goo.su
Open in
urlscan Pro
172.67.139.105
Public Scan
Submission Tags: @phish_report
Submission: On January 06 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by WE1 on November 23rd 2024. Valid for: 3 months.
This is the only time goo.su was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 172.67.139.105 172.67.139.105 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 216.58.206.42 216.58.206.42 | 15169 (GOOGLE) (GOOGLE) | |
1 | 5.200.15.240 5.200.15.240 | 49544 (i3Dnet i3...) (i3Dnet i3D.net B.V) | |
3 | 172.255.103.105 172.255.103.105 | 7979 (SERVERS-COM) (SERVERS-COM) | |
2 | 142.250.185.131 142.250.185.131 | 15169 (GOOGLE) (GOOGLE) | |
1 | 213.180.204.90 213.180.204.90 | 13238 (YANDEX YA...) (YANDEX YANDEX LLC) | |
2 | 142.250.185.163 142.250.185.163 | 15169 (GOOGLE) (GOOGLE) | |
4 | 95.163.52.67 95.163.52.67 | 47764 (VK-AS LLC VK) (VK-AS LLC VK) | |
1 2 | 88.212.202.52 88.212.202.52 | 39134 (UNITEDNET...) (UNITEDNET EDINAYA SET LIMITED LIABILITY COMPANY) | |
1 | 151.236.71.248 151.236.71.248 | 204720 (CDNetwork...) (CDNetworks GLOBAL CLOUD NETWORK LLC) | |
2 | 23.109.170.167 23.109.170.167 | 7979 (SERVERS-COM) (SERVERS-COM) | |
2 | 23.109.170.101 23.109.170.101 | 7979 (SERVERS-COM) (SERVERS-COM) | |
2 | 31.204.132.207 31.204.132.207 | 49544 (i3Dnet i3...) (i3Dnet i3D.net B.V) | |
7 | 178.154.131.215 178.154.131.215 | 13238 (YANDEX YA...) (YANDEX YANDEX LLC) | |
3 | 77.88.44.55 77.88.44.55 | 13238 (YANDEX YA...) (YANDEX YANDEX LLC) | |
2 2 | 172.255.103.103 172.255.103.103 | 7979 (SERVERS-COM) (SERVERS-COM) | |
2 | 162.19.19.15 162.19.19.15 | 16276 (OVH OVH SAS) (OVH OVH SAS) | |
4 | 95.163.52.89 95.163.52.89 | 47764 (VK-AS LLC VK) (VK-AS LLC VK) | |
3 8 | 77.88.21.119 77.88.21.119 | 13238 (YANDEX YA...) (YANDEX YANDEX LLC) | |
2 | 81.19.89.17 81.19.89.17 | 24638 (RAMBLER-T...) (RAMBLER-TELECOM-AS Rambler Internet Holding LLC) | |
1 | 87.250.251.119 87.250.251.119 | 13238 (YANDEX YA...) (YANDEX YANDEX LLC) | |
50 | 21 |
ASN15169 (GOOGLE, US)
PTR: lhr35s10-in-f10.1e100.net
fonts.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f3.1e100.net
www.gstatic.com |
ASN13238 (YANDEX YANDEX LLC, RU)
PTR: bs.yandex.ru
an.yandex.ru |
ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f3.1e100.net
fonts.gstatic.com |
ASN47764 (VK-AS LLC VK, RU)
PTR: top-fwz1.mail.ru
top-fwz1.mail.ru |
ASN39134 (UNITEDNET EDINAYA SET LIMITED LIABILITY COMPANY, RU)
PTR: host152.rax.ru
counter.yadro.ru |
ASN204720 (CDNetworks GLOBAL CLOUD NETWORK LLC, RU)
st.top100.ru |
ASN13238 (YANDEX YANDEX LLC, RU)
PTR: static.yandex.net
yastatic.net |
ASN13238 (YANDEX YANDEX LLC, RU)
PTR: mc.yandex.ru
mc.yandex.ru | |
mc.yandex.com |
ASN24638 (RAMBLER-TELECOM-AS Rambler Internet Holding LLC, RU)
PTR: kraken.rambler.ru
kraken.rambler.ru |
ASN13238 (YANDEX YANDEX LLC, RU)
PTR: mc.yandex.ru
mc.yandex.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
mail.ru
top-fwz1.mail.ru — Cisco Umbrella Rank: 12299 privacy-cs.mail.ru — Cisco Umbrella Rank: 19161 |
65 KB |
7 |
yandex.com
2 redirects
