urlscan.io logo urlscan.io
SecurityTrails logo

pronoparisien.cla.fr Open in urlscan Pro
91.121.119.173  Public Scan

Go To Rescan Add Verdict Report
URL: http://pronoparisien.cla.fr/
Submission: On March 22 via manual from ML
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 3 countries across 8 domains to perform 22 HTTP transactions. The main IP is 91.121.119.173, located in France and belongs to OVH, FR. The main domain is pronoparisien.cla.fr.
This is the only time pronoparisien.cla.fr was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    91.121.119.173 (France)

ASN16276 (OVH, FR)
PTR: ks355250.kimsufi.com
pronoparisien.cla.fr
3    37.187.190.91 (France)

ASN16276 (OVH, FR)
PTR: ip91.ip-37-187-190.eu
c.ad6media.fr
1    2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    87.98.153.73 (France)

ASN16276 (OVH, FR)
1u9dtu7p1m.s.ad6media.fr
1    178.32.120.35 (France)

ASN16276 (OVH, FR)
PTR: ip35.ip-178-32-120.eu
jyl8q05m9t.s.ad6media.fr
8    194.150.236.166 (France)

ASN44976 (HIWIT_AS, FR)
PTR: ns6.hiwit.net
www.canalpmu.com
3    185.119.26.1 (France)

ASN203544 (WEBDEVIIN-AS, FR)
PTR: 1.26.119.185.in-addr.arpa
payment.allopass.com
2    2606:4700:3038::6815:ea1a (United States)

ASN13335 (CLOUDFLARENET, US)
img.root-top.com
1    2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
Domain Requested by
8 www.canalpmu.com pronoparisien.cla.fr
www.canalpmu.com
3 payment.allopass.com www.canalpmu.com
payment.allopass.com
3 c.ad6media.fr pronoparisien.cla.fr
1u9dtu7p1m.s.ad6media.fr
c.ad6media.fr
2 img.root-top.com 1 redirects www.canalpmu.com
2 www.google-analytics.com pronoparisien.cla.fr
www.googletagmanager.com
1 www.googletagmanager.com payment.allopass.com
1 jyl8q05m9t.s.ad6media.fr c.ad6media.fr
1 1u9dtu7p1m.s.ad6media.fr c.ad6media.fr
1 pronoparisien.cla.fr
0 www.zone-turf.fr Failed www.canalpmu.com
22 10

This site contains links to these domains. Also see Links.

Domain
www.c.la
Subject Issuer Validity Valid
*.google-analytics.com
GTS CA 1O1		 2021-02-23 -
2021-05-18		 3 months crt.sh
*.s.ad6media.fr
R3		 2021-01-07 -
2021-04-07		 3 months crt.sh
*.allopass.com
R3		 2021-03-04 -
2021-06-02		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-08-03 -
2021-08-03		 a year crt.sh

This page contains 2 frames:

Primary Page: http://pronoparisien.cla.fr/
Frame ID: 0E12D24653374527A38199F9E41E6D23
Requests: 7 HTTP requests in this frame

Frame: http://www.canalpmu.com/pronos/pronoparisien/
Frame ID: 0EC10AC75079D0E961F3C5152A33243A
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

22
Requests

50 %
HTTPS

40 %
IPv6

8
Domains

10
Subdomains

11
IPs

3
Countries

382 kB
Transfer

531 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://www.google-analytics.com/ga.js HTTP 307
  • https://www.google-analytics.com/ga.js
Request Chain 8
  • http://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium HTTP 301
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
Request Chain 12
  • http://img.root-top.com/topsite/maisonvip/banner.gif HTTP 301
  • https://img.root-top.com/topsite/maisonvip/banner.gif

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
pronoparisien.cla.fr/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://pronoparisien.cla.fr/
Protocol
HTTP/1.1
Server
91.121.119.173 , France, ASN16276 (OVH, FR),
Reverse DNS
ks355250.kimsufi.com
Software
Apache /
Resource Hash
af05b0abcc72e4f4494f3ccb4c434381895974754e1d7d0ee979b456ae89037f

