marketplace.dealspotr.com Open in urlscan Pro
52.9.64.153  Public Scan

19 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request @avita123 Show response marketplace.dealspotr.com/	324 KB 31 KB	537ms 197ms	Document text/html	52.9.64.153 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://marketplace.dealspotr.com/@avita123 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 52.9.64.153 San Jose, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-9-64-153.us-west-1.compute.amazonaws.com Software nginx / Resource Hash 156b5bef9776e773f297c52ee04e69cf0f055f9acc9d22505866bb990157645d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding br content-type text/html; charset=utf-8 date Fri, 22 Apr 2022 11:48:16 GMT server nginx strict-transport-security max-age=31536000; includeSubDomains; preload vary Accept-Encoding x-cache MISS x-content-type-options nosniff x-frame-options DENY x-ua-compatible IE=edge x-xss-protection 1; mode=block
GET H2	200	Lato-Regular.woff2 cdn.dealspotr.com/fonts/	25 KB 25 KB	42ms 10ms	Font font/woff2	2600:9000:2250:bc00:7:7ff8:a1c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.dealspotr.com/fonts/Lato-Regular.woff2 Requested by Host: marketplace.dealspotr.com URL: https://marketplace.dealspotr.com/@avita123 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2250:bc00:7:7ff8:a1c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 7c3f62bc75b940288db40b5418a20c053d5e2b3a68882b9c91de3ddc0bb1098f Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://marketplace.dealspotr.com/@avita123 Origin https://marketplace.dealspotr.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers date Thu, 03 Feb 2022 11:06:50 GMT via 1.1 6e8224d5f2990b031ca60a58f18ac908.cloudfront.net (CloudFront) x-content-type-options nosniff age 6741686 x-cache Hit from cloudfront content-length 25356 x-xss-protection 1; mode=block last-modified Thu, 28 Oct 2021 03:43:16 GMT server nginx etag "b3203ab7e93677081bda7ae28b2de5bd" x-frame-options DENY content-type font/woff2 access-control-allow-origin * cache-control max-age=7776000 x-amz-cf-pop FRA60-P2 accept-ranges bytes x-amz-cf-id SA_mVNUgfg9DSp07U7A1sZL56FNXXaJE3MIsWcXG-TT3fN3IpaEjaA==
GET H2	200	Lato-Bold.woff2 cdn.dealspotr.com/fonts/	25 KB 25 KB	41ms 9ms	Font font/woff2	2600:9000:2250:bc00:7:7ff8:a1c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.dealspotr.com/fonts/Lato-Bold.woff2 Requested by Host: marketplace.dealspotr.com URL: https://marketplace.dealspotr.com/@avita123 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2250:bc00:7:7ff8:a1c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 236247d6d208767c2a4dd05e17210039874af17c157c1eaf80ec24cba433d0e7 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://marketplace.dealspotr.com/@avita123 Origin https://marketplace.dealspotr.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers date Thu, 10 Mar 2022 06:33:39 GMT via 1.1 6e8224d5f2990b031ca60a58f18ac908.cloudfront.net (CloudFront) x-content-type-options nosniff age 3734077 x-cache Hit from cloudfront content-length 25188 x-xss-protection 1; mode=block last-modified Tue, 28 Dec 2021 19:18:11 GMT server nginx etag "f7f58e6ed4a768b1d2a14a4c62e28964" x-frame-options DENY content-type font/woff2 access-control-allow-origin * cache-control max-age=7776000 x-amz-cf-pop FRA60-P2 accept-ranges bytes x-amz-cf-id CfVAgfwIdUKGMg9qyf5SP9URwbkAvdUdkmVBgdC9BE1zZqka8JU2rg==
