urlscan.io logo urlscan.io
SecurityTrails logo

bundscity.azurewebsites.net Open in urlscan Pro
20.119.0.46  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://kestonim.com/click?trvid=10164&extid=171107023610000TBRTV424768351754V15&cost=&campid=384998820&zoneid=374408...
Effective URL: https://bundscity.azurewebsites.net/Ti6lwJQu7JKUa5eMqlo_0ge1E_G-DdnO6qZEFDkta6U/?cid=3xVnjHVRSJHQ&sid=101643744083-793336440-0
Submission: On March 22 via manual from HU — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 7 HTTP transactions. The main IP is 20.119.0.46, located in Washington, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is bundscity.azurewebsites.net.
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 08 on March 13th 2024. Valid for: a year.
This is the only time bundscity.azurewebsites.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 3.126.48.135 16509 (AMAZON-02)
2 20.119.0.46 8075 (MICROSOFT...)
2 188.114.96.3 13335 (CLOUDFLAR...)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
7 6
2    3.126.48.135 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-48-135.eu-central-1.compute.amazonaws.com
kestonim.com
2    20.119.0.46 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bundscity.azurewebsites.net
2    188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
feed.rtbadsmya.com
t.rtbadsmya.com
1    2606:4700:20::681a:6e4 (United States)

ASN13335 (CLOUDFLARENET, US)
sdk.ocmhood.com
1    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.ocmtag.com
1    2606:4700:20::ac43:4809 (United States)

ASN13335 (CLOUDFLARENET, US)
t.ocmhood.com
Apex Domain
Subdomains		 Transfer
2 ocmhood.com
sdk.ocmhood.com — Cisco Umbrella Rank: 33951
t.ocmhood.com — Cisco Umbrella Rank: 9815
13 KB
2 rtbadsmya.com
feed.rtbadsmya.com
t.rtbadsmya.com
893 B
2 azurewebsites.net
bundscity.azurewebsites.net
21 KB
2 kestonim.com
kestonim.com — Cisco Umbrella Rank: 875021
2 KB
1 ocmtag.com
cdn.ocmtag.com — Cisco Umbrella Rank: 36084
832 B
7 5
Domain Requested by
2 bundscity.azurewebsites.net bundscity.azurewebsites.net
2 kestonim.com 2 redirects
1 t.rtbadsmya.com bundscity.azurewebsites.net
1 t.ocmhood.com sdk.ocmhood.com
1 cdn.ocmtag.com sdk.ocmhood.com
1 sdk.ocmhood.com bundscity.azurewebsites.net
1 feed.rtbadsmya.com bundscity.azurewebsites.net
7 7

This site contains no links.

Subject Issuer Validity Valid
*.azurewebsites.net
Microsoft Azure RSA TLS Issuing CA 08		 2024-03-13 -
2025-03-08		 a year crt.sh
rtbadsmya.com
GTS CA 1P5		 2024-02-14 -
2024-05-14		 3 months crt.sh
ocmhood.com
E1		 2024-03-03 -
2024-06-01		 3 months crt.sh
ocmtag.com
Cloudflare Inc ECC CA-3		 2023-12-25 -
2024-12-24		 a year crt.sh

This page contains 1 frames:

Primary Page: https://bundscity.azurewebsites.net/Ti6lwJQu7JKUa5eMqlo_0ge1E_G-DdnO6qZEFDkta6U/?cid=3xVnjHVRSJHQ&sid=101643744083-793336440-0
Frame ID: 8836BC38D59648B9DA3CE8299618D2B4
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Click Here to edit your LP title

Page URL History Show full URLs

  1. http://kestonim.com/click?trvid=10164&extid=171107023610000TBRTV424768351754V15&cost=&campid=384... HTTP 301
    https://kestonim.com/click?trvid=10164&extid=171107023610000TBRTV424768351754V15&cost=&campid=384... HTTP 302
    https://bundscity.azurewebsites.net/Ti6lwJQu7JKUa5eMqlo_0ge1E_G-DdnO6qZEFDkta6U/?cid=3xVnjHVRSJHQ&sid=1016437440... Page URL

