urlscan.io logo urlscan.io
SecurityTrails logo

xurl.pl Open in urlscan Pro
195.225.138.138  Public Scan

Go To Rescan Add Verdict Report
URL: http://xurl.pl/special
Submission: On May 17 via manual from AR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 4 countries across 9 domains to perform 17 HTTP transactions. The main IP is 195.225.138.138, located in Poland and belongs to OF-PL-AS, PL. The main domain is xurl.pl.
This is the only time xurl.pl was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 195.225.138.138 29305 (OF-PL-AS)
1 1 104.31.77.81 13335 (CLOUDFLAR...)
1 104.18.42.101 13335 (CLOUDFLAR...)
4 138.201.178.189 24940 (HETZNER-AS)
2 216.58.205.238 15169 (GOOGLE)
1 2 148.251.196.46 24940 (HETZNER-AS)
4 4 138.201.165.92 24940 (HETZNER-AS)
1 2 138.201.139.208 24940 (HETZNER-AS)
3 3 18.153.11.22 16509 (AMAZON-02)
2 2 136.243.15.173 24940 (HETZNER-AS)
1 1 94.130.145.83 24940 (HETZNER-AS)
1 138.201.230.75 24940 (HETZNER-AS)
17 8
7    195.225.138.138 (Poland)

ASN29305 (OF-PL-AS, PL)
PTR: v4.kingw.of.pl
xurl.pl
1    104.31.77.81 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
link.do
1    104.18.42.101 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.dudemobile.net
4    138.201.178.189 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 28-hprx.funcns.net
adsearch.adkontekst.pl
2    216.58.205.238 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s24-in-f14.1e100.net
www.google-analytics.com
2    148.251.196.46 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 23-hprx.funcns.net
cm.em.nscontext.eu
4    138.201.165.92 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 28-hprx.funcns.net
mis.em.nscontext.eu
2    138.201.139.208 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 4-bt-spd-d.funcns.net
api.spoldzielnia.nsaudience.pl
3    18.153.11.22 (Cambridge, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-153-11-22.eu-central-1.compute.amazonaws.com
x.bidswitch.net
2    136.243.15.173 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: prod-hzeu-exebid-lba-3.dca-ops.tech
sync-eu.exe.bid
1    94.130.145.83 (Ukraine)

ASN24940 (HETZNER-AS, DE)
PTR: 33-hprx.funcns.net
adsearch.adkontekst.pl
1    138.201.230.75 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 29-hprx.funcns.net
rm.em.nscontext.eu
Domain Requested by
7 xurl.pl xurl.pl
5 adsearch.adkontekst.pl 1 redirects xurl.pl
adsearch.adkontekst.pl
4 mis.em.nscontext.eu 4 redirects
3 x.bidswitch.net 3 redirects
2 sync-eu.exe.bid 2 redirects
2 api.spoldzielnia.nsaudience.pl 1 redirects
2 cm.em.nscontext.eu 1 redirects
2 www.google-analytics.com xurl.pl
1 rm.em.nscontext.eu xurl.pl
1 www.dudemobile.net xurl.pl
1 link.do 1 redirects
17 11

This site contains no links.

Subject Issuer Validity Valid
sni49298.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2018-05-11 -
2018-11-17		 6 months crt.sh
*.em.nscontext.eu
nazwaSSL		 2017-09-05 -
2018-09-05		 a year crt.sh
*.spoldzielnia.nsaudience.pl
nazwaSSL		 2017-09-15 -
2018-09-15		 a year crt.sh

This page contains 6 frames:

Primary Page: http://xurl.pl/special
Frame ID: 87405FB919970E5F2A8589DFA0EC3503
Requests: 3 HTTP requests in this frame

Frame: http://xurl.pl/framedRedirectTop.php?url=654086
Frame ID: D9BB1ECEE2F0F7B7290A21E4799B2335
Requests: 11 HTTP requests in this frame

Frame: https://www.dudemobile.net/cl.php?id=7885a13f81a907c11e07a4e1ddf2939b
Frame ID: 43D9BEBC127C9BC7B1CC8FAE118F0EAF
Requests: 1 HTTP requests in this frame

