www.netflixgiare.shop Open in urlscan Pro
52.221.6.123  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.netflixgiare.shop/	70 KB 14 KB	541ms 173ms	Document text/html	52.221.6.123 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.netflixgiare.shop/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.221.6.123 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-221-6-123.ap-southeast-1.compute.amazonaws.com Software openresty / Resource Hash fd9811aec0841600b47558c7c346c62ab77df71ba8715d6270816dd5d6bb6094 Request headers :method GET :authority www.netflixgiare.shop :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 server openresty date Wed, 02 Sep 2020 05:49:18 GMT content-type text/html; charset=utf-8 vary Accept-Encoding cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0 set-cookie LADI_CLIENT_ID=22f7af14-ac05-4436-47ac-e5a7ceb774cc; Expires=Sat, 31 Aug 2030 05:49:18 GMT LADI_PAGE_VIEW=0; Expires=Sat, 31 Aug 2030 05:49:18 GMT LADI_FORM_SUBMIT=0; Expires=Sat, 31 Aug 2030 05:49:18 GMT LADI_PAGE_VIEW=1; Expires=Sat, 31 Aug 2030 05:49:18 GMT LADI_CAMP_ID=; Max-Age=0 LADI_CAMP_NAME=; Max-Age=0 LADI_CAMP_TYPE=; Max-Age=0 LADI_CAMP_ORIGIN_URL=; Max-Age=0 LADI_CAMP_TARGET_URL=; Max-Age=0 LADI_CAMP_PAGE_VIEW=; Max-Age=0 LADI_CAMP_FORM_SUBMIT=; Max-Age=0 statuscode 200 content-encoding gzip
GET H2	200	css fonts.googleapis.com/	5 KB 790 B	18ms 17ms	Stylesheet text/css	2a00:1450:4001:81c::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open%20Sans:bold,regular&display=swap Requested by Host: www.netflixgiare.shop URL: https://www.netflixgiare.shop/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash ae376511dae4bb1f426ffe37cfa3259c9df90f33d4697d87e5673b919ba4f48a Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://www.netflixgiare.shop/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff status 200 alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Wed, 02 Sep 2020 05:49:18 GMT server ESF date Wed, 02 Sep 2020 05:49:18 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 02 Sep 2020 05:49:18 GMT
GET H2	200	ladipage.min.js Show response w.ladicdn.com/v2/source/	152 KB 35 KB	40ms 25ms	Script text/javascript	2606:4700::6812:d44 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://w.ladicdn.com/v2/source/ladipage.min.js?v=1598941181362 Requested by Host: www.netflixgiare.shop URL: https://www.netflixgiare.shop/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:d44 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 77c37bfe8fba3bc08a87669729e046dd966d249cbba4f9f3272b072f8515d813 Request headers Referer https://www.netflixgiare.shop/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 02 Sep 2020 05:49:18 GMT content-encoding br vary Accept-Encoding cf-cache-status HIT age 83792 status 200 alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 04eef5d8830000d7291a32a200000001 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-max-age 2592000 access-control-allow-methods GET content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 access-control-allow-credentials true cf-ray 5cc4f26d9e33d729-FRA access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials expires Thu, 02 Sep 2021 05:49:18 GMT
GET H2	200	ladipage.min.css w.ladicdn.com/v2/source/	59 KB 5 KB	16ms 16ms	Stylesheet text/css	2606:4700::6812:d44 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://w.ladicdn.com/v2/source/ladipage.min.css?v=1598941181362 Requested by Host: www.netflixgiare.shop URL: https://www.netflixgiare.shop/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:d44 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d5b12ba320d79744057a337087cb9fb09cec08a78576936f0c69bb44132823e0 Request headers Referer https://www.netflixgiare.shop/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 02 Sep 2020 05:49:18 GMT content-encoding br vary Accept-Encoding cf-cache-status HIT age 83792 status 200 alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 04eef5d9080000d7291a335200000001 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-max-age 2592000 access-control-allow-methods GET content-type text/css access-control-allow-origin * cache-control public, max-age=31536000 access-control-allow-credentials true cf-ray 5cc4f26e7835d729-FRA access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials expires Thu, 02 Sep 2021 05:49:18 GMT
