www.4tracking.net
Open in
urlscan Pro
2606:4700:3033::ac43:8123
Malicious Activity!
Public Scan
Submitted URL: http://www.4tracking.net/
Effective URL: https://www.4tracking.net/
Submission: On December 15 via api from US — Scanned from DE
Effective URL: https://www.4tracking.net/
Submission: On December 15 via api from US — Scanned from DE
Summary
This website contacted 20 IPs
in 4 countries
across 14 domains to perform 89 HTTP transactions.
The main IP is 2606:4700:3033::ac43:8123, located in
United States and
belongs to CLOUDFLARENET, US.
The main domain is www.4tracking.net.
TLS certificate: Issued by GTS CA 1P5 on December 4th 2023. Valid for: 3 months.
This is the only time www.4tracking.net was scanned on urlscan.io!
TLS certificate: Issued by GTS CA 1P5 on December 4th 2023. Valid for: 3 months.
This is the only time www.4tracking.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
3
2a00:1450:4001:80f::2008
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| www.googletagmanager.com |
2
2a00:1450:4001:813::200e
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| www.google-analytics.com |
36
2600:9000:21c7:4e00:7:39c0:7c0:21
(United States)
ASN16509 (AMAZON-02, US)
ASN16509 (AMAZON-02, US)
| dmws6zo5g7pcv.cloudfront.net |
15
2a00:1450:4001:802::2002
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| pagead2.googlesyndication.com |
5
2a00:1450:4001:811::2002
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| googleads.g.doubleclick.net |
7
2a00:1450:4001:808::2001
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| tpc.googlesyndication.com |
1
2a00:1450:4001:812::2002
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| www.googletagservices.com |
4
142.250.185.194
(United States)
ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net
ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net
| cm.g.doubleclick.net |
4
185.89.211.84
(Frankfurt am Main, Germany)
ASN29990 (ASN-APPNEX, US)
PTR: 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
ASN29990 (ASN-APPNEX, US)
PTR: 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
| ib.adnxs.com |
1
216.58.206.38
(United States)
ASN15169 (GOOGLE, US)
PTR: lhr35s10-in-f6.1e100.net
ASN15169 (GOOGLE, US)
PTR: lhr35s10-in-f6.1e100.net
| ad.doubleclick.net |
1
23.36.233.143
(Frankfurt am Main, Germany)
ASN16625 (AKAMAI-AS, US)
PTR: a23-36-233-143.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a23-36-233-143.deploy.static.akamaitechnologies.com
| servedby.flashtalking.com |
3
2.19.216.48
(Prague, Czech Republic)
ASN16625 (AKAMAI-AS, US)
PTR: a2-19-216-48.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a2-19-216-48.deploy.static.akamaitechnologies.com
| cdn.flashtalking.com | |
| secure.flashtalking.com |
2
2a01:4a0:1338:28::c38a:ff08
(Germany)
ASN201011 (CORE-BACKBONE CORE-BACKBONE GMBH GLOBAL NETWORK, DE)
ASN201011 (CORE-BACKBONE CORE-BACKBONE GMBH GLOBAL NETWORK, DE)
| cdn.doubleverify.com |
1
130.211.44.5
(Kansas City, United States)
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 5.44.211.130.bc.googleusercontent.com
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 5.44.211.130.bc.googleusercontent.com
| tps.doubleverify.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 36 |
cloudfront.net
dmws6zo5g7pcv.cloudfront.net |
375 KB |
| 22 |
googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 148 |
318 KB |
| 10 |
doubleclick.net
3 redirects
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 219 ad.doubleclick.net — Cisco Umbrella Rank: 139 |
38 KB |
| 5 |
casalemedia.com
3 redirects
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578 |
3 KB |
| 5 |
yandex.com
2 redirects
mc.yandex.com — Cisco Umbrella Rank: 8902 |
3 KB |
| 4 |
flashtalking.com
servedby.flashtalking.com — Cisco Umbrella Rank: 923 cdn.flashtalking.com — Cisco Umbrella Rank: 1337 secure.flashtalking.com — Cisco Umbrella Rank: 2874 |
67 KB |
| 4 |
adnxs.com
3 redirects
ib.adnxs.com — Cisco Umbrella Rank: 229 |
3 KB |
| 4 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2189 |
21 KB |
| 3 |
doubleverify.com
cdn.doubleverify.com — Cisco Umbrella Rank: 489 tps.doubleverify.com — Cisco Umbrella Rank: 505 |
105 KB |
| 3 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 36 |
231 KB |
| 2 |
yandex.ru
1 redirects
mc.yandex.ru — Cisco Umbrella Rank: 4182 |
71 KB |
| 2 |
4tracking.net
1 redirects
www.4tracking.net |
23 KB |
| 1 |
googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 206 |
65 KB |
| 1 |
google.com
www.google.com — Cisco Umbrella Rank: 2 |