Request headers

Host
pronoparisien.cla.fr
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 22 Mar 2021 13:59:17 GMT
Server
Apache
Content-Length
3000
Connection
close
Content-Type
text/html; charset=iso-8859-1
l.js
c.ad6media.fr/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://c.ad6media.fr/l.js
Requested by
Host: pronoparisien.cla.fr
URL: http://pronoparisien.cla.fr/
Protocol
HTTP/1.1
Server
37.187.190.91 , France, ASN16276 (OVH, FR),
Reverse DNS
ip91.ip-37-187-190.eu
Software
nginx /
Resource Hash
4308eea29a9cc968f346a9e63d070113e0789f18582949ae09a2f95468268d48

Request headers

Referer
http://pronoparisien.cla.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 22 Mar 2021 13:59:17 GMT
Content-Encoding
gzip
Last-Modified
Wed, 05 Aug 2020 10:57:58 GMT
Server
nginx
ETag
W/"5f2a90b6-c8d"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=UTF-8
Cache-Control
max-age=864000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 01 Apr 2021 13:59:17 GMT
ga.js
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/ga.js
  • https://www.google-analytics.com/ga.js
45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/ga.js
Requested by
Host: pronoparisien.cla.fr
URL: http://pronoparisien.cla.fr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://pronoparisien.cla.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 05 Feb 2021 21:33:27 GMT
server
Golfe2
age
3072
date
Mon, 22 Mar 2021 13:08:05 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17168
expires
Mon, 22 Mar 2021 15:08:05 GMT

Redirect headers

Location
https://www.google-analytics.com/ga.js
Non-Authoritative-Reason
HSTS
/
1u9dtu7p1m.s.ad6media.fr/ 		425 B
902 B 		Script
General
Check archive.org
Download Go to
Full URL
https://1u9dtu7p1m.s.ad6media.fr/?d=1616421557628&r=
Requested by
Host: c.ad6media.fr
URL: http://c.ad6media.fr/l.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
87.98.153.73 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
d7cfd7d1b540564de1d9220c1449732c3203eb8871974ca86e82d89aa1fecf4d

Request headers

Referer
http://pronoparisien.cla.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Mon, 22 Mar 2021 13:59:17 GMT
Server
nginx
Content-Type
application/javascript
Transfer-Encoding
chunked
Report-To
{ "url": "https://report.s.ad6media.fr/reports", "max_age": 10886400, "include_subdomains":true }
P3P
policyref="https://www.ad6media.fr/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
sc52.js
c.ad6media.fr/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.ad6media.fr/sc52.js?6
Requested by
Host: 1u9dtu7p1m.s.ad6media.fr
URL: https://1u9dtu7p1m.s.ad6media.fr/?d=1616421557628&r=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.187.190.91 , France, ASN16276 (OVH, FR),
Reverse DNS
ip91.ip-37-187-190.eu
Software
nginx /
Resource Hash
7479bc8a58a80a2ba164ed2ed5fc1a4bef8e385c80d8631fc73434d454ae796a

Request headers

Referer
http://pronoparisien.cla.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 22 Mar 2021 13:59:17 GMT
Content-Encoding
gzip
Last-Modified
Thu, 26 Jan 2017 15:33:34 GMT
Server
nginx
ETag
W/"588a16ce-12be"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=UTF-8
Cache-Control
max-age=864000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 01 Apr 2021 13:59:17 GMT
/
jyl8q05m9t.s.ad6media.fr/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://jyl8q05m9t.s.ad6media.fr/?d=1616421557730&r=
Requested by
Host: c.ad6media.fr
URL: http://c.ad6media.fr/l.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.32.120.35 , France, ASN16276 (OVH, FR),
Reverse DNS
ip35.ip-178-32-120.eu
Software
nginx /
Resource Hash

Request headers

Referer
http://pronoparisien.cla.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Mon, 22 Mar 2021 13:59:17 GMT
server
nginx
p3p
policyref="https://www.ad6media.fr/w3c/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
report-to
{ "url": "https://report.s.ad6media.fr/reports", "max_age": 10886400, "include_subdomains":true }
content-type
application/javascript
pu.js
c.ad6media.fr/ 		61 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.ad6media.fr/pu.js?26
Requested by
Host: c.ad6media.fr
URL: https://c.ad6media.fr/sc52.js?6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.187.190.91 , France, ASN16276 (OVH, FR),
Reverse DNS
ip91.ip-37-187-190.eu
Software
nginx /
Resource Hash
0cfd2dbb65e3cf3654b3e1c6017cf8f15b45381e230cb055bfcda7b48addba77

