23.144.220 (Netherlands)

ASN16276 (OVH, FR)
PTR: ip220.ip-94-23-144.eu
grey.erne.co
1    46.4.70.55 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 21-hprx.funcns.net
rm.em.nscontext.eu
Domain Requested by
7 xurl.pl xurl.pl
5 adsearch.adkontekst.pl 1 redirects xurl.pl
adsearch.adkontekst.pl
4 x.bidswitch.net 4 redirects
4 mis.em.nscontext.eu 4 redirects
2 sync.crwdcntrl.net 2 redirects
2 pixel.onaudience.com 2 redirects
2 cm.em.nscontext.eu 1 redirects
2 api.spoldzielnia.nsaudience.pl 1 redirects
2 www.google-analytics.com xurl.pl
1 rm.em.nscontext.eu xurl.pl
1 grey.erne.co 1 redirects
1 green.erne.co 1 redirects
0 zhangtom1989.cn Failed xurl.pl
17 13

This site contains no links.

Subject Issuer Validity Valid

1970-01-01 -
1970-01-01		 a few seconds crt.sh
*.google-analytics.com
Google Internet Authority G3		 2019-06-11 -
2019-09-03		 3 months crt.sh
*.spoldzielnia.nsaudience.pl
nazwaSSL		 2018-09-08 -
2019-09-08		 a year crt.sh
*.em.nscontext.eu
nazwaSSL		 2018-08-29 -
2019-08-29		 a year crt.sh

This page contains 6 frames:

Primary Page: http://xurl.pl/foLU
Frame ID: B5A08CD8FD822BC08482A47547A3227E
Requests: 3 HTTP requests in this frame

Frame: http://xurl.pl/framedRedirectTop.php?url=670146
Frame ID: 4EAFC266119138D8B6CD62D5049FA579
Requests: 11 HTTP requests in this frame

Frame: http://zhangtom1989.cn/08643597//035Qb/?sc=1&sc=1&l=1&ppy=2678935&i=2678935
Frame ID: D6078C35A00F47990411D9BD4E4BF241
Requests: 1 HTTP requests in this frame

Frame: https://api.spoldzielnia.nsaudience.pl/frontend/api/sale.api?uid=mi16bbccf80cd567ba785dc0930c0
Frame ID: 354B479029581B6AAC246F0BE1716722
Requests: 1 HTTP requests in this frame

Frame: https://cm.em.nscontext.eu/cm/iframe//?uid=mi16bbccf810120b2f28ff8d83300
Frame ID: AF941B2E27D0AEDCCCBFFA52E2D476DE
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 7ED47CF4A702FDA199B57AECB6BAF85E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