1 KB |
| 89 | 14 |
| Domain | Requested by | |
|---|---|---|
| 36 | dmws6zo5g7pcv.cloudfront.net |
www.4tracking.net
dmws6zo5g7pcv.cloudfront.net |
| 15 | pagead2.googlesyndication.com |
dmws6zo5g7pcv.cloudfront.net
pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com |
| 7 | tpc.googlesyndication.com |
pagead2.googlesyndication.com
tpc.googlesyndication.com googleads.g.doubleclick.net |
| 5 | dsum-sec.casalemedia.com |
3 redirects
googleads.g.doubleclick.net
|
| 5 | googleads.g.doubleclick.net |
pagead2.googlesyndication.com
googleads.g.doubleclick.net |
| 5 | mc.yandex.com |
2 redirects
www.4tracking.net
|
| 4 | ib.adnxs.com |
3 redirects
googleads.g.doubleclick.net
|
| 4 | cm.g.doubleclick.net |
3 redirects
googleads.g.doubleclick.net
|
| 3 | www.googletagmanager.com |
www.4tracking.net
www.googletagmanager.com |
| 2 | cdn.doubleverify.com |
cdn.flashtalking.com
www.4tracking.net |
| 2 | cdn.flashtalking.com |
servedby.flashtalking.com
googleads.g.doubleclick.net |
| 2 | region1.google-analytics.com |
www.googletagmanager.com
|
| 2 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com |
| 2 | mc.yandex.ru |
1 redirects
www.4tracking.net
|
| 2 | www.4tracking.net | 1 redirects |
| 1 | tps.doubleverify.com |
cdn.doubleverify.com
|
| 1 | secure.flashtalking.com |
googleads.g.doubleclick.net
|
| 1 | servedby.flashtalking.com |
googleads.g.doubleclick.net
|
| 1 | ad.doubleclick.net |
googleads.g.doubleclick.net
|
| 1 | www.googletagservices.com |
googleads.g.doubleclick.net
|
| 1 | www.google.com |
tpc.googlesyndication.com
|
| 89 | 21 |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| 4tracking.net GTS CA 1P5 |
2023-12-04 - 2024-03-03 |
3 months | crt.sh |
| *.google-analytics.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
| mc.yandex.ru GlobalSign ECC OV SSL CA 2018 |
2023-08-14 - 2024-01-24 |
5 months | crt.sh |
| *.cloudfront.net Amazon RSA 2048 M01 |
2023-10-10 - 2024-09-19 |
a year | crt.sh |
| *.g.doubleclick.net GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
| tpc.googlesyndication.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
| www.google.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
| *.doubleclick.net GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
| servedby.flashtalking.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-09-14 - 2024-09-14 |
a year | crt.sh |
| cdn.flashtalking.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-05-04 - 2024-05-03 |
a year | crt.sh |
| *.doubleverify.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-05-07 - 2024-05-07 |
a year | crt.sh |
| *.tps.doubleverify.com Go Daddy Secure Certificate Authority - G2 |
2023-09-29 - 2024-09-28 |
a year | crt.sh |
This page contains 9 frames:
Primary Page:
https://www.4tracking.net/
Frame ID: 5D8E2D3883B100C3BE78E92F5F4054DE
Requests: 55 HTTP requests in this frame
Frame:
https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_fy2021.html
Frame ID: F75E861FC7BD383266B4AB7FD6B51AD8
Requests: 1 HTTP requests in this frame
Frame:
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5270614258572210&output=html&h=90&slotname=5848640411&adk=1435077868&adf=3229680868&pi=t.ma~as.5848640411&w=728&lmt=1702661577&rafmt=12&format=728x90&url=https%3A%2F%2Fwww.4tracking.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702676048964&bpp=2&bdt=1251&idt=245&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&correlator=7664758420816&frm=20&pv=2&ga_vid=536744857.1702676048&ga_sid=1702676049&ga_hid=1768510747&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=451&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C44807406%2C95320869%2C95320884&oid=2&pvsid=3788517500202978&tmod=994823978&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&dtd=257
Frame ID: 54699CA0724C5856156D5F2B93EAABA1
Requests: 20 HTTP requests in this frame
Frame:
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5270614258572210&output=html&adk=1812271804&adf=3025194257&lmt=1702661577&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.4tracking.net%2F&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702676048966&bpp=1&bdt=1253&idt=263&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&nras=1&correlator=7664758420816&frm=20&pv=1&ga_vid=536744857.1702676048&ga_sid=1702676049&ga_hid=1768510747&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C44807406%2C95320869%2C95320884&oid=2&pvsid=3788517500202978&tmod=994823978&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=270
Frame ID: 7AE0A226B70A7F2D033E426EBF553047