GET H2	200	xfbml.customerchat.js Show response connect.facebook.net/vi_VN/sdk/	261 KB 76 KB	6ms 6ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/vi_VN/sdk/xfbml.customerchat.js Requested by Host: www.netflixgiare.shop URL: https://www.netflixgiare.shop/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 25d967959ad58bb4094d3c6af91e5671a1bf3ba9ed364783d73b93374eb1484b Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Referer https://www.netflixgiare.shop/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000; preload; includeSubDomains content-encoding gzip x-content-type-options nosniff content-md5 YwvI1WfJ4vSGzwAhXcXIGw== status 200 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 77295 etag "defe6a04a39f3b80b9c8fbadb83e3daa" x-fb-debug zlZXp87nmliDYArcouuxKhwSVXDc04x0ybi4fBNc4r0iT+qMe20SrFmYD/rDuwt/YCuUOuGCojyWlmmPKAgZ3w== x-fb-trip-id 664085054 x-fb-content-md5 954e7718dd1a8edd731ce87074a4d176 x-frame-options DENY date Wed, 02 Sep 2020 05:49:18 GMT vary Accept-Encoding content-type application/x-javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers X-FB-Content-MD5 cache-control public,max-age=1200,stale-while-revalidate=3600 timing-allow-origin * expires Wed, 02 Sep 2020 05:53:58 GMT
GET H2	200	mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2 fonts.gstatic.com/s/opensans/v17/	9 KB 9 KB	6ms 6ms	Font font/woff2	2a00:1450:4001:820::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open%20Sans:bold,regular&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://www.netflixgiare.shop Referer https://fonts.googleapis.com/css?family=Open%20Sans:bold,regular&display=swap User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 31 Aug 2020 11:04:01 GMT x-content-type-options nosniff last-modified Tue, 23 Jul 2019 19:31:11 GMT server sffe age 153917 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 9080 x-xss-protection 0 expires Tue, 31 Aug 2021 11:04:01 GMT
GET H2	200	mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2 fonts.gstatic.com/s/opensans/v17/	9 KB 9 KB	7ms 6ms	Font font/woff2	2a00:1450:4001:820::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open%20Sans:bold,regular&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://www.netflixgiare.shop Referer https://fonts.googleapis.com/css?family=Open%20Sans:bold,regular&display=swap User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 31 Aug 2020 11:04:00 GMT x-content-type-options nosniff last-modified Tue, 23 Jul 2019 19:30:49 GMT server sffe age 153918 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 9132 x-xss-protection 0 expires Tue, 31 Aug 2021 11:04:00 GMT
GET H3-Q050	200	mem5YaGs126MiZpBA-UN7rgOXOhpKKSTj5PW.woff2 fonts.gstatic.com/s/opensans/v17/	7 KB 7 KB	6ms 6ms	Font font/woff2	2a00:1450:4001:820::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOXOhpKKSTj5PW.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open%20Sans:bold,regular&display=swap Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 35327bcecf226f1e75d221cf9b537d5d8a127dd1e38298cc4596bcf638f6071a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://www.netflixgiare.shop Referer https://fonts.googleapis.com/css?family=Open%20Sans:bold,regular&display=swap User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 31 Aug 2020 11:04:16 GMT x-content-type-options nosniff last-modified Tue, 23 Jul 2019 19:30:50 GMT server sffe age 153902 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7208 x-xss-protection 0 expires Tue, 31 Aug 2021 11:04:16 GMT
GET H3-Q050	200	mem8YaGs126MiZpBA-UFW50bf8pkAp6a.woff2 fonts.gstatic.com/s/opensans/v17/	7 KB 7 KB	6ms 6ms	Font font/woff2	2a00:1450:4001:820::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFW50bf8pkAp6a.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open%20Sans:bold,regular&display=swap Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 6446b6826bb6136c8782e74d99a2ea78cc9cb508cf61f4020fee5415f108c7e1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://www.netflixgiare.shop Referer https://fonts.googleapis.com/css?family=Open%20Sans:bold,regular&display=swap User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 31 Aug 2020 11:04:15 GMT x-content-type-options nosniff last-modified Tue, 23 Jul 2019 19:30:53 GMT server sffe age 153903 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7292 x-xss-protection 0 expires Tue, 31 Aug 2021 11:04:15 GMT
