urlscan.io logo urlscan.io
SecurityTrails logo

orthographe.notretemps.com Open in urlscan Pro
2a0b:440:1020:22::3b9  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://t.prod1.emailing.notretemps.com/r/?id=h767ac548,5f521cf7,8001e4ee
Effective URL: https://orthographe.notretemps.com/
Submission: On August 13 via api from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 4 countries across 6 domains to perform 35 HTTP transactions. The main IP is 2a0b:440:1020:22::3b9, located in Germany and belongs to DE-RACKSPACE Frankfurt, Germany, GB. The main domain is orthographe.notretemps.com.
TLS certificate: Issued by R3 on June 11th 2023. Valid for: 3 months.
This is the only time orthographe.notretemps.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 52.19.129.124 16509 (AMAZON-02)
4 2a0b:440:1020... 39921 (DE-RACKSP...)
5 65.9.66.110 16509 (AMAZON-02)
6 2a04:4e42:600... 54113 (FASTLY)
1 143.204.98.65 16509 (AMAZON-02)
3 92.243.17.105 203476 (GANDI-AS-...)
6 2600:9000:223... 16509 (AMAZON-02)
3 2600:9000:225... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
35 9
1    52.19.129.124 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-129-124.eu-west-1.compute.amazonaws.com
t.prod1.emailing.notretemps.com
4    2a0b:440:1020:22::3b9 (Germany)

ASN39921 (DE-RACKSPACE Frankfurt, Germany, GB)
orthographe.notretemps.com
www.gymglish.com
5    65.9.66.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-110.fra56.r.cloudfront.net
www.notretemps.com
6    2a04:4e42:600::591 (United States)

ASN54113 (FASTLY, US)
fastly-a9fast-com.freetls.fastly.net
1    143.204.98.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-65.fra50.r.cloudfront.net
sso.notretemps.com
3    92.243.17.105 (France)

ASN203476 (GANDI-AS-2 Domain name registrar - www.gandi.net, FR)
PTR: xvm-17-105.dc0.ghst.net
www.wysistat.com
6    2600:9000:223d:ce00:a:9c85:8d80:93a1 (United States)

ASN16509 (AMAZON-02, US)
t.notretemps.com
3    2600:9000:2251:4600:5:b7cc:d3c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
sdk.privacy-center.org
1    2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
Apex Domain
Subdomains		 Transfer
15 notretemps.com
t.prod1.emailing.notretemps.com
orthographe.notretemps.com
www.notretemps.com — Cisco Umbrella Rank: 906448
sso.notretemps.com
t.notretemps.com
470 KB
6 fastly.net
fastly-a9fast-com.freetls.fastly.net — Cisco Umbrella Rank: 813123
372 KB
3 privacy-center.org
sdk.privacy-center.org — Cisco Umbrella Rank: 6791
135 KB
3 wysistat.com
www.wysistat.com — Cisco Umbrella Rank: 78981
6 KB
2 gymglish.com
www.gymglish.com — Cisco Umbrella Rank: 684329
356 B
1 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 130
455 B
35 6
Domain Requested by
6 t.notretemps.com orthographe.notretemps.com
t.notretemps.com
fastly-a9fast-com.freetls.fastly.net
6 fastly-a9fast-com.freetls.fastly.net orthographe.notretemps.com
fastly-a9fast-com.freetls.fastly.net
5 www.notretemps.com orthographe.notretemps.com
www.notretemps.com
3 sdk.privacy-center.org orthographe.notretemps.com
sdk.privacy-center.org
3 www.wysistat.com orthographe.notretemps.com
www.wysistat.com
2 www.gymglish.com fastly-a9fast-com.freetls.fastly.net
2 orthographe.notretemps.com fastly-a9fast-com.freetls.fastly.net
1 pagead2.googlesyndication.com t.notretemps.com
1 sso.notretemps.com orthographe.notretemps.com
1 t.prod1.emailing.notretemps.com 1 redirects
35 10
Subject Issuer Validity Valid
orthographe.notretemps.com
R3		 2023-06-11 -
2023-09-09		 3 months crt.sh
notretemps.com
Amazon RSA 2048 M02		 2023-02-19 -
2024-03-19		 a year crt.sh
*.freetls.fastly.net
GlobalSign Atlas R3 DV TLS CA 2023 Q1		 2023-02-05 -
2024-03-08		 a year crt.sh
sso.notretemps.com
Amazon RSA 2048 M01		 2023-02-22 -
2024-01-08		 a year crt.sh
www.wysistat.com
Gandi Standard SSL CA 2		 2023-05-04 -
2024-05-29		 a year crt.sh
t.notretemps.com
Amazon RSA 2048 M02		 2023-07-11 -
2024-08-08		 a year crt.sh
*.privacy-center.org
Amazon RSA 2048 M02		 2023-03-25 -
2024-04-22		 a year crt.sh
gymglish.com
R3		 2023-06-17 -
2023-09-15		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-07-17 -
2023-10-09		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://orthographe.notretemps.com/
Frame ID: 080681DC11BAAA74DA0B0697713EEDAF
Requests: 36 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Cours de français orthographe et expression écrite avec Notretemps.com et Gymglish