Requests: 1 HTTP requests in this frame
Frame:
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 1F62AD4C7DC0CD3123CDBB5F3294E3A8
Requests: 3 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/aframe
Frame ID: C1000EA27EE10B6896E58D082C3B4F06
Requests: 2 HTTP requests in this frame
Frame:
https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvmmQEQhsbxhwQYhM3l7gEwAQ&v=APEucNXNLY-pytzb9OxK47EqWnMNVZnbRPoH49zO7PdzOjykOLU1dhU3DXC8RbVi9P1ZfH5uPIdZ9eUG2Nt5QT-Cc1zMDX1MpUD6xa9xgQHe2RkspJpThgpXkJojTFsJWLYGt6-IBGMWPRQpip5dAtLyyD-nGjme36FzOoRJj-Qu737IdE6shSs
Frame ID: 623FFFE6873BED0ED682ACA6C76B1DB5
Requests: 5 HTTP requests in this frame
Frame:
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 6F0D999C040840D0D9973EF867D3118B
Requests: 3 HTTP requests in this frame
Frame:
https://cdn.doubleverify.com/dv-measurements5148.js
Frame ID: 987778BF09793C5B7F66FAD3FEE631F8
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
International package tracking - Track and trace parcels | 4TrackingPage URL History Show full URLs
-
http://www.4tracking.net/
HTTP 301
https://www.4tracking.net/ Page URL
Detected technologies
AppNexus
(Advertising Networks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- adnxs\.(?:net|com)
Google AdSense
(Advertising Networks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- googlesyndication\.com/
Google Analytics
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Google Tag Manager
(Tag Managers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- googletagmanager\.com/gtag/js
Yandex.Metrika
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- mc\.yandex\.ru/metrika/(?:tag|watch)\.js
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
URL: https://fb.com/4tracking.net
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.4tracking.net/
HTTP 301
https://www.4tracking.net/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 10- https://mc.yandex.com/sync_cookie_image_check HTTP 302
- https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10218.MzRieGgP4HmXFEI7eLzHIVeU5QWipUtGAmwuevH1G5A_T_M2ZkbWh9ws5KJhBTLj.rzO8Yg0FszQ7EUtxv0aqnjicbJo%2C HTTP 302
- https://mc.yandex.com/sync_cookie_image_decide?token=10218.rKLpZ5sglvnF1GbD5dofKUauvyE-6kFlAWc99KuEGKFl3Ybucf-8A4h_JRgtcoaiKjDs-8NB0nqCgRA4fxLXqkSuT_fv-KOlQm266-9cW9AcF71aUFXhkuDP9UHDI9pWeaL2I8yzYM8C5bQxH2o5H57kjSfEVfRKhHqaZ8pHT8Pe3fvObWedIj0vFg9YdN5bSkeuiAa4KTV3biEQTPTTIpLIc6Xoo1fP_eiJO-ZmbnU%2C.f_4Doz2qiHxgjAmvl9x3vHZxJFE%2C
- https://mc.yandex.com/watch/73220287?wmode=7&page-url=https%3A%2F%2Fwww.4tracking.net%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3bfl5e3f8ptrmgtp6nxhmpy3%3Afp%3A498%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1190%3Acn%3A1%3Adp%3A0%3Als%3A200538497101%3Ahid%3A520831699%3Az%3A60%3Ai%3A20231215223408%3Aet%3A1702676048%3Ac%3A1%3Arn%3A896964956%3Arqn%3A1%3Au%3A1702676048232084408%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C55%2C39%2C3%2C260%2C0%2C%2C109%2C0%2C%2C%2C%2C467%3Aco%3A0%3Acpf%3A1%3Ans%3A1702676047356%3Agi%3AR0ExLjIuNTM2NzQ0ODU3LjE3MDI2NzYwNDg%3D%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1702676048%3At%3AInternational%20package%20tracking%20-%20Track%20and%20trace%20parcels%20%7C%204Tracking&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)ti(1) HTTP 302
- https://mc.yandex.com/watch/73220287/1?wmode=7&page-url=https%3A%2F%2Fwww.4tracking.net%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3bfl5e3f8ptrmgtp6nxhmpy3%3Afp%3A498%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1190%3Acn%3A1%3Adp%3A0%3Als%3A200538497101%3Ahid%3A520831699%3Az%3A60%3Ai%3A20231215223408%3Aet%3A1702676048%3Ac%3A1%3Arn%3A896964956%3Arqn%3A1%3Au%3A1702676048232084408%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C55%2C39%2C3%2C260%2C0%2C%2C109%2C0%2C%2C%2C%2C467%3Aco%3A0%3Acpf%3A1%3Ans%3A1702676047356%3Agi%3AR0ExLjIuNTM2NzQ0ODU3LjE3MDI2NzYwNDg%3D%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1702676048%3At%3AInternational%20package%20tracking%20-%20Track%20and%20trace%20parcels%20%7C%204Tracking&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29
- https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
- https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuXLUsewWDhuJBOsYgXOf0&google_cver=1 HTTP 302
- https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuXLUsewWDhuJBOsYgXOf0&google_cver=1&C=1
- https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
- https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