mc.yandex.com — Cisco Umbrella Rank: 9443 |
3 KB |
7 |
yastatic.net
yastatic.net — Cisco Umbrella Rank: 7444 |
200 KB |
6 |
yandex.ru
1 redirects
an.yandex.ru — Cisco Umbrella Rank: 2611 yandex.ru — Cisco Umbrella Rank: 1488 mc.yandex.ru — Cisco Umbrella Rank: 4577 |
166 KB |
4 |
gstatic.com
www.gstatic.com fonts.gstatic.com |
68 KB |
3 |
enduresopens.com
enduresopens.com |
47 KB |
3 |
goo.su
goo.su — Cisco Umbrella Rank: 568797 |
46 KB |
2 |
rambler.ru
kraken.rambler.ru — Cisco Umbrella Rank: 50537 |
2 KB |
2 |
reshowsvole.shop
reshowsvole.shop |
282 KB |
2 |
beckieintrate.top
2 redirects
yc.beckieintrate.top |
3 KB |
2 |
pushdom.co
rtb.pushdom.co — Cisco Umbrella Rank: 366479 |
143 B |
2 |
hellerraucous.top
hellerraucous.top |
2 KB |
2 |
captorbaryton.com
captorbaryton.com — Cisco Umbrella Rank: 35176 |
665 B |
2 |
yadro.ru
1 redirects
counter.yadro.ru — Cisco Umbrella Rank: 15372 |
1 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29 |
3 KB |
1 |
top100.ru
st.top100.ru — Cisco Umbrella Rank: 63217 |
40 KB |
1 |
richinfo.co
richinfo.co — Cisco Umbrella Rank: 249617 |
35 KB |
50 | 17 |
Domain | Requested by | |
---|---|---|
7 | mc.yandex.com |
2 redirects
goo.su
mc.yandex.ru |
7 | yastatic.net |
an.yandex.ru
|
4 | privacy-cs.mail.ru |
top-fwz1.mail.ru
privacy-cs.mail.ru |
4 | top-fwz1.mail.ru |
goo.su
top-fwz1.mail.ru |
3 | yandex.ru |
an.yandex.ru
privacy-cs.mail.ru |
3 | enduresopens.com |
goo.su
enduresopens.com |
3 | goo.su |
goo.su
|
2 | kraken.rambler.ru |
goo.su
|
2 | mc.yandex.ru |
1 redirects
an.yandex.ru
|
2 | reshowsvole.shop |
goo.su
|
2 | yc.beckieintrate.top | 2 redirects |
2 | rtb.pushdom.co |
goo.su
|
2 | hellerraucous.top |
enduresopens.com
|
2 | captorbaryton.com |
enduresopens.com
|
2 | counter.yadro.ru |
1 redirects
goo.su
|
2 | fonts.gstatic.com |
fonts.googleapis.com
|
2 | www.gstatic.com |
goo.su
|
2 | fonts.googleapis.com |
goo.su
|
1 | st.top100.ru |
goo.su
|
1 | an.yandex.ru |
goo.su
|
1 | richinfo.co |
goo.su
|
50 | 21 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.liveinternet.ru |
top100.rambler.ru |
Subject Issuer | Validity | Valid | |
---|---|---|---|
goo.su WE1 |
2024-11-23 - 2025-02-21 |
3 months | crt.sh |
upload.video.google.com WR2 |
2024-12-02 - 2025-02-24 |
3 months | crt.sh |
richinfo.co R10 |
2024-12-10 - 2025-03-10 |
3 months | crt.sh |
enduresopens.com R10 |
2024-12-20 - 2025-03-20 |
3 months | crt.sh |
*.gstatic.com WR2 |
2024-12-02 - 2025-02-24 |
3 months | crt.sh |
bs.yandex.ru GlobalSign ECC OV SSL CA 2018 |
2024-08-27 - 2025-02-25 |
6 months | crt.sh |
*.mail.ru GlobalSign ECC OV SSL CA 2018 |
2024-10-21 - 2025-11-22 |
a year | crt.sh |
*.top100.ru GlobalSign GCC R3 DV TLS CA 2020 |
2024-02-14 - 2025-03-17 |
a year | crt.sh |
captorbaryton.com R11 |
2024-12-27 - 2025-03-27 |
3 months | crt.sh |
hellerraucous.top ZeroSSL RSA Domain Secure Site CA |
2024-12-27 - 2025-03-27 |
3 months | crt.sh |
rtb.pushdom.co R11 |
2024-11-29 - 2025-02-27 |
3 months | crt.sh |
*.yastatic-net.ru GlobalSign ECC OV SSL CA 2018 |