Page URL History Show full URLs

  1. https://t.prod1.emailing.notretemps.com/r/?id=h767ac548,5f521cf7,8001e4ee HTTP 302
    https://orthographe.notretemps.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • sdk\.privacy-center\.org/.*/loader\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

35
Requests

83 %
HTTPS

56 %
IPv6

6
Domains

10
Subdomains

9
IPs

4
Countries

984 kB
Transfer

3783 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.prod1.emailing.notretemps.com/r/?id=h767ac548,5f521cf7,8001e4ee HTTP 302
    https://orthographe.notretemps.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

35 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
orthographe.notretemps.com/
Redirect Chain
  • https://t.prod1.emailing.notretemps.com/r/?id=h767ac548,5f521cf7,8001e4ee
  • https://orthographe.notretemps.com/
87 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://orthographe.notretemps.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a0b:440:1020:22::3b9 , Germany, ASN39921 (DE-RACKSPACE Frankfurt, Germany, GB),
Reverse DNS
Software
Apache /
Resource Hash
df46b7043c494f21ad222366207573dd8420e08ebf2da3f2604b8edab4b66a5e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=600, public
content-encoding
gzip
content-length
17193
content-type
text/html; charset=utf-8
date
Sun, 13 Aug 2023 04:51:21 GMT
referrer-policy
same-origin
server
Apache
strict-transport-security
max-age=63072000
vary
X-A9-Content-Only,Host,Accept-Encoding
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

content-length
17
content-type
text/plain; charset=utf-8
date
Sun, 13 Aug 2023 04:51:21 GMT
location
https://orthographe.notretemps.com/
p3p
CP="CAO DSP COR CURa DEVa TAIa OUR BUS IND UNI COM NAV"
server
Apache
x-robots-tag
noindex
notretemps.css
www.notretemps.com/css/ 		280 KB
44 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.notretemps.com/css/notretemps.css?version=0.6.4
Requested by
Host: orthographe.notretemps.com
URL: https://orthographe.notretemps.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-110.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
88537c796eaf8385c25ba27f3ee8cc20a7080f7eb7fe65c596fa6bde11c4327c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 02 Aug 2023 08:02:45 GMT
content-encoding
gzip
via
1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
last-modified
Wed, 02 Aug 2023 07:59:13 GMT
server
nginx
x-amz-cf-pop
FRA56-C1
age
938916
etag
W/"64ca0cd1-45e09"
x-cache
Hit from cloudfront
content-type
text/css
access-control-allow-origin
quiz.notretemps.com
cache-control
max-age=31104000, public
x-amz-cf-id
YhdUbZqKPzcmXXNZXPexuBB-c9tOLTEuMN-vTSsT0jYgOnwwpTXkPQ==
minimal.js
www.notretemps.com/js/ 		182 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.notretemps.com/js/minimal.js?version=0.6.4
Requested by
Host: orthographe.notretemps.com
URL: https://orthographe.notretemps.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-110.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
4c842e097c4ce8e92fe984a7ad6311cf27126d43a0dd45502fb9d2c7d0609bb2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 02 Aug 2023 08:02:44 GMT
content-encoding
gzip
via
1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
last-modified
Wed, 02 Aug 2023 07:59:13 GMT
server
nginx
x-amz-cf-pop
FRA56-C1
age
938917
etag
W/"64ca0cd1-2d767"
x-cache
Hit from cloudfront
content-type
application/javascript
access-control-allow-origin
quiz.notretemps.com
cache-control
max-age=31104000, public
x-amz-cf-id
t94kzbyAM7AcY2PdAeN0bYvUPaNhhz1QPIue08zF3ls9u5bU2raQEQ==
app.js
www.notretemps.com/js/ 		53 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.notretemps.com/js/app.js?version=0.6.4
Requested by
Host: orthographe.notretemps.com
URL: https://orthographe.notretemps.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-110.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
5a5f620806afabbc176d04ac3617d811316004f27f245ce6e81b5dc30c78592a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 02 Aug 2023 08:02:44 GMT
content-encoding
gzip
via
1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
last-modified
Wed, 02 Aug 2023 07:59:13 GMT
server
nginx
x-amz-cf-pop
FRA56-C1
age
938917
etag
W/"64ca0cd1-d216"
x-cache
Hit from cloudfront
content-type
application/javascript
access-control-allow-origin
quiz.notretemps.com
cache-control
max-age=31104000, public
x-amz-cf-id
rLJ2Hi9F1vc-FzbnIaogs3p4V-5Fb7mqNgGzz4P20-ZWYffWxb4Kww==
icomoon.woff2
www.notretemps.com/fonts/ 		0
0
montserrat-latin.woff2
www.notretemps.com/fonts/ 		0
0
montserrat-bold-latin.woff2
www.notretemps.com/fonts/ 		0
0
opensans-latin.woff2
www.notretemps.com/fonts/ 		0
0
opensans-bold-latin.woff2
www.notretemps.com/fonts/ 		0
0
website-kiev-webpartner-c0f699fdc77220c00a754f09a820d999.min.css
fastly-a9fast-com.freetls.fastly.net/static-s3/css/dist/ 		641 KB
78 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fastly-a9fast-com.freetls.fastly.net/static-s3/css/dist/website-kiev-webpartner-c0f699fdc77220c00a754f09a820d999.min.css
Requested by
Host: orthographe.notretemps.com
URL: https://orthographe.notretemps.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::591 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.14.1 /
Resource Hash
e571e5d3249a529955ebddca04ded0ea4244b41fa8ba291f3562033f33eb6139