GET H2	200	Lato-Italic.woff2 cdn.dealspotr.com/fonts/	26 KB 26 KB	51ms 19ms	Font font/woff2	2600:9000:2250:bc00:7:7ff8:a1c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.dealspotr.com/fonts/Lato-Italic.woff2 Requested by Host: marketplace.dealspotr.com URL: https://marketplace.dealspotr.com/@avita123 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2250:bc00:7:7ff8:a1c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 30384555288b6b4709cd2797fb1cb7ec7ebbe1266fb058cf55462849a230bcf7 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://marketplace.dealspotr.com/@avita123 Origin https://marketplace.dealspotr.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers date Sun, 23 Jan 2022 14:19:58 GMT via 1.1 6e8224d5f2990b031ca60a58f18ac908.cloudfront.net (CloudFront) x-content-type-options nosniff age 7680498 x-cache Hit from cloudfront content-length 26260 x-xss-protection 1; mode=block last-modified Thu, 28 Oct 2021 03:43:16 GMT server nginx etag "78d931184edb85bb73ffae6547f36e2a" x-frame-options DENY content-type font/woff2 access-control-allow-origin * cache-control max-age=7776000 x-amz-cf-pop FRA60-P2 accept-ranges bytes x-amz-cf-id etDAGCVgEFNMMqiZ9lakwtIYjAm-55YrAXXQSIUxbqLakDbCyA6kPw==
GET H2	200	0116.js Show response script.crazyegg.com/pages/scripts/0102/	5 KB 2 KB	52ms 22ms	Script text/javascript	2606:4700::6813:9408 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/scripts/0102/0116.js Requested by Host: marketplace.dealspotr.com URL: https://marketplace.dealspotr.com/@avita123 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cf8d00951ef0d3eb47ba9768d49fe6abc3254f0a883dc98811e4340aa3f813cb Request headers accept-language de-DE,de;q=0.9 Referer https://marketplace.dealspotr.com/@avita123 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers date Fri, 22 Apr 2022 11:48:17 GMT content-encoding gzip cf-cache-status HIT age 84274 cf-polished origSize=5359 cf-ray 6ffe2127090c23af-ZRH ce-version 11.1.403 last-modified Thu, 21 Apr 2022 12:23:43 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/javascript access-control-allow-origin * access-control-expose-headers CE-Version cache-control public, max-age=300, s-maxage=1209600 timing-allow-origin * cf-bgj minify
GET H2	200	logo-black.png cdn.dealspotr.com/images/statics/	3 KB 4 KB	24ms 9ms	Image image/png	2600:9000:2250:bc00:7:7ff8:a1c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.dealspotr.com/images/statics/logo-black.png Requested by Host: marketplace.dealspotr.com URL: https://marketplace.dealspotr.com/@avita123 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2250:bc00:7:7ff8:a1c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 5ef9a7af7d2c08d22cf80e41107a2baea519861411641b29b121f089985429e0 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://marketplace.dealspotr.com/@avita123 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers date Sat, 02 Apr 2022 13:33:26 GMT via 1.1 d71acb203a3e8fc7db2c1cf9725d51da.cloudfront.net (CloudFront) x-content-type-options nosniff age 1721691 x-cache Hit from cloudfront content-length 3153 x-xss-protection 1; mode=block last-modified Tue, 28 Dec 2021 19:18:11 GMT server nginx etag "d2bb32cdf6fc9396121ccf999e1a08c1" x-frame-options DENY content-type image/png access-control-allow-origin * cache-control max-age=7776000 x-amz-cf-pop FRA60-P2 accept-ranges bytes x-amz-cf-id 1Gfm-xt0mCOfWpMbm1AmLsMoMkPANCpWtsBxrCauV4gpPkN1dqOwOg==
GET H2	200	resize img.dealspotr.com/	4 KB 4 KB	304ms 98ms	Image image/png	2600:1f18:6699:ef00:117d:6cf:7b:4b0e AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://img.dealspotr.com/resize?aspect=center&crop=false&url=%2F%2Fcdn.dealspotr.com%2Fimages%2Fapi%2Fdefault-avatar.png&width=230&height=230 Requested by Host: marketplace.dealspotr.com URL: https://marketplace.dealspotr.com/@avita123 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1f18:6699:ef00:117d:6cf:7b:4b0e Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS Software nginx / Resource Hash c53d6766aaaf0e1a49a3f12d635785018ccb2cc21c830aa2b9164f0a1b76e589 Request headers accept-language de-DE,de;q=0.9 Referer https://marketplace.dealspotr.com/@avita123 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers date Fri, 22 Apr 2022 11:48:17 GMT cache-control public, max-age=7776000 last-modified Fri, 07 Jun 2019 23:07:02 GMT server nginx content-length 4315 x-cache HIT content-type image/png