Frame: https://cm.em.nscontext.eu/cm/iframe//?uid=mi1636f5f681b5575133ae78be26f
Frame ID: A70639FA8C85F92D4001F107EE49FC80
Requests: 1 HTTP requests in this frame

Frame: https://api.spoldzielnia.nsaudience.pl/frontend/api/sale.api?uid=mi1636f5f67f34d10b0b4f9e3bcb7
Frame ID: 4D55B01A6BB3419FE3C538F6F18507A4
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 11776091565EC59CC88831014B59C48E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i

Page Statistics

17
Requests

18 %
HTTPS

0 %
IPv6

9
Domains

11
Subdomains

8
IPs

4
Countries

448 kB
Transfer

851 kB
Size

13
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://link.do/rewards HTTP 301
  • https://www.dudemobile.net/cl.php?id=7885a13f81a907c11e07a4e1ddf2939b
Request Chain 10
  • http://www.google-analytics.com/analytics.js HTTP 307
  • https://www.google-analytics.com/analytics.js
Request Chain 11
  • http://www.google-analytics.com/r/collect?v=1&_v=j67&a=578420686&t=pageview&_s=1&dl=http%3A%2F%2Fxurl.pl%2FframedRedirectTop.php%3Furl%3D654086&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x72&je=0&_u=IEBAAEAB~&jid=1493630487&gjid=2076072145&cid=2087716420.1526581913&tid=UA-38188073-4&_gid=1347194870.1526581913&_r=1&z=1304998120 HTTP 307
  • https://www.google-analytics.com/r/collect?v=1&_v=j67&a=578420686&t=pageview&_s=1&dl=http%3A%2F%2Fxurl.pl%2FframedRedirectTop.php%3Furl%3D654086&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x72&je=0&_u=IEBAAEAB~&jid=1493630487&gjid=2076072145&cid=2087716420.1526581913&tid=UA-38188073-4&_gid=1347194870.1526581913&_r=1&z=1304998120
Request Chain 13
  • https://cm.em.nscontext.eu/cm/iframe/ HTTP 302
  • https://mis.em.nscontext.eu/deimos/cm/?redirect=https://cm.em.nscontext.eu/cm/iframe//?uid=__userId__ HTTP 302
  • https://mis.em.nscontext.eu/ex/tmp1526581913627Z183689575/mi1636f5f681b5575133ae78be26f/1?redirect=https://cm.em.nscontext.eu/cm/iframe//?uid=__userId__ HTTP 302
  • https://cm.em.nscontext.eu/cm/iframe//?uid=mi1636f5f681b5575133ae78be26f
Request Chain 14
  • https://api.spoldzielnia.nsaudience.pl/frontend/api/matchSale.api HTTP 302
  • https://mis.em.nscontext.eu/?redirect=https%3A%2F%2Fapi.spoldzielnia.nsaudience.pl%2Ffrontend%2Fapi%2Fsale.api%3Fuid%3D__masterId__ HTTP 302
  • https://mis.em.nscontext.eu/ex/tmp1526581913587Z1312838772/mi1636f5f67f34d10b0b4f9e3bcb7/1?redirect=https%3A%2F%2Fapi.spoldzielnia.nsaudience.pl%2Ffrontend%2Fapi%2Fsale.api%3Fuid%3D__masterId__ HTTP 302
  • https://api.spoldzielnia.nsaudience.pl/frontend/api/sale.api?uid=mi1636f5f67f34d10b0b4f9e3bcb7
Request Chain 17
  • https://x.bidswitch.net/sync?ssp=netsprint HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=netsprint HTTP 302
  • https://sync-eu.exe.bid/bidswitch/sync?sub1=netsprint HTTP 302
  • https://sync-eu.exe.bid/bidswitch/sync?sub1=netsprint&session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cDovL3h1cmwucGwvZnJhbWVkUmVkaXJlY3RUb3AucGhwP3VybFx1MDAzZDY1NDA4NiJdfX0 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=140&user_id=1a5985f3-2fe6-4b2d-99a7-1d1125c86ed1&expires=14&ssp=netsprint HTTP 302
  • https://adsearch.adkontekst.pl/deimos/rtbcm?dspId=bidswitch&buyerId=bde116da-b217-4b9b-92b9-d7fa216cfaed HTTP 302
  • https://rm.em.nscontext.eu/?dspId=bidswitch&buyerId=bde116da-b217-4b9b-92b9-d7fa216cfaed