Request headers

Referer
http://pronoparisien.cla.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 22 Mar 2021 13:59:17 GMT
Content-Encoding
gzip
Last-Modified
Fri, 01 Jun 2018 15:44:22 GMT
Server
nginx
ETag
W/"5b1169d6-f5d7"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=UTF-8
Cache-Control
max-age=864000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 01 Apr 2021 13:59:17 GMT
Cookie set /
www.canalpmu.com/pronos/pronoparisien/ Frame 0EC1 		9 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.canalpmu.com/pronos/pronoparisien/
Requested by
Host: pronoparisien.cla.fr
URL: http://pronoparisien.cla.fr/
Protocol
HTTP/1.1
Server
194.150.236.166 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS
ns6.hiwit.net
Software
Apache /
Resource Hash
b8d1eb1caf8d0810311a7f2f0573551d3bb42c5c4af3fec1c38e6420f382f819

Request headers

Host
www.canalpmu.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://pronoparisien.cla.fr/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://pronoparisien.cla.fr/

Response headers

Date
Mon, 22 Mar 2021 13:59:17 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Set-Cookie
PHPSESSID=75711b4a380861dbc429c02dd0f799e6; path=/
Vary
Host
Keep-Alive
timeout=15, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html
head.jpg
www.canalpmu.com/pronos/pronoparisien/ Frame 0EC1 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.canalpmu.com/pronos/pronoparisien/head.jpg
Requested by
Host: www.canalpmu.com
URL: http://www.canalpmu.com/pronos/pronoparisien/
Protocol
HTTP/1.1
Server
194.150.236.166 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS
ns6.hiwit.net
Software
Apache /
Resource Hash
c011c194512cd2442a2f9dc127140c4e2d79c67b3021ca6d34ecd795571e3b1b

Request headers

Referer
http://www.canalpmu.com/pronos/pronoparisien/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 22 Mar 2021 13:59:17 GMT
Last-Modified
Sun, 06 Sep 2020 05:46:26 GMT
Server
Apache
ETag
"1ab79b2-ae8e-5ae9e9f67d080"
Vary
Host
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=99
Content-Length
44686
module_webmaster.php
www.zone-turf.fr/module/ Frame 0EC1
Redirect Chain
  • http://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
  • https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium
0
0
checkout.apu
payment.allopass.com/buy/ Frame 0EC1 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payment.allopass.com/buy/checkout.apu?ids=342049&idd=1501394&lang=fr
Requested by
Host: www.canalpmu.com
URL: http://www.canalpmu.com/pronos/pronoparisien/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS
1.26.119.185.in-addr.arpa
Software
Apache /
Resource Hash
555d1164a2b1e802156c8b56dddcbb5ee28337195988cfffe7827896b1296e63

Request headers

Referer
http://www.canalpmu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 22 Mar 2021 13:59:18 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP='NON NID OTPa OUR NOR' policy-ref='http://payment.allopass.com/info/p3p/policy-references.xml'
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
close
Content-Type
text/html
Content-Length
2961
Expires
Thu, 19 Nov 1981 08:52:00 GMT
img1.jpg
www.canalpmu.com/pronos/pronoparisien/ Frame 0EC1 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.canalpmu.com/pronos/pronoparisien/img1.jpg
Requested by
Host: www.canalpmu.com
URL: http://www.canalpmu.com/pronos/pronoparisien/
Protocol
HTTP/1.1
Server
194.150.236.166 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS
ns6.hiwit.net
Software
Apache /
Resource Hash
32ed86e5fcd96e913180cc2d41c90121e30af47bed00905e8e56bfad9b601f6a

