line-seguro-com.umbler.net
Open in
urlscan Pro
177.55.116.74
Malicious Activity!
Public Scan
Effective URL: https://line-seguro-com.umbler.net/
Submission: On February 14 via api from CA
Summary
TLS certificate: Issued by RapidSSL TLS RSA CA G1 on April 18th 2018. Valid for: 2 years.
This is the only time line-seguro-com.umbler.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Itau (Banking)Domain & IP information
ASN16509 (AMAZON-02, US)
PTR: server-13-224-196-86.fra2.r.cloudfront.net
p.cpx.to |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-13.fra50.r.cloudfront.net
d2zur9cc2gf1tx.cloudfront.net |
ASN34235 (ASPSERVEUR-AS, FR)
PTR: 5-179-192-20.dynamixhost.net
player.pepsia.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-214-1-180.eu-west-1.compute.amazonaws.com
s.cpx.to |
ASN16509 (AMAZON-02, US)
rules.quantcount.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-57-174.eu-central-1.compute.amazonaws.com
ice.360yield.com |
ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com |
ASN29990 (ASN-APPNEX, US)
PTR: 302.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com |
ASN15169 (GOOGLE, US)
PTR: fra16s14-in-f2.1e100.net
cm.g.doubleclick.net |
ASN29990 (ASN-APPNEX, US)
PTR: 373.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
secure.adnxs.com |
ASN16509 (AMAZON-02, US)
c.sharethis.mgr.consensu.org |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-246-118-35.eu-west-1.compute.amazonaws.com
adtrack.adleadevent.com |
ASN26667 (RUBICONPROJECT, US)
beacon-eu2.rubiconproject.com |
Domain | Requested by | |
---|---|---|
9 | line-seguro-com.umbler.net |
urlz.fr
line-seguro-com.umbler.net |
8 | ads.themoneytizer.com |
ajax.cloudflare.com
ads.themoneytizer.com |
3 | ice.360yield.com | 1 redirects |
3 | s.cpx.to |
p.cpx.to
|
3 | player.pepsia.com |
urlz.fr
player.pepsia.com |
2 | secure.adnxs.com | 2 redirects |
2 | script.4dex.io |
ads.themoneytizer.com
script.4dex.io |
2 | tag.leadplace.fr |
ads.themoneytizer.com
|
2 | ww1097.smartadserver.com |
1 redirects
ads.themoneytizer.com
|
2 | onetag-sys.com |
ads.themoneytizer.com
|
2 | urlz.fr | 1 redirects |
1 | fonts.gstatic.com |
line-seguro-com.umbler.net
|
1 | fonts.googleapis.com |
line-seguro-com.umbler.net
|
1 | s1.adform.net |
clarium.global.ssl.fastly.net
|
1 | beacon-eu2.rubiconproject.com |
urlz.fr
|
1 | track.adform.net |
clarium.global.ssl.fastly.net
|
1 | clarium.global.ssl.fastly.net |
ads.themoneytizer.com
|
1 | c.tmyzer.com |
ads.themoneytizer.com
|
1 | adtrack.adleadevent.com |
ajax.googleapis.com
|
1 | c.sharethis.mgr.consensu.org |
player.pepsia.com
|
1 | dmp.truoptik.com | |
1 | cm.g.doubleclick.net | 1 redirects |
1 | ib.adnxs.com |
ads.themoneytizer.com
|
1 | fastlane.rubiconproject.com |
ads.themoneytizer.com
|
1 | bidder.criteo.com |
ads.themoneytizer.com
|
1 | pixel.quantserve.com | |
1 | ajax.googleapis.com |
d2zur9cc2gf1tx.cloudfront.net
|
1 | rules.quantcount.com |
secure.quantserve.com
|
1 | www.noowho.com | |
1 | d2zur9cc2gf1tx.cloudfront.net |
ads.themoneytizer.com
|
1 | secure.quantserve.com |
ads.themoneytizer.com
|
1 | gum.criteo.com |
ads.themoneytizer.com
|
1 | ced-ns.sascdn.com | |
1 | p.cpx.to |
ads.themoneytizer.com
|
1 | tag.contextweb.com |
ads.themoneytizer.com
|
1 | spl.zeotap.com |
ads.themoneytizer.com
|
1 | g.themoneytizer.net |
ads.themoneytizer.com
|
1 | ajax.cloudflare.com |
urlz.fr
|
0 | protected-by.clarium.io Failed |
urlz.fr
|
0 | uipglob.semasio.net Failed | |
62 | 40 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2020-01-29 - 2020-10-09 |
8 months | crt.sh |
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-12-05 - 2020-06-12 |
6 months | crt.sh |
*.umbler.net RapidSSL TLS RSA CA G1 |
2018-04-18 - 2020-04-17 |