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set special
xurl.pl/ 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://xurl.pl/special
Protocol
HTTP/1.1
Server
195.225.138.138 , Poland, ASN29305 (OF-PL-AS, PL),
Reverse DNS
v4.kingw.of.pl
Software
/ PHP/5.3.29
Resource Hash
d7d6ac930a1b2f9ae5c54da4bea5d688a2967e96f7a03c74f4fdc8dfce8daa94

Request headers

Host
xurl.pl
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
87405FB919970E5F2A8589DFA0EC3503

Response headers

Date
Thu, 17 May 2018 18:31:51 GMT
Server
X-Powered-By
PHP/5.3.29
Set-Cookie
shorturl=gct1arb8609sakhk310i4sl6q7; path=/
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Keep-Alive
timeout=10, max=10
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html
bootstrap.css
xurl.pl/themes/v3/styles/css/ 		127 KB
127 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://xurl.pl/themes/v3/styles/css/bootstrap.css
Requested by
Host: xurl.pl
URL: http://xurl.pl/special
Protocol
HTTP/1.1
Server
195.225.138.138 , Poland, ASN29305 (OF-PL-AS, PL),
Reverse DNS
v4.kingw.of.pl
Software
/
Resource Hash
bb74e0857a515bba7514be5880db482d5e2f32047b5b27bed2b8d064e731b094

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
xurl.pl
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://xurl.pl/special
Cookie
shorturl=gct1arb8609sakhk310i4sl6q7
Connection
keep-alive
Cache-Control
no-cache
Referer
http://xurl.pl/special
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Thu, 17 May 2018 18:31:52 GMT
Last-Modified
Fri, 16 Aug 2013 18:23:12 GMT
Server
ETag
"5a44941-1fcce-520e6e10"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=9
Content-Length
130254
screen.css
xurl.pl/themes/v3/styles/ 		39 KB
39 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://xurl.pl/themes/v3/styles/screen.css
Requested by
Host: xurl.pl
URL: http://xurl.pl/special
Protocol
HTTP/1.1
Server
195.225.138.138 , Poland, ASN29305 (OF-PL-AS, PL),
Reverse DNS
v4.kingw.of.pl
Software
/
Resource Hash
c633c8575301d2e600d0006875ae313be2de2d0813e8f5db62c9dc8de38bc2df

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
xurl.pl
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://xurl.pl/special
Cookie
shorturl=gct1arb8609sakhk310i4sl6q7
Connection
keep-alive
Cache-Control
no-cache
Referer
http://xurl.pl/special
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Thu, 17 May 2018 18:31:52 GMT
Last-Modified
Fri, 16 Aug 2013 18:23:11 GMT
Server
ETag
"5a4493f-9a8b-520e6e0f"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=10
Content-Length
39563
framedRedirectTop.php
xurl.pl/ Frame D9BB 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://xurl.pl/framedRedirectTop.php?url=654086
Requested by
Host: xurl.pl
URL: http://xurl.pl/special
Protocol
HTTP/1.1
Server
195.225.138.138 , Poland, ASN29305 (OF-PL-AS, PL),
Reverse DNS
v4.kingw.of.pl
Software
/ PHP/5.3.29
Resource Hash
a8034b2a9c1d4262b7f16fdf0e128450af5253d697731c3ee1449b57c1cb17da

Request headers

Host
xurl.pl
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://xurl.pl/special
Accept-Encoding
gzip, deflate
Cookie
shorturl=gct1arb8609sakhk310i4sl6q7
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
87405FB919970E5F2A8589DFA0EC3503
Referer
http://xurl.pl/special