Request headers

Referer
http://www.canalpmu.com/pronos/pronoparisien/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 22 Mar 2021 13:59:17 GMT
Last-Modified
Sun, 06 Sep 2020 05:46:30 GMT
Server
Apache
ETag
"1ab79b5-7070-5ae9e9fa4d980"
Vary
Host
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
28784
logo.gif
www.canalpmu.com/ Frame 0EC1 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.canalpmu.com/logo.gif
Requested by
Host: www.canalpmu.com
URL: http://www.canalpmu.com/pronos/pronoparisien/
Protocol
HTTP/1.1
Server
194.150.236.166 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS
ns6.hiwit.net
Software
Apache /
Resource Hash
f25837b69871d9b0fd847a58adb3a07d1271d9268f33a74e8325e116a062a4c6

Request headers

Referer
http://www.canalpmu.com/pronos/pronoparisien/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 22 Mar 2021 13:59:17 GMT
Last-Modified
Sun, 06 Sep 2020 05:42:41 GMT
Server
Apache
ETag
"1a72ca0-28f4-5ae9e91fe9640"
Vary
Host
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
10484
banner.gif
img.root-top.com/topsite/maisonvip/ Frame 0EC1
Redirect Chain
  • http://img.root-top.com/topsite/maisonvip/banner.gif
  • https://img.root-top.com/topsite/maisonvip/banner.gif
6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.root-top.com/topsite/maisonvip/banner.gif
Requested by
Host: www.canalpmu.com
URL: http://www.canalpmu.com/pronos/pronoparisien/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3038::6815:ea1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6cd8d0b100951e1310f66baf75d17734f840385c96739755527d75786bb4742d

Request headers

Referer
http://www.canalpmu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 22 Mar 2021 13:59:18 GMT
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
221112
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5871
cf-request-id
08fbd4af100000d6c95d87b000000001
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=07E99RT%2BHAbmjPYFMfMkXOOxK6G6yN4OiScdsFEDYoVYX3EcOo9KRgm7jJ7nxzqXZ7f0Drk1B5vaQWhuxcnt4iqfQMTpYnycH%2FyknU3Ovx0v9ao6989Tp%2BPhFbbi"}],"max_age":604800,"group":"cf-nel"}
content-type
image/gif
cache-control
max-age=14400, must-revalidate
accept-ranges
bytes
cf-ray
633ff091bbeed6c9-FRA
expires
Tue, 23 Mar 2021 00:34:06 GMT

Redirect headers

Date
Mon, 22 Mar 2021 13:59:18 GMT
CF-Cache-Status
EXPIRED
NEL
{"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Vary
Accept-Encoding
Report-To
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jZpNjtTVZRhdhNbz%2F%2FENAEWPPNh%2FnYJ%2Fv1DVUiXVtMV5Ds63u6fm8Yztmo7YL3AhhF%2B5D%2FyJUrIC%2BAM1fmY6u0PE2TOJtTuHE2esEjQb8qo7Vl9jEVWZ5YaxcJpd"}],"group":"cf-nel"}
Location
https://img.root-top.com/topsite/maisonvip/banner.gif
Cache-Control
max-age=14400
Connection
keep-alive
CF-RAY
633ff0910ab016ee-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
0
cf-request-id
08fbd4aea5000016eeddb6d000000001
arp.png
www.canalpmu.com/pronos/pronoparisien/ Frame 0EC1 		37 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.canalpmu.com/pronos/pronoparisien/arp.png
Requested by
Host: www.canalpmu.com
URL: http://www.canalpmu.com/pronos/pronoparisien/
Protocol
HTTP/1.1
Server
194.150.236.166 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS
ns6.hiwit.net
Software
Apache /
Resource Hash
16c84ac794cb6faf253806dcaafa1077fd92af7912b99b5c0ebeed4d6a1c9eb4

Request headers

Referer
http://www.canalpmu.com/pronos/pronoparisien/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 22 Mar 2021 13:59:17 GMT
Last-Modified
Sun, 06 Sep 2020 05:46:20 GMT
Server
Apache
ETag
"1ab79aa-9552-5ae9e9f0c4300"
Vary
Host
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
38226
h2.png
www.canalpmu.com/pronos/pronoparisien/ Frame 0EC1 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.canalpmu.com/pronos/pronoparisien/h2.png
Requested by
Host: www.canalpmu.com
URL: http://www.canalpmu.com/pronos/pronoparisien/
Protocol
HTTP/1.1
Server
194.150.236.166 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS
ns6.hiwit.net
Software
Apache /
Resource Hash
dbd4908166dafd6bbda5165d3c6ed961b63dcac5213a25a8a3e597778fc719db