- https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXzGUtbpZ8KyCbHYrRVwEAAA HTTP 302
- https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHuXLUsewWDhuJBOsYgXOf0&google_cver=1
- https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
- https://ib.adnxs.com/setuid?entity=101&code=CAESEJet8dRCnMRF5emvoTnhllE&google_cver=1 HTTP 307
- https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJet8dRCnMRF5emvoTnhllE%26google_cver%3D1
- https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
- https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
- https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQ4NDMzMzE2MjA3NzIzNDY5NQ%3D%3D
89 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
www.4tracking.net/ Redirect Chain
|
90 KB 22 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js
www.googletagmanager.com/gtag/ |
187 KB 68 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
tag.js
mc.yandex.ru/metrika/ |
202 KB 70 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
46 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js
www.googletagmanager.com/gtag/ |
241 KB 84 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js
www.googletagmanager.com/gtag/ |
224 KB 79 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
analytics.js
www.google-analytics.com/ |
52 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
collect
region1.google-analytics.com/g/ |
0 256 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
collect
region1.google-analytics.com/g/ |
0 54 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
collect
www.google-analytics.com/j/ |
1 B 208 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sync_cookie_image_decide
mc.yandex.com/ Redirect Chain
|
43 B 668 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
advert.gif
mc.yandex.com/metrika/ |
43 B 498 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
line-awesome.css
dmws6zo5g7pcv.cloudfront.net/lib/css/ |
87 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
roboto.css
dmws6zo5g7pcv.cloudfront.net/lib/css/ |
376 B 940 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
core.js
dmws6zo5g7pcv.cloudfront.net/lib/js/ |
126 KB 44 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cm.js
dmws6zo5g7pcv.cloudfront.net/lib/js/ |
171 KB 57 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1
mc.yandex.com/watch/73220287/ Redirect Chain
|
420 B 538 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
roboto.css
dmws6zo5g7pcv.cloudfront.net/lib/css/ |
376 B 939 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
line-awesome.css
dmws6zo5g7pcv.cloudfront.net/lib/css/ |
87 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
line-awesome.css
dmws6zo5g7pcv.cloudfront.net/lib/css/ |
87 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
roboto.css
dmws6zo5g7pcv.cloudfront.net/lib/css/ |
376 B 750 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
world2.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/ |
29 KB 12 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
la-brands-400.woff2
dmws6zo5g7pcv.cloudfront.net/lib/fonts/ |
83 KB 83 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
la-solid-900.woff2
dmws6zo5g7pcv.cloudfront.net/lib/fonts/ |
94 KB 95 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ |
149 KB 51 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
usps.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
ups.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
deutsche-post.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
732 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
china-post.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
1 KB 1017 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
fedex.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
1 KB 973 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
singapore-post.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
7 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
tnt.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
1 KB 995 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
brazil-correios.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
royal-mail.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
canada-post.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
512 B 903 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
dhl-express.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
1 KB 935 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
russian-post.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