Response headers

Date
Thu, 17 May 2018 18:31:52 GMT
Server
X-Powered-By
PHP/5.3.29
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Keep-Alive
timeout=10, max=10
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html
cl.php
www.dudemobile.net/ Frame 43D9
Redirect Chain
  • https://link.do/rewards
  • https://www.dudemobile.net/cl.php?id=7885a13f81a907c11e07a4e1ddf2939b
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.dudemobile.net/cl.php?id=7885a13f81a907c11e07a4e1ddf2939b
Requested by
Host: xurl.pl
URL: http://xurl.pl/special
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.42.101 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / PHP/5.6.36
Resource Hash

Request headers

:method
GET
:authority
www.dudemobile.net
:scheme
https
:path
/cl.php?id=7885a13f81a907c11e07a4e1ddf2939b
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
http://xurl.pl/special
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
87405FB919970E5F2A8589DFA0EC3503
Referer
http://xurl.pl/special

Response headers

status
200
date
Thu, 17 May 2018 18:31:53 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d48cf13c032e5c67e5cdd9a9d9f74a8ee1526581913; expires=Fri, 17-May-19 18:31:53 GMT; path=/; domain=.dudemobile.net; HttpOnly
x-powered-by
PHP/5.6.36
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
41c829dc9bec97f8-FRA
content-encoding
gzip

Redirect headers

status
301
date
Thu, 17 May 2018 18:31:52 GMT
content-type
text/html
set-cookie
__cfduid=d3fb558b75cbfe659ddadf4a5141bdc3a1526581912; expires=Fri, 17-May-19 18:31:52 GMT; path=/; domain=.link.do; HttpOnly; Secure PHPSESSID=sr9lt8kcedn7ctt3g0l71mkus1; path=/ short_rewards=1; expires=Thu, 17-May-2018 19:05:09 GMT; path=/; httponly
x-powered-by
PHP/5.4.45-0+deb7u9
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
location
https://www.dudemobile.net/cl.php?id=7885a13f81a907c11e07a4e1ddf2939b
vary
Accept-Encoding
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
41c829db59e19786-FRA
bootstrap.css
xurl.pl/themes/v3/styles/css/ Frame D9BB 		127 KB
127 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://xurl.pl/themes/v3/styles/css/bootstrap.css
Requested by
Host: xurl.pl
URL: http://xurl.pl/framedRedirectTop.php?url=654086
Protocol
HTTP/1.1
Server
195.225.138.138 , Poland, ASN29305 (OF-PL-AS, PL),
Reverse DNS
v4.kingw.of.pl
Software
/
Resource Hash
bb74e0857a515bba7514be5880db482d5e2f32047b5b27bed2b8d064e731b094

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
xurl.pl
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://xurl.pl/framedRedirectTop.php?url=654086
Cookie
shorturl=gct1arb8609sakhk310i4sl6q7
Connection
keep-alive
Cache-Control
no-cache
Referer
http://xurl.pl/framedRedirectTop.php?url=654086
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Thu, 17 May 2018 18:31:52 GMT
Last-Modified
Fri, 16 Aug 2013 18:23:12 GMT
Server
ETag
"5a44941-1fcce-520e6e10"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=9
Content-Length
130254
screen.css
xurl.pl/themes/v3/styles/ Frame D9BB 		39 KB
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://xurl.pl/themes/v3/styles/screen.css
Requested by
Host: xurl.pl
URL: http://xurl.pl/framedRedirectTop.php?url=654086
Protocol
HTTP/1.1
Server
195.225.138.138 , Poland, ASN29305 (OF-PL-AS, PL),
Reverse DNS
v4.kingw.of.pl
Software
/
Resource Hash
c633c8575301d2e600d0006875ae313be2de2d0813e8f5db62c9dc8de38bc2df

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
xurl.pl
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://xurl.pl/special
Cookie
shorturl=gct1arb8609sakhk310i4sl6q7
Connection
keep-alive
Cache-Control
no-cache