Request headers

Referer
http://www.canalpmu.com/pronos/pronoparisien/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 22 Mar 2021 13:59:17 GMT
Last-Modified
Sun, 06 Sep 2020 05:46:25 GMT
Server
Apache
ETag
"1ab79b0-8252-5ae9e9f588e40"
Vary
Host
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
33362
menu.png
www.canalpmu.com/pronos/pronoparisien/ Frame 0EC1 		66 KB
66 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.canalpmu.com/pronos/pronoparisien/menu.png
Requested by
Host: www.canalpmu.com
URL: http://www.canalpmu.com/pronos/pronoparisien/
Protocol
HTTP/1.1
Server
194.150.236.166 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS
ns6.hiwit.net
Software
Apache /
Resource Hash
a8ec74177a5f608407edf76acfab5ca4a9f3d9857b491ced75ab17105d3d86d7

Request headers

Referer
http://www.canalpmu.com/pronos/pronoparisien/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 22 Mar 2021 13:59:17 GMT
Last-Modified
Sun, 06 Sep 2020 05:46:32 GMT
Server
Apache
ETag
"1ab79b8-1082d-5ae9e9fc35e00"
Vary
Host
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
67629
gtm.js
www.googletagmanager.com/ Frame 0EC1 		78 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NHFGDSD
Requested by
Host: payment.allopass.com
URL: https://payment.allopass.com/buy/checkout.apu?ids=342049&idd=1501394&lang=fr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
45665395017ac4c378c5f78969dc48b7aaeb393122380f24d1b8798d173c3507
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
http://www.canalpmu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 22 Mar 2021 13:59:18 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31174
x-xss-protection
0
last-modified
Mon, 22 Mar 2021 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 22 Mar 2021 13:59:18 GMT
buy-button.css
payment.allopass.com/static/css/ Frame 0EC1 		2 KB
830 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payment.allopass.com/static/css/buy-button.css?1
Requested by
Host: payment.allopass.com
URL: https://payment.allopass.com/buy/checkout.apu?ids=342049&idd=1501394&lang=fr
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS
1.26.119.185.in-addr.arpa
Software
Apache /
Resource Hash
95eb15e76b752a9c78d6281cd3b7c43a8fbc2931783edf3bf3703af55eff06e2

Request headers

Referer
http://www.canalpmu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 22 Mar 2021 13:59:18 GMT
Content-Encoding
gzip
Last-Modified
Mon, 20 Jan 2020 15:32:43 GMT
Server
Apache
ETag
"21904-69a-59c94009dfcc0"
Vary
Accept-Encoding
Content-Type
text/css
Connection
close
Accept-Ranges
bytes
Content-Length
546
162x56.png
payment.allopass.com/static/buy/button/fr/ Frame 0EC1 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payment.allopass.com/static/buy/button/fr/162x56.png
Requested by
Host: www.canalpmu.com
URL: http://www.canalpmu.com/pronos/pronoparisien/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.119.26.1 , France, ASN203544 (WEBDEVIIN-AS, FR),
Reverse DNS
1.26.119.185.in-addr.arpa
Software
Apache /
Resource Hash
7dd9659e56e92abc376e04d427903b2cfca1d52d854d38e35fefa4cf9e7fd9db

Request headers

Referer
http://www.canalpmu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 22 Mar 2021 13:59:18 GMT
Last-Modified
Mon, 20 Jan 2020 15:32:43 GMT
Server
Apache
ETag
"2219b-1688-59c94009dfcc0"
Content-Type
image/png
Connection
close
Accept-Ranges
bytes
Content-Length
5768
date.png
www.canalpmu.com/pronos/pronoparisien/ Frame 0EC1 		38 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.canalpmu.com/pronos/pronoparisien/date.png
Requested by
Host: www.canalpmu.com
URL: http://www.canalpmu.com/pronos/pronoparisien/
Protocol
HTTP/1.1
Server
194.150.236.166 , France, ASN44976 (HIWIT_AS, FR),
Reverse DNS
ns6.hiwit.net
Software
Apache /
Resource Hash
b535043805b7ea6f403f5e60f1abb6c2f282b452298d9edcd795c2040b0bc2a4