2024-10-25 - 2025-04-24 |
6 months | crt.sh |
*.xn--d1acpjx3f.xn--p1ai GlobalSign ECC OV SSL CA 2018 |
2024-12-04 - 2025-06-03 |
6 months | crt.sh |
mc.yandex.ru GlobalSign ECC OV SSL CA 2018 |
2024-10-20 - 2025-04-01 |
5 months | crt.sh |
*.rambler.ru GlobalSign GCC R3 DV TLS CA 2020 |
2024-05-02 - 2025-06-03 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://goo.su/KUrs34
Frame ID: AB44DF24F65C49064BEDFDA43B6D9D9B
Requests: 45 HTTP requests in this frame
Frame:
https://reshowsvole.shop/g/33/2c/332cb477b2c0128d2396c436377d8cd631ef8eda.jpeg
Frame ID: B31E3F76789EC60AB5538E069561CA9A
Requests: 2 HTTP requests in this frame
Frame:
https://mc.yandex.com/metrika/metrika_match.html
Frame ID: AF86DA08269CC1AA05A7BDD012FB810C
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
RedirectingDetected technologies
Firebase (Databases) ExpandDetected patterns
- /firebasejs/([\d.]+)/firebase
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Yandex.Direct (Advertising Networks) Expand
Detected patterns
- https?://an\.yandex\.ru/
Yandex.Metrika (Analytics) Expand
Detected patterns
- mc\.yandex\.ru/metrika/(?:tag|watch)\.js
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 13- https://counter.yadro.ru/hit?t44.11;r;s1600*1200*24;uhttps%3A//goo.su/KUrs34;hRedirecting;0.22013524541094243 HTTP 302
- https://counter.yadro.ru/hit?q;t44.11;r;s1600*1200*24;uhttps%3A//goo.su/KUrs34;hRedirecting;0.22013524541094243
- https://yc.beckieintrate.top/tsk/HQxu7sG9wHbtJALJKxw*af3LWNZYa1MxnXkldAzErUp3wh_9wcvDpVzOy0aHptv5bUBA6b9*Zy47QQC0hA1lpsF7qooiXj93ZaPxWYVynJ8 HTTP 302
- https://reshowsvole.shop/g/33/2c/332cb477b2c0128d2396c436377d8cd631ef8eda.jpeg
- https://yc.beckieintrate.top/tsk/HQxu7sG9wHbtJALJKxw*aejzlb1u2hNGTPlpMhogrPVJCPoKsBhnzyE5E2CTCMwINuvxG3ZliWF5EhKGDh7DAkIyFXc3He6xmrww8wlVRs4 HTTP 302
- https://reshowsvole.shop/g/99/7b/997bc0c7d7a9e576cb1fe0c6243fda1743a563aa.jpeg
- https://mc.yandex.com/sync_cookie_image_check HTTP 302
- https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10611.Aq5_MgYnD_bysgCMRwCg_5yIep_mModDDn1UXy5GxPwlgn27enS4qjLX0k4lEWq0.0lF89jGpo7rDyw98pgUBbksN9sw%2C HTTP 302
- https://mc.yandex.com/sync_cookie_image_decide?token=10611.fl2eJ7udiyGcvXzHzMm2Xxeu6Gt_uYfSsTfSzHAYQ3hmbS9rpdUsmnxQohxvQD7RgXDfbd8MVcrnBqmfDz0SKfelCgE1YayRwwSaZeA0v8g0Gv0_8NH8os51PlFmdmR1UvNT8q5gOI6kVJdNhuHb_iJXH2CK8RrcKJsXxhrDGvawvOW76hHNrEOcQc-a9rlDBSbWEis7QNF9wZbfJDbfAw3t9dt6VV1gCm_2avrujVU%2C.ly9Lq2OB-m9dNWn1GsJO9V0FZjY%2C
- https://mc.yandex.com/watch/1677322?wmode=7&page-url=https%3A%2F%2Fgoo.su%2FKUrs34&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Afqngs4ku2psd4e9m0lq0o0a6g7v%3Afu%3A0%3Aen%3Autf-8%3Ala%3Afi-FI%3Av%3A1551%3Acn%3A1%3Adp%3A0%3Als%3A450782897419%3Ahid%3A198549627%3Az%3A120%3Ai%3A20250107013932%3Aet%3A1736206772%3Ac%3A1%3Arn%3A241062570%3Au%3A1736206772647305997%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Aco%3A0%3Acpf%3A1%3Ans%3A1736206766963%3Arqnl%3A1%3Ast%3A1736206774%3At%3ARedirecting&t=clc(0-0-0)aw(1)rcm(1)cdl(na)eco(565312)ti(1) HTTP 302