Page Statistics

7
Requests

100 %
HTTPS

50 %
IPv6

5
Domains

7
Subdomains

6
IPs

3
Countries

36 kB
Transfer

78 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://kestonim.com/click?trvid=10164&extid=171107023610000TBRTV424768351754V15&cost=&campid=384998820&zoneid=3744083-793336440-0&lang=pt&banid=23776370&form=1000 HTTP 301
    https://kestonim.com/click?trvid=10164&extid=171107023610000TBRTV424768351754V15&cost=&campid=384998820&zoneid=3744083-793336440-0&lang=pt&banid=23776370&form=1000 HTTP 302
    https://bundscity.azurewebsites.net/Ti6lwJQu7JKUa5eMqlo_0ge1E_G-DdnO6qZEFDkta6U/?cid=3xVnjHVRSJHQ&sid=101643744083-793336440-0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
bundscity.azurewebsites.net/Ti6lwJQu7JKUa5eMqlo_0ge1E_G-DdnO6qZEFDkta6U/
Redirect Chain
  • http://kestonim.com/click?trvid=10164&extid=171107023610000TBRTV424768351754V15&cost=&campid=384998820&zoneid=3744083-793336440-0&lang=pt&banid=23776370&form=1000
  • https://kestonim.com/click?trvid=10164&extid=171107023610000TBRTV424768351754V15&cost=&campid=384998820&zoneid=3744083-793336440-0&lang=pt&banid=23776370&form=1000
  • https://bundscity.azurewebsites.net/Ti6lwJQu7JKUa5eMqlo_0ge1E_G-DdnO6qZEFDkta6U/?cid=3xVnjHVRSJHQ&sid=101643744083-793336440-0
32 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bundscity.azurewebsites.net/Ti6lwJQu7JKUa5eMqlo_0ge1E_G-DdnO6qZEFDkta6U/?cid=3xVnjHVRSJHQ&sid=101643744083-793336440-0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.119.0.46 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
56f6df46cda0b6759d50f205d12bb50f8a51ee7f41948a3c04558daad239d469

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-origin
*
content-encoding
gzip
content-type
text/html
date
Fri, 22 Mar 2024 01:47:14 GMT
vary
Accept-Encoding

Redirect headers

cache-control
no-cache, no-store, no-transform, must-revalidate, private, max-age=0
content-length
153
content-type
text/html; charset=utf-8
date
Fri, 22 Mar 2024 01:47:13 GMT
expires
Thu, 01 Jan 1970 00:00:00 UTC
location
https://bundscity.azurewebsites.net/Ti6lwJQu7JKUa5eMqlo_0ge1E_G-DdnO6qZEFDkta6U/?cid=3xVnjHVRSJHQ&sid=101643744083-793336440-0
pragma
no-cache
server
nginx
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ee3df69641a083faeda162fce068aef31075856f15c43c74eada446496b865f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type
image/png
AFU1kAAPatM
feed.rtbadsmya.com/v1/native/ 		793 B
893 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://feed.rtbadsmya.com/v1/native/AFU1kAAPatM?subid=74532&uid=84c2cfe4-d017-455c-8acd-1c15306ac150&kw=download%20install&ud_tpcid=wXX_ifkenbtCkflHtxQn3WbwpgYWCkds
Requested by
Host: bundscity.azurewebsites.net
URL: https://bundscity.azurewebsites.net/Ti6lwJQu7JKUa5eMqlo_0ge1E_G-DdnO6qZEFDkta6U/?cid=3xVnjHVRSJHQ&sid=101643744083-793336440-0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0039a554366b9a524525109793f19ba6c64260aa59d3e8c4e0f4bf93fb71ba90