17
Requests

29 %
HTTPS

8 %
IPv6

10
Domains

13
Subdomains

7
IPs

6
Countries

491 kB
Transfer

861 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • http://www.typis.es/45012//035Qb/?sc=1&sc=1&l=1&ppy=2678935&i=2678935 HTTP 302
  • http://zhangtom1989.cn/08643597//035Qb/?sc=1&sc=1&l=1&ppy=2678935&i=2678935
Request Chain 10
  • http://www.google-analytics.com/analytics.js HTTP 307
  • https://www.google-analytics.com/analytics.js
Request Chain 11
  • http://www.google-analytics.com/r/collect?v=1&_v=j77&a=966230645&t=pageview&_s=1&dl=http%3A%2F%2Fxurl.pl%2FframedRedirectTop.php%3Furl%3D670146&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x72&je=0&_u=IEBAAEAB~&jid=1564497889&gjid=909432229&cid=500167553.1562240840&tid=UA-38188073-4&_gid=518110175.1562240840&_r=1&z=778131061 HTTP 307
  • https://www.google-analytics.com/r/collect?v=1&_v=j77&a=966230645&t=pageview&_s=1&dl=http%3A%2F%2Fxurl.pl%2FframedRedirectTop.php%3Furl%3D670146&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x72&je=0&_u=IEBAAEAB~&jid=1564497889&gjid=909432229&cid=500167553.1562240840&tid=UA-38188073-4&_gid=518110175.1562240840&_r=1&z=778131061
Request Chain 13
  • https://api.spoldzielnia.nsaudience.pl/frontend/api/matchSale.api HTTP 302
  • https://mis.em.nscontext.eu/?redirect=https%3A%2F%2Fapi.spoldzielnia.nsaudience.pl%2Ffrontend%2Fapi%2Fsale.api%3Fuid%3D__masterId__ HTTP 302
  • https://mis.em.nscontext.eu/ex/tmp1562240843981Z1514641991/mi16bbccf80cd567ba785dc0930c0/1?redirect=https%3A%2F%2Fapi.spoldzielnia.nsaudience.pl%2Ffrontend%2Fapi%2Fsale.api%3Fuid%3D__masterId__ HTTP 302
  • https://api.spoldzielnia.nsaudience.pl/frontend/api/sale.api?uid=mi16bbccf80cd567ba785dc0930c0
Request Chain 14
  • https://cm.em.nscontext.eu/cm/iframe/ HTTP 302
  • https://mis.em.nscontext.eu/deimos/cm/?redirect=https://cm.em.nscontext.eu/cm/iframe//?uid=__userId__ HTTP 302
  • https://mis.em.nscontext.eu/ex/tmp1562240844033Z8575949/mi16bbccf810120b2f28ff8d83300/1?redirect=https://cm.em.nscontext.eu/cm/iframe//?uid=__userId__ HTTP 302
  • https://cm.em.nscontext.eu/cm/iframe//?uid=mi16bbccf810120b2f28ff8d83300
Request Chain 17
  • https://x.bidswitch.net/sync?ssp=netsprint HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=netsprint HTTP 302
  • https://green.erne.co/bidswitch/cm?bidswitch_ssp_id=netsprint HTTP 302
  • https://pixel.onaudience.com/?mapped=svh1j1dfgCmbA5SYdAQYTEcj&partner=2&redirect=grey.erne.co%2Ftags%3Fid%3Dcm_ct_%25s%26img%3D1%26red%3Dhttps%253A%252F%252Fx.bidswitch.net%252Fsync%253Fdsp_id%253D270%2526expires%253D10%2526user_id%253Dsvh1j1dfgCmbA5SYdAQYTEcj%2526ssp%253Dnetsprint HTTP 302
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26mapped%3D%24%7Bprofile_id%7D%26redirect%3Dhttps%253A%252F%252Fgrey.erne.co%252Ftags%253Fid%253Dcm_ct_cee4ffb77c85648e%2526img%253D1%2526red%253Dhttps%25253A%25252F%25252Fx.bidswitch.net%25252Fsync%25253Fdsp_id%25253D270%252526expires%25253D10%252526user_id%25253Dsvh1j1dfgCmbA5SYdAQYTEcj%252526ssp%25253Dnetsprint HTTP 302
  • https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26mapped%3D%24%7Bprofile_id%7D%26redirect%3Dhttps%253A%252F%252Fgrey.erne.co%252Ftags%253Fid%253Dcm_ct_cee4ffb77c85648e%2526img%253D1%2526red%253Dhttps%25253A%25252F%25252Fx.bidswitch.net%25252Fsync%25253Fdsp_id%25253D270%252526expires%25253D10%252526user_id%25253Dsvh1j1dfgCmbA5SYdAQYTEcj%252526ssp%25253Dnetsprint HTTP 302
  • https://pixel.onaudience.com/?partner=104&icm&mapped=77b74a37e31336cc59f766c3f83388df&redirect=https%3A%2F%2Fgrey.erne.co%2Ftags%3Fid%3Dcm_ct_cee4ffb77c85648e%26img%3D1%26red%3Dhttps%253A%252F%252Fx.bidswitch.net%252Fsync%253Fdsp_id%253D270%2526expires%253D10%2526user_id%253Dsvh1j1dfgCmbA5SYdAQYTEcj%2526ssp%253Dnetsprint HTTP 302
  • https://grey.erne.co/tags?id=cm_ct_cee4ffb77c85648e&img=1&red=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D270%26expires%3D10%26user_id%3Dsvh1j1dfgCmbA5SYdAQYTEcj%26ssp%3Dnetsprint HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=270&expires=10&user_id=svh1j1dfgCmbA5SYdAQYTEcj&ssp=netsprint HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=270&expires=10&user_id=svh1j1dfgCmbA5SYdAQYTEcj&ssp=netsprint HTTP 302
  • https://adsearch.adkontekst.pl/deimos/rtbcm?dspId=bidswitch&buyerId=55f23efb-1e24-45ec-acb4-cd3dc8a36007 HTTP 302
  • https://rm.em.nscontext.eu/?dspId=bidswitch&buyerId=55f23efb-1e24-45ec-acb4-cd3dc8a36007