GET H2	200	v5q-b-sc20200503035008.jpg w.ladicdn.com/s1440x750/57b167c9ca57d39c18a1c57c/	136 KB 137 KB	19ms 18ms	Image image/jpeg	2606:4700::6812:d44 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://w.ladicdn.com/s1440x750/57b167c9ca57d39c18a1c57c/v5q-b-sc20200503035008.jpg Requested by Host: www.netflixgiare.shop URL: https://www.netflixgiare.shop/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:d44 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bf8fcb8d477487853b47649323356d4222701ee7729a6c38ad813103ab0a5338 Request headers Referer https://www.netflixgiare.shop/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 02 Sep 2020 05:49:18 GMT vary Accept-Encoding cf-cache-status HIT age 45528 cf-polished origSize=143303, status=webp_bigger status 200 alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 04eef5d93d0000d7291a339200000001 cf-bgj imgq:100,h2pri server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-max-age 2592000 access-control-allow-methods GET content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 access-control-allow-credentials true cf-ray 5cc4f26ec8b8d729-FRA access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials expires Thu, 02 Sep 2021 05:49:18 GMT
GET H2	200	lgz4jbvd20200503040558.jpg w.ladicdn.com/s1050x1050/57b167c9ca57d39c18a1c57c/	68 KB 68 KB	13ms 12ms	Image image/jpeg	2606:4700::6812:d44 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://w.ladicdn.com/s1050x1050/57b167c9ca57d39c18a1c57c/lgz4jbvd20200503040558.jpg Requested by Host: www.netflixgiare.shop URL: https://www.netflixgiare.shop/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:d44 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash aaa87c5befe361120e0cab3f34454fb26aab0f83c0fd762e74b892c982b0d0fa Request headers Referer https://www.netflixgiare.shop/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 02 Sep 2020 05:49:18 GMT vary Accept-Encoding cf-cache-status HIT age 45527 cf-polished status=not_needed status 200 alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 04eef5d93d0000d7291a33a200000001 cf-bgj imgq:100,h2pri server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-max-age 2592000 access-control-allow-methods GET content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 access-control-allow-credentials true cf-ray 5cc4f26ec8bad729-FRA access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials expires Thu, 02 Sep 2021 05:49:18 GMT
GET DATA	200 OK	truncated /	329 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 5102d4d5867b4e69da53800975f95bd3c56755cbd3ed3354a8ac09f9ace7a538 Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	netflixjpg-20200901122616.png w.ladicdn.com/s500x400/5d85baadc904df07ee940890/	8 KB 8 KB	19ms 19ms	Image image/webp	2606:4700::6812:d44 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://w.ladicdn.com/s500x400/5d85baadc904df07ee940890/netflixjpg-20200901122616.png Requested by Host: www.netflixgiare.shop URL: https://www.netflixgiare.shop/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:d44 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8f294aeb1395743d415442da210812ce31d9b2b9d5887a4ebb711a8acf64f97d Request headers Referer https://www.netflixgiare.shop/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 02 Sep 2020 05:49:18 GMT vary Accept cf-cache-status HIT age 45527 cf-polished origFmt=png, origSize=12450 status 200 content-disposition inline; filename="netflixjpg-20200901122616.webp" alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 04eef5d93e0000d7291a33b200000001 cf-bgj imgq:100,h2pri server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-max-age 2592000 access-control-allow-methods GET content-type image/webp access-control-allow-origin * cache-control public, max-age=31536000 access-control-allow-credentials true cf-ray 5cc4f26ec8bbd729-FRA access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials expires Thu, 02 Sep 2021 05:49:18 GMT