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sun, 13 Aug 2023 04:51:21 GMT
content-encoding
gzip
via
1.1 varnish
age
324456
x-amz-server-side-encryption
AES256
x-cache
HIT
content-length
80017
x-served-by
cache-fra-eddf8230064-FRA
last-modified
Wed, 09 Aug 2023 10:41:35 GMT
server
nginx/1.14.1
x-timer
S1691902282.922792,VS0,VE1
etag
W/"c0f699fdc77220c00a754f09a820d999"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000, public
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type,Content-Range,Range,Origin,Accept,Accept-Encoding
x-cache-hits
1
keycloak.min.js
sso.notretemps.com/auth/js/ 		33 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sso.notretemps.com/auth/js/keycloak.min.js
Requested by
Host: orthographe.notretemps.com
URL: https://orthographe.notretemps.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-65.fra50.r.cloudfront.net
Software
nginx /
Resource Hash
e8da39a835718cf509623f39398d0c9e18f049898c4af01615bac1d1385a0a3a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sat, 12 Aug 2023 13:39:02 GMT
content-encoding
gzip
via
1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
age
54751
x-cache
Hit from cloudfront
last-modified
Wed, 02 Feb 2022 19:41:07 GMT
server
nginx
etag
W/"61fade53-82cc"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, PATCH
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Authorization, X-Total-Count
access-control-allow-credentials
true
access-control-allow-headers
Connection, Accept, Content-Type, Content-length, Authorization, Origin, X-Api-Key, X-Requested-With, X-Orange-Alias
x-amz-cf-id
Mt820v34jEK3vcwijIhayld7lLucsnVuCdfTSfNcn0Y2Ye5yBjY6mw==
jquery-bs-588006d67e4d9f714827468d51981c22.min.js
fastly-a9fast-com.freetls.fastly.net/static-s3/js/dist/ 		699 KB
176 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fastly-a9fast-com.freetls.fastly.net/static-s3/js/dist/jquery-bs-588006d67e4d9f714827468d51981c22.min.js
Requested by
Host: orthographe.notretemps.com
URL: https://orthographe.notretemps.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::591 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.14.1 /
Resource Hash
1c7d71501b818e345e3c916f2e27268fb9f34531c5a16490e0116162f1860e1e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sun, 13 Aug 2023 04:51:21 GMT
content-encoding
gzip
via
1.1 varnish
age
188449
x-amz-server-side-encryption
AES256
x-cache
HIT
content-length
179730
x-served-by
cache-fra-eddf8230064-FRA
last-modified
Wed, 22 Feb 2023 10:09:04 GMT
server
nginx/1.14.1
x-timer
S1691902282.922984,VS0,VE2
etag
W/"588006d67e4d9f714827468d51981c22"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, public
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type,Content-Range,Range,Origin,Accept,Accept-Encoding
x-cache-hits
1
website-kiev-a7d2ad15e27df1820ba8f58141265b8b.min.js
fastly-a9fast-com.freetls.fastly.net/static-s3/js/dist/ 		78 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fastly-a9fast-com.freetls.fastly.net/static-s3/js/dist/website-kiev-a7d2ad15e27df1820ba8f58141265b8b.min.js
Requested by
Host: orthographe.notretemps.com
URL: https://orthographe.notretemps.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::591 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.14.1 /
Resource Hash
b2af084829cc22c7d1d46ef9f9d92387fcab3cf14af4a83a97e8dd9f31fa4fd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sun, 13 Aug 2023 04:51:21 GMT
content-encoding
gzip
via
1.1 varnish
age
445199
x-amz-server-side-encryption
AES256
x-cache
HIT
content-length
28180
x-served-by
cache-fra-eddf8230064-FRA
last-modified
Wed, 19 Jul 2023 08:57:49 GMT
server
nginx/1.14.1
x-timer
S1691902282.922773,VS0,VE0
etag
W/"a7d2ad15e27df1820ba8f58141265b8b"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, public
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type,Content-Range,Range,Origin,Accept,Accept-Encoding
x-cache-hits
2
ws.jsa
www.wysistat.com/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.wysistat.com/ws.jsa
Requested by
Host: orthographe.notretemps.com
URL: https://orthographe.notretemps.com/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
92.243.17.105 , France, ASN203476 (GANDI-AS-2 Domain name registrar - www.gandi.net, FR),
Reverse DNS
xvm-17-105.dc0.ghst.net
Software
Apache/2.2.22 (Ubuntu) /
Resource Hash
8351e134b338dd61dcb0dc8a01844f731bb5ab8503371cf84cec49126b1e4456

