urlscan.io logo urlscan.io
SecurityTrails logo

tekir.net Open in urlscan Pro
2606:4700:30::6812:21f5  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://tekir.net/facebook/
Submission: On December 24 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 20 HTTP transactions. The main IP is 2606:4700:30::6812:21f5, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is tekir.net.
This is the only time tekir.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 2 2606:4700:30:... 13335 (CLOUDFLAR...)
18 2a03:2880:f01... 32934 (FACEBOOK)
1 2a03:2880:f11... 32934 (FACEBOOK)
20 4
Apex Domain
Subdomains		 Transfer
18 fbcdn.net
static.xx.fbcdn.net
522 KB
2 tekir.net
tekir.net
35 KB
1 facebook.com
facebook.com
948 B
20 3
Domain Requested by
18 static.xx.fbcdn.net tekir.net
static.xx.fbcdn.net
2 tekir.net 1 redirects
1 facebook.com tekir.net
20 3
Subject Issuer Validity Valid
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2019-12-06 -
2020-03-05		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://tekir.net/facebook/
Frame ID: 6233C4EB22E37A649EC265DCDCF76FCC
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://tekir.net/facebook HTTP 301
    http://tekir.net/facebook/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

20
Requests

95 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

557 kB
Transfer

2399 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://tekir.net/facebook HTTP 301
    http://tekir.net/facebook/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
tekir.net/facebook/
Redirect Chain
  • http://tekir.net/facebook
  • http://tekir.net/facebook/
127 KB
34 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://tekir.net/facebook/
Protocol
HTTP/1.1
Server
2606:4700:30::6812:21f5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc79e8b59e369f2aae3855c0e16eb1a221d2921743f49b16346d73c36689a9c1

Request headers

Host
tekir.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Cookie
__cfduid=d20e3eb6f7241d3877ecdcedcab2a9ec71577147557
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 00:32:38 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Last-Modified
Mon, 23 Dec 2019 11:21:56 GMT
X-Cache
HIT from Backend
CF-Cache-Status
DYNAMIC
Server
cloudflare
CF-RAY
549e7aad3a59cbb8-VIE
Content-Encoding
gzip

Redirect headers

Date
Tue, 24 Dec 2019 00:32:37 GMT
Content-Type
text/html; charset=iso-8859-1
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=d20e3eb6f7241d3877ecdcedcab2a9ec71577147557; expires=Thu, 23-Jan-20 00:32:37 GMT; path=/; domain=.tekir.net; HttpOnly; SameSite=Lax
Location
http://tekir.net/facebook/
X-Cache
HIT from Backend
CF-Cache-Status
DYNAMIC
Server
cloudflare
CF-RAY
549e7aacc971cbb8-VIE
HUJkGDmlvq9.css
static.xx.fbcdn.net/rsrc.php/v3/yf/l/0,cross/ 		210 KB
38 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yf/l/0,cross/HUJkGDmlvq9.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: tekir.net
URL: http://tekir.net/facebook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
37e39a0cf52164ab771727a2bcc90e4483e4a2c446c53bdd679e8beba2ec0c9c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://tekir.net/
Origin
http://tekir.net

Response headers

date
Tue, 24 Dec 2019 00:32:38 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
y0Pt072VDNQGmUu6ZI7gVQ==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
39074
x-fb-debug
UJOZ0l6mmH4/QM4qHWa/9pQU4dI0T2sMpKg3ROOw0zM1N3kt9uuCo/YU0NvXW1T2vFPYG0OpmZunYnq1KWC09Q==
x-fb-trip-id
2080452462
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Mon, 21 Dec 2020 14:16:09 GMT
5tZHHxbhzHL.css
static.xx.fbcdn.net/rsrc.php/v3/yy/l/0,cross/ 		27 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yy/l/0,cross/5tZHHxbhzHL.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: tekir.net
URL: http://tekir.net/facebook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
67e3cc6e2703bf79253d2ed441619d289df3c2c31b9fbdd249bb6cf012dd8d89
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://tekir.net/
Origin
http://tekir.net