Response headers

Date
Thu, 17 May 2018 18:31:52 GMT
Last-Modified
Fri, 16 Aug 2013 18:23:11 GMT
Server
ETag
"5a4493f-9a8b-520e6e0f"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=10
Content-Length
39563
red.png
xurl.pl/themes/v3/images/logo/ Frame D9BB 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://xurl.pl/themes/v3/images/logo/red.png
Requested by
Host: xurl.pl
URL: http://xurl.pl/framedRedirectTop.php?url=654086
Protocol
HTTP/1.1
Server
195.225.138.138 , Poland, ASN29305 (OF-PL-AS, PL),
Reverse DNS
v4.kingw.of.pl
Software
/
Resource Hash
5696b86cafd00b7c0ea1afead82ad1530db1a17a683bfa10d14d37781f95cff5

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
xurl.pl
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://xurl.pl/framedRedirectTop.php?url=654086
Cookie
shorturl=gct1arb8609sakhk310i4sl6q7
Connection
keep-alive
Cache-Control
no-cache
Referer
http://xurl.pl/framedRedirectTop.php?url=654086
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Thu, 17 May 2018 18:31:52 GMT
Last-Modified
Sat, 31 Aug 2013 22:47:44 GMT
Server
ETag
"5a447df-1a69-52227290"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=8
Content-Length
6761
/
adsearch.adkontekst.pl/_/ads/ Frame D9BB 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://adsearch.adkontekst.pl/_/ads/?QAPS_AKPL=b290fe239207177a78f816b049a64836
Requested by
Host: xurl.pl
URL: http://xurl.pl/framedRedirectTop.php?url=654086
Protocol
HTTP/1.1
Server
138.201.178.189 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
28-hprx.funcns.net
Software
Microsoft-IIS/7.5 /
Resource Hash
b9cd482f2c10c568011d3f7ca3268cd0d90eafbf7e0130ce70280f34b01ba86d

Request headers

Referer
http://xurl.pl/framedRedirectTop.php?url=654086
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Thu, 17 May 2018 18:31:53 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/7.5
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/javascript; charset=UTF-8
/
adsearch.adkontekst.pl/quad/spliter/ Frame D9BB 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://adsearch.adkontekst.pl/quad/spliter/?prefix=akon&prid=0&caid=0&plh=b290fe239207177a78f816b049a64836&plid=0&namespace=qa_akon&nc=1526581912875&qss=true&nc2=358413843&type=K1&ref=http%3A%2F%2Fxurl.pl%2Fspecial
Requested by
Host: adsearch.adkontekst.pl
URL: http://adsearch.adkontekst.pl/_/ads/?QAPS_AKPL=b290fe239207177a78f816b049a64836
Protocol
HTTP/1.1
Server
138.201.178.189 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
28-hprx.funcns.net
Software
Microsoft-IIS/7.5 /
Resource Hash
007ca0d091ed37f2bd96fa6773462486e74a4707b72945e880bb52ff97d3fe7d

Request headers

Referer
http://xurl.pl/framedRedirectTop.php?url=654086
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 17 May 2018 18:31:53 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/7.5
Transfer-Encoding
chunked
P3P
CP="NOI DSP COR NID CUR OUR NOR"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
text/javascript; charset=UTF-8
/
adsearch.adkontekst.pl/_/both/ Frame D9BB 		455 KB
121 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://adsearch.adkontekst.pl/_/both/?prefix=akon&namespace=qa_akon&nc=0&browser=safari
Requested by
Host: adsearch.adkontekst.pl
URL: http://adsearch.adkontekst.pl/_/ads/?QAPS_AKPL=b290fe239207177a78f816b049a64836
Protocol
HTTP/1.1
Server
138.201.178.189 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
28-hprx.funcns.net
Software
Microsoft-IIS/7.5 /
Resource Hash
e320c9d43ef1d2e33e14dfeb543a823c284f0b7cb96f568f39e58855b0b54fab