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set foLU
xurl.pl/ 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://xurl.pl/foLU
Protocol
HTTP/1.1
Server
37.187.29.229 , France, ASN16276 (OVH, FR),
Reverse DNS
opteron.god.pl
Software
Apache / PHP/5.3.29
Resource Hash
41cd7c10fd95277705d35af462f6ec3d02ff14df34f03c7560869c9cbbfc95ad

Request headers

Host
xurl.pl
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 04 Jul 2019 11:47:19 GMT
Server
Apache
X-Powered-By
PHP/5.3.29
Set-Cookie
shorturl=tm8m8nlrscrjnla8st7vv9cfl2; path=/
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Accept-Ranges
bytes
Content-Length
1535
Keep-Alive
timeout=20, max=100
Connection
Keep-Alive
Content-Type
text/html
bootstrap.css
xurl.pl/themes/v3/styles/css/ 		127 KB
127 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://xurl.pl/themes/v3/styles/css/bootstrap.css
Requested by
Host: xurl.pl
URL: http://xurl.pl/foLU
Protocol
HTTP/1.1
Security
, ,
Server
37.187.29.229 , France, ASN16276 (OVH, FR),
Reverse DNS
opteron.god.pl
Software
Apache /
Resource Hash
bb74e0857a515bba7514be5880db482d5e2f32047b5b27bed2b8d064e731b094

Request headers

Referer
http://xurl.pl/foLU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 04 Jul 2019 11:47:19 GMT
Last-Modified
Fri, 16 Aug 2013 18:23:12 GMT
Server
Apache
ETag
"427076c-1fcce-4e414aeeba400"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=20, max=99
Content-Length
130254
screen.css
xurl.pl/themes/v3/styles/ 		39 KB
39 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://xurl.pl/themes/v3/styles/screen.css
Requested by
Host: xurl.pl
URL: http://xurl.pl/foLU
Protocol
HTTP/1.1
Security
, ,
Server
37.187.29.229 , France, ASN16276 (OVH, FR),
Reverse DNS
opteron.god.pl
Software
Apache /
Resource Hash
c633c8575301d2e600d0006875ae313be2de2d0813e8f5db62c9dc8de38bc2df

Request headers

Referer
http://xurl.pl/foLU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 04 Jul 2019 11:47:19 GMT
Last-Modified
Fri, 16 Aug 2013 18:23:11 GMT
Server
Apache
ETag
"427076a-9a8b-4e414aedc61c0"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=20, max=100
Content-Length
39563
framedRedirectTop.php
xurl.pl/ Frame 4EAF 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://xurl.pl/framedRedirectTop.php?url=670146
Requested by
Host: xurl.pl
URL: http://xurl.pl/foLU
Protocol
HTTP/1.1
Server
37.187.29.229 , France, ASN16276 (OVH, FR),
Reverse DNS
opteron.god.pl
Software
Apache / PHP/5.3.29
Resource Hash
01b2782f8692a6965ad035ac85442781b5e27b1b9aa49b4f669a2277f4b00c20

Request headers

Host
xurl.pl
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
http://xurl.pl/foLU
Accept-Encoding
gzip, deflate
Cookie
shorturl=tm8m8nlrscrjnla8st7vv9cfl2
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://xurl.pl/foLU