Response headers

date
Tue, 24 Dec 2019 00:32:38 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
JyN6JVn5VPpShffeP0mwnw==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
6264
x-fb-debug
JSI6O4ZFalt805XjLIJoiH5qn3R/XRA8Daz8M+8T7npxZQAeKKfhLWEmFD+227f/eB8jfuaE5U/WrL7Zk0oXWA==
x-fb-trip-id
2080452462
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Sun, 20 Dec 2020 17:51:11 GMT
modHXMNKNYk.css
static.xx.fbcdn.net/rsrc.php/v3/yv/l/0,cross/ 		101 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yv/l/0,cross/modHXMNKNYk.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: tekir.net
URL: http://tekir.net/facebook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
9a14c0d4b55fda3505426b0e00fbbc8159c6af4460736a2f76207963669d8cc4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://tekir.net/
Origin
http://tekir.net

Response headers

date
Tue, 24 Dec 2019 00:32:38 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
YBXZ4//zjsYkJwtkjc0c6g==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
18258
x-fb-debug
18hiAe8uXhznp8K7K8SHaHzO0pD55nBRVNwudxbeCHi8+udkUMm8y1r1YOi9qqEReOsZr1a8w3w0buqCreQk4w==
x-fb-trip-id
2080452462
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Mon, 21 Dec 2020 15:58:48 GMT
-QkyNaIvPZR.css
static.xx.fbcdn.net/rsrc.php/v3/yK/l/0,cross/ 		71 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yK/l/0,cross/-QkyNaIvPZR.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: tekir.net
URL: http://tekir.net/facebook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
232fc075b3447c7503b0c307e01fa31f953e73b85895ace86126e5d4b1031b37
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://tekir.net/
Origin
http://tekir.net

Response headers

date
Tue, 24 Dec 2019 00:32:38 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
Pjjubx6+bizNcLha08WOAQ==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
12786
x-fb-debug
8OlzQPKvsK8RXV/sG2I/nWwkOxwvgwKk6CagHd00/aN1WDkn+e8kw/XeedpnMZqhuGaKFjX4eMEyg6bIB7CfRw==
x-fb-trip-id
2080452462
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Sun, 20 Dec 2020 16:36:49 GMT
24fEVJmDOUD.css
static.xx.fbcdn.net/rsrc.php/v3/yi/l/0,cross/ 		19 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yi/l/0,cross/24fEVJmDOUD.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: tekir.net
URL: http://tekir.net/facebook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
a1d825f1a8daea2233721c7ae1756761ee906e1461c22d701de84fa7ebf5b24e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://tekir.net/
Origin
http://tekir.net

Response headers

date
Tue, 24 Dec 2019 00:32:38 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
BOFeK3TLn18QlP6EiTHHnQ==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
4495
x-fb-debug
ks4luGB8AIf09UQ8q13B1jsa6Eg+dKdtvqm7ZkDailusdsPPCFm13KTJhopNKrXoBVx2VziVIDCDMaHOaw8wLg==
x-fb-trip-id
2080452462
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Sun, 20 Dec 2020 16:36:49 GMT
yJ29I7Y2zTi.css
static.xx.fbcdn.net/rsrc.php/v3/y9/l/0,cross/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y9/l/0,cross/yJ29I7Y2zTi.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: tekir.net
URL: http://tekir.net/facebook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
85295b560bcb608b2db8e7a52b41f697b90e1ea4b8fc149faaa14e71e0875f87
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://tekir.net/
Origin
http://tekir.net