GET H2	200	logo130.png cdn.dealspotr.com/images/statics/	3 KB 3 KB	8ms 8ms	Image image/png	2600:9000:2250:bc00:7:7ff8:a1c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.dealspotr.com/images/statics/logo130.png Requested by Host: marketplace.dealspotr.com URL: https://marketplace.dealspotr.com/@avita123 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2250:bc00:7:7ff8:a1c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash cf4cc0d4d38b72da0868473ac9f908f07d679df016def2c424eec3eb4a47371a Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://marketplace.dealspotr.com/@avita123 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers date Thu, 03 Feb 2022 10:37:54 GMT via 1.1 d71acb203a3e8fc7db2c1cf9725d51da.cloudfront.net (CloudFront) x-content-type-options nosniff age 6743423 x-cache Hit from cloudfront content-length 2842 x-xss-protection 1; mode=block last-modified Thu, 28 Oct 2021 03:43:16 GMT server nginx etag "2e103cf5606a88de0a7bbaaa582ecdf0" x-frame-options DENY content-type image/png access-control-allow-origin * cache-control max-age=7776000 x-amz-cf-pop FRA60-P2 accept-ranges bytes x-amz-cf-id 2b8z5Ycko85k_TqoNF2qAE-Xr8G6kYvbfi5aacjQUrTA2qohvRXD0A==
GET H2	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	29ms 7ms	Script text/javascript	2a00:1450:4001:80e::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: marketplace.dealspotr.com URL: https://marketplace.dealspotr.com/@avita123 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://marketplace.dealspotr.com/@avita123 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Wed, 13 Apr 2022 21:02:38 GMT server Golfe2 age 807 date Fri, 22 Apr 2022 11:34:50 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20006 expires Fri, 22 Apr 2022 13:34:50 GMT
GET H2	200	commons-1aa2a665b5b31cf39062.js Show response cdn.dealspotr.com/bundles/	579 KB 179 KB	17ms 17ms	Script application/javascript	2600:9000:2250:bc00:7:7ff8:a1c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.dealspotr.com/bundles/commons-1aa2a665b5b31cf39062.js Requested by Host: marketplace.dealspotr.com URL: https://marketplace.dealspotr.com/@avita123 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2250:bc00:7:7ff8:a1c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 6a9781d6512d6bbc3dc326cf43a54b23f5a90445f146c82962f57d6a7522da08 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://marketplace.dealspotr.com/@avita123 Origin https://marketplace.dealspotr.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers date Sun, 27 Mar 2022 10:50:07 GMT content-encoding gzip x-content-type-options nosniff age 2249890 via 1.1 6e8224d5f2990b031ca60a58f18ac908.cloudfront.net (CloudFront) x-cache Hit from cloudfront x-xss-protection 1; mode=block last-modified Tue, 28 Dec 2021 18:44:56 GMT server nginx x-frame-options DENY etag W/"14e660b938080dc8c77393c8cca3323b" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control max-age=7776000 x-amz-cf-pop FRA60-P2 x-amz-cf-id adJa6BQkNll-Z_z-lld5CHFA3KZ_G-TC8sjbpkQatFol1nxblEnCCg==
GET H2	200	app-66c26f07e34d5a2cdcdd.js Show response cdn.dealspotr.com/bundles/	2 MB 442 KB	9ms 9ms	Script application/javascript	2600:9000:2250:bc00:7:7ff8:a1c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.dealspotr.com/bundles/app-66c26f07e34d5a2cdcdd.js Requested by Host: marketplace.dealspotr.com URL: https://marketplace.dealspotr.com/@avita123 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2250:bc00:7:7ff8:a1c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash b38c27ebba05d1478ff4177e74de0027385021a601a52483b5dcaa7286c81261 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://marketplace.dealspotr.com/@avita123 Origin https://marketplace.dealspotr.