- https://mc.yandex.com/watch/1677322/1?wmode=7&page-url=https%3A%2F%2Fgoo.su%2FKUrs34&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Afqngs4ku2psd4e9m0lq0o0a6g7v%3Afu%3A0%3Aen%3Autf-8%3Ala%3Afi-FI%3Av%3A1551%3Acn%3A1%3Adp%3A0%3Als%3A450782897419%3Ahid%3A198549627%3Az%3A120%3Ai%3A20250107013932%3Aet%3A1736206772%3Ac%3A1%3Arn%3A241062570%3Au%3A1736206772647305997%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Aco%3A0%3Acpf%3A1%3Ans%3A1736206766963%3Arqnl%3A1%3Ast%3A1736206774%3At%3ARedirecting&t=clc%280-0-0%29aw%281%29rcm%281%29cdl%28na%29eco%28565312%29ti%281%29
50 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
KUrs34
goo.su/ |
21 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
2 KB 706 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rp-cl-ob.js
richinfo.co/richpartners/push/js/ |
93 KB 35 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
69489
enduresopens.com/ttkXIvunodY/ |
127 KB 45 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
redirect.js
goo.su/frontend/js/ |
86 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
firebase-app.js
www.gstatic.com/firebasejs/10.12.2/ |
99 KB 22 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
firebase-messaging.js
www.gstatic.com/firebasejs/10.12.2/ |
28 KB 9 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
context.js
an.yandex.ru/system/ |
375 KB 108 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/ |
18 KB 19 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v40/ |
18 KB 18 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
code.js
top-fwz1.mail.ru/js/ |
46 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hit
counter.yadro.ru/ Redirect Chain
|
132 B 618 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
top100.js
st.top100.ru/top100/ |
133 KB 40 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
/
captorbaryton.com/cuid/ Frame |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
captorbaryton.com/cuid/ |
32 B 665 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
e*HriSvAEiRus11WNQBgVXRun4_Ijfj4*mvcmIl054NJ5HmQHOMdrqbjhQ15n1cR0jOO0y0JjacgqWeL4tOIZde5HKpkvvPiLmqdegbPsmkppgOIX0dxRifw6MWGuJ9ivbbwccxdd
hellerraucous.top/ Frame |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
e*HriSvAEiRus11WNQBgVXRun4_Ijfj4*mvcmIl054NJ5HmQHOMdrqbjhQ15n1cR0jOO0y0JjacgqWeL4tOIZde5HKpkvvPiLmqdegbPsmkppgOIX0dxRifw6MWGuJ9ivbbwccxdd
hellerraucous.top/ |
954 B 2 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
69489
enduresopens.com/tsf/ Frame |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
69489
enduresopens.com/tsf/ |
2 KB 2 KB |
Fetch
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
st
rtb.pushdom.co/pb/ |
0 72 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
st
rtb.pushdom.co/pb/ |
0 71 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
text-variable-full.woff2
yastatic.net/s3/home/fonts/ys/3/ |
25 KB 26 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cc3eb7227602aea2a356.js
yastatic.net/partner-code-bundles/1183758/ |