morocco-post.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
9 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
amana.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
4px.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
570 B 962 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
china-ems.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
yanwen.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
795 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
sypost.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
malaysia-post.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
dhl-ecommerce.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/ Frame F75E |
9 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/ |
399 KB 135 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
dhl-ecommerce.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
posten-norge.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
1004 B 844 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
hong-kong-post.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
1 KB 887 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
australia-post.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/carriers/ |
503 B 894 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ads
googleads.g.doubleclick.net/pagead/ Frame 5469 |
29 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
sodar
pagead2.googlesyndication.com/getconfig/ |
16 KB 12 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ads
googleads.g.doubleclick.net/pagead/ Frame 7AE0 |
0 188 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sodar2.js
tpc.googlesyndication.com/sodar/ |
17 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1F62 |
13 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
aframe
www.google.com/recaptcha/api2/ Frame C100 |
829 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
pagead2.googlesyndication.com/bg/ Frame 1F62 |
39 KB 15 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
generate_204
tpc.googlesyndication.com/ Frame 1F62 |
0 10 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
sodar
pagead2.googlesyndication.com/pagead/ Frame C100 |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
sodar
pagead2.googlesyndication.com/pagead/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
man-thinking.svg
dmws6zo5g7pcv.cloudfront.net/lib/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5469 |
42 B 63 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
pixel
googleads.g.doubleclick.net/xbbe/ Frame 623F |
624 B 246 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame 5469 |
89 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 5469 |
3 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 5469 |
20 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 5469 |
203 KB 65 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rum
dsum-sec.casalemedia.com/ Frame 623F Redirect Chain
|
43 B 537 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
rum
dsum-sec.casalemedia.com/ Frame 623F Redirect Chain
|
43 B 768 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bounce
ib.adnxs.com/ Frame 623F Redirect Chain
|
43 B 891 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
pixel
cm.g.doubleclick.net/ Frame 623F Redirect Chain
|
170 B 243 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H3 |
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5469 |
0 20 B |
Ping
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H3 |
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5469 |
0 20 B |
Ping
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
ad
googleads.g.doubleclick.net/dbm/ Frame 5469 |
33 KB 19 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 5469 |
31 KB 12 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame 5469 |
41 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMjY3NjA1MDkxMjk1NQogIHNlcnZlcl9pcDogMTM1MzgxMjE4CiAgcHJvY2Vzc19pZDogNzcxOTU5MDc2Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDEyNTk2NzAy...
ad.doubleclick.net/ddm/activity/ Frame 5469 |
0 860 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
servedby.flashtalking.com/imp/1/211300;7457129;201;js;DV360;EMEAB2BFY23ProgrammaticCCCCTTrialDECreativeEndUsersCreative1728x90png/ Frame 5469 |
1 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 6F0D |
38 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
pagead2.googlesyndication.com/bg/ Frame 6F0D |
39 KB 15 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
j-7457129-4363815.js