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers date Sat, 26 Mar 2022 23:01:30 GMT content-encoding gzip x-content-type-options nosniff age 2292407 via 1.1 6e8224d5f2990b031ca60a58f18ac908.cloudfront.net (CloudFront) x-cache Hit from cloudfront x-xss-protection 1; mode=block last-modified Tue, 28 Dec 2021 17:54:24 GMT server nginx x-frame-options DENY etag W/"5b423d19c4558c466299a0f5022d11b1" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control max-age=7776000 x-amz-cf-pop FRA60-P2 x-amz-cf-id znu-WBkexw4y1LsZk-zN6stDtGb5o45cHoTdm9R2yMZtZg3JQB9ubQ==
GET H2	200	0116.json Show response script.crazyegg.com/pages/data-scripts/0102/	8 KB 2 KB	47ms 21ms	XHR application/json	2606:4700::6813:9408 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/data-scripts/0102/0116.json?t=1 Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/scripts/0102/0116.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 11b320db222c3e651e68d000a7b69e9e4dd8ef214e0e5a53f53d056c0ac5b83a Request headers accept-language de-DE,de;q=0.9 Referer https://marketplace.dealspotr.com/@avita123 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers date Fri, 22 Apr 2022 11:48:17 GMT content-encoding gzip cf-cache-status HIT age 84274 ce-version 11.1.403 content-length 1577 timing-allow-origin * last-modified Thu, 21 Apr 2022 12:23:43 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/json access-control-allow-origin * access-control-expose-headers CE-Version cache-control public, max-age=300, s-maxage=1209600 accept-ranges bytes cf-ray 6ffe212759cf23f7-ZRH
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 448 B	56ms 18ms	XHR text/plain	2a00:1450:400c:c00::9b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-49492930-1&cid=538353613.1650628097&jid=1623478777&gjid=666030670&_gid=2003418852.1650628097&_u=IGBAgEABAAAAAE~&z=1307594260 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://marketplace.dealspotr.com/@avita123 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Fri, 22 Apr 2022 11:48:17 GMT content-type text/plain access-control-allow-origin https://marketplace.dealspotr.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	collect www.google-analytics.com/	35 B 194 B	6ms 6ms	Image image/gif	2a00:1450:4001:80e::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j96&a=1617068909&t=pageview&_s=1&dl=https%3A%2F%2Fmarketplace.dealspotr.com%2F%40avita123&ul=en-us&de=UTF-8&dt=Avita%20Jewellery%20(%40avita123)%20%7C%20Dealspotr&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IGBAgEAB~&jid=1623478777&gjid=666030670&cid=538353613.1650628097&tid=UA-49492930-1&_gid=2003418852.1650628097&z=1662998369 Requested by Host: marketplace.dealspotr.com URL: https://marketplace.dealspotr.com/@avita123 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://marketplace.dealspotr.com/@avita123 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers pragma no-cache date Thu, 21 Apr 2022 16:02:36 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 71141 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
POST H2	200	/ Show response o1095749.ingest.sentry.io/api/6115612/envelope/	2 B 283 B	39ms 9ms	Fetch application/json	34.120.195.249 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://o1095749.ingest.sentry.io/api/6115612/envelope/?sentry_key=c748e4af2795417f85fa7dc464568401&sentry_version=7 Requested by Host: cdn.dealspotr.com URL: https://cdn.dealspotr.com/bundles/commons-1aa2a665b5b31cf39062.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.120.195.249 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 249.195.120.34.bc.googleusercontent.com Software nginx / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://marketplace.dealspotr.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Fri, 22 Apr 2022 11:48:17 GMT via 1.1 google server nginx vary Origin content-type application/json access-control-allow-origin https://marketplace.dealspotr.com access-control-expose-headers x-sentry-error, x-sentry-rate-limits, retry-after x-envoy-upstream-service-time 0 strict-transport-security max-age=31536000; includeSubDomains; preload alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 2