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date
Sun, 13 Aug 2023 04:51:22 GMT
Last-Modified
Wed, 15 Dec 2021 10:02:33 GMT
Server
Apache/2.2.22 (Ubuntu)
ETag
"4005e-b5e-5d32c6796c40d"
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
2910
gtm.js
t.notretemps.com/ 		385 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.notretemps.com/gtm.js?id=GTM-KP37JNG
Requested by
Host: orthographe.notretemps.com
URL: https://orthographe.notretemps.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ce00:a:9c85:8d80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1808464641974179d18d34dd01f90cd923e90e68a4d1f98268a3a873c1c38c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sun, 13 Aug 2023 04:51:22 GMT
content-encoding
gzip
via
1.1 f3e00d74aa4544d776f78a159416d17a.cloudfront.net (CloudFront)
last-modified
Sun, 13 Aug 2023 03:00:00 GMT
server
nginx
x-amz-cf-pop
FRA56-P3
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
private, max-age=900
x-amz-cf-id
P1mKdhKOjizyATUmLbYhQtrw3awgWWC5V01NLJ45Bo4wXAWpe56UxA==
expires
Sun, 13 Aug 2023 05:05:29 GMT
gtm.js
t.notretemps.com/ 		373 KB
111 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.notretemps.com/gtm.js?id=GTM-PQ9M68D
Requested by
Host: orthographe.notretemps.com
URL: https://orthographe.notretemps.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ce00:a:9c85:8d80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
9de39fc4e7ffb197cbd325da08876fa080764ab7214e6d939209b11954f1e2a0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sun, 13 Aug 2023 04:51:22 GMT
content-encoding
gzip
via
1.1 f3e00d74aa4544d776f78a159416d17a.cloudfront.net (CloudFront)
last-modified
Sun, 13 Aug 2023 03:00:00 GMT
server
nginx
x-amz-cf-pop
FRA56-P3
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
private, max-age=900
x-amz-cf-id
jK0hZyP9E5YXLJN3POildl88s_8r3Leld5ZMmh4MYvzbkHXfM7FKow==
expires
Sun, 13 Aug 2023 05:06:19 GMT
icomoon.woff2
www.notretemps.com/fonts/ 		0
0
memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fastly-a9fast-com.freetls.fastly.net/static-s3/css/dist/fonts/gfonts/OpenSans/ 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fastly-a9fast-com.freetls.fastly.net/static-s3/css/dist/fonts/gfonts/OpenSans/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
Requested by
Host: fastly-a9fast-com.freetls.fastly.net
URL: https://fastly-a9fast-com.freetls.fastly.net/static-s3/css/dist/website-kiev-webpartner-c0f699fdc77220c00a754f09a820d999.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::591 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.14.1 /
Resource Hash
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

Request headers

Referer
https://fastly-a9fast-com.freetls.fastly.net/static-s3/css/dist/website-kiev-webpartner-c0f699fdc77220c00a754f09a820d999.min.css
Origin
https://orthographe.notretemps.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sun, 13 Aug 2023 04:51:22 GMT
via
1.1 varnish
age
799794
x-cache
HIT
content-length
16740
x-served-by
cache-fra-eddf8230112-FRA
last-modified
Fri, 04 Nov 2022 10:46:36 GMT
server
nginx/1.14.1
x-timer
S1691902282.057010,VS0,VE1
etag
"e43b535855a4ae53bd5b07a6eeb3bf67"
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000, public
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type,Content-Range,Range,Origin,Accept,Accept-Encoding
x-cache-hits
1
SlGDmQSNjdsmc35JDF1K5E55YMjF_7DPuGi-6_RkBI9_.woff2
fastly-a9fast-com.freetls.fastly.net/static-s3/css/dist/fonts/gfonts/EBGaramond/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fastly-a9fast-com.freetls.fastly.net/static-s3/css/dist/fonts/gfonts/EBGaramond/SlGDmQSNjdsmc35JDF1K5E55YMjF_7DPuGi-6_RkBI9_.woff2
Requested by
Host: fastly-a9fast-com.freetls.fastly.net
URL: https://fastly-a9fast-com.freetls.fastly.net/static-s3/css/dist/website-kiev-webpartner-c0f699fdc77220c00a754f09a820d999.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::591 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.14.1 /
Resource Hash
142d7e873b9d8d550b53e6e55bac7a11ed1f2c0aa5e2d49966cde5ce3c00faec