20 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5956674fd0fdd7c45be0.js
yastatic.net/partner-code-bundles/1183758/ |
17 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
57bcfd9e2482bf6eab12.js
yastatic.net/partner-code-bundles/1183758/ |
24 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
28c60da322306eea85f3.js
yastatic.net/partner-code-bundles/1183758/ |
616 KB 120 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
host.js
yastatic.net/safeframe-bundles/0.83/ |
33 KB 9 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
454b3fa45c64f15c3946.js
yastatic.net/partner-code-bundles/1183758/ |
114 KB 24 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1677322
yandex.ru/ads/meta/ |
441 B 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
332cb477b2c0128d2396c436377d8cd631ef8eda.jpeg
reshowsvole.shop/g/33/2c/ Frame B31E Redirect Chain
|
164 KB 164 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
997bc0c7d7a9e576cb1fe0c6243fda1743a563aa.jpeg
reshowsvole.shop/g/99/7b/ Frame B31E Redirect Chain
|
117 KB 117 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sync-loader.js
privacy-cs.mail.ru/static/ |
155 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dyn-goal-config.js
top-fwz1.mail.ru/js/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
counter
top-fwz1.mail.ru/ |
43 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1677322
yandex.ru/ads/meta/ |
441 B 445 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
watch.js
mc.yandex.ru/metrika/ |
154 KB 55 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
kraken.rambler.ru/cnt/v2/ |
43 B 640 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
top100_0062b1.gif
kraken.rambler.ru/counter-static/images/ |
595 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sync_cookie_image_decide
mc.yandex.com/ Redirect Chain
|
43 B 698 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
metrika_match.html
mc.yandex.com/metrika/ Frame AF86 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
/
privacy-cs.mail.ru/fp/ Frame |
0 0 |
Preflight
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
privacy-cs.mail.ru/fp/ |
0 0 |
Fetch
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tracker
top-fwz1.mail.ru/ |
43 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1
mc.yandex.com/watch/1677322/ Redirect Chain
|
422 B 672 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon-32x32.png
goo.su/img/favicons/ |
2 KB 3 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
HEAD H2 |
context.js
yandex.ru/ads/system/ |
0 0 |
Fetch
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
1
mc.yandex.com/watch/1677322/ |
43 B 74 B |
Ping
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
1677322
mc.yandex.com/watch/ |
43 B 75 B |
Ping
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
privacy-cs.mail.ru/fp/ |
0 0 |
Fetch
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