cdn.flashtalking.com/xre/745/7457129/4363815/js/ Frame 5469 |
51 KB 15 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6F0D |
0 20 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
dvtp_src.js
cdn.doubleverify.com/ Frame 5469 |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
4363815.gif
cdn.flashtalking.com/xre/745/7457129/4363815/image/ Frame 5469 |
49 KB 49 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
iconc.png
secure.flashtalking.com/oba/icon/ Frame 5469 |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ Frame 5469 |
215 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
dv-measurements5148.js
cdn.doubleverify.com/ Frame 9877 |
424 KB 101 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
visit.js
tps.doubleverify.com/ Frame 9877 |
729 B 750 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
activeview
pagead2.googlesyndication.com/pcs/ Frame 5469 |
42 B 64 B |
Fetch
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H3 |
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5469 |
0 20 B |
Ping
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F120.0.6099.109%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=90&winw=728&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=5148&tgjsver=5148&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-5270614258572210%26output%3Dhtml%26h%3D90%26slotname%3D5848640411%26adk%3D1435077868%26adf%3D3229680868%26pi%3Dt.ma~as.5848640411%26w%3D728%26lmt%3D1702661577%26rafmt%3D12%26format%3D728x90%26url%3Dhttps%253A%252F%252Fwww.4tracking.net%252F%26ea%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1702676048964%26bpp%3D2%26bdt%3D1251%26idt%3D245%26shv%3Dr20231207%26mjsv%3Dm202312070101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26correlator%3D7664758420816%26frm%3D20%26pv%3D2%26ga_vid%3D536744857.1702676048%26ga_sid%3D1702676049%26ga_hid%3D1768510747%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D436%26ady%3D451%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C31079438%252C44807406%252C95320869%252C95320884%26oid%3D2%26pvsid%3D3788517500202978%26tmod%3D994823978%26uas%3D0%26nvt%3D1%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D256%26bc%3D31%26ifi%3D1%26uci%3Da!1%26fsb%3D1%26dtd%3D257&fcifrms=4&brh=2&dvp_epl=182&noc=4&nav_pltfrm=Win32&ctx=25015906&cmp=211300&sid=18330&plc=7457129&crt=4363815&btreg=7457129&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_rcp=2&dvp_htec=1&dvp_seem=2&dvp_tuk=1&dvp_sukv=6650727345.438905&ee_dp_sukv=6650727345.438905&dvp_tukv=1322369870.7026882&ee_dp_tukv=1322369870.7026882&dvp_strhd=0.3000001907348633&dvpx_strhd=0.3000001907348633&dvp_tuid=1096092377550&jurtd=24416908){kind=link}
%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F120.0.6099.109%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=90&winw=728&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=5148&tgjsver=5148&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-5270614258572210%26output%3Dhtml%26h%3D90%26slotname%3D5848640411%26adk%3D1435077868%26adf%3D3229680868%26pi%3Dt.ma~as.5848640411%26w%3D728%26lmt%3D1702661577%26rafmt%3D12%26format%3D728x90%26url%3Dhttps%253A%252F%252Fwww.4tracking.net%252F%26ea%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1702676048964%26bpp%3D2%26bdt%3D1251%26idt%3D245%26shv%3Dr20231207%26mjsv%3Dm202312070101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26correlator%3D7664758420816%26frm%3D20%26pv%3D2%26ga_vid%3D536744857.1702676048%26ga_sid%3D1702676049%26ga_hid%3D1768510747%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D436%26ady%3D451%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C31079438%252C44807406%252C95320869%252C95320884%26oid%3D2%26pvsid%3D3788517500202978%26tmod%3D994823978%26uas%3D0%26nvt%3D1%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D256%26bc%3D31%26ifi%3D1%26uci%3Da!1%26fsb%3D1%26dtd%3D257&fcifrms=4&brh=2&dvp_epl=182&noc=4&nav_pltfrm=Win32&ctx=25015906&cmp=211300&sid=18330&plc=7457129&crt=4363815&btreg=7457129&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_rcp=2&dvp_htec=1&dvp_seem=2&dvp_tuk=1&dvp_sukv=6650727345.438905&ee_dp_sukv=6650727345.438905&dvp_tukv=1322369870.7026882&ee_dp_tukv=1322369870.7026882&dvp_strhd=0.3000001907348633&dvpx_strhd=0.3000001907348633&dvp_tuid=1096092377550&jurtd=24416908){kind=link}