Request headers

Referer
https://fastly-a9fast-com.freetls.fastly.net/static-s3/css/dist/website-kiev-webpartner-c0f699fdc77220c00a754f09a820d999.min.css
Origin
https://orthographe.notretemps.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sun, 13 Aug 2023 04:51:22 GMT
via
1.1 varnish
age
1058775
x-cache
HIT
content-length
20512
x-served-by
cache-fra-eddf8230112-FRA
last-modified
Tue, 08 Nov 2022 10:06:58 GMT
server
nginx/1.14.1
x-timer
S1691902282.057198,VS0,VE1
etag
"b9d3155a4e574f9e56b2fca21703bb4f"
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000, public
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type,Content-Range,Range,Origin,Accept,Accept-Encoding
x-cache-hits
1
logo.svg
www.notretemps.com/images/notretemps/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.notretemps.com/images/notretemps/logo.svg
Requested by
Host: orthographe.notretemps.com
URL: https://orthographe.notretemps.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-110.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
11a4e3762b6df9db7ae00faf0ba1748ae3e5d04b26391fd7bb12454ba8f0dadd

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 20 Jul 2023 05:27:15 GMT
content-encoding
gzip
via
1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
last-modified
Wed, 19 Jul 2023 12:18:20 GMT
server
nginx
x-amz-cf-pop
FRA56-C1
age
2071447
etag
W/"64b7d48c-bd4"
x-cache
Hit from cloudfront
content-type
image/svg+xml
access-control-allow-origin
quiz.notretemps.com
cache-control
max-age=31104000, public
x-amz-cf-id
WPKh_5agN1P9I96-LWKRPFuhN090Ih27XYtR5aKtvvOMajw9Fw4hzQ==
ftqOrtho_frame_495x650px_landscape.png.__a9webp__.webp
fastly-a9fast-com.freetls.fastly.net/www.gymglish.com/static/images/site/product-frames/ 		53 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fastly-a9fast-com.freetls.fastly.net/www.gymglish.com/static/images/site/product-frames/ftqOrtho_frame_495x650px_landscape.png.__a9webp__.webp?w=224
Requested by
Host: orthographe.notretemps.com
URL: https://orthographe.notretemps.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::591 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.14.1 /
Resource Hash
0434e0ac4e998b680073143a10cfe294efca7fc93d7b6f2553be27e5cd42e050

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sun, 13 Aug 2023 04:51:22 GMT
via
1.1 varnish
age
2235294
x-cache
HIT
x-compression-rate
1.00
content-length
54571
x-served-by
cache-fra-eddf8230064-FRA
server
nginx/1.14.1
x-timer
S1691902282.117440,VS0,VE1
etag
W/"231431-4053550950"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000, public
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type,Content-Range,Range,Origin,Accept,Accept-Encoding
x-cache-hits
1
statistique.js
www.wysistat.com/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.wysistat.com/statistique.js
Requested by
Host: www.wysistat.com
URL: https://www.wysistat.com/ws.jsa
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
92.243.17.105 , France, ASN203476 (GANDI-AS-2 Domain name registrar - www.gandi.net, FR),
Reverse DNS
xvm-17-105.dc0.ghst.net
Software
Apache/2.2.22 (Ubuntu) / PHP/5.4.6-1ubuntu1.5
Resource Hash
662b25f13ac440a28e31ed0b909d64f8e0ade97b9d9c2b123e1485c091fe21e4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date
Sun, 13 Aug 2023 04:51:22 GMT
Content-Encoding
gzip
Last-Modified
Fri, 03 Mar 2023 13:24:11 GMT
Server
Apache/2.2.22 (Ubuntu)
X-Powered-By
PHP/5.4.6-1ubuntu1.5
Vary
Accept-Encoding
Content-Type
application/x-javascript; charset=ISO8859-15
Cache-Control
public, max-age=129600, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
2355
loader.js
sdk.privacy-center.org/62d49a58-db6d-4c51-8765-ffeab500ecb9/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sdk.privacy-center.org/62d49a58-db6d-4c51-8765-ffeab500ecb9/loader.js?target=orthographe.notretemps.com
Requested by
Host: orthographe.notretemps.com
URL: https://orthographe.notretemps.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:4600:5:b7cc:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
f3781bcfaf486555f4f13c3d9ce5542820c85ae9cd9c7ec3e6f05aa65bedcaba