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bundscity.azurewebsites.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 01:47:15 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=843bHdh3B3MSAxGQnojGqRZsHQqtufrtzcUkWuTL%2F4VI5flXtGmn1RBR5wX9XUu06VlZUaUoUuAiuv%2Fr%2FUU09gGSFWHbGQ76TRHDkoEUNJucslp3%2BPWS6cXGDA2oDlod8MyXDPk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache
cf-ray
86828337da22904e-FRA
alt-svc
h3=":443"; ma=86400
conf.json
bundscity.azurewebsites.net/hood/YnVuZHNjaXR5LmF6dXJld2Vic2l0ZXMubmV0/ 		49 B
154 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bundscity.azurewebsites.net/hood/YnVuZHNjaXR5LmF6dXJld2Vic2l0ZXMubmV0/conf.json
Requested by
Host: bundscity.azurewebsites.net
URL: https://bundscity.azurewebsites.net/Ti6lwJQu7JKUa5eMqlo_0ge1E_G-DdnO6qZEFDkta6U/?cid=3xVnjHVRSJHQ&sid=101643744083-793336440-0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.119.0.46 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ba30b846f3d4e5f4ad51cd1624c831b13f38a7994b6c027830217aff603475d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bundscity.azurewebsites.net/Ti6lwJQu7JKUa5eMqlo_0ge1E_G-DdnO6qZEFDkta6U/?cid=3xVnjHVRSJHQ&sid=101643744083-793336440-0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 01:47:14 GMT
last-modified
Fri, 19 Jan 2024 10:55:20 GMT
accept-ranges
bytes
etag
"65aa5518-31"
content-length
49
content-type
application/json
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
260b073c6af7b2e361f1ba7f05d23007587adbdd79de704fc1999c9d64cd737e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type
image/jpeg
ht.js
sdk.ocmhood.com/sdk/ 		33 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sdk.ocmhood.com/sdk/ht.js?tag=NjY4ZwSkNAFfmDQ2BTMxNDY4MjE0Ntj-
Requested by
Host: bundscity.azurewebsites.net
URL: https://bundscity.azurewebsites.net/Ti6lwJQu7JKUa5eMqlo_0ge1E_G-DdnO6qZEFDkta6U/?cid=3xVnjHVRSJHQ&sid=101643744083-793336440-0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:6e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
85b9bd9a9898ebba902bbaff5b96a0356ad27aa90a65e29349efc90b7b7c6b13