Response headers

Date
Thu, 04 Jul 2019 11:47:19 GMT
Server
Apache
X-Powered-By
PHP/5.3.29
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Accept-Ranges
bytes
Content-Length
2459
Keep-Alive
timeout=20, max=100
Connection
Keep-Alive
Content-Type
text/html
/
zhangtom1989.cn/08643597//035Qb/ Frame D607
Redirect Chain
  • http://www.typis.es/45012//035Qb/?sc=1&sc=1&l=1&ppy=2678935&i=2678935
  • http://zhangtom1989.cn/08643597//035Qb/?sc=1&sc=1&l=1&ppy=2678935&i=2678935
0
0
bootstrap.css
xurl.pl/themes/v3/styles/css/ Frame 4EAF 		127 KB
127 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://xurl.pl/themes/v3/styles/css/bootstrap.css
Requested by
Host: xurl.pl
URL: http://xurl.pl/framedRedirectTop.php?url=670146
Protocol
HTTP/1.1
Security
, ,
Server
37.187.29.229 , France, ASN16276 (OVH, FR),
Reverse DNS
opteron.god.pl
Software
Apache /
Resource Hash
bb74e0857a515bba7514be5880db482d5e2f32047b5b27bed2b8d064e731b094

Request headers

Referer
http://xurl.pl/framedRedirectTop.php?url=670146
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 04 Jul 2019 11:47:19 GMT
Last-Modified
Fri, 16 Aug 2013 18:23:12 GMT
Server
Apache
ETag
"427076c-1fcce-4e414aeeba400"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=20, max=99
Content-Length
130254
screen.css
xurl.pl/themes/v3/styles/ Frame 4EAF 		39 KB
39 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://xurl.pl/themes/v3/styles/screen.css
Requested by
Host: xurl.pl
URL: http://xurl.pl/framedRedirectTop.php?url=670146
Protocol
HTTP/1.1
Security
, ,
Server
37.187.29.229 , France, ASN16276 (OVH, FR),
Reverse DNS
opteron.god.pl
Software
Apache /
Resource Hash
c633c8575301d2e600d0006875ae313be2de2d0813e8f5db62c9dc8de38bc2df

Request headers

Referer
http://xurl.pl/framedRedirectTop.php?url=670146
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 04 Jul 2019 11:47:19 GMT
Last-Modified
Fri, 16 Aug 2013 18:23:11 GMT
Server
Apache
ETag
"427076a-9a8b-4e414aedc61c0"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=20, max=99
Content-Length
39563
red.png
xurl.pl/themes/v3/images/logo/ Frame 4EAF 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://xurl.pl/themes/v3/images/logo/red.png
Requested by
Host: xurl.pl
URL: http://xurl.pl/framedRedirectTop.php?url=670146
Protocol
HTTP/1.1
Security
, ,
Server
37.187.29.229 , France, ASN16276 (OVH, FR),
Reverse DNS
opteron.god.pl
Software
Apache /
Resource Hash
5696b86cafd00b7c0ea1afead82ad1530db1a17a683bfa10d14d37781f95cff5

Request headers

Referer
http://xurl.pl/framedRedirectTop.php?url=670146
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 04 Jul 2019 11:47:19 GMT
Last-Modified
Sat, 31 Aug 2013 22:47:44 GMT
Server
Apache
ETag
"427060c-1a69-4e5462095c400"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=20, max=98
Content-Length
6761
/
adsearch.adkontekst.pl/_/ads/ Frame 4EAF 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://adsearch.adkontekst.pl/_/ads/?QAPS_AKPL=b290fe239207177a78f816b049a64836
Requested by
Host: xurl.pl
URL: http://xurl.pl/framedRedirectTop.php?url=670146
Protocol
HTTP/1.1
Security
, ,
Server
136.243.87.209 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
26-hprx.funcns.net
Software
Microsoft-IIS/7.5 /
Resource Hash
b76016665ceda04079de05a50fee7e17b83856588dddaf71873396f9d42bfbf4