2 years | crt.sh |
*.themoneytizer.com Sectigo RSA Domain Validation Secure Server CA |
2019-02-15 - 2021-02-14 |
2 years | crt.sh |
g.themoneytizer.net GoGetSSL RSA DV CA |
2019-10-16 - 2022-01-17 |
2 years | crt.sh |
onetag-sys.com Let's Encrypt Authority X3 |
2020-02-10 - 2020-05-10 |
3 months | crt.sh |
ssl828800.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-09-17 - 2020-03-25 |
6 months | crt.sh |
*.contextweb.com DigiCert SHA2 Secure Server CA |
2018-07-07 - 2020-06-03 |
2 years | crt.sh |
p.cpx.to Sectigo RSA Domain Validation Secure Server CA |
2020-01-27 - 2021-02-08 |
a year | crt.sh |
*.sascdn.com DigiCert SHA2 Secure Server CA |
2019-10-17 - 2020-10-16 |
a year | crt.sh |
*.criteo.com DigiCert ECC Secure Server CA |
2019-12-05 - 2021-04-08 |
a year | crt.sh |
*.leadplace.fr Gandi Standard SSL CA 2 |
2018-09-06 - 2020-09-12 |
2 years | crt.sh |
*.quantserve.com DigiCert SHA2 High Assurance Server CA |
2019-10-04 - 2020-10-07 |
a year | crt.sh |
*.cloudfront.net DigiCert Global CA G2 |
2019-07-17 - 2020-07-05 |
a year | crt.sh |
player.pepsia.com Let's Encrypt Authority X3 |
2020-02-07 - 2020-05-07 |
3 months | crt.sh |
www.noowho.com Gandi Standard SSL CA 2 |
2017-02-07 - 2020-02-07 |
3 years | crt.sh |
s.cpx.to Sectigo RSA Domain Validation Secure Server CA |
2020-01-27 - 2021-02-08 |
a year | crt.sh |
*.storage.googleapis.com GTS CA 1O1 |
2020-01-29 - 2020-04-22 |
3 months | crt.sh |
sni50822.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2020-01-29 - 2020-08-06 |
6 months | crt.sh |
*.360yield.com Amazon |
2019-09-24 - 2020-10-24 |
a year | crt.sh |
*.rubiconproject.com DigiCert SHA2 Secure Server CA |
2019-01-10 - 2021-01-14 |
2 years | crt.sh |
*.adnxs.com DigiCert ECC Secure Server CA |
2019-01-23 - 2021-03-08 |
2 years | crt.sh |
*.truoptik.com Go Daddy Secure Certificate Authority - G2 |
2018-11-13 - 2020-11-13 |
2 years | crt.sh |
*.sharethis.mgr.consensu.org Go Daddy Secure Certificate Authority - G2 |
2018-05-21 - 2020-05-21 |
2 years | crt.sh |
adtrack.adleadevent.com Amazon |
2019-06-30 - 2020-07-30 |
a year | crt.sh |
*.smartadserver.com DigiCert Global CA G2 |
2020-02-03 - 2022-02-03 |
2 years | crt.sh |
c.tmyzer.com Let's Encrypt Authority X3 |
2020-02-11 - 2020-05-11 |
3 months | crt.sh |
*.freetls.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3 |
2019-12-18 - 2020-12-18 |
a year | crt.sh |
track.adform.net DigiCert SHA2 Secure Server CA |
2019-09-16 - 2021-09-20 |
2 years | crt.sh |
*.google.com GTS CA 1O1 |
2020-01-21 - 2020-04-14 |
3 months | crt.sh |
This page contains 7 frames:
Primary Page:
https://line-seguro-com.umbler.net/
Frame ID: A5F1D0175E7851AD1CA2FA270E27A45E
Requests: 51 HTTP requests in this frame
Frame:
https://line-seguro-com.umbler.net/
Frame ID: D2AB3DCE4956C15A8202A51845372125
Requests: 1 HTTP requests in this frame
Frame:
https://onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1581651918770
Frame ID: 26B4CF236E0556C74148D8ADF2A5987C
Requests: 1 HTTP requests in this frame
Frame:
https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map
Frame ID: 73A2DCFCE5D59065A633E6C088911232
Requests: 1 HTTP requests in this frame
Frame:
https://line-seguro-com.umbler.net/
Frame ID: 7631C801C172AABDDC23C65668244669
Requests: 1 HTTP requests in this frame
Frame:
https://tag.leadplace.fr/wckr.php?nogdpr&id=MTIZ
Frame ID: 870AF52A0FD58666EE2734CA21BB40D3
Requests: 1 HTTP requests in this frame
Frame:
https://clarium.global.ssl.fastly.net/?wrapper=kvOrV736ysbL2xjqNpLELG0upfU&tpid=a3ZPclY3MzZ5c2JMMnhqcU5wTEVMRzB1cGZVL3J1Ymljb246MzAweDEwMA%3D%3D&d=eyJ3aCI6ImEzWlBjbFkzTXpaNWMySk1NbmhxY1U1d1RFVk1SekIxY0daVkwzSjFZbWxqYjI0Nk16QXdlREV3TUE9PSIsIndkIjp7ImsiOnsiaGJfYmlkZGVyIjpbInJ1Ymljb24iXSwiaGJfc2l6ZSI6WyIzMDB4MTAwIl19fSwid3IiOjB9