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)83 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| documentPictureInPicture function| gtag object| dataLayer function| ym object| FT_OBJ function| loadCSS object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| onYouTubeIframeAPIReady object| gaGlobal object| gaplugins object| gaData object| Ya object| yaCounter73220287 function| jlooper function| CodeMirror object| CryptoJS object| CryptoJSAesJson object| Base64 function| af function| PositiveNumber function| myTrim function| isURL function| isObject function| uniqArr function| validtracking function| is_validID function| cjd function| ddwj function| gtk function| createCookie function| readCookie function| eraseCookie function| tryDecodeURIComponent function| isDefined function| IsJsonString function| $ function| jQuery object| lazySizes function| $_GET function| parseKeyValue function| tabs function| _popup object| cm function| ajaxRequest function| close_dialog function| resize_dialog function| ini_dialog function| update_dialog function| setCarrier object| google_js_reporting_queue number| google_srt object| google_persistent_state_async object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state object| adsbygoogle string| google_user_agent_client_hint object| google_sa_queue function| google_process_slots boolean| google_apltlad function| google_spfd number| google_unique_id object| google_sv_map object| google_ama_state number| google_rum_task_id_counter function| google_sa_impl number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| GoogleGcLKhOms object| google_image_requests object| googletag30 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .4tracking.net/ | Name: _ga_4LD9851YLQ Value: GS1.1.1702676048.1.0.1702676048.0.0.0 |
|
| .4tracking.net/ | Name: _ga_1ZQ109EN18 Value: GS1.1.1702676048.1.0.1702676048.0.0.0 |
|
| .4tracking.net/ | Name: _ga Value: GA1.2.536744857.1702676048 |
|
| .4tracking.net/ | Name: _gid Value: GA1.2.1217823739.1702676048 |
|
| .4tracking.net/ | Name: _gat_gtag_UA_166841275_1 Value: 1 |
|
| .yandex.ru/ | Name: i Value: 6dI70wksfg3pwamat2TB7bSJJL93vJXMyI6gYPREReaRPgxq+9muYr2bGS3vXXga9ubLGocsPWS2P2VlkJC7f5Bk2so= |
|
| .yandex.ru/ | Name: yandexuid Value: 2451264091702676047 |
|
| .4tracking.net/ | Name: _ym_uid Value: 1702676048232084408 |
|
| .4tracking.net/ | Name: _ym_d Value: 1702676048 |
|
| .mc.yandex.com/ | Name: sync_cookie_csrf Value: 4200748661fake |
|
| .4tracking.net/ | Name: _ym_isad Value: 2 |
|
| .mc.yandex.ru/ | Name: sync_cookie_csrf Value: 2667814095fake |
|
| .yandex.com/ | Name: yandexuid Value: 2451264091702676047 |
|
| .yandex.com/ | Name: yuidss Value: 2451264091702676047 |
|
| .yandex.com/ | Name: i Value: 6dI70wksfg3pwamat2TB7bSJJL93vJXMyI6gYPREReaRPgxq+9muYr2bGS3vXXga9ubLGocsPWS2P2VlkJC7f5Bk2so= |
|
| .yandex.com/ | Name: yp Value: 1702762448.yu.5128040431702676048 |
|
| .mc.yandex.com/ | Name: sync_cookie_ok Value: synced |
|
| mc.yandex.com/ | Name: yabs-sid Value: 1756160311702676048 |
|
| .yandex.com/ | Name: ymex Value: 1705268048.oyu.5128040431702676048#1734212048.yrts.1702676048 |
|
| .yandex.com/ | Name: bh Value: KgI/MA== |
|
| .doubleclick.net/ | Name: IDE Value: AHWqTUnoVYbN0M_MyIvZPCskgFg60eaY-sEm6JnNH8VuM0XnUSNZCW1Frd9vvrLo |
|
| .casalemedia.com/ | Name: CMPS Value: 2202 |
|
| .adnxs.com/ | Name: anj Value: dTM7k!M41.D>6NRF']wIg2GU%p0SE=!]tbPl1M>e)ZlrFUfJ+tGXxoDG8KESSI:#6SMOx!HLZI_C>MaQ]5-mlheBdI*bpRz*qF1`*b`DA*D?+' |
|
| .adnxs.com/ | Name: uuid2 Value: 6010625667129273402 |
|
| .casalemedia.com/ | Name: CMID Value: ZXzGUtbpZ8KyCbHYrRVwEAAA |
|
| .casalemedia.com/ | Name: CMPRO Value: 3248 |
|
| .doubleclick.net/ | Name: APC Value: AfxxVi5aGLbPzMpEvCx8Y-hmDXlR8pQj_2KNiEXokRCLvn-_xXscUQ |
|
| .doubleclick.net/ | Name: ar_debug Value: 1 |
|
| .4tracking.net/ | Name: __gads Value: ID=5fe28479ce214d4c:T=1702676049:RT=1702676049:S=ALNI_Ma1WFNHzMvJSocXbIElJ9bt5jrJIg |
|
| .4tracking.net/ | Name: __gpi Value: UID=00000ce5ec6979a7:T=1702676049:RT=1702676049:S=ALNI_MYP1R0YtbW1ZDu_jjLAD1fP4fn7zg |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ad.doubleclick.net
cdn.doubleverify.com
cdn.flashtalking.com
cm.g.doubleclick.net
dmws6zo5g7pcv.cloudfront.net
dsum-sec.casalemedia.com
googleads.g.doubleclick.net
ib.adnxs.com
mc.yandex.com
mc.yandex.ru
pagead2.googlesyndication.com
region1.google-analytics.com
secure.flashtalking.com
servedby.flashtalking.com
tpc.googlesyndication.com
tps.doubleverify.com
www.4tracking.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
130.211.44.5
142.250.185.194
172.64.151.101
185.89.211.84
2.19.216.48
2001:4860:4802:34::36
216.58.206.38
23.36.233.143
2600:9000:21c7:4e00:7:39c0:7c0:21