Request headers

Referer
http://xurl.pl/framedRedirectTop.php?url=670146
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 04 Jul 2019 11:47:19 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/7.5
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/javascript; charset=UTF-8
/
adsearch.adkontekst.pl/quad/spliter/ Frame 4EAF 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://adsearch.adkontekst.pl/quad/spliter/?prefix=akon&prid=0&caid=0&plh=b290fe239207177a78f816b049a64836&plid=0&namespace=qa_akon&nc=1562240839985&qss=true&nc2=265478591&dispatched=false&useBehavioralTargeting=true&type=K1&ref=http%3A%2F%2Fxurl.pl%2FfoLU
Requested by
Host: adsearch.adkontekst.pl
URL: http://adsearch.adkontekst.pl/_/ads/?QAPS_AKPL=b290fe239207177a78f816b049a64836
Protocol
HTTP/1.1
Security
, ,
Server
136.243.87.209 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
26-hprx.funcns.net
Software
Microsoft-IIS/7.5 /
Resource Hash
b43d796e0c9750f552c1fe755aecc5530e3e243daac9d393d736b5c95069ad50

Request headers

Referer
http://xurl.pl/framedRedirectTop.php?url=670146
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jul 2019 11:47:19 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/7.5
Transfer-Encoding
chunked
P3P
CP="NOI DSP COR NID CUR OUR NOR"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
text/javascript; charset=UTF-8
/
adsearch.adkontekst.pl/_/both/ Frame 4EAF 		456 KB
121 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://adsearch.adkontekst.pl/_/both/?prefix=akon&namespace=qa_akon&nc=0&browser=safari&dispatched=false
Requested by
Host: adsearch.adkontekst.pl
URL: http://adsearch.adkontekst.pl/_/ads/?QAPS_AKPL=b290fe239207177a78f816b049a64836
Protocol
HTTP/1.1
Security
, ,
Server
136.243.87.209 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
26-hprx.funcns.net
Software
Microsoft-IIS/7.5 /
Resource Hash
1b5132a71060cfa8bd8a08b204d59f0622fe65b979034ec9fa86171ab468e376

Request headers

Referer
http://xurl.pl/framedRedirectTop.php?url=670146
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 04 Jul 2019 11:47:19 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/7.5
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/javascript; charset=UTF-8
analytics.js
www.google-analytics.com/ Frame 4EAF
Redirect Chain
  • http://www.google-analytics.com/analytics.js
  • https://www.google-analytics.com/analytics.js
43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: xurl.pl
URL: http://xurl.pl/framedRedirectTop.php?url=670146
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a4883cce814b6793c5bd6dd3639d6048ecab39a93a90b560d39a9fd0aff6e263
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://xurl.pl/framedRedirectTop.php?url=670146
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 20 Jun 2019 21:35:04 GMT
server
Golfe2
age
4782
date
Thu, 04 Jul 2019 10:27:38 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
17707
expires
Thu, 04 Jul 2019 12:27:38 GMT

Redirect headers

Location
https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason
HSTS
collect
www.google-analytics.com/r/ Frame 4EAF
Redirect Chain
  • http://www.google-analytics.com/r/collect?v=1&_v=j77&a=966230645&t=pageview&_s=1&dl=http%3A%2F%2Fxurl.pl%2FframedRedirectTop.php%3Furl%3D670146&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x72&j...
  • https://www.google-analytics.com/r/collect?v=1&_v=j77&a=966230645&t=pageview&_s=1&dl=http%3A%2F%2Fxurl.pl%2FframedRedirectTop.php%3Furl%3D670146&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x72&...
35 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j77&a=966230645&t=pageview&_s=1&dl=http%3A%2F%2Fxurl.pl%2FframedRedirectTop.php%3Furl%3D670146&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x72&je=0&_u=IEBAAEAB~&jid=1564497889&gjid=909432229&cid=500167553.1562240840&tid=UA-38188073-4&_gid=518110175.1562240840&_r=1&z=778131061
Requested by
Host: xurl.pl
URL: http://xurl.pl/framedRedirectTop.php?url=670146
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://xurl.pl/framedRedirectTop.php?url=670146
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jul 2019 11:47:20 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://www.google-analytics.com/r/collect?v=1&_v=j77&a=966230645&t=pageview&_s=1&dl=http%3A%2F%2Fxurl.pl%2FframedRedirectTop.php%3Furl%3D670146&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x72&je=0&_u=IEBAAEAB~&jid=1564497889&gjid=909432229&cid=500167553.1562240840&tid=UA-38188073-4&_gid=518110175.1562240840&_r=1&z=778131061
Non-Authoritative-Reason
HSTS
/
adsearch.adkontekst.pl/quad/spliter/ Frame 4EAF 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://adsearch.adkontekst.pl/quad/spliter/?prid=887&caid=503248&nc=1562240840482&cc=2&form=507498:2:;&content=&qnr=0&without=&extra=&w=936&h=60&qss=true&flash=false&iid=-9970784592975164&prefix=akon&namespace=qa_akon&type=2&dispatched=false&useBehavioralTargeting=true&ref=http%3A%2F%2Fxurl.pl%2FfoLU
Requested by
Host: adsearch.adkontekst.pl
URL: http://adsearch.adkontekst.pl/_/ads/?QAPS_AKPL=b290fe239207177a78f816b049a64836
Protocol
HTTP/1.1
Security
, ,
Server
136.243.87.209 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
26-hprx.funcns.net
Software
Microsoft-IIS/7.5 /
Resource Hash
ab8f3c02d3208b43b4d3046dbba9eb551b6b805706830b3dc331a3df4ef78a8f