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sun, 13 Aug 2023 04:51:22 GMT
content-encoding
gzip
via
1.1 2a44338adc8233e5b25aca28287a69c8.cloudfront.net (CloudFront)
x-didomi-remote-config-source
Lambda
server
CloudFront
x-amz-cf-pop
FRA60-P3
etag
"a9e82d48709582a555032f652617ac64"
x-cache
Miss from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=7200, public
content-length
5223
x-amz-cf-id
34RQMNguzzvYc3Db1OhsSGGArPpGPcT3Ydr_ORbGMmseBHBEA9Ourw==
geoip-countrycode
www.gymglish.com/api/website/1/ 		2 B
39 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.gymglish.com/api/website/1/geoip-countrycode
Requested by
Host: fastly-a9fast-com.freetls.fastly.net
URL: https://fastly-a9fast-com.freetls.fastly.net/static-s3/js/dist/jquery-bs-588006d67e4d9f714827468d51981c22.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a0b:440:1020:22::3b9 , Germany, ASN39921 (DE-RACKSPACE Frankfurt, Germany, GB),
Reverse DNS
Software
Apache /
Resource Hash
6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sun, 13 Aug 2023 04:51:22 GMT
strict-transport-security
max-age=63072000
x-content-type-options
nosniff
referrer-policy
same-origin
server
Apache
vary
Accept-Language,Host,Origin
access-control-allow-methods
POST, GET, PUT
content-language
de
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://orthographe.notretemps.com
cache-control
max-age=3600, private
access-control-allow-credentials
true
x-frame-options
DENY
content-length
2
x-xss-protection
1; mode=block
geoip-countrycode
www.gymglish.com/api/website/1/ 		2 B
317 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.gymglish.com/api/website/1/geoip-countrycode
Requested by
Host: fastly-a9fast-com.freetls.fastly.net
URL: https://fastly-a9fast-com.freetls.fastly.net/static-s3/js/dist/jquery-bs-588006d67e4d9f714827468d51981c22.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a0b:440:1020:22::3b9 , Germany, ASN39921 (DE-RACKSPACE Frankfurt, Germany, GB),
Reverse DNS
Software
Apache /
Resource Hash
6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sun, 13 Aug 2023 04:51:22 GMT
strict-transport-security
max-age=63072000
x-content-type-options
nosniff
referrer-policy
same-origin
server
Apache
vary
Accept-Language,Host,Origin
access-control-allow-methods
POST, GET, PUT
content-language
de
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://orthographe.notretemps.com
cache-control
max-age=3600, private
access-control-allow-credentials
true
x-frame-options
DENY
content-length
2
x-xss-protection
1; mode=block
truncated
/ 		470 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9055f366a3f6bc02f14b8d3f8f25e889ca9c67ed60a6e8eeb36168b27ecfe1fe

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type
image/svg+xml
keycloak.json
orthographe.notretemps.com/ 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://orthographe.notretemps.com/keycloak.json
Requested by
Host: fastly-a9fast-com.freetls.fastly.net
URL: https://fastly-a9fast-com.freetls.fastly.net/static-s3/js/dist/jquery-bs-588006d67e4d9f714827468d51981c22.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a0b:440:1020:22::3b9 , Germany, ASN39921 (DE-RACKSPACE Frankfurt, Germany, GB),
Reverse DNS
Software
Apache /
Resource Hash
0f1d73c5427ceeada7a220fa75c5e25cc82576f5c4474747c2cae5d07627c0f2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://orthographe.notretemps.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sun, 13 Aug 2023 04:51:22 GMT
strict-transport-security
max-age=63072000
x-content-type-options
nosniff
referrer-policy
same-origin
server
Apache
vary
Host
x-frame-options
DENY
content-type
text/html; charset=utf-8
content-length
2618
x-xss-protection
1; mode=block
compteur.php
www.wysistat.com/images/notretemps/ 		43 B
267 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.wysistat.com/images/notretemps/compteur.php?nom=notretemps&tps=2251&ecran=1600x1200&origine=&origine_force=&frame=0&ParaWysistat=0&CompteurExtranet=0&consent=0&event=&ParaPage=0&ParaProfiling=0&ParaCompte=0&ParaRoi=0&ojd_version=2&cookie=1&deja_cookie=0&id=0.42788888980221196_1691902282202&id_int=0.42788888980221196_1691902282202&compteur_mois=1&compteur_jour=1&deja_id=0&vu_diff_jour=0&vu_time_prec=1691902282&page_js=https%3A//orthographe.notretemps.com/
Requested by
Host: orthographe.notretemps.com
URL: https://orthographe.notretemps.com/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
92.243.17.105 , France, ASN203476 (GANDI-AS-2 Domain name registrar - www.gandi.net, FR),
Reverse DNS
xvm-17-105.dc0.ghst.net
Software
Apache/2.2.22 (Ubuntu) / PHP/5.4.6-1ubuntu1.5
Resource Hash
872ffa9dc91dfe681b9be82cbb41cbcdc0985e77ab27e1583e38d84e1543cb74