Request headers

Referer
https://bundscity.azurewebsites.net/
Origin
https://bundscity.azurewebsites.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 01:47:14 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Mon, 18 Mar 2024 14:48:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"65f85430-30ac"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bgDEZyFZ4cV1LfprZPw0NYc3RTRSXPq2vEYeX2gTxmRjXwvVTEUyQTzUFkTMF3FhzxpJCoy3UAHl66HTXu3ykzGw4rjUr86rj8QAjOvxEhVgDE%2FF%2BDL1hs5sa%2FlOh%2BKP%2FMrWBx68xvh8tHMECA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
8682833869aa3a78-FRA
alt-svc
h3=":443"; ma=86400
service-worker-allowed
/
NjY4ZwSkNAFfmDQ2BTMxNDY4MjE0Ntj-.js
cdn.ocmtag.com/tag/ 		423 B
832 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ocmtag.com/tag/NjY4ZwSkNAFfmDQ2BTMxNDY4MjE0Ntj-.js
Requested by
Host: sdk.ocmhood.com
URL: https://sdk.ocmhood.com/sdk/ht.js?tag=NjY4ZwSkNAFfmDQ2BTMxNDY4MjE0Ntj-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b70a06f5cdbef2540906f23f488cda2a7010fb3ff229e488d843488cfda3bedf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bundscity.azurewebsites.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 01:47:14 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5378
alt-svc
h3=":443"; ma=86400
service-worker-allowed
/
last-modified
Fri, 19 Jan 2024 10:40:01 GMT
server
cloudflare
etag
W/"65aa5181-1a7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4nMB2R%2F3orRh0PVCUgYYMkOZY8ckjGsIxdaANLV80ObofT4o1x5N%2FVx0%2BGak38s%2BpIp7x83OX5tX7Qt8%2B5pguLvCnmKp8DKuqJWwuSFeSgTwtmXA9kTqIcqwSc%2FjRBXgxRt1yqJ%2BU691LoOhIw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
868283390f8c0b3c-AMS
activity
t.ocmhood.com/v2/ 		0
443 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://t.ocmhood.com/v2/activity
Requested by
Host: sdk.ocmhood.com
URL: https://sdk.ocmhood.com/sdk/ht.js?tag=NjY4ZwSkNAFfmDQ2BTMxNDY4MjE0Ntj-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4809 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bundscity.azurewebsites.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 22 Mar 2024 01:47:14 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zzhGPZYqeBwkJZrCZD98v7L1uf3unsaM6qjpimVv4IPIwfDE5J5rXyxCQTVCDA%2FgZYRRzgl6%2FrVcGQ6NHu%2B6gYQeUODoP7pI%2BTJ%2FjEEU%2Bny5eyLMxmsU%2Fyqlxaxrx9bc%2FbsIFJnDSVxlLkw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
cache-control
no-cache
cf-ray
868283396a1d19b3-FRA
alt-svc
h3=":443"; ma=86400
imp
t.rtbadsmya.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://t.rtbadsmya.com/imp?l2=k3WFWZHyeS4gAfjmyfMSZ1bN5dcF2NOj4GhyyH3pzLPgX29eWUditjwmYFXUXepBWBn9M9gRR-m9c0IfXUB67zO0abxmWE7nHK5keD4RUJ6MK8NU9LJb8kFYj8OOJsxiG7xQtzfIr_RmhkBNZ_O-1vv7OUGzGu094H8t5wrOMYjg-sb8uNJ7zV-ax3OAQLs9RYADUOBEEU82zZxNyZ0THXjtAfHLkBbrS-Qd2hr4JuWMdcDpEegyP2wxRg-tuc9x
Requested by
Host: bundscity.azurewebsites.net
URL: https://bundscity.azurewebsites.net/Ti6lwJQu7JKUa5eMqlo_0ge1E_G-DdnO6qZEFDkta6U/?cid=3xVnjHVRSJHQ&sid=101643744083-793336440-0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bundscity.azurewebsites.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 01:47:15 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C5HQcO57m5udCF%2FW2%2BepypYEIeJ5uhCMY4L435A76lfSV1gaPhVnb7rEW4giFdJcHIvfNw4r99miaChqcvAYgu979YHIEywRlL7kmuI%2BUU%2FKFoKLxBECEIIkHCPj0h6uLGw%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cache-control
no-cache
cf-ray
8682833e9cab904e-FRA
alt-svc
h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| qs string| lwp function| snippetGetEngineDomain function| snippetGetAllLocations object| campaign_domains function| importOmpServiceWorker function| initOmpServiceWorker function| clearSession function| goNextStep function| getLpType function| fetchAd function| getOCP function| popme function| finalRedirect function| goToRedirectonAllow function| goToRedirectSmart2 function| isPushApiSupported function| uuidv4 function| initLpPush function| startOmpWorker function| getLpIdParamIfSet function| getSourcePrefix object| ad number| cpc number| o_eid string| o_ocid string| source_prefix string| fallback_url function| before_redirect_block object| sParams string| cc function| Hood function| NjY4ZwSkNAFfmDQ2BTMxNDY4MjE0Ntj-