Request headers

Referer
http://xurl.pl/framedRedirectTop.php?url=670146
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jul 2019 11:47:20 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/7.5
Transfer-Encoding
chunked
P3P
CP="NOI DSP COR NID CUR OUR NOR"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
text/javascript; charset=UTF-8
Cookie set sale.api
api.spoldzielnia.nsaudience.pl/frontend/api/ Frame 354B
Redirect Chain
  • https://api.spoldzielnia.nsaudience.pl/frontend/api/matchSale.api
  • https://mis.em.nscontext.eu/?redirect=https%3A%2F%2Fapi.spoldzielnia.nsaudience.pl%2Ffrontend%2Fapi%2Fsale.api%3Fuid%3D__masterId__
  • https://mis.em.nscontext.eu/ex/tmp1562240843981Z1514641991/mi16bbccf80cd567ba785dc0930c0/1?redirect=https%3A%2F%2Fapi.spoldzielnia.nsaudience.pl%2Ffrontend%2Fapi%2Fsale.api%3Fuid%3D__masterId__
  • https://api.spoldzielnia.nsaudience.pl/frontend/api/sale.api?uid=mi16bbccf80cd567ba785dc0930c0
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://api.spoldzielnia.nsaudience.pl/frontend/api/sale.api?uid=mi16bbccf80cd567ba785dc0930c0
Requested by
Host:
URL: gummibear.boxstatic-0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.201.139.207 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
6-bt-spd-d.funcns.net
Software
Microsoft-IIS/7.5 /
Resource Hash

Request headers

Host
api.spoldzielnia.nsaudience.pl
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
http://xurl.pl/framedRedirectTop.php?url=670146
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://xurl.pl/framedRedirectTop.php?url=670146

Response headers

Server
Microsoft-IIS/7.5
Date
Thu, 04 Jul 2019 11:47:24 GMT
Content-Type
text/html;charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
P3P
CP="CAO COR COR CON TEL IVD SAM IND BUS"
Set-Cookie
ut=1562240844098;Path=/;Expires=Fri, 03-Jul-2020 11:47:24 GMT uid=mi16bbccf80cd567ba785dc0930c0;Path=/;Expires=Fri, 03-Jul-2020 11:47:24 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Encoding
gzip