Request headers

Referer
http://xurl.pl/framedRedirectTop.php?url=654086
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Thu, 17 May 2018 18:31:53 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/7.5
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/javascript; charset=UTF-8
analytics.js
www.google-analytics.com/ Frame D9BB
Redirect Chain
  • http://www.google-analytics.com/analytics.js
  • https://www.google-analytics.com/analytics.js
34 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: xurl.pl
URL: http://xurl.pl/framedRedirectTop.php?url=654086
Protocol
SPDY
Server
216.58.205.238 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s24-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
2218bbf47b340278b7b696dbe3af4eed89edffa709c19abd6747b18147c3a675
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://xurl.pl/framedRedirectTop.php?url=654086
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 12 Apr 2018 18:13:11 GMT
server
Golfe2
age
5746
date
Thu, 17 May 2018 16:56:07 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
14353
expires
Thu, 17 May 2018 18:56:07 GMT

Redirect headers

Location
https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason
HSTS
collect
www.google-analytics.com/r/ Frame D9BB
Redirect Chain
  • http://www.google-analytics.com/r/collect?v=1&_v=j67&a=578420686&t=pageview&_s=1&dl=http%3A%2F%2Fxurl.pl%2FframedRedirectTop.php%3Furl%3D654086&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x72&j...
  • https://www.google-analytics.com/r/collect?v=1&_v=j67&a=578420686&t=pageview&_s=1&dl=http%3A%2F%2Fxurl.pl%2FframedRedirectTop.php%3Furl%3D654086&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x72&...
35 B
114 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j67&a=578420686&t=pageview&_s=1&dl=http%3A%2F%2Fxurl.pl%2FframedRedirectTop.php%3Furl%3D654086&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x72&je=0&_u=IEBAAEAB~&jid=1493630487&gjid=2076072145&cid=2087716420.1526581913&tid=UA-38188073-4&_gid=1347194870.1526581913&_r=1&z=1304998120
Requested by
Host: xurl.pl
URL: http://xurl.pl/framedRedirectTop.php?url=654086
Protocol
SPDY
Server
216.58.205.238 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s24-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://xurl.pl/framedRedirectTop.php?url=654086
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 17 May 2018 18:31:53 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://www.google-analytics.com/r/collect?v=1&_v=j67&a=578420686&t=pageview&_s=1&dl=http%3A%2F%2Fxurl.pl%2FframedRedirectTop.php%3Furl%3D654086&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x72&je=0&_u=IEBAAEAB~&jid=1493630487&gjid=2076072145&cid=2087716420.1526581913&tid=UA-38188073-4&_gid=1347194870.1526581913&_r=1&z=1304998120
Non-Authoritative-Reason
HSTS
/
adsearch.adkontekst.pl/quad/spliter/ Frame D9BB 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://adsearch.adkontekst.pl/quad/spliter/?prid=887&caid=503248&nc=1526581913364&cc=2&form=507498:2:;&content=&qnr=0&without=&extra=&w=936&h=60&qss=true&flash=false&iid=-225831474966555&prefix=akon&namespace=qa_akon&type=2&ref=http%3A%2F%2Fxurl.pl%2Fspecial
Requested by
Host: adsearch.adkontekst.pl
URL: http://adsearch.adkontekst.pl/_/ads/?QAPS_AKPL=b290fe239207177a78f816b049a64836
Protocol
HTTP/1.1
Server
138.201.178.189 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
28-hprx.funcns.net
Software
Microsoft-IIS/7.5 /
Resource Hash
0ba801f2ea4002761d84757bd43fc1a98ce50fb4d0cdb57fe213c976183961fb

Request headers

Referer
http://xurl.pl/framedRedirectTop.php?url=654086
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 17 May 2018 18:31:54 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/7.5
Transfer-Encoding
chunked
P3P
CP="NOI DSP COR NID CUR OUR NOR"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
text/javascript; charset=UTF-8
Cookie set /
cm.em.nscontext.eu/cm/iframe// Frame A706
Redirect Chain
  • https://cm.em.nscontext.eu/cm/iframe/
  • https://mis.em.nscontext.eu/deimos/cm/?redirect=https://cm.em.nscontext.eu/cm/iframe//?uid=__userId__
  • https://mis.em.nscontext.eu/ex/tmp1526581913627Z183689575/mi1636f5f681b5575133ae78be26f/1?redirect=https://cm.em.nscontext.eu/cm/iframe//?uid=__userId__
  • https://cm.em.nscontext.eu/cm/iframe//?uid=mi1636f5f681b5575133ae78be26f
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.em.nscontext.eu/cm/iframe//?uid=mi1636f5f681b5575133ae78be26f
Requested by
Host:
URL: gummibear.boxstatic-0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
148.251.196.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
23-hprx.funcns.net
Software
Microsoft-IIS/7.5 /
Resource Hash