2606:4700:3033::6815:275
2606:4700:3033::ac43:8123
2a00:1450:4001:802::2002
2a00:1450:4001:808::2001
2a00:1450:4001:80f::2008
2a00:1450:4001:810::2004
2a00:1450:4001:811::2002
2a00:1450:4001:812::2002
2a00:1450:4001:813::200e
2a01:4a0:1338:28::c38a:ff08
2a02:6b8::1:119
0119df46e4cc0c137c7f61ab85abe6a1d82e1ffe8f5b9f6348371e182824de8b
04682722d7b228d153dbf1ca953940f30843864c0285972e6030bbcee309d790
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0db09a391baac16aac73981e79e3e633568e827ea1ccf14df6418c6c06f0424f
0dd17dd7ad7f943d8e6ca96d71aac8c51c849972a7d513f44b4610df0628e879
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
10a68e01209d939afa9318ee71601b0a6e10f025d4cd6d98a492d340b73941fb
1824eb337b117586825a512db51f54430761be2ce585ee00ccd8cfad4a698b9d
1bf5b4dc7e8b7c6142eb0789d80b8b974293aadc75dc132f1726754776775aa4
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
23eeaa76e154b7a0ff095a91d1448b5a1a294710a1c723b9c8dba2a64b52a69b
25cd45ef97e8fa4f7a9b7538cfec80f4d0a7a9de15d336348eacc33a6ed9fa75
28df7da4aa712323b65cbceabded81777805223bedd32f6ac5f7a5c31365fb25
291dd884f4e40a1a76f756adf2da11bcd369a054573da7f455e533e306f9c471
2b366228a37137c0904b937602dfcba4f827337cf8f100b104234635f9d7574f
2ba4822e338fdd56532a0ee740aebb6415f5853f5f55425c584bbfa20232bd57
2c839e6966a8fc1a5efa387397e910918ae859d980e42b0763a17b7a8c0b005f
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
386a0486e50aeb2e12ea21fcb15c785b93d83fa2739e425d834a389038578eab
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3ef3f7f2ef974d7690d16e36e4598cfb649eab643d0490257d10271a2d3108ac
3f406eb0b4888ae7bff0266ebd6978dfe37bbd276cab3a338d210a34ec06c381
424608008607b39674e00bca2428b48325f526d231ed04887c653decdd5ab445
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
54542cf9f2e93c95b7a6666702accf632251492cba2357f5e677696e88f263db
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
586c099a757627b53f44ceb074ded074aad6b7f5be072baa2e49629f0c552d22
5dd15667324ece0bfda84551cea4bb1d8b2acc06ffb06382e0e1cac83fed6c90
5f0668649977e9ecf834f8d2632be25ca35d3edac697774ec1a51640d9b3c996
6102d04c941d6210d46440fa9b49fd2e9c306044191f4d804235e467dbd128ec
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
627f5d28869aba8271ba1e96ce4206e3f5dde6156b1e58a2a0cd65a5a7856d3f
650d4cf8d49a2d6ea2225fed9729a014cee737704311c8ac56ca613261495668
68c24818c6f6154da2512ad8c5e7a65e807515b77bd20181bb7b1fa9dce174dc
6af7d4f12833cd3f8b0f20346593662abfb2da56cfe593516218838718dfc188
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7d6e5d1bbd1eb1dccde29043833a9e31bfc6b3d62c096f681e81cf0e4976675d
7d784d7f7f94e5a9339af2407aee24dc7f831c2bcf9a466873ad3bd264975a80
7ecc8f7948d19b7bc65ceaec9d6b42b8d1bd8e00ffd0a99359cf298d2912f44f
804c3aa6184b3009516c9330c448306ce0a8861d7deb244ff5881aff79cebe3e
822a69c1f5454a188ba6f0584ef2d41acf856bd43bf4783402ddb3ef4325dcfb
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
8d9b4b794affc5daf4eafa12e0c6294ab31aaeed330886145676bd6b832e8b98
9b2c36195d8149926940ce2d9ed3b6c4e4390464224b8f4733cf096cc4494e74
9bede90624851ed107c8c9c95eac1abc5d99a065129b6cadeaa0a12137011eed
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a3208f29d81ac1b864d1e2b65dca1a1b19443de4b29f0f4a91882e64ed5294e7
a4cc547860f3ea7864af4351db536fd4f5e2af9f0835850a03091133cb83930f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b5b33956a685abfb1f8f3dbeb318600204952fbeda827b252add64721e02d691
b677cd181c01dfb61199e7c5e3a82538d4dde1871363c845fc895e2fc8369996
bc5ceb62932646b61fc1724ae1280fca194feeaf470f89de876056531ecf9150
bde129d054b39c1c28483ca6bb88e16742f4d6b3d2cedaf7fb2af5f201471fd5
c0b5160cb5762da4eb9221de7e9792d441bb06152ab8d71baa742e1789297fa3
c560777099eaee85b8b70876660aaec906d2c34b3d95a7be54835c7578202b68
c92bba1d7ac0690363e7de5af3343e1f9048da7cd5402371a8be3eadfe751551
cb97badeb08d7f30d333fd8bd238a615e1e40165d76f9f34d4ed3a0050e3c588
d108caa0362a6f440847dd0e29015022d163d44e662ca14d1725eaf4f9dbb54e
d6730a05e9d8fe70d4ee3f56ef8124382f7d61d4eed429257f9401814cfbcd42
d6bbcca6a56e95bfdac0eaedc26c740c6e999a8d823acb4eda3b52500e3538af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea2a5ea8f9d4c0b282e0a9326cf676e4482a54b1d5b07d83bea1774b3fa43470
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3f4ccf8f058790108b0034b9c7d03f31bf433496a7ec9c12909154d493a1b06
f6cbe31747c16c069d861a8ed01b15186eaee8c381f74ca1712087811c39f4d4
f75ada33b07cb31e16a0a0d3325961a22dc9526edb49bff04c31d7b7611f7025
f874738afa005278d1ab42c4a211ddebdc788c77a91a2181b347edbd043d10e9
ff70c9bc4650cf5e6b12d1feaa7af29ebf0681993fc0c5ffe3658cea0dbd5403