Redirect headers

Server
Microsoft-IIS/7.5
Date
Thu, 04 Jul 2019 11:47:24 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
uid=mi16bbccf80cd567ba785dc0930c0;Path=/;Domain=.em.nscontext.eu;Expires=Sat, 03-Jul-2021 11:47:24 GMT;Max-Age=63072000
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://api.spoldzielnia.nsaudience.pl/frontend/api/sale.api?uid=mi16bbccf80cd567ba785dc0930c0
Cookie set /
cm.em.nscontext.eu/cm/iframe// Frame AF94
Redirect Chain
  • https://cm.em.nscontext.eu/cm/iframe/
  • https://mis.em.nscontext.eu/deimos/cm/?redirect=https://cm.em.nscontext.eu/cm/iframe//?uid=__userId__
  • https://mis.em.nscontext.eu/ex/tmp1562240844033Z8575949/mi16bbccf810120b2f28ff8d83300/1?redirect=https://cm.em.nscontext.eu/cm/iframe//?uid=__userId__
  • https://cm.em.nscontext.eu/cm/iframe//?uid=mi16bbccf810120b2f28ff8d83300
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.em.nscontext.eu/cm/iframe//?uid=mi16bbccf810120b2f28ff8d83300
Requested by
Host:
URL: gummibear.boxstatic-0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.201.230.75 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
29-hprx.funcns.net
Software
Microsoft-IIS/7.5 /
Resource Hash

Request headers

Host
cm.em.nscontext.eu
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
http://xurl.pl/framedRedirectTop.php?url=670146
Accept-Encoding
gzip, deflate, br
Cookie
tmp1562240843981Z1514641991=mi16bbccf80cd567ba785dc0930c0; volatileUid=mi16bbccf810120b2f28ff8d83300; tmp1562240844033Z8575949=mi16bbccf810120b2f28ff8d83300; uid=mi16bbccf810120b2f28ff8d83300
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://xurl.pl/framedRedirectTop.php?url=670146

Response headers

Server
Microsoft-IIS/7.5
Date
Thu, 04 Jul 2019 11:47:23 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
uid=mi16bbccf810120b2f28ff8d83300;Path=/;Domain=.em.nscontext.eu;Expires=Sat, 03-Jul-2021 11:47:24 GMT ec=ec;Path=/;Expires=Thu, 04-Jul-2019 12:47:24 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Server
Microsoft-IIS/7.5
Date
Thu, 04 Jul 2019 11:47:24 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
uid=mi16bbccf810120b2f28ff8d83300;Path=/;Domain=.em.nscontext.eu;Expires=Sat, 03-Jul-2021 11:47:24 GMT;Max-Age=63072000
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://cm.em.nscontext.eu/cm/iframe//?uid=mi16bbccf810120b2f28ff8d83300
truncated
/ Frame 7ED4 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9ed62e3d304b93a243e8390e6161d14d28447a34b5cb8953ce048fc83c94383d

Request headers

Referer
http://xurl.pl/framedRedirectTop.php?url=670146
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 7ED4 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f8d90d1c34b2cf176ae743361793df9ee6418708d8a8b5e4a7f69cf9503ba984

Request headers

Referer
http://xurl.pl/framedRedirectTop.php?url=670146
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
/
rm.em.nscontext.eu/ Frame 4EAF
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=netsprint
  • https://x.bidswitch.net/ul_cb/sync?ssp=netsprint
  • https://green.erne.co/bidswitch/cm?bidswitch_ssp_id=netsprint
  • https://pixel.onaudience.com/?mapped=svh1j1dfgCmbA5SYdAQYTEcj&partner=2&redirect=grey.erne.co%2Ftags%3Fid%3Dcm_ct_%25s%26img%3D1%26red%3Dhttps%253A%252F%252Fx.bidswitch.net%252Fsync%253Fdsp_id%253D...
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26mapped%3D%24%7Bprofile_id%7D%26redirect%3Dhttps%253A%252F%252Fgrey.erne.co%252Ftags%253Fi...
  • https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26mapped%3D%24%7Bprofile_id%7D%26redirect%3Dhttps%253A%252F%252Fgrey.erne.co%252Ftags%...
  • https://pixel.onaudience.com/?partner=104&icm&mapped=77b74a37e31336cc59f766c3f83388df&redirect=https%3A%2F%2Fgrey.erne.co%2Ftags%3Fid%3Dcm_ct_cee4ffb77c85648e%26img%3D1%26red%3Dhttps%253A%252F%252F...
  • https://grey.erne.co/tags?id=cm_ct_cee4ffb77c85648e&img=1&red=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D270%26expires%3D10%26user_id%3Dsvh1j1dfgCmbA5SYdAQYTEcj%26ssp%3Dnetsprint
  • https://x.bidswitch.net/sync?dsp_id=270&expires=10&user_id=svh1j1dfgCmbA5SYdAQYTEcj&ssp=netsprint
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=270&expires=10&user_id=svh1j1dfgCmbA5SYdAQYTEcj&ssp=netsprint
  • https://adsearch.adkontekst.pl/deimos/rtbcm?dspId=bidswitch&buyerId=55f23efb-1e24-45ec-acb4-cd3dc8a36007
  • https://rm.em.nscontext.eu/?dspId=bidswitch&buyerId=55f23efb-1e24-45ec-acb4-cd3dc8a36007
631 B
959 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rm.em.nscontext.eu/?dspId=bidswitch&buyerId=55f23efb-1e24-45ec-acb4-cd3dc8a36007
Requested by
Host: xurl.pl
URL: http://xurl.pl/foLU
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.4.70.55 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
21-hprx.funcns.net
Software
Microsoft-IIS/7.5 /
Resource Hash
c12998add033bf7f99e0ea18be87cbd554980348d1d24a95218e62618d8946a0