GET H2	200	11.1.403.js Show response script.crazyegg.com/pages/versioned/common-scripts/	80 KB 26 KB	22ms 22ms	Script text/javascript	2606:4700::6813:9408 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/versioned/common-scripts/11.1.403.js Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/scripts/0102/0116.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a1684874c8bae229c40a136c7ebe1df660961e0722f79076a17ce49294b6e6db Request headers accept-language de-DE,de;q=0.9 Referer https://marketplace.dealspotr.com/@avita123 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers timing-allow-origin * date Fri, 22 Apr 2022 11:48:17 GMT content-encoding gzip cf-cache-status HIT last-modified Thu, 17 Mar 2022 15:34:49 GMT server cloudflare age 84842 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000, s-maxage=31536000 accept-ranges bytes cf-ray 6ffe2128db9a23af-ZRH content-length 26410
GET H2	200	ga-audiences www.google.com/ads/	42 B 501 B	66ms 34ms	Image image/gif	2a00:1450:4001:82a::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-49492930-1&cid=538353613.1650628097&jid=1623478777&_u=IGBAgEABAAAAAE~&z=1599247465 Requested by Host: marketplace.dealspotr.com URL: https://marketplace.dealspotr.com/@avita123 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://marketplace.dealspotr.com/@avita123 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers pragma no-cache date Fri, 22 Apr 2022 11:48:17 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 501 B	65ms 33ms	Image image/gif	2a00:1450:4001:803::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-49492930-1&cid=538353613.1650628097&jid=1623478777&_u=IGBAgEABAAAAAE~&z=1599247465 Requested by Host: marketplace.dealspotr.com URL: https://marketplace.dealspotr.com/@avita123 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://marketplace.dealspotr.com/@avita123 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers pragma no-cache date Fri, 22 Apr 2022 11:48:17 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	0116.json Show response script.crazyegg.com/pages/sampling-data-scripts/0102/ Frame F45E	534 B 328 B	21ms 21ms	XHR application/json	2606:4700::6813:9408 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/sampling-data-scripts/0102/0116.json?t=458507 Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/versioned/common-scripts/11.1.403.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 20f650d6a9e3a66cca306949d9113c98936d40057e2c8947bac16d7bcd225d27 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers date Fri, 22 Apr 2022 11:48:17 GMT content-encoding gzip cf-cache-status HIT age 84546 ce-version 11.1.403 content-length 234 timing-allow-origin * last-modified Thu, 21 Apr 2022 12:19:11 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/json access-control-allow-origin * access-control-expose-headers CE-Version cache-control public, max-age=300, s-maxage=1209600 accept-ranges bytes cf-ray 6ffe21293cb923f7-ZRH