Frame ID: 93778401CACB7540E98E7FF187804320
Requests: 6 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://urlz.fr/bGAO
HTTP 301
https://urlz.fr/bGAO Page URL
- https://line-seguro-com.umbler.net/ Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://urlz.fr/bGAO
HTTP 301
https://urlz.fr/bGAO Page URL
- https://line-seguro-com.umbler.net/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://urlz.fr/bGAO HTTP 301
- https://urlz.fr/bGAO
- https://ww1097.smartadserver.com/config.js?nwid=1097 HTTP 302
- https://ced-ns.sascdn.com/diff/js/smart.js
- https://id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent= HTTP 302
- https://id5-sync.com/c/12/0/9/1.gif?gdpr=1&gdpr_consent= HTTP 302
- https://ads.creative-serving.com/id5_cm?callback=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F101%2F8%2F2.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D1%26gdpr_consent%3D HTTP 302
- https://id5-sync.com/c/12/101/8/2.gif?puid=cce80f35-2685-48b3-a697-b3ecd459fd7b&gdpr=1&gdpr_consent= HTTP 302
- https://rtb-csync.smartadserver.com/redir/?partnerid=111&partneruserid=ID5-ZHMO0ShxWGx2gRR7UtHDiQPRuGBis8kXOTwBmKamyw&redirurl=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F102%2F7%2F3.gif%3Fpuid%3DSMART_USER_ID%26gdpr%3D1%26gdpr_consent%3D&gdpr=1&gdpr_consent= HTTP 302
- https://id5-sync.com/c/12/102/7/3.gif?puid=8028413540633164517&gdpr=1&gdpr_consent= HTTP 302
- https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F108%2F6%2F4.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D1%26gdpr_consent%3D HTTP 302
- https://pixel.tapad.com/idsync/ex/push/check?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F108%2F6%2F4.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D1%26gdpr_consent%3D HTTP 302
- https://id5-sync.com/c/12/108/6/4.gif?puid=6b7eb8a1-4edc-11ea-9a90-6a22732c5bf3&gdpr=1&gdpr_consent= HTTP 302
- https://uipglob.semasio.net/id5/1/get?_url=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F112%2F5%2F5.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D1%26gdpr_consent%3D
- https://ice.360yield.com/hb?jsonp=%7B%22bid_request%22%3A%7B%22secure%22%3A1%2C%22id%22%3A%22161fe0de8e1e2f2%22%2C%22version%22%3A%226.0.1-JS-6.2.0%22%2C%22referrer%22%3A%22https%3A%2F%2Furlz.fr%2FbGAO%22%2C%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22themoneytizer.com%22%2C%22sid%22%3A%2215056%22%2C%22hp%22%3A1%7D%5D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22760577a592a217%22%2C%22pid%22%3A%2222124029%22%2C%22tid%22%3A%2237bf81a6-0169-4cf8-bb29-0d0916020d80%22%2C%22banner%22%3A%7B%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%7D%2C%7B%22w%22%3A300%2C%22h%22%3A50%7D%2C%7B%22w%22%3A355%2C%22h%22%3A50%7D%5D%7D%7D%2C%7B%22id%22%3A%22897071e6d1366c%22%2C%22pid%22%3A%221121191%22%2C%22tid%22%3A%2292622292-5e14-45c8-9661-5ca8c067b493%22%2C%22banner%22%3A%7B%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%7D%2C%7B%22w%22%3A320%2C%22h%22%3A50%7D%2C%7B%22w%22%3A300%2C%22h%22%3A50%7D%2C%7B%22w%22%3A320%2C%22h%22%3A100%7D%2C%7B%22w%22%3A300%2C%22h%22%3A100%7D%5D%7D%7D%5D%7D%7D HTTP 302
- https://ice.360yield.com/ul_cb/hb?jsonp=%7B%22bid_request%22%3A%7B%22secure%22%3A1%2C%22id%22%3A%22161fe0de8e1e2f2%22%2C%22version%22%3A%226.0.1-JS-6.2.0%22%2C%22referrer%22%3A%22https%3A%2F%2Furlz.fr%2FbGAO%22%2C%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22themoneytizer.com%22%2C%22sid%22%3A%2215056%22%2C%22hp%22%3A1%7D%5D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22760577a592a217%22%2C%22pid%22%3A%2222124029%22%2C%22tid%22%3A%2237bf81a6-0169-4cf8-bb29-0d0916020d80%22%2C%22banner%22%3A%7B%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%7D%2C%7B%22w%22%3A300%2C%22h%22%3A50%7D%2C%7B%22w%22%3A355%2C%22h%22%3A50%7D%5D%7D%7D%2C%7B%22id%22%3A%22897071e6d1366c%22%2C%22pid%22%3A%221121191%22%2C%22tid%22%3A%2292622292-5e14-45c8-9661-5ca8c067b493%22%2C%22banner%22%3A%7B%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%7D%2C%7B%22w%22%3A320%2C%22h%22%3A50%7D%2C%7B%22w%22%3A300%2C%22h%22%3A50%7D%2C%7B%22w%22%3A320%2C%22h%22%3A100%7D%2C%7B%22w%22%3A300%2C%22h%22%3A100%7D%5D%7D%7D%5D%7D%7D