Response headers

date
Tue, 24 Dec 2019 00:32:38 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
U+LL0X96vv+bW94RyXMzQg==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
2198
x-fb-debug
hGE9D2v0nXfbeDqlEsxdOXRhKgGSBxL4vCu7nj3CFpqT+6z3R1oSl6WQ8sF6SzOgJHdDvU0URNb3wsk9KhVqPg==
x-fb-trip-id
2080452462
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Sun, 20 Dec 2020 16:13:18 GMT
ZNQazI3ipNI.js
static.xx.fbcdn.net/rsrc.php/v3/yv/r/ 		315 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/ZNQazI3ipNI.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: tekir.net
URL: http://tekir.net/facebook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
965ddce7683a5e7b164efe530ac56d0e872d5f7f9db8c9fe7f2902cd83faeb30
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://tekir.net/
Origin
http://tekir.net

Response headers

date
Tue, 24 Dec 2019 00:32:38 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
ILzmZzBESlLzpFLlXi31sg==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
83365
x-fb-debug
WadQ3REgrgx92gBlpe6UZf0wXaQX9W4zGKvfwLXvZyFcQEa783byE6jv7fPRWGbrPQkfIiX1PiWxfgVK97lrOw==
x-fb-trip-id
2080452462
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Wed, 16 Dec 2020 19:13:19 GMT
OBaVg52wtTZ.png
static.xx.fbcdn.net/rsrc.php/v3/yi/r/ 		42 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yi/r/OBaVg52wtTZ.png
Requested by
Host: tekir.net
URL: http://tekir.net/facebook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
f4287d1528382e5a28f80ea974fe73f74c6516bcf60cdabfc3f6202f1f6da03f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://tekir.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug
JgZYvkPfNjnWAPGJ+97uWONjmOOuLJUozUa0cja88wv9Eu7tb5mSIoGBlF82udUHQyqsEHG1AU+uEA+d1cGbJg==
x-fb-trip-id
420120009
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
YR9uwt0si9EIAPT9IuvJsw==
access-control-allow-origin
*
date
Tue, 24 Dec 2019 00:32:38 GMT
content-type
image/png
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
alt-svc
h3-24=":443"; ma=3600
content-length
42565
expires
Fri, 18 Dec 2020 16:03:24 GMT
GsNJNwuI-UM.gif
static.xx.fbcdn.net/rsrc.php/v3/yb/r/ 		522 B
860 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yb/r/GsNJNwuI-UM.gif
Requested by
Host: tekir.net
URL: http://tekir.net/facebook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
7f4fbb61e5a1226b421109d4bfeb68b371b240bb6a0131c54581b777cb649908
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://tekir.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug
WUCnPcRbxX3cX4x11Z49fg5/gAB4hgYqMCaKbFMqiHmQc/SgxASUKm+RXWGgpQPkmqrICBCPg5c/xHDR83IGBA==
x-fb-trip-id
420120009
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
cH2zTAVPHVXw/aQfDhS/Bg==
access-control-allow-origin
*
date
Tue, 24 Dec 2019 00:32:38 GMT
content-type
image/gif
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
alt-svc
h3-24=":443"; ma=3600
content-length
522
expires
Tue, 15 Dec 2020 22:59:02 GMT
hsts-pixel.gif
facebook.com/security/ 		43 B
948 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://facebook.com/security/hsts-pixel.gif
Requested by
Host: tekir.net
URL: http://tekir.net/facebook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
http://tekir.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
status
200
alt-svc
h3-24=":443"; ma=3600
x-xss-protection
0
pragma
no-cache
x-fb-debug