GET H2	200	healthcheck Show response pagestates-tracking.crazyegg.com/ Frame F45E	19 B 418 B	60ms 17ms	XHR binary/octet-stream	18.66.15.115 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://pagestates-tracking.crazyegg.com/healthcheck Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/versioned/common-scripts/11.1.403.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.15.115 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-15-115.vie50.r.cloudfront.net Software AmazonS3 / Resource Hash 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers date Sat, 09 Apr 2022 10:11:21 GMT via 1.1 b159f39ee34c14548a9d9dc3e730676a.cloudfront.net (CloudFront) last-modified Tue, 05 Oct 2021 13:53:30 GMT server AmazonS3 age 1129017 etag "d06f04fccf68d0b228a5923187ce1afd" access-control-max-age 31536000 access-control-allow-methods GET, HEAD content-type binary/octet-stream access-control-allow-origin * x-cache Hit from cloudfront x-amz-cf-pop VIE50-P1 accept-ranges bytes content-length 19 x-amz-cf-id YF5jqYVGVubI90a7ntp2Iuv7UeYmtui3B2LQnhFF--dAnVzkPceVFQ==
GET H2	200	healthcheck Show response assets-tracking.crazyegg.com/ Frame F45E	19 B 421 B	66ms 17ms	XHR binary/octet-stream	18.66.15.69 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets-tracking.crazyegg.com/healthcheck Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/versioned/common-scripts/11.1.403.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.15.69 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-15-69.vie50.r.cloudfront.net Software AmazonS3 / Resource Hash 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers date Tue, 21 Dec 2021 13:24:28 GMT via 1.1 89a6fa6293c9b0bbce683ad0b9f7f538.cloudfront.net (CloudFront) last-modified Tue, 05 Oct 2021 13:53:30 GMT server AmazonS3 age 10535030 etag "d06f04fccf68d0b228a5923187ce1afd" access-control-max-age 31536000 access-control-allow-methods GET, HEAD content-type binary/octet-stream access-control-allow-origin * x-cache Hit from cloudfront x-amz-cf-pop VIE50-P1 accept-ranges bytes content-length 19 x-amz-cf-id RuQgCjKFFLrYhRQsIyzacZKoOQqgfq6lnSLy33muaiVRuZZ895_X9A==
GET BLOB	200 OK	b62d01a3-9914-4297-8bda-1b870d8fe149 https://marketplace.dealspotr.com/	53 B 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://marketplace.dealspotr.com/b62d01a3-9914-4297-8bda-1b870d8fe149 Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 8ff09cd0ee012fe06ed1b67dc914858cde819f21bb479f629994d9e49f3c0049 Request headers accept-language de-DE,de;q=0.9 Referer https://marketplace.dealspotr.com/@avita123 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers Content-Length 53 Content-Type text/javascript
GET H2	200	clock Show response tracking.crazyegg.com/ Frame F45E	26 B 133 B	106ms 41ms	XHR text/plain	54.194.13.59 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tracking.crazyegg.com/clock?t=1650628097585 Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/versioned/common-scripts/11.1.403.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.194.13.59 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-194-13-59.eu-west-1.compute.amazonaws.com Software awselb/2.0 / Resource Hash 5225f0ad97ed3ae42e3bcbbf0d854e231ecd2ddc1c9ae37ba801d358f63e4a7f Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers access-control-allow-origin * date Fri, 22 Apr 2022 11:48:17 GMT cache-control no-store server awselb/2.0 content-length 26 content-type text/plain
GET BLOB	200 OK	2cbcf262-b7f0-471e-a5bb-d9acd95bd8ca https://marketplace.dealspotr.com/	218 B 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://marketplace.dealspotr.com/2cbcf262-b7f0-471e-a5bb-d9acd95bd8ca Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 35aac3025bd69e3f6aef5678bfa52c4880e61dc2f6e70fe32e0d54137aa7c21b Request headers accept-language de-DE,de;q=0.9 Referer https://marketplace.dealspotr.com/@avita123 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers Content-Length 218 Content-Type text/javascript