- https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=188c9da8-7485-48b3-8683-64b037eec2ff HTTP 302
- https://s.cpx.to/ca.png?dsp=dbm&fid=188c9da8-7485-48b3-8683-64b037eec2ff&google_gid=CAESEL48pNEeIloRo5TDY6mMQ08&google_cver=1
- https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D11528%26ref%3D%26hn_ver%3D10%26fid%3D188c9da8-7485-48b3-8683-64b037eec2ff HTTP 302
- https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D11528%2526ref%253D%2526hn_ver%253D10%2526fid%253D188c9da8-7485-48b3-8683-64b037eec2ff HTTP 302
- https://s.cpx.to/an_fire?app_nexus_uid=6894028088014655671&pid=11528&ref=&hn_ver=10&fid=188c9da8-7485-48b3-8683-64b037eec2ff
62 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
bGAO
urlz.fr/ Redirect Chain
|
3 KB 1014 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rocket-loader.min.js
ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
line-seguro-com.umbler.net/ Frame D2AB |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
requestform.js
ads.themoneytizer.com/s/ |
40 KB 9 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gen.js
ads.themoneytizer.com/s/ |
8 KB 8 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
g.themoneytizer.net/g/ |
26 B 200 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
moneyvisibility.js
ads.themoneytizer.com/ |
12 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
moneybile.js
ads.themoneytizer.com/ |
37 KB 16 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
onetag-sys.com/usync/ Frame 26B4 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
spl.zeotap.com/ Frame 73A2 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
getjs.static.js
tag.contextweb.com/ |
32 KB 11 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
px.js
p.cpx.to/p/11528/ |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
smart.js
ced-ns.sascdn.com/diff/js/ Redirect Chain
|
24 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sync
gum.criteo.com/ |
49 B 349 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
libJsLP.js
tag.leadplace.fr/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
quant.js
secure.quantserve.com/ |
13 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
notifyme.js
d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/ |
25 KB 26 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
prebid.js
ads.themoneytizer.com/moneybid2_445/build/dist/ |
402 KB 128 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sdk.js
player.pepsia.com/ |
39 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
line-seguro-com.umbler.net/ Frame 7631 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image.php
www.noowho.com/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
get
uipglob.semasio.net/id5/1/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fire.js
s.cpx.to/ |
514 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rules-p-6Fv0cGNfc_bw8.js
rules.quantcount.com/ |
1 KB 967 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.0.0/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pixel;r=1325332119;labels=Categories.hobbiesandinterests;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Furlz.fr%2FbGAO;fpan=1;fpa=P0-1037666074-1581651918810;ns=0;ce=1;qjs=1;qv=0e9a7da-20191205140709;cm=...