37 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| yandexContextAsyncCallbacks object| _tmr object| _top100q function| jQuery function| $ object| $insertQueued35531e73629$ boolean| //enduresopens.com/ttkXIvunodY/69489-8ba9-57fd object| 1bgbb027-3b87-ae67-26ar-hz150f600z16 object| strscrlobs number| process_1181279 number| process_1183523 function| $insertd35531e73629$ function| cnc object| pcode_1183758_default_5FxCQYEIlk object| Ya object| __activeTestIds object| __pcodeAllActiveTestIds number| pr function| AdFox_getCodeScript object| ya object| yaads object| yaSafeFrameCallbacksStorage boolean| isLoadingSafeframeStarted object| adfoxAsyncParams object| adfoxAsyncParamsScroll object| adfoxAsyncParamsAdaptive object| layoutConfig object| $sf object| yaSafeFrameAsyncCallbacks function| Kraken function| top100 object| top100Counter object| _top100 object| yaCounter1677322 number| rb_sync_refresh_time object| rb_sync39 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
goo.su/ | Name: XSRF-TOKEN Value: eyJpdiI6IkV0a2tmM0xlNlZUZ0lzZklkRzN3U3c9PSIsInZhbHVlIjoiQ0Zhb082YUxzSmNLSkJTeFZiVldMK21VK1FUa2ROOWROaXlxQ0owOUdIYlZDZytIQk1qWDd1OFVWNGN0bHo2VmVGc2VUYlgvUzBiMDN6L3ZoMXBpRU5wd0hpTTJMU3pXUHNyVEZlMnBhNkdVY0FpYnA2SkgycUE3V2d3VVI4b24iLCJtYWMiOiJiOTZkMDVmOGEyMjVlZTU3ZmRlYTkxNWViMTUxMmY3YmNlMjgxZTMyM2I4YTYzNWFjOGUzOWU3MmYxMTE1NTA5IiwidGFnIjoiIn0%3D |
|
goo.su/ | Name: goosu_session Value: eyJpdiI6IkQvaDl6aHNmVE5nMjVZL0ptVzA2YVE9PSIsInZhbHVlIjoiRkRlTXBQOFRnbm1IZXVqQ1VmbUZWdGRZZExxa05VS2k3bjFOUmtPa0Fxc1pTdVZLOHd2RUpZTEpJaFFMNUppUnBTaENHRFl3UUU2bWIxRTJiaVRYb05KakI0MXZqc3lLWGt2VlVmSHlHTHNJaXdJbCtwa2xvVDZmNHcraEtZQVoiLCJtYWMiOiI5ODczMWYwZDNlMWUwYTQyNTE1OTE5NDU3NGI3NjA5MDYzM2JjZTkxODg5NmU0Zjg1NmIyNjY3YmZkMjc0MWY4IiwidGFnIjoiIn0%3D |
|
enduresopens.com/ | Name: GL_UI4 Value: eJw9jd1Og0AQhaGwtNWCTsID%2BAhQQrWXxlvfgQzMQNfCTrNsqb69q4lenZ98OScIglX%2BAOGSbCG6Yg1PWJZ9TfhcVYeu5z3vezrWBVZ0PLz01Baw1XPjsB3ZxbCZJ7SucUsMu4ENW901nRCn8Oipv%2BZs5GZiUK1FQymoyRNjCuvWym1mm0cQG5wYkreTFa9qwg%2BxEJVV6b023ocFrGTOo%2BwO1Ls2189slwRZlgRwfxnR9WKnRpOParBIDOErbDp0PIj9gjXxfHZyAZCRmn%2F%2B91ONP2uQEC%2B681Hcie03KUxO%2BA%3D%3D |
|
enduresopens.com/ | Name: GL_GI10 Value: eJw1y0EKwjAQBdBkFikFu%2FjYA3iCaCqCWSsFwYVgLzC2QYLpGFLx%2FK58%2B6eUonYFihmN83vb7bw9dNYfoZ%2Bg%2FgIaBVUfJbFM0AXkHKgI6lssL5aZGXpENfCcQwnQEc0QUuTN%2F5AsqE%2F8SGF7vl%2Bhs1Ggz9sQaJlaBf016x%2BQjR4P |
|
.yandex.ru/ | Name: i Value: BPu3JJJKvzLdbXi9KAoAMJG2/W/c0rBJ4r6Cb9y+cMHIyk9kiv4EkZbJNA3GH1MIMzl+pjSBo7EdskrwRLdvHVXtX/s= |
|
.yandex.ru/ | Name: yandexuid Value: 5241451051736206769 |
|
.yandex.ru/ | Name: yashr Value: 6080299621736206769 |
|
.yandex.ru/ | Name: bh Value: YLHT8bsGahncyumIDvKst6UL+/rw5w3r//32D6SYzYcI |
|
enduresopens.com/ | Name: GL_CA_69489 Value: eJxjYGBgEmHiYhDatUiESZAxmY1RkLGEK70mcyNIbIkIEx8DGyMfI1gEAJqmCGs%3D |
|
hellerraucous.top/ | Name: GL_UI4 Value: eJw9jd1Og0AQhaGwtNWCTsID%2BAhQQrWXxlvfgQzMQNfCTrNsqb69q4lenZ98OScIglX%2BAOGSbCG6Yg1PWJZ9TfhcVYeu5z3vezrWBVZ0PLz01Baw1XPjsB3ZxbCZJ7SucUsMu4ENW901nRCn8Oipv%2BZs5GZiUK1FQymoyRNjCuvWym1mm0cQG5wYkreTFa9qwg%2BxEJVV6b023ocFrGTOo%2BwO1Ls2189slwRZlgRwfxnR9WKnRpOParBIDOErbDp0PIj9gjXxfHZyAZCRmn%2F%2B91ONP2uQEC%2B681Hcie03KUxO%2BA%3D%3D |