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date
Sun, 13 Aug 2023 04:51:22 GMT
Server
Apache/2.2.22 (Ubuntu)
Connection
Keep-Alive
X-Powered-By
PHP/5.4.6-1ubuntu1.5
Content-Length
43
Keep-Alive
timeout=5, max=98
Content-Type
image/gif
sdk.41aa1ade61dfb4cddeb2ff315581da1ed8b3c926.js
sdk.privacy-center.org/sdk/41aa1ade61dfb4cddeb2ff315581da1ed8b3c926/modern/ 		320 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sdk.privacy-center.org/sdk/41aa1ade61dfb4cddeb2ff315581da1ed8b3c926/modern/sdk.41aa1ade61dfb4cddeb2ff315581da1ed8b3c926.js
Requested by
Host: sdk.privacy-center.org
URL: https://sdk.privacy-center.org/62d49a58-db6d-4c51-8765-ffeab500ecb9/loader.js?target=orthographe.notretemps.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:4600:5:b7cc:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
aec7ea3b05d3379c7d69df9571c12ce44fb21194ed3243121c752bd85793c6af

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 09:57:36 GMT
content-encoding
gzip
via
1.1 2a44338adc8233e5b25aca28287a69c8.cloudfront.net (CloudFront)
last-modified
Mon, 07 Aug 2023 09:51:48 GMT
server
AmazonS3
x-amz-meta-s3cmd-attrs
atime:1691401511/ctime:1691401511/gid:0/gname:root/md5:8b7b3d3de93b59ac14edb286d0afe437/mode:33188/mtime:1691401511/uid:0/uname:root
x-amz-cf-pop
FRA60-P3
age
500027
etag
W/"8b7b3d3de93b59ac14edb286d0afe437"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-cf-id
JAzjyPoyLNqvBY0R7oiaxuxPqzS1WUuy8Bpou92tNfnasnU1Qrumjw==
ui-gdpr-en-web.41aa1ade61dfb4cddeb2ff315581da1ed8b3c926.js
sdk.privacy-center.org/sdk/41aa1ade61dfb4cddeb2ff315581da1ed8b3c926/modern/ 		227 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sdk.privacy-center.org/sdk/41aa1ade61dfb4cddeb2ff315581da1ed8b3c926/modern/ui-gdpr-en-web.41aa1ade61dfb4cddeb2ff315581da1ed8b3c926.js
Requested by
Host: sdk.privacy-center.org
URL: https://sdk.privacy-center.org/sdk/41aa1ade61dfb4cddeb2ff315581da1ed8b3c926/modern/sdk.41aa1ade61dfb4cddeb2ff315581da1ed8b3c926.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:4600:5:b7cc:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3d0a8e1aafd5006c52a529e82dbca27875928074596f2d0de0fea88f993370df

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 09:57:43 GMT
content-encoding
gzip
via
1.1 2a44338adc8233e5b25aca28287a69c8.cloudfront.net (CloudFront)
last-modified
Mon, 07 Aug 2023 09:52:08 GMT
server
AmazonS3
x-amz-meta-s3cmd-attrs
atime:1691401511/ctime:1691401511/gid:0/gname:root/md5:c7008e2f85bcf5d58c418ef07ba9fa5c/mode:33188/mtime:1691401511/uid:0/uname:root
x-amz-cf-pop
FRA60-P3
age
500020
etag
W/"c7008e2f85bcf5d58c418ef07ba9fa5c"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-cf-id
ZVxu0kz29qRufHiIQL0gPxWkO6rOCDOrNl4JQt8Z1u29aqrRDIngpg==
landing
pagead2.googlesyndication.com/pagead/ 		42 B
455 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/landing?gcs=G100&gcd=G100&rnd=1109101216.1691902283&url=https%3A%2F%2Forthographe.notretemps.com%2F&gtm=45Fe3890n81KP37JNG
Requested by
Host: t.notretemps.com
URL: https://t.notretemps.com/gtm.js?id=GTM-KP37JNG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 13 Aug 2023 04:51:22 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
analytics.js
t.notretemps.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.notretemps.com/analytics.js
Requested by
Host: t.notretemps.com
URL: https://t.notretemps.com/gtm.js?id=GTM-PQ9M68D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ce00:a:9c85:8d80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sun, 13 Aug 2023 03:43:00 GMT
content-encoding
gzip
via
1.1 f3e00d74aa4544d776f78a159416d17a.cloudfront.net (CloudFront)
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
nginx
x-amz-cf-pop
FRA56-P3
age
4134
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public, max-age=7200
x-amz-cf-id
Da9nFJZnfyouvFAfL5TW3OK29e743C5qBWq9KKRo6PnzbDNol7HCAQ==
expires
Sun, 13 Aug 2023 05:42:08 GMT
logo.svg
www.notretemps.com/images/notretemps/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.notretemps.com/images/notretemps/logo.svg
Requested by
Host: orthographe.notretemps.com
URL: https://orthographe.notretemps.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-110.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
11a4e3762b6df9db7ae00faf0ba1748ae3e5d04b26391fd7bb12454ba8f0dadd