GET H2	200	pngbarn-20200901123031.png w.ladicdn.com/s450x450/5d85baadc904df07ee940890/	59 KB 59 KB	17ms 17ms	Image image/webp	2606:4700::6812:d44 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://w.ladicdn.com/s450x450/5d85baadc904df07ee940890/pngbarn-20200901123031.png Requested by Host: www.netflixgiare.shop URL: https://www.netflixgiare.shop/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:d44 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c01754605d7d71dd63e77149b372d582e33a43969302bb34062f91f1ef1adb88 Request headers Referer https://www.netflixgiare.shop/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 02 Sep 2020 05:49:18 GMT vary Accept cf-cache-status HIT age 45527 cf-polished origFmt=png, origSize=87394 status 200 content-disposition inline; filename="pngbarn-20200901123031.webp" alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 04eef5d93f0000d7291a33c200000001 cf-bgj imgq:100,h2pri server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-max-age 2592000 access-control-allow-methods GET content-type image/webp access-control-allow-origin * cache-control public, max-age=31536000 access-control-allow-credentials true cf-ray 5cc4f26ec8bdd729-FRA access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials expires Thu, 02 Sep 2021 05:49:18 GMT
GET H2	200	pngwingcom-20200901123031.png w.ladicdn.com/s550x550/5d85baadc904df07ee940890/	3 KB 3 KB	19ms 17ms	Image image/webp	2606:4700::6812:d44 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://w.ladicdn.com/s550x550/5d85baadc904df07ee940890/pngwingcom-20200901123031.png Requested by Host: www.netflixgiare.shop URL: https://www.netflixgiare.shop/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:d44 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3a90319e9a4c14dfe24d6b673141b6aec47ff2203ef4962bcfceaacb3030722c Request headers Referer https://www.netflixgiare.shop/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 02 Sep 2020 05:49:18 GMT vary Accept cf-cache-status HIT age 45528 cf-polished origFmt=png, origSize=8404 status 200 content-disposition inline; filename="pngwingcom-20200901123031.webp" alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 04eef5d9400000d7291a33d200000001 cf-bgj imgq:100,h2pri server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-max-age 2592000 access-control-allow-methods GET content-type image/webp access-control-allow-origin * cache-control public, max-age=31536000 access-control-allow-credentials true cf-ray 5cc4f26ec8c1d729-FRA access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials expires Thu, 02 Sep 2021 05:49:18 GMT
GET H3-Q050	200	mem5YaGs126MiZpBA-UN7rgOXehpKKSTj5PW.woff2 fonts.gstatic.com/s/opensans/v17/	3 KB 4 KB	7ms 7ms	Font font/woff2	2a00:1450:4001:820::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOXehpKKSTj5PW.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open%20Sans:bold,regular&display=swap Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f47e5856ad7cbe9d872ce57b054a281f0410e101be9fee17cfc149620ba95878 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://www.netflixgiare.shop Referer https://fonts.googleapis.com/css?family=Open%20Sans:bold,regular&display=swap User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 31 Aug 2020 11:07:00 GMT x-content-type-options nosniff last-modified Tue, 23 Jul 2019 19:31:06 GMT server sffe age 153738 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 3580 x-xss-protection 0 expires Tue, 31 Aug 2021 11:07:00 GMT
GET H3-Q050	200	mem8YaGs126MiZpBA-UFWp0bf8pkAp6a.woff2 fonts.gstatic.com/s/opensans/v17/	3 KB 4 KB	8ms 8ms	Font font/woff2	2a00:1450:4001:820::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFWp0bf8pkAp6a.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open%20Sans:bold,regular&display=swap Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 074ac4556c0b06d0fb73bbd04909faccc1f60f28b2a873d34bdb0efa6b740800 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://www.netflixgiare.shop Referer https://fonts.googleapis.com/css?family=Open%20Sans:bold,regular&display=swap User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 31 Aug 2020 11:04:24 GMT x-content-type-options nosniff last-modified Tue, 23 Jul 2019 19:30:49 GMT server sffe age 153894 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 3520 x-xss-protection 0 expires Tue, 31 Aug 2021 11:04:24 GMT