|
hellerraucous.top/ | Name: GL_GI10 Value: eJw1y0EKwjAQBdBkFikFu%2FjYA3iCaCqCWSsFwYVgLzC2QYLpGFLx%2FK58%2B6eUonYFihmN83vb7bw9dNYfoZ%2Bg%2FgIaBVUfJbFM0AXkHKgI6lssL5aZGXpENfCcQwnQEc0QUuTN%2F5AsqE%2F8SGF7vl%2Bhs1Ggz9sQaJlaBf016x%2BQjR4P |
|
.captorbaryton.com/ | Name: a97fa794a0f9 Value: 672fd301e523b14fd96a62 |
|
.yadro.ru/ | Name: FTID Value: 1dV6co1w5Hux1dV6co003IQx |
|
.goo.su/ | Name: tmr_lvid Value: 4ff26271c6ea561d022d07cfd21aed10 |
|
.goo.su/ | Name: tmr_lvidTS Value: 1736206770250 |
|
.yadro.ru/ | Name: VID Value: 1sk7HN2mPk8x1dV6co003CF2 |
|
.yandex.ru/ | Name: yuidss Value: 5241451051736206769 |
|
.yandex.ru/ | Name: receive-cookie-deprecation Value: 1 |
|
.goo.su/ | Name: adtech_uid Value: e73dd41a-13cc-4c90-b1d1-33c14027f353%3Agoo.su |
|
yc.beckieintrate.top/ | Name: GL_UI4 Value: eJw9jd1Og0AQhaGwtNWCTsID%2BAhQQrWXxlvfgQzMQNfCTrNsqb69q4lenZ98OScIglX%2BAOGSbCG6Yg1PWJZ9TfhcVYeu5z3vezrWBVZ0PLz01Baw1XPjsB3ZxbCZJ7SucUsMu4ENW901nRCn8Oipv%2BZs5GZiUK1FQymoyRNjCuvWym1mm0cQG5wYkreTFa9qwg%2BxEJVV6b023ocFrGTOo%2BwO1Ls2189slwRZlgRwfxnR9WKnRpOParBIDOErbDp0PIj9gjXxfHZyAZCRmn%2F%2B91ONP2uQEC%2B681Hcie03KUxO%2BA%3D%3D |
|
yc.beckieintrate.top/ | Name: GL_GI10 Value: eJw1y0EKwjAQBdBkFikFu%2FjYA3iCaCqCWSsFwYVgLzC2QYLpGFLx%2FK58%2B6eUonYFihmN83vb7bw9dNYfoZ%2Bg%2FgIaBVUfJbFM0AXkHKgI6lssL5aZGXpENfCcQwnQEc0QUuTN%2F5AsqE%2F8SGF7vl%2Bhs1Ggz9sQaJlaBf016x%2BQjR4P |
|
.goo.su/ | Name: top100_id Value: t1.6673155.403958671.1736206771210 |
|
.goo.su/ | Name: t3_sid_6673155 Value: s1.395080231.1736206771211.1736206771212.1.1 |
|
goo.su/ | Name: tmr_detect Value: 0%7C1736206772509 |
|
goo.su/ | Name: domain_sid Value: 6uwSGeRY3ZnrezJHqhBKN%3A1736206772788 |
|
.yandex.com/ | Name: yashr Value: 5859877791736206773 |
|
.mc.yandex.com/ | Name: sync_cookie_csrf Value: 3575527325fake |
|
.mc.yandex.ru/ | Name: sync_cookie_csrf Value: 3927103377fake |
|
.yandex.com/ | Name: yandexuid Value: 5241451051736206769 |
|
.yandex.com/ | Name: yuidss Value: 5241451051736206769 |
|
.yandex.com/ | Name: i Value: BPu3JJJKvzLdbXi9KAoAMJG2/W/c0rBJ4r6Cb9y+cMHIyk9kiv4EkZbJNA3GH1MIMzl+pjSBo7EdskrwRLdvHVXtX/s= |
|
.yandex.com/ | Name: yp Value: 1736293173.yu.7180253251736206773 |
|
.mc.yandex.com/ | Name: sync_cookie_ok Value: synced |
|
top-fwz1.mail.ru/ | Name: PVID Value: 3bK50609B_IT00002U0zDKoT:::0-0-0-c96c272-0-c96c275:CAASEAMbF6WvWa6ADxdzdt2gFN4aYF2WHS5hL3bblpf7y9eUkeM1Aruo08gwDXSm1zfXrmzUjxxjb8VxCo0z9aMVx23j3gThC_YBo4zF29OWmpGEJ3kjCBMQX1zmuvCYfYGQkOBmPEfhZ5asYEUVsnrtrgQdKg |
|
.mail.ru/ | Name: VID Value: 3bK50609B_IT00002U0zDKoT:::0-0-0-c96c272-0-c96c275:CAASEAMbF6WvWa6ADxdzdt2gFN4aYF2WHS5hL3bblpf7y9eUkeM1Aruo08gwDXSm1zfXrmzUjxxjb8VxCo0z9aMVx23j3gThC_YBo4zF29OWmpGEJ3kjCBMQX1zmuvCYfYGQkOBmPEfhZ5asYEUVsnrtrgQdKg |
|
mc.yandex.com/ | Name: yabs-sid Value: 1195309721736206773 |
|
.yandex.com/ | Name: ymex Value: 1738798773.oyu.7180253251736206773#1767742773.yrts.1736206773 |
|
.yandex.com/ | Name: receive-cookie-deprecation Value: 1 |
|
.yandex.com/ | Name: bh Value: KgI/MGC10/G7Bg== |