pixel.quantserve.com/ |
35 B 658 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
localstore.js
script.4dex.io/ |
450 B 412 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
moneybid.js
ads.themoneytizer.com/bidder1/ |
75 B 270 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
moneybid.js
ads.themoneytizer.com/bidder1/ |
631 B 666 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
cdb
bidder.criteo.com/ |
0 137 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hb
ice.360yield.com/ul_cb/ Redirect Chain
|
0 -1 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fastlane.json
fastlane.rubiconproject.com/a/api/ |
3 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
prebid-request
onetag-sys.com/ |
15 B 604 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
prebid
ib.adnxs.com/ut/v3/ |
19 B 703 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hb
ice.360yield.com/ul_cb/ |
6 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wckr.php
tag.leadplace.fr/ Frame 870A |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ca.png
s.cpx.to/ Redirect Chain
|
95 B 803 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sync.gif
dmp.truoptik.com/0362536315099b06/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
an_fire
s.cpx.to/ Redirect Chain
|
95 B 864 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adagio.js
script.4dex.io/ |
58 KB 17 KB |
Fetch
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get_consent
c.sharethis.mgr.consensu.org/ |
13 B 404 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
indexv2.php
player.pepsia.com/V2/ |
170 B 413 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
algov2.php
player.pepsia.com/V2/ |
1 KB 730 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
notifyme.php
adtrack.adleadevent.com/ |
0 518 B |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ac
ww1097.smartadserver.com/ |
22 B 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
c.tmyzer.com/c/ |
0 200 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
line-seguro-com.umbler.net/ |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
clarium.global.ssl.fastly.net/ Frame 9377 |
41 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
track.adform.net/adfscript/ Frame 9377 |
20 KB 10 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
7e7e7878-fec2-46e1-9a93-f345ffc6022a
beacon-eu2.rubiconproject.com/beacon/d/ Frame 9377 |
43 B 268 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
pixel
protected-by.clarium.io/ Frame 9377 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.js
s1.adform.net/stoat/620/s1.adform.net/ Frame 9377 |
31 KB 15 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
track.adform.net/wpf/v2/cda44j1c.lY5BNvcKyAdMUDFBpBeA0fUm7qKFz0Xnj3wMvsD7z5meTuCUMz_WMXWMYGzXJJIneGffLMC7EZ3QHPBirTYKUowRslzRQqwSM2dFqwomevLNDrhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7s... Frame 9377 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle.js
ads.themoneytizer.com/cs2/dist/ |
103 KB 24 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mobile.css
line-seguro-com.umbler.net/_styles/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
10 KB 904 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
line-seguro-com.umbler.net/_jscripts/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.mask.js