OPTIONS H2	204	event a.ladipage.com/ Frame	0 0	526ms 173ms	Other	54.255.215.123 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://a.ladipage.com/event Protocol H2 Server 54.255.215.123 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-255-215-123.ap-southeast-1.compute.amazonaws.com Software / Resource Hash Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers content-type,ladi_camp_form_submit,ladi_camp_form_submit_daily,ladi_camp_id,ladi_camp_name,ladi_camp_origin_url,ladi_camp_page_view,ladi_camp_page_view_daily,ladi_camp_target_url,ladi_camp_type,ladi_client_id,ladi_form_submit,ladi_form_submit_daily,ladi_page_view,ladi_page_view_daily Origin https://www.netflixgiare.shop Sec-Fetch-Mode cors Response headers status 204 date Wed, 02 Sep 2020 05:49:19 GMT access-control-allow-origin * access-control-allow-methods OPTIONS,POST access-control-allow-headers content-type,ladi_camp_form_submit,ladi_camp_form_submit_daily,ladi_camp_id,ladi_camp_name,ladi_camp_origin_url,ladi_camp_page_view,ladi_camp_page_view_daily,ladi_camp_target_url,ladi_camp_type,ladi_client_id,ladi_form_submit,ladi_form_submit_daily,ladi_page_view,ladi_page_view_daily access-control-max-age 0 apigw-requestid SOTO3jP3yQ0EMrA=
POST H2	200	event Show response a.ladipage.com/	43 B 169 B	212ms 211ms	XHR text/plain	54.255.215.123 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://a.ladipage.com/event Requested by Host: w.ladicdn.com URL: https://w.ladicdn.com/v2/source/ladipage.min.js?v=1598941181362 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.255.215.123 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-255-215-123.ap-southeast-1.compute.amazonaws.com Software / Resource Hash 90be1d292866bd2d976a959d9c1e4ebf99cb299fea6deb1de70d12f1812717c7 Request headers LADI_CLIENT_ID 22f7af14-ac05-4436-47ac-e5a7ceb774cc LADI_PAGE_VIEW_DAILY 0 LADI_CAMP_ORIGIN_URL LADI_FORM_SUBMIT_DAILY 0 LADI_CAMP_ID LADI_CAMP_FORM_SUBMIT 0 LADI_CAMP_TYPE LADI_CAMP_FORM_SUBMIT_DAILY 0 LADI_CAMP_PAGE_VIEW_DAILY 0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 LADI_FORM_SUBMIT 0 LADI_CAMP_NAME Content-Type application/json Referer https://www.netflixgiare.shop/ LADI_CAMP_TARGET_URL LADI_CAMP_PAGE_VIEW 0 LADI_PAGE_VIEW 1 Response headers status 200 date Wed, 02 Sep 2020 05:49:19 GMT access-control-allow-origin * content-length 43 apigw-requestid SOTO4itkSQ0EMMw= content-type text/plain; charset=utf-8
GET H2	200	customerchat.php www.facebook.com/v8.0/plugins/ Frame 71BC	0 0	217ms 217ms	Document text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/v8.0/plugins/customerchat.php?app_id=&attribution=setup_tool&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df6390c12842e0c%26domain%3Dwww.netflixgiare.shop%26origin%3Dhttps%253A%252F%252Fwww.netflixgiare.shop%252Ff36d7e335481fc4%26relation%3Dparent.parent&container_width=0&locale=vi_VN&logged_in_greeting=Xin%20ch%C3%A0o.%20M%C3%ACnh%20c%C3%B3%20th%E1%BB%83%20gi%C3%BAp%20g%C3%AC%3F&logged_out_greeting=Xin%20ch%C3%A0o.%20M%C3%ACnh%20c%C3%B3%20th%E1%BB%83%20gi%C3%BAp%20g%C3%AC%3F&page_id=520498358306461&request_time=1599025758648&sdk=joey Requested by Host: connect.facebook.net URL: https://connect.facebook.net/vi_VN/sdk/xfbml.customerchat.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests; frame-ancestors https://www.facebook.com; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority www.facebook.com :scheme https :path /v8.0/plugins/customerchat.php?app_id=&attribution=setup_tool&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df6390c12842e0c%26domain%3Dwww.netflixgiare.shop%26origin%3Dhttps%253A%252F%252Fwww.netflixgiare.shop%252Ff36d7e335481fc4%26relation%3Dparent.parent&container_width=0&locale=vi_VN&logged_in_greeting=Xin%20ch%C3%A0o.%20M%C3%ACnh%20c%C3%B3%20th%E1%BB%83%20gi%C3%BAp%20g%C3%AC%3F&logged_out_greeting=Xin%20ch%C3%A0o.