Request headers

Host
cm.em.nscontext.eu
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://xurl.pl/framedRedirectTop.php?url=654086
Accept-Encoding
gzip, deflate
Cookie
tmp1526581913587Z1312838772=mi1636f5f67f34d10b0b4f9e3bcb7; volatileUid=mi1636f5f681b5575133ae78be26f; tmp1526581913627Z183689575=mi1636f5f681b5575133ae78be26f; uid=mi1636f5f681b5575133ae78be26f
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
87405FB919970E5F2A8589DFA0EC3503
Referer
http://xurl.pl/framedRedirectTop.php?url=654086

Response headers

Server
Microsoft-IIS/7.5
Date
Thu, 17 May 2018 18:31:53 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
uid=mi1636f5f681b5575133ae78be26f;Path=/;Domain=.em.nscontext.eu;Expires=Sat, 16-May-2020 18:31:53 GMT ec=ec;Path=/;Expires=Thu, 17-May-2018 19:31:53 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Server
Microsoft-IIS/7.5
Date
Thu, 17 May 2018 18:31:54 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
uid=mi1636f5f681b5575133ae78be26f;Path=/;Domain=.em.nscontext.eu;Expires=Sat, 16-May-2020 18:31:53 GMT;Max-Age=63072000
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://cm.em.nscontext.eu/cm/iframe//?uid=mi1636f5f681b5575133ae78be26f
Cookie set sale.api
api.spoldzielnia.nsaudience.pl/frontend/api/ Frame 4D55
Redirect Chain
  • https://api.spoldzielnia.nsaudience.pl/frontend/api/matchSale.api
  • https://mis.em.nscontext.eu/?redirect=https%3A%2F%2Fapi.spoldzielnia.nsaudience.pl%2Ffrontend%2Fapi%2Fsale.api%3Fuid%3D__masterId__
  • https://mis.em.nscontext.eu/ex/tmp1526581913587Z1312838772/mi1636f5f67f34d10b0b4f9e3bcb7/1?redirect=https%3A%2F%2Fapi.spoldzielnia.nsaudience.pl%2Ffrontend%2Fapi%2Fsale.api%3Fuid%3D__masterId__
  • https://api.spoldzielnia.nsaudience.pl/frontend/api/sale.api?uid=mi1636f5f67f34d10b0b4f9e3bcb7
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://api.spoldzielnia.nsaudience.pl/frontend/api/sale.api?uid=mi1636f5f67f34d10b0b4f9e3bcb7
Requested by
Host:
URL: gummibear.boxstatic-0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.201.139.208 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
4-bt-spd-d.funcns.net
Software
Microsoft-IIS/7.5 /
Resource Hash

Request headers

Host
api.spoldzielnia.nsaudience.pl
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://xurl.pl/framedRedirectTop.php?url=654086
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
87405FB919970E5F2A8589DFA0EC3503
Referer
http://xurl.pl/framedRedirectTop.php?url=654086

Response headers

Server
Microsoft-IIS/7.5
Date
Thu, 17 May 2018 18:31:53 GMT
Content-Type
text/html;charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
P3P
CP="CAO COR COR CON TEL IVD SAM IND BUS"
Set-Cookie
ut=1526581913631;Path=/;Expires=Fri, 17-May-2019 18:31:53 GMT uid=mi1636f5f67f34d10b0b4f9e3bcb7;Path=/;Expires=Fri, 17-May-2019 18:31:53 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Encoding
gzip