line-seguro-com.umbler.net/_jscripts/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mobile.js
line-seguro-com.umbler.net/_jscripts/ |
7 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id_logo.png
line-seguro-com.umbler.net/_images/mobile/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0046.jpg
line-seguro-com.umbler.net/img/ |
31 KB 24 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- uipglob.semasio.net
- URL
- https://uipglob.semasio.net/id5/1/get?_url=https%3A%2F%2Fid5-sync.com%2Fc%2F12%2F112%2F5%2F5.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D1%26gdpr_consent%3D
- Domain
- protected-by.clarium.io
- URL
- https://protected-by.clarium.io/pixel?tag=wt_a3ZPclY3MzZ5c2JMMnhqcU5wTEVMRzB1cGZVL3J1Ymljb246MHgw&v=5&s=d4c0eacc657a878e9caa2927cd2ee4279543fd86&id=eyJwcmViaWQiOnsiYWRJZCI6IjIwODhlZDY0ZTJkMmUxYSIsImNwbSI6MC4wMTUzM319&sb=1&cb=3639714&h=urlz.fr
- Domain
- track.adform.net
- URL
- https://track.adform.net/wpf/v2/cda44j1c.lY5BNvcKyAdMUDFBpBeA0fUm7qKFz0Xnj3wMvsD7z5meTuCUMz_WMXWMYGzXJJIneGffLMC7EZ3QHPBirTYKUowRslzRQqwSM2dFqwomevLNDrhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt3Q9cUVlOrXTAxw63UYOKES5jfzmkflFflczl998tp7ppfAaZ6m1CdC5MQjGejuTDRNziCvTDfWocQTPOKSfB6QqgXK_Pmtd0UbUV8afuyPBCAP9zbEqvuyPBDjaY2ftckuyPBB2SCVZXnN9QeJ0XxXxXmxf_i.uJtHoqvynx9MsFyxYM914Ve_clr1Ly.25.ea4641Re4JDvkjkaU_vU3YMJ5tFFg4K1kl1BNlY6RjJNlY52DLrV9BNorW6Tv4pA4.L9.gJ0Nc1lF4XVA4.9gJ.c4elF1eLf4.pwoRbA4.pwoRbA4.WL9.J1pNc0Qpw.7Uf/adfserve/?bn=35371210;rtbwp=54C9C2DCCD3A78F4;rtbdata=LWqlluBTsi3bSGV4EM6SRqxzSZZVxU1VkzPxOxSyOIm0Hy7ZJqrPAS6SwOUGnadaQ1DsZEBaVEWQO5mRbYDsl_KC9J1hyilxTCzfu_9_cWIjjQ0-_2rsygapqPxuoL0MikSyMY6XAlxEXMoFgYU56c2dbAd0z6yaQfBw4fuoOFysBS-7m81A9cJQJ7YGnoU37lu7mmwEL4HDLun58D1tJHax-Mggfc_Kb3qZJohCZYsWQkHLs7IR32QmIQ3Swn2ACt6k8LWRJQ5k9JUJFwE_MQ2;oobclicktrack=http%3a%2f%2fbeacon-nf.rubiconproject.com%2fbeacon%2fv2%2ft%2f0%2f7e7e7878-fec2-46e1-9a93-f345ffc6022a%2f;js=1;adfxid=1x;1008;set=en-US|en-US|1600X1200|0|0|0|24|8|3|7|0|1;fd=0|2&CREFURL=https%3A%2F%2Furlz.fr%2FbGAO
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Itau (Banking)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| check_enter function| check_passwd_net function| check_card function| check_cpf function| check_cpf_or_operador function| check_cvv function| check_portador function| check_pscc function| check_tk_app function| check_tk_ch function| check_tk_sms function| check_fone function| checkCard function| validarCPF function| remove function| proximoCampo function| ValidaConta0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ads.themoneytizer.com
adtrack.adleadevent.com
ajax.cloudflare.com
ajax.googleapis.com
beacon-eu2.rubiconproject.com
bidder.criteo.com
c.sharethis.mgr.consensu.org
c.tmyzer.com
ced-ns.sascdn.com
clarium.global.ssl.fastly.net
cm.g.doubleclick.net
d2zur9cc2gf1tx.cloudfront.net
dmp.truoptik.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
g.themoneytizer.net
gum.criteo.com
ib.adnxs.com
ice.360yield.com
line-seguro-com.umbler.net
onetag-sys.com
p.cpx.to
pixel.quantserve.com
player.pepsia.com
protected-by.clarium.io
rules.quantcount.com
s.cpx.to
s1.adform.net
script.4dex.io
secure.adnxs.com
secure.quantserve.com
spl.zeotap.com
tag.contextweb.com
tag.leadplace.fr