EuhgdL2xoHt91HiffRTCFkV+xvF4BhJUBGF3mhMNDB8uij7M2anPsKNR5JqgBNupbUUZJMaX+N+c4gPXu1p35A==
expires
Sat, 01 Jan 2000 00:00:00 GMT
date
Tue, 24 Dec 2019 00:32:38 GMT
x-frame-options
DENY
access-control-allow-methods
OPTIONS
content-type
image/gif
access-control-allow-origin
*
vary
Origin, Accept-Encoding
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
access-control-expose-headers
X-FB-Debug, X-Loader-Length
STX6A1PAaYj.png
static.xx.fbcdn.net/rsrc.php/v3/yo/r/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yo/r/STX6A1PAaYj.png
Requested by
Host: tekir.net
URL: http://tekir.net/facebook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
d0455832ed538add8bfb07ccf4b782e15a4502d5dec1d3142113990bbfa7602d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yv/l/0,cross/modHXMNKNYk.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug
YXRumgNnJzgU9N5ovAS5aAv7UkPCoJWQFQAE3R6zwJqSkKxM0rq8wTQf5OBCrgqR3xKFcylii4CqYdmpWjBJJA==
x-fb-trip-id
420120009
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
mtYU/+qr7d+YOyblEoaw7w==
access-control-allow-origin
*
date
Tue, 24 Dec 2019 00:32:38 GMT
content-type
image/png
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
alt-svc
h3-24=":443"; ma=3600
content-length
19380
expires
Sun, 20 Dec 2020 16:13:19 GMT
O6NksE4uoLC.png
static.xx.fbcdn.net/rsrc.php/v3/yl/r/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yl/r/O6NksE4uoLC.png
Requested by
Host: tekir.net
URL: http://tekir.net/facebook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
96fed42c245f7957a8eb531ed8206ee03637f5836e08af8e0558807f9c691a7d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yy/l/0,cross/5tZHHxbhzHL.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug
pFV42KlGGw8C3gX7PneweqtyRSU4ShLIR5GhACA3UMleWSVlpxQGapaOweyVqMq8FYu36c8jw1God7z+79Zqlw==
x-fb-trip-id
420120009
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
oZtAJpOMBuP9WeB58KN3rA==
access-control-allow-origin
*
date
Tue, 24 Dec 2019 00:32:38 GMT
content-type
image/png
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
alt-svc
h3-24=":443"; ma=3600
content-length
1163
expires
Thu, 17 Dec 2020 19:21:49 GMT
rfZj1qaBrro.png
static.xx.fbcdn.net/rsrc.php/v3/yP/r/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yP/r/rfZj1qaBrro.png
Requested by
Host: tekir.net
URL: http://tekir.net/facebook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
7b3ac676885e5841c380f37db035540832a9b5388efea73ea29976e594c9a7ae
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yv/l/0,cross/modHXMNKNYk.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug
5Xsvx1PsP5veUqcRF8yaW9BQuxeLIfBvlyX9wciiohoHN+YROhVU0m2LLN1AtUCGZ+6CdU0uU33kbFrJAFXhjw==
x-fb-trip-id
420120009
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
poiYizuqUcbyKr/N9CM3Uw==
access-control-allow-origin
*
date
Tue, 24 Dec 2019 00:32:38 GMT
content-type
image/png
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
alt-svc
h3-24=":443"; ma=3600
content-length
15878
expires
Sun, 20 Dec 2020 16:13:20 GMT
dX_DQiSc6dO.js
static.xx.fbcdn.net/rsrc.php/v3/yf/r/ 		275 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yf/r/dX_DQiSc6dO.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/ZNQazI3ipNI.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
ef85fedcb839168b659f3766117ff4a9004cf9c3216e9ae0b981718014f0b8ae
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://tekir.net/
Origin
http://tekir.net