Redirect headers

Server
Microsoft-IIS/7.5
Date
Thu, 17 May 2018 18:31:54 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
uid=mi1636f5f67f34d10b0b4f9e3bcb7;Path=/;Domain=.em.nscontext.eu;Expires=Sat, 16-May-2020 18:31:53 GMT;Max-Age=63072000
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://api.spoldzielnia.nsaudience.pl/frontend/api/sale.api?uid=mi1636f5f67f34d10b0b4f9e3bcb7
truncated
/ Frame 1177 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f8d90d1c34b2cf176ae743361793df9ee6418708d8a8b5e4a7f69cf9503ba984

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
truncated
/ Frame 1177 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9ed62e3d304b93a243e8390e6161d14d28447a34b5cb8953ce048fc83c94383d

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
/
rm.em.nscontext.eu/ Frame D9BB
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=netsprint
  • https://x.bidswitch.net/ul_cb/sync?ssp=netsprint
  • https://sync-eu.exe.bid/bidswitch/sync?sub1=netsprint
  • https://sync-eu.exe.bid/bidswitch/sync?sub1=netsprint&session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cDovL3h1cmwucGwvZnJhbWVkUmVkaXJlY3RUb3AucGhwP3VybFx1MDAzZDY1NDA4NiJdfX0
  • https://x.bidswitch.net/sync?dsp_id=140&user_id=1a5985f3-2fe6-4b2d-99a7-1d1125c86ed1&expires=14&ssp=netsprint
  • https://adsearch.adkontekst.pl/deimos/rtbcm?dspId=bidswitch&buyerId=bde116da-b217-4b9b-92b9-d7fa216cfaed
  • https://rm.em.nscontext.eu/?dspId=bidswitch&buyerId=bde116da-b217-4b9b-92b9-d7fa216cfaed
631 B
960 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rm.em.nscontext.eu/?dspId=bidswitch&buyerId=bde116da-b217-4b9b-92b9-d7fa216cfaed
Requested by
Host: xurl.pl
URL: http://xurl.pl/special
Protocol
HTTP/1.1
Server
138.201.230.75 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
29-hprx.funcns.net
Software
Microsoft-IIS/7.5 /
Resource Hash
c12998add033bf7f99e0ea18be87cbd554980348d1d24a95218e62618d8946a0

Request headers

Referer
http://xurl.pl/framedRedirectTop.php?url=654086
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Thu, 17 May 2018 18:31:53 GMT
Server
Microsoft-IIS/7.5
Connection
keep-alive
Content-Type
image/jpeg
Transfer-Encoding
chunked
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 17 May 2018 18:31:53 GMT
Server
Microsoft-IIS/7.5
Transfer-Encoding
chunked
P3P
CP = "NOI DSP COR NID CUR OUR NOR"
Location
https://rm.em.nscontext.eu/?dspId=bidswitch&buyerId=bde116da-b217-4b9b-92b9-d7fa216cfaed
Cache-Control
no-cache
Connection
keep-alive

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Domain/Path Name / Value
api.spoldzielnia.nsaudience.pl/ Name: uid
Value: mi1636f5f67f34d10b0b4f9e3bcb7
cm.em.nscontext.eu/ Name: ec
Value: ec
api.spoldzielnia.nsaudience.pl/ Name: ut
Value: 1526581913631
.em.nscontext.eu/ Name: volatileUid
Value: mi1636f5f681b5575133ae78be26f
.em.nscontext.eu/ Name: tmp1526581913627Z183689575
Value: mi1636f5f681b5575133ae78be26f
.em.nscontext.eu/ Name: tmp1526581913587Z1312838772
Value: mi1636f5f67f34d10b0b4f9e3bcb7
.xurl.pl/ Name: _gat
Value: 1
xurl.pl/ Name: shorturl
Value: gct1arb8609sakhk310i4sl6q7
api.spoldzielnia.nsaudience.pl/ Name: google_capping
Value: 1526581913680
.dudemobile.net/ Name: __cfduid
Value: d48cf13c032e5c67e5cdd9a9d9f74a8ee1526581913
.em.nscontext.eu/ Name: uid
Value: mi1636f5f681b5575133ae78be26f
.xurl.pl/ Name: _gid
Value: GA1.2.1347194870.1526581913
.xurl.pl/ Name: _ga
Value: GA1.2.2087716420.1526581913