%20M%C3%ACnh%20c%C3%B3%20th%E1%BB%83%20gi%C3%BAp%20g%C3%AC%3F&page_id=520498358306461&request_time=1599025758648&sdk=joey pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.netflixgiare.shop/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://www.netflixgiare.shop/ Response headers status 200 cache-control private, no-cache, no-store, must-revalidate expires Sat, 01 Jan 2000 00:00:00 GMT pragma no-cache strict-transport-security max-age=15552000; preload content-encoding br content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests; frame-ancestors https://www.facebook.com; vary Accept-Encoding x-content-type-options nosniff facebook-api-version v8.0 x-xss-protection 0 content-type text/html; charset="utf-8" x-fb-debug ZNa31yWYbKq/dqvBd9kQt5Gd7QKKd3CHf3FlHNAZSlkEcUwqG/V+N5I430zp7MS/Jc+pdd26Lcq5T8u7ROWUAA== date Wed, 02 Sep 2020 05:49:18 GMT alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| ladi_viewport boolean| ladi_is_desktop function| fbAsyncInit function| LadiPageScriptV2 object| Base64 object| LadiPageScript object| LadiFormApi function| parseFloatLadiPage function| lightbox_run function| lightbox_iframe function| lightbox_image function| lightbox_video function| LadiPageLibraryV2 function| LadiPageAppV2 function| ladi object| LadiPageApp object| FB

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.netflixgiare.shop/	1969-12-31 23:59:59	Name: _timenow Value: 1599025758567
			www.netflixgiare.shop/	1970-01-23 03:46:25	Name: LADI_PAGE_VIEW Value: 1
			www.netflixgiare.shop/	1970-01-23 03:46:25	Name: LADI_FORM_SUBMIT Value: 0
			www.netflixgiare.shop/	1970-01-23 03:46:25	Name: LADI_CLIENT_ID Value: 22f7af14-ac05-4436-47ac-e5a7ceb774cc

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://connect.facebook.net/vi_VN/sdk/xfbml.customerchat.js(Line 89) Message: domReady
console-api	debug	URL: https://connect.facebook.net/vi_VN/sdk/xfbml.customerchat.js(Line 89) Message: sdkperf: it took 14 ms and 77576 bytes to load https://connect.facebook.net/vi_VN/sdk/xfbml.customerchat.js
console-api	debug	URL: https://connect.facebook.net/vi_VN/sdk/xfbml.customerchat.js(Line 89) Message: sdkperf: asyncstart logged after 166 ms
console-api	warning	URL: https://connect.facebook.net/vi_VN/sdk/xfbml.customerchat.js(Line 89) Message: Invalid App Id: Must be a number or numeric string representing the application id.
console-api	debug	URL: https://connect.facebook.net/vi_VN/sdk/xfbml.customerchat.js(Line 89) Message: sdkperf: init logged after 166 ms
console-api	info	URL: https://connect.facebook.net/vi_VN/sdk/xfbml.customerchat.js(Line 89) Message: XFBML Parsing Start 1
console-api	debug	URL: https://connect.facebook.net/vi_VN/sdk/xfbml.customerchat.js(Line 89) Message: sdkperf: pluginframe logged after 186 ms
console-api	info	URL: https://connect.facebook.net/vi_VN/sdk/xfbml.customerchat.js(Line 89) Message: XFBML Parsing Finish 1, 1 tags found
console-api	debug	URL: https://connect.facebook.net/vi_VN/sdk/xfbml.customerchat.js(Line 89) Message: sdkperf: ttfp logged after 509 ms

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.ladipage.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
w.ladicdn.com
www.facebook.com
www.netflixgiare.shop
2606:4700::6812:d44
2a00:1450:4001:81c::200a
2a00:1450:4001:820::2003
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
52.221.6.123
54.255.215.123
074ac4556c0b06d0fb73bbd04909faccc1f60f28b2a873d34bdb0efa6b740800
25d967959ad58bb4094d3c6af91e5671a1bf3ba9ed364783d73b93374eb1484b
35327bcecf226f1e75d221cf9b537d5d8a127dd1e38298cc4596bcf638f6071a
3a90319e9a4c14dfe24d6b673141b6aec47ff2203ef4962bcfceaacb3030722c
5102d4d5867b4e69da53800975f95bd3c56755cbd3ed3354a8ac09f9ace7a538
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
6446b6826bb6136c8782e74d99a2ea78cc9cb508cf61f4020fee5415f108c7e1
77c37bfe8fba3bc08a87669729e046dd966d249cbba4f9f3272b072f8515d813
8f294aeb1395743d415442da210812ce31d9b2b9d5887a4ebb711a8acf64f97d
90be1d292866bd2d976a959d9c1e4ebf99cb299fea6deb1de70d12f1812717c7
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
aaa87c5befe361120e0cab3f34454fb26aab0f83c0fd762e74b892c982b0d0fa
ae376511dae4bb1f426ffe37cfa3259c9df90f33d4697d87e5673b919ba4f48a
bf8fcb8d477487853b47649323356d4222701ee7729a6c38ad813103ab0a5338
c01754605d7d71dd63e77149b372d582e33a43969302bb34062f91f1ef1adb88
d5b12ba320d79744057a337087cb9fb09cec08a78576936f0c69bb44132823e0
f47e5856ad7cbe9d872ce57b054a281f0410e101be9fee17cfc149620ba95878
fd9811aec0841600b47558c7c346c62ab77df71ba8715d6270816dd5d6bb6094