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
an.yandex.ru
captorbaryton.com
counter.yadro.ru
enduresopens.com
fonts.googleapis.com
fonts.gstatic.com
goo.su
hellerraucous.top
kraken.rambler.ru
mc.yandex.com
mc.yandex.ru
privacy-cs.mail.ru
reshowsvole.shop
richinfo.co
rtb.pushdom.co
st.top100.ru
top-fwz1.mail.ru
www.gstatic.com
yandex.ru
yastatic.net
yc.beckieintrate.top
142.250.185.131
142.250.185.163
151.236.71.248
162.19.19.15
172.255.103.103
172.255.103.105
172.67.139.105
178.154.131.215
213.180.204.90
216.58.206.42
23.109.170.101
23.109.170.167
31.204.132.207
5.200.15.240
77.88.21.119
77.88.44.55
81.19.89.17
87.250.251.119
88.212.202.52
95.163.52.67
95.163.52.89
0043f89180ccb535cc29be0ebcb83346e380b2e9f94078e1c5fdf598567831b2
033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9
06567e87d178c726953d001e9cf551e9d7e67880f9f4ef35cba7a0b24d901728
08b83f02859328aabb9acea9370d600ffe739d9e2c251b6668b6f6ff56a2e1d1
0e7e3045519beaff2095d4a64b8dfb1b581013eb5b8f4b3549983c69abe7139b
1083e15f17276402d259f207d321498179dac9996221d7945ac21055bb7bf2f4
1acf00991a891d83b575af94893541cf2fbcb1653e9aecef35df6bc118433e7c
23428c6301061ebb006b127c5841235122a23672f0041d08a9518520795a1bde
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55
3bf1884744ea048b3d883b6d32a427b6f0f638abdb8dc203bfb24b75610e2cef
52a8d3417ef880bed0286137f27374248962272a0872cbedae0e61dd38b1a5bd
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
557f3d629cbf8c40716f4c9d7c0147dc3f904ab7bc90b75b43bdf46ff79aad51
562313c47256e8e245a6f9580444977088dd4b1489e116822ca842c54949a3d9
5e5ebd5298cb9dab18bda0c5076bb0c3422876cd52d442f2ff93564c071d786c
719d2fc548145fa8d8361205f6fcb49eefc54c71fbb18e6320a60a263f40637a
7ad6ba8d8a6cf114a9b423418072f1c23b2aad56f192797208d8ead349f49577
7f4a0f4b45b8c93a7662873d02abba721a6652e35e2c9514df49011fb689076c
80fc30ac502073424612abfe45f0db2859aa92ce62a411b63367a7a380fe95c0
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
8b02c4db7b51bd658027ebf5e05cfc9e5c9dfe9bc4a9bd0c5840488f8a2015aa
950d3ea33a52e3b63868c32fe075b221b10ca5aa31a98b180d7182213c7b8ea1
9ac92dd22b771410a6944726d1ed1fd7a7faaf239c2d80eab0bc1233e6ce95d2
9c9f8b92b3df03f1d2e8a9a5f1538ec70feaf60db86eb57b7e223ce1be93dbff
b4fd545d2315a183d47fa0272d2a9be49f7de28c7b71a2197cbec69909a1b30f
c28064598de8d36d4f19bffbf443141ede3879ae7f59a3df2aafad3f92afe93c
c7a987be3cbd97bc18f5c4dac63af0993a04e647ee2504812471192f423e591d
cdc9f17e47e9bbe67f5eace6a2980bc26dda093b18798cf16f56636af8b14398
d6534b8e4fd6c8408559b3fcac1ce461c2edbbe9f3b81b72fd00acf00e025ef6
dcc1643bbb30485235761e58faad3153ca92327592f070b727a86dab61fa256e
e10cd8d343f9c37e3500c69d92f7ac7e78b6c7df29a2ace8cffe71bfa494e8c9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
ef998bdd10867e538748dc0e21ff46fb06756d6414a78c3273b5a4d4d958255e
f44fd5d3e4ef91db81aa29db7216c4ab17feada8c779fc168e3d13364136610a
fa8ce0f9f5d78718935551066be8ab1e59b330c14c95c5e0a876ccc3ab6e5391
fbdab044f47d62e0cd433e48dc314587a188268361fde3fa8aa1a93d04114944
fda0897f4cdbbab911245c9ebaa4885f54a7e572b8c9b071dc976d1d27cab1a6