Request headers

Referer
http://www.canalpmu.com/pronos/pronoparisien/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 22 Mar 2021 13:59:18 GMT
Last-Modified
Sun, 06 Sep 2020 05:46:22 GMT
Server
Apache
ETag
"1ab79ad-963d-5ae9e9f2ac780"
Vary
Host
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=99
Content-Length
38461
analytics.js
www.google-analytics.com/ Frame 0EC1 		46 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NHFGDSD
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://www.canalpmu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 05 Feb 2021 21:33:27 GMT
server
Golfe2
age
7003
date
Mon, 22 Mar 2021 12:02:35 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18980
expires
Mon, 22 Mar 2021 14:02:35 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.zone-turf.fr
URL
https://www.zone-turf.fr/module/module_webmaster.php?e=partants&f=medium

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated object| _gaq object| _gat function| ad6is function| ad6b300 function| ad6b728 function| ad6b_s function| ad6b_u function| ad6b_p function| ad6b_ae number| ad6b_scOnGo number| ad6b_ts number| ad6b_lts number| ad6b_pm number| ad6b_cps object| ad6b_els number| ad6b_suc number| ad6b_inFrame object| _ad6su object| _0x4e01 object| ad6su function| init function| p955 object| y$jE object| BetterJsPop

0 Cookies

48 Console Messages

Source Level URL
Text
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
[object HTMLDivElement]
console-api log URL: https://c.ad6media.fr/pu.js?26(Line 2)
Message:
console.clear

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1u9dtu7p1m.s.ad6media.fr
c.ad6media.fr
img.root-top.com
jyl8q05m9t.s.ad6media.fr
payment.allopass.com
pronoparisien.cla.fr
www.canalpmu.com
www.google-analytics.com
www.googletagmanager.com
www.zone-turf.fr
www.zone-turf.fr
178.32.120.35
185.119.26.1
194.150.236.166
2606:4700:3038::6815:ea1a
2a00:1450:4001:80e::200e
2a00:1450:4001:828::2008
2a00:1450:4001:829::200e
37.187.190.91
87.98.153.73
91.121.119.173
0cfd2dbb65e3cf3654b3e1c6017cf8f15b45381e230cb055bfcda7b48addba77
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
16c84ac794cb6faf253806dcaafa1077fd92af7912b99b5c0ebeed4d6a1c9eb4
32ed86e5fcd96e913180cc2d41c90121e30af47bed00905e8e56bfad9b601f6a
4308eea29a9cc968f346a9e63d070113e0789f18582949ae09a2f95468268d48
45665395017ac4c378c5f78969dc48b7aaeb393122380f24d1b8798d173c3507
555d1164a2b1e802156c8b56dddcbb5ee28337195988cfffe7827896b1296e63
6cd8d0b100951e1310f66baf75d17734f840385c96739755527d75786bb4742d
7479bc8a58a80a2ba164ed2ed5fc1a4bef8e385c80d8631fc73434d454ae796a
7dd9659e56e92abc376e04d427903b2cfca1d52d854d38e35fefa4cf9e7fd9db
95eb15e76b752a9c78d6281cd3b7c43a8fbc2931783edf3bf3703af55eff06e2
a8ec74177a5f608407edf76acfab5ca4a9f3d9857b491ced75ab17105d3d86d7
af05b0abcc72e4f4494f3ccb4c434381895974754e1d7d0ee979b456ae89037f
b535043805b7ea6f403f5e60f1abb6c2f282b452298d9edcd795c2040b0bc2a4
b8d1eb1caf8d0810311a7f2f0573551d3bb42c5c4af3fec1c38e6420f382f819
c011c194512cd2442a2f9dc127140c4e2d79c67b3021ca6d34ecd795571e3b1b
d7cfd7d1b540564de1d9220c1449732c3203eb8871974ca86e82d89aa1fecf4d
dbd4908166dafd6bbda5165d3c6ed961b63dcac5213a25a8a3e597778fc719db
f25837b69871d9b0fd847a58adb3a07d1271d9268f33a74e8325e116a062a4c6