POST H3	200	/ Show response o1095749.ingest.sentry.io/api/6115612/envelope/	41 B 59 B	24ms 8ms	Fetch application/json	34.120.195.249 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://o1095749.ingest.sentry.io/api/6115612/envelope/?sentry_key=c748e4af2795417f85fa7dc464568401&sentry_version=7 Requested by Host: cdn.dealspotr.com URL: https://cdn.dealspotr.com/bundles/commons-1aa2a665b5b31cf39062.js Protocol H3 Security QUIC, , AES_128_GCM Server 34.120.195.249 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 249.195.120.34.bc.googleusercontent.com Software nginx / Resource Hash 01d9a1e66e12ddcd4cf34d3a7ec8767e2ba52e7c31c7ec2ef8fa91b472f687f4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://marketplace.dealspotr.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Fri, 22 Apr 2022 11:48:18 GMT via 1.1 google server nginx vary Origin content-type application/json access-control-allow-origin https://marketplace.dealspotr.com access-control-expose-headers retry-after, x-sentry-error, x-sentry-rate-limits x-envoy-upstream-service-time 0 strict-transport-security max-age=31536000; includeSubDomains; preload alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 41

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| App string| GoogleAnalyticsObject function| ga boolean| CE_USER_SCRIPT object| CE2 string| CE_USER_DATA_URL object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| webpackChunk object| SENTRY_RELEASE object| SENTRY_RELEASES object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| __SENTRY__ string| CE_USER_COMMON_SCRIPT_URL string| CE_USER_THIRDPARTY_SCRIPT_URL object| CE2BH function| CE_URL_FINGERPRINT

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.dealspotr.com/	1969-12-31 23:59:59	Name: _csrf Value: YtHnGbLIJkhwQRcpfWNT6hou
			.dealspotr.com/	1970-01-20 11:16:04	Name: x_tracking_id Value: 4b417906-f256-448e-b1e5-ae72ebd70ed2
			.dealspotr.com/	1970-01-20 20:01:40	Name: _ga Value: GA1.2.538353613.1650628097
			.dealspotr.com/	1970-01-20 02:31:54	Name: _gid Value: GA1.2.2003418852.1650628097
			.dealspotr.com/	1970-01-20 02:30:28	Name: _gat Value: 1
			.dealspotr.com/	1969-12-31 23:59:59	Name: cebs Value: 1
			.dealspotr.com/	1970-01-20 11:16:04	Name: _ce.s Value: v~976449d0c1cc3c6653947218399d18ada8e21579~vpv~0~v11.rlc~1650628097694

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets-tracking.crazyegg.com
cdn.dealspotr.com
img.dealspotr.com
marketplace.dealspotr.com
o1095749.ingest.sentry.io
pagestates-tracking.crazyegg.com
script.crazyegg.com
stats.g.doubleclick.net
tracking.crazyegg.com
www.google-analytics.com
www.google.com
www.google.de
18.66.15.115
18.66.15.69
2600:1f18:6699:ef00:117d:6cf:7b:4b0e
2600:9000:2250:bc00:7:7ff8:a1c0:93a1
2606:4700::6813:9408
2a00:1450:4001:803::2003
2a00:1450:4001:80e::200e
2a00:1450:4001:82a::2004
2a00:1450:400c:c00::9b
34.120.195.249
52.9.64.153
54.194.13.59
01d9a1e66e12ddcd4cf34d3a7ec8767e2ba52e7c31c7ec2ef8fa91b472f687f4
11b320db222c3e651e68d000a7b69e9e4dd8ef214e0e5a53f53d056c0ac5b83a
156b5bef9776e773f297c52ee04e69cf0f055f9acc9d22505866bb990157645d
20f650d6a9e3a66cca306949d9113c98936d40057e2c8947bac16d7bcd225d27
236247d6d208767c2a4dd05e17210039874af17c157c1eaf80ec24cba433d0e7
30384555288b6b4709cd2797fb1cb7ec7ebbe1266fb058cf55462849a230bcf7
35aac3025bd69e3f6aef5678bfa52c4880e61dc2f6e70fe32e0d54137aa7c21b
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
5225f0ad97ed3ae42e3bcbbf0d854e231ecd2ddc1c9ae37ba801d358f63e4a7f
5ef9a7af7d2c08d22cf80e41107a2baea519861411641b29b121f089985429e0
6a9781d6512d6bbc3dc326cf43a54b23f5a90445f146c82962f57d6a7522da08
7c3f62bc75b940288db40b5418a20c053d5e2b3a68882b9c91de3ddc0bb1098f
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8ff09cd0ee012fe06ed1b67dc914858cde819f21bb479f629994d9e49f3c0049
a1684874c8bae229c40a136c7ebe1df660961e0722f79076a17ce49294b6e6db
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
b38c27ebba05d1478ff4177e74de0027385021a601a52483b5dcaa7286c81261
c53d6766aaaf0e1a49a3f12d635785018ccb2cc21c830aa2b9164f0a1b76e589
cf4cc0d4d38b72da0868473ac9f908f07d679df016def2c424eec3eb4a47371a
cf8d00951ef0d3eb47ba9768d49fe6abc3254f0a883dc98811e4340aa3f813cb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629