Request headers

Referer
http://xurl.pl/framedRedirectTop.php?url=670146
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 04 Jul 2019 11:47:30 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Server
Microsoft-IIS/7.5
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
image/jpeg

Redirect headers

Pragma
no-cache
Date
Thu, 04 Jul 2019 11:47:29 GMT
Server
Microsoft-IIS/7.5
Transfer-Encoding
chunked
P3P
CP = "NOI DSP COR NID CUR OUR NOR"
Location
https://rm.em.nscontext.eu/?dspId=bidswitch&buyerId=55f23efb-1e24-45ec-acb4-cd3dc8a36007
Cache-Control
no-cache
Connection
keep-alive

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
zhangtom1989.cn
URL
http://zhangtom1989.cn/08643597//035Qb/?sc=1&sc=1&l=1&ppy=2678935&i=2678935

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adsearch.adkontekst.pl
api.spoldzielnia.nsaudience.pl
cm.em.nscontext.eu
green.erne.co
grey.erne.co
mis.em.nscontext.eu
pixel.onaudience.com
rm.em.nscontext.eu
sync.crwdcntrl.net
www.google-analytics.com
x.bidswitch.net
xurl.pl
zhangtom1989.cn
zhangtom1989.cn
136.243.87.209
138.201.139.207
138.201.230.75
148.251.158.105
188.165.27.173
2a00:1450:4001:808::200e
35.156.205.11
37.187.29.229
46.4.70.55
52.210.188.213
85.194.243.23
94.23.144.220
01b2782f8692a6965ad035ac85442781b5e27b1b9aa49b4f669a2277f4b00c20
1b5132a71060cfa8bd8a08b204d59f0622fe65b979034ec9fa86171ab468e376
41cd7c10fd95277705d35af462f6ec3d02ff14df34f03c7560869c9cbbfc95ad
5696b86cafd00b7c0ea1afead82ad1530db1a17a683bfa10d14d37781f95cff5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9ed62e3d304b93a243e8390e6161d14d28447a34b5cb8953ce048fc83c94383d
a4883cce814b6793c5bd6dd3639d6048ecab39a93a90b560d39a9fd0aff6e263
ab8f3c02d3208b43b4d3046dbba9eb551b6b805706830b3dc331a3df4ef78a8f
b43d796e0c9750f552c1fe755aecc5530e3e243daac9d393d736b5c95069ad50
b76016665ceda04079de05a50fee7e17b83856588dddaf71873396f9d42bfbf4
bb74e0857a515bba7514be5880db482d5e2f32047b5b27bed2b8d064e731b094
c12998add033bf7f99e0ea18be87cbd554980348d1d24a95218e62618d8946a0
c633c8575301d2e600d0006875ae313be2de2d0813e8f5db62c9dc8de38bc2df
f8d90d1c34b2cf176ae743361793df9ee6418708d8a8b5e4a7f69cf9503ba984