track.adform.net
uipglob.semasio.net
urlz.fr
ww1097.smartadserver.com
www.noowho.com
protected-by.clarium.io
track.adform.net
uipglob.semasio.net
104.16.92.60
13.224.196.86
143.204.98.13
145.239.192.166
145.239.193.145
151.101.13.194
151.139.241.23
172.217.22.2
177.55.116.74
178.250.2.152
185.33.223.100
185.33.223.197
185.86.137.17
2600:9000:2156:5800:6:44e3:f8c0:93a1
2600:9000:21f3:6000:c:a9b7:ddc0:93a1
2606:4700:10::6814:8238
2606:4700:3037::681c:102a
2606:4700:3038::681f:bb2
2606:4700::6811:4104
2a00:1450:4001:819::2003
2a00:1450:4001:81c::200a
2a00:1450:4001:820::200a
2a02:2638::1c
2a02:26f0:6c00::210:ba29
37.157.2.247
37.157.6.246
5.179.192.20
51.89.9.252
52.214.1.180
52.58.57.174
54.246.118.35
54.38.64.100
69.173.144.143
69.173.144.155
74.214.194.132
91.228.74.244
91.228.74.251
94.23.196.203
005c3133bf387e1b00a5ec25effc468f7752591adac19a3782d200bf68a970f0
0214d392d4e27028b59a53de3a937de0211ca40bc070387c0d68da05a3d8cc4c
08da2db474ee6cdb6273b97d24ce54055a6c98724bea3f0484b4824035b15ee5
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
19b6386f0a79c4c729f8bad5fead289120a11ec434bbf23d0a824f122c76e666
22185f510bff003e8504a6bff1759a96e745cb019155405c55fd2263898c6151
266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d
38bc0f256821a9c0a02a1c0cedf8ff70c211e637ef77ac199de2fe0cf36ba9ec
3b775d6e0b0f5cff98aca4daaa7f27a7c3678f39d1f5186776bb14b63cc2f625
46d5273d735391f5c05f0fb82df9a363a290419c3aeea2d64dfc0d46de9a9681
5f40c395eb96596c14e9ee2ab6ea5289ec2aa2404c3bfc969dc35ce9781f1aaf
649144be1fa79362df36ab951a8b94ba05f5e7f1a484224bf9dc7f333fdb60dd
659415504868422f697c10f3cf280cfc8932ad120980b371932e94114413fc8c
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
6e70d84d38a5bd06f731ce3eaed82cf837bc7f0c654916291391845136908b96
759d88dd7c8fa0d1e31323bd2ebf3f238156fdcbd1ed108215f69fece482d0c2
83e7227079d44c2e0241e283dbc3b163b21d7ddf589b78645ec0b70e2dba9f57
84eaa82237ec35000e088a062e289442c4c6a88091a99b8febe02dadefa08a8e
87d0504a593794695c2f77db0efde1f65e73a7086abf260f07f491482517cd07
89085930fdff263d643c4fa37f489efadd7d9f8361661113d67eb61aa7d6311a
89ac351147aec12359e5c68d4c3bb936e658fff87ce2337f04a5050fe75719c1
8c8543047af01eee8aec752d049f35aff3abc468628af82f9585117411786d8c
90e6f92e956b0b2b6e655f63d36cd44cef727f54c2b2a175ab5144de14ba2a31
94666aec361fee9a9294bb32a5bc11867e479d41c199dd6ec8053122ae105a4b
9a399f86e55ebdae4edd1e3ba718bc82009486870a7079f6793d452ba911c2a2
9ca8e213054d163276dedede01f9eaedf3daf414063621030719d3cbde1eca51
9efcbd7971761e096c6cc864092ffae2886e231172ac49d84479bd41b0325d4a
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a58ef13b7da1cda9135f4db7bb703d5be2162b0aa6335c8c402a959ec9e8e9fd
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
bf0e17523e8f57ccb02223b6e5adea462a5479afc4e79d9cbf80ca7f6186dc69
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
c5ad3b80d4bd1b095ca5e744c6c689679f54dfeac7413e01f7f4c6917a6b619a
cd9634916457bc81c49f64958185b0b9ffdf036068f3c70bca71b5a6e2ba8940
d83cae8da7c6000bb593e9783def0c17bd5cbada8d6af70613e9ed3285cc0ca1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8d7c60749c1d62942a8e0a6f901800bd14ff3094251373626cd99a8875c6391
ec449b90a12df224ff679dcc26fe6a075b8bee6575b7891ea55b96c5869d828c
f89c83c5fc131b60fceebc48b264b3714195faaf8ba22db00b31a024c0ed8d05