Response headers

date
Tue, 24 Dec 2019 00:32:38 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
IR8R/4EHsOd4P6D3AV0VOw==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
66588
x-fb-debug
6CbiMZFp3kFCGfjiX0d3kj+g4T1iSTsd82gqzMyFlQovl28m/NU6caj2z3pXk6wRNWtuUvfi7i4uMjXrUIQ/Xg==
x-fb-trip-id
2080452462
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Sun, 20 Dec 2020 16:13:18 GMT
kg5vxrJkX3Q.js
static.xx.fbcdn.net/rsrc.php/v3i3u64/yL/l/tr_TR/ 		359 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3i3u64/yL/l/tr_TR/kg5vxrJkX3Q.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/ZNQazI3ipNI.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
1bdaf02cf856ecb57e4a5ae61814a673f3ac252513246534e1d65e109fef94fd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://tekir.net/
Origin
http://tekir.net

Response headers

date
Tue, 24 Dec 2019 00:32:38 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
qEh0XPXv34bkfXGON2vjQQ==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
83707
x-fb-debug
SKLp4f+h6VPG4nrE8gYFKVeQ3wgRd9qUBI8GgXT1kqPtWq+17rv4F+/D4CZHKK74AKG60JuUTleOGp5GzOLT0A==
x-fb-trip-id
2080452462
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Sun, 20 Dec 2020 17:12:04 GMT
nF830sl3vRQ.js
static.xx.fbcdn.net/rsrc.php/v3i-Ny4/yq/l/tr_TR/ 		225 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3i-Ny4/yq/l/tr_TR/nF830sl3vRQ.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/ZNQazI3ipNI.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
61323fd1f16d8383d9098d3fabdb93a1b96759452a099cda661cedf46c0de0fb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://tekir.net/
Origin
http://tekir.net

Response headers

date
Tue, 24 Dec 2019 00:32:38 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
+YvkscTNBAAl2Aa2B0uuIQ==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
54796
x-fb-debug
pYyhwUPcTaZMj3n7ULHj9oa4mz9K3KQ8jGz/xh9u6CGqa1f1KyxAycb7fVMrajrMpR2qQkixL1ielo/RPtwnlA==
x-fb-trip-id
2080452462
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Sun, 20 Dec 2020 17:12:04 GMT
Ko1xVALtk8V.js
static.xx.fbcdn.net/rsrc.php/v3im5r4/y1/l/tr_TR/ 		194 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3im5r4/y1/l/tr_TR/Ko1xVALtk8V.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/ZNQazI3ipNI.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
d37e6fe5c899fd5b28fe3fda39286a776a2f765dc925ba4160cbd3a442661c23
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://tekir.net/
Origin
http://tekir.net

Response headers

date
Tue, 24 Dec 2019 00:32:38 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
9MpZ6fvZV5HNQbF37osc/g==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
47533
x-fb-debug
gKUF/YNkfKuoGYr9v5/nMmZGUcslYPta+6t+FVA2g8donKeRW7tpHZ8nUHsQQlRyx3zbYOGczY5sNdmEbPonkg==
x-fb-trip-id
2080452462
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Sun, 20 Dec 2020 17:13:56 GMT
RWzwbAvqta9.js
static.xx.fbcdn.net/rsrc.php/v3/ym/r/ 		386 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/ym/r/RWzwbAvqta9.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/ZNQazI3ipNI.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
6dede3cd677c6a9bff672594a47f518d3f794fadf55d45923c5a34fbe8c7616d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://tekir.net/
Origin
http://tekir.net

Response headers

date
Tue, 24 Dec 2019 00:32:38 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
UqhdLwRcFqs8jowGC7yFPA==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
31275
x-fb-debug
kNZ2ZBmEBfDSzlRbIfrnYUNHMxcdQRDkjh+GjY6AveF/21vPFybwMCHupiFULIQPDvOWXZsDyFDFRqGPqNgKVg==
x-fb-trip-id
2080452462
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Sun, 20 Dec 2020 16:13:18 GMT
truncated
/ 		74 B
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8627d83666e5f29db4f5ddfba459bf17a542a4b20569815b8055223dbe6d3f75

Request headers

Referer
http://tekir.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
text/css;charset=utf-8
jnc0JZ1fG4d.css
static.xx.fbcdn.net/rsrc.php/v3/y4/l/0,cross/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y4/l/0,cross/jnc0JZ1fG4d.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/ZNQazI3ipNI.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
84c857ce975daf6246df2fd8722669ce98e9571b9b15176f3992f94d76280d1b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://tekir.net/
Origin
http://tekir.net