5 Cookies

Domain/Path Name / Value
kestonim.com/ Name: ClickDataNG
Value: H4sIAAAAAAAA_4xUXW_bOBD8K8I-tYAik6I-HBVG4dhpc0nduzaOAxwOKGhp7fAsk-qScj7a_PcDJSVn4O6hb-RyqJ3hzugHHJCsMhoK4BGLGITgHhuEgoVg2_XyZV0afUByWEGxkbXFEMpalbvfKihAPKz03xerr9eXF18ghEo6hILnnLM8ZkKEUMp9I9VWezRnPEtCUHb2x_T1W2ScdMp0gDwNgdoa_ZqFQFgpwtIt0N2ZCoo4BGtaKrvzOIRa6krp7YAedjdUQwEQgtlskLq2PBmHsCapy7sB2531yDvnGluMRutWV7ZU7jGSTy3hPa6tcmgjjW60VFl9f_mlzS-vbmSKi--1-ca2yM-_fTyZV_r37Puf5x_mOyezm9H7UlWT42f5q2UszqyqJp1-kScJG4uT_FQIkSUJO_EPXxrrBs0H1G3_8I18NK2DgkdioDxriVCXj1DAzfUcQmhJHWnYoXVGq31Umv2oG9J7R4eXzj0RfHC-0I2IxSLjjDG2PPu6XCVxkmdjkfI8TVY87eGe2GRYyn3jtY2T09PxOGZ99clo9NX_yurPa6m3k8b1m7XUqprEIs8zkQ-AjaH9xLOAEFQzrSpCa70nx2kUcxHxNI14yo9Ps37CrUWablE7KGBhnlRdy1EaseDNrdKVubfB52XAWcTeBbdKZ8m74CFL3gbTpqnxFtdXyo1SkUciC95cXSwXn8KgVjsMPmK5M2-D2R2ZPY54HEcsyuKMRzweB9dyI0kN98CPa4OE1POp8KBKfM2N8SoGKt6PdvVv3rzYNZl7293te71-4Yykro4_uTAV1seFz3KP_b7s28HMUGPIx88HrPHR5DwXwTWSv2CD6Vlns1Y78vaZn3fstz2f-fnPnxdorb_tMzCUPpDUu01LLpD7YCGVBm9KQu1m3lxDzkhtlf7UHJUcSW1l2cfaQqHbug6hbK0zeyh-DG73SHxwSFrW3c_kF0wJIRyYF_diQl_gvvC_sTrEUEDj_EpAAS_G8_ukGwNj8Pz8TwAAAP__0kyKVAoFAAA=
kestonim.com/ Name: ClickDataNgFall
Value: H4sIAAAAAAAA_4xUXW_bOBD8K8I-tYAik6I-HBVG4dhpc0nduzaOAxwOKGhp7fAsk-qScj7a_PcDJSVn4O6hb-RyqJ3hzugHHJCsMhoK4BGLGITgHhuEgoVg2_XyZV0afUByWEGxkbXFEMpalbvfKihAPKz03xerr9eXF18ghEo6hILnnLM8ZkKEUMp9I9VWezRnPEtCUHb2x_T1W2ScdMp0gDwNgdoa_ZqFQFgpwtIt0N2ZCoo4BGtaKrvzOIRa6krp7YAedjdUQwEQgtlskLq2PBmHsCapy7sB2531yDvnGluMRutWV7ZU7jGSTy3hPa6tcmgjjW60VFl9f_mlzS-vbmSKi--1-ca2yM-_fTyZV_r37Puf5x_mOyezm9H7UlWT42f5q2UszqyqJp1-kScJG4uT_FQIkSUJO_EPXxrrBs0H1G3_8I18NK2DgkdioDxriVCXj1DAzfUcQmhJHWnYoXVGq31Umv2oG9J7R4eXzj0RfHC-0I2IxSLjjDG2PPu6XCVxkmdjkfI8TVY87eGe2GRYyn3jtY2T09PxOGZ99clo9NX_yurPa6m3k8b1m7XUqprEIs8zkQ-AjaH9xLOAEFQzrSpCa70nx2kUcxHxNI14yo9Ps37CrUWablE7KGBhnlRdy1EaseDNrdKVubfB52XAWcTeBbdKZ8m74CFL3gbTpqnxFtdXyo1SkUciC95cXSwXn8KgVjsMPmK5M2-D2R2ZPY54HEcsyuKMRzweB9dyI0kN98CPa4OE1POp8KBKfM2N8SoGKt6PdvVv3rzYNZl7293te71-4Yykro4_uTAV1seFz3KP_b7s28HMUGPIx88HrPHR5DwXwTWSv2CD6Vlns1Y78vaZn3fstz2f-fnPnxdorb_tMzCUPpDUu01LLpD7YCGVBm9KQu1m3lxDzkhtlf7UHJUcSW1l2cfaQqHbug6hbK0zeyh-DG73SHxwSFrW3c_kF0wJIRyYF_diQl_gvvC_sTrEUEDj_EpAAS_G8_ukGwNj8Pz8TwAAAP__0kyKVAoFAAA=
bundscity.azurewebsites.net/ Name: session
Value: wXX_ifkenbtCkflHtxQn3WbwpgYWCkds
.bundscity.azurewebsites.net/ Name: ARRAffinity
Value: d17e42c6ab7201ab669dc6c67cb52ffa335acd50222b6abc4528957e756750a0
.bundscity.azurewebsites.net/ Name: ARRAffinitySameSite
Value: d17e42c6ab7201ab669dc6c67cb52ffa335acd50222b6abc4528957e756750a0