Response headers

date
Tue, 24 Dec 2019 00:32:38 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
/tkzkatr8HGKg9o3WEHBFg==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
987
x-fb-debug
8UOm6/ln5ted5lER4P6o8pXYSIaImjVbkQuVXNY2A7w0YrxydkkIQpdzAojVebs0SAwqaVZTWoDHoQhTePdo7Q==
x-fb-trip-id
2080452462
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Mon, 21 Dec 2020 09:11:28 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

51 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate number| _cstart function| envFlush object| Env number| __DEV__ function| CavalryLogger undefined| __p function| emptyFunction function| __annotator function| __bodyWrapper function| __t function| __w function| FB_enumerate function| __m object| babelHelpers function| define function| require function| requireDynamic function| requireLazy function| __d function| $RefreshReg$ function| $RefreshSig$ object| ErrorSerializer object| ErrorGuard object| ErrorUtils object| TimeSlice function| Arbiter object| JSCC function| $ function| ge object| Parent function| ProfilingCounters object| PageEvents function| _domcontentready function| onloadRegister_DEPRECATED function| onloadRegister function| onafterloadRegister_DEPRECATED function| onafterloadRegister function| onleaveRegister function| onbeforeunloadRegister function| onunloadRegister function| wait_for_load function| goURI object| Bootloader function| $E object| domreadyhooks object| onloadhooks string| _script_path object| bigPipe object| onafterunloadhooks

1 Cookies

Domain/Path Name / Value
.tekir.net/ Name: __cfduid
Value: d20e3eb6f7241d3877ecdcedcab2a9ec71577147557

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

facebook.com
static.xx.fbcdn.net
tekir.net
2606:4700:30::6812:21f5
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
1bdaf02cf856ecb57e4a5ae61814a673f3ac252513246534e1d65e109fef94fd
232fc075b3447c7503b0c307e01fa31f953e73b85895ace86126e5d4b1031b37
37e39a0cf52164ab771727a2bcc90e4483e4a2c446c53bdd679e8beba2ec0c9c
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
61323fd1f16d8383d9098d3fabdb93a1b96759452a099cda661cedf46c0de0fb
67e3cc6e2703bf79253d2ed441619d289df3c2c31b9fbdd249bb6cf012dd8d89
6dede3cd677c6a9bff672594a47f518d3f794fadf55d45923c5a34fbe8c7616d
7b3ac676885e5841c380f37db035540832a9b5388efea73ea29976e594c9a7ae
7f4fbb61e5a1226b421109d4bfeb68b371b240bb6a0131c54581b777cb649908
84c857ce975daf6246df2fd8722669ce98e9571b9b15176f3992f94d76280d1b
85295b560bcb608b2db8e7a52b41f697b90e1ea4b8fc149faaa14e71e0875f87
8627d83666e5f29db4f5ddfba459bf17a542a4b20569815b8055223dbe6d3f75
965ddce7683a5e7b164efe530ac56d0e872d5f7f9db8c9fe7f2902cd83faeb30
96fed42c245f7957a8eb531ed8206ee03637f5836e08af8e0558807f9c691a7d
9a14c0d4b55fda3505426b0e00fbbc8159c6af4460736a2f76207963669d8cc4
a1d825f1a8daea2233721c7ae1756761ee906e1461c22d701de84fa7ebf5b24e
d0455832ed538add8bfb07ccf4b782e15a4502d5dec1d3142113990bbfa7602d
d37e6fe5c899fd5b28fe3fda39286a776a2f765dc925ba4160cbd3a442661c23
ef85fedcb839168b659f3766117ff4a9004cf9c3216e9ae0b981718014f0b8ae
f4287d1528382e5a28f80ea974fe73f74c6516bcf60cdabfc3f6202f1f6da03f
fc79e8b59e369f2aae3855c0e16eb1a221d2921743f49b16346d73c36689a9c1