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 20 Jul 2023 05:27:15 GMT
content-encoding
gzip
via
1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
last-modified
Wed, 19 Jul 2023 12:18:20 GMT
server
nginx
x-amz-cf-pop
FRA56-C1
age
2071447
etag
W/"64b7d48c-bd4"
x-cache
Hit from cloudfront
content-type
image/svg+xml
access-control-allow-origin
quiz.notretemps.com
cache-control
max-age=31104000, public
x-amz-cf-id
itQ-6eTVJjIIGIRWaOkq-LycBnz9PRwVyxXBLfPTUrtl-XDEax4vTw==
js
t.notretemps.com/gtag/ 		247 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.notretemps.com/gtag/js?id=G-1KYSRH2EDD&l=dataLayer&cx=c&sign=bc19e308cc4fed85c1fed0075c1319e49470cb732511381637bc477ad5b78e07_20230813
Requested by
Host: t.notretemps.com
URL: https://t.notretemps.com/gtm.js?id=GTM-KP37JNG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ce00:a:9c85:8d80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
4f366b79be770a80bbb89749b8efcc418ab398866e8ffa8cfae05a7cb06f218f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sun, 13 Aug 2023 04:51:22 GMT
content-encoding
gzip
via
1.1 f3e00d74aa4544d776f78a159416d17a.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA56-P3
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
private, max-age=900
x-amz-cf-id
IQ_ENiOa8Resv5rJdWOkCxyy8jCv4xy9ZeFoSdwv_pW3mkG81fBGHw==
expires
Sun, 13 Aug 2023 05:05:43 GMT
linkid.js
t.notretemps.com/plugins/ua/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.notretemps.com/plugins/ua/linkid.js
Requested by
Host: t.notretemps.com
URL: https://t.notretemps.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ce00:a:9c85:8d80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sun, 13 Aug 2023 04:14:08 GMT
content-encoding
gzip
via
1.1 f3e00d74aa4544d776f78a159416d17a.cloudfront.net (CloudFront)
last-modified
Fri, 30 Jun 2023 18:58:00 GMT
server
nginx
x-amz-cf-pop
FRA56-P3
age
2248
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public, max-age=3600
x-amz-cf-id
56PZNjmyNGdz_Nj5cjmMuKhzhnFQA0rEKojaihcG93eRiktSu54YFw==
expires
Sun, 13 Aug 2023 05:13:54 GMT
collect
t.notretemps.com/g/ 		65 B
484 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.notretemps.com/g/collect?v=2&tid=G-1KYSRH2EDD&gtm=45he3890&_p=1522352304&gcs=G100&gdid=dMTc4Zm&cid=1921200656.1691902283&ul=en-us&sr=1600x1200&_fplc=0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&sst.uc=&sst.rnd=1109101216.1691902283&sst.ngs=1&sst.gcd=G100&_s=1&dl=https%3A%2F%2Forthographe.notretemps.com%2F&sid=1691902282&sct=1&seg=0&dt=&en=didomi_view&_fv=1&_ss=1&ep.page_hostname=orthographe.notretemps.com&ep.gtm_container_id=GTM-KP37JNG&ep.h1=6%20H1%20%3A%20Oops!&ep.canonical=null&ep.browser_size=1600*1200&ep.bayard_source=(direct)&ep.bayard_medium=(none)&ep.bayard_campaign=(not%20set)&ep.page_fragment=&epn.pageload_id=8889563168&ep.gtm_container_version=795&richsstsse
Requested by
Host: fastly-a9fast-com.freetls.fastly.net
URL: https://fastly-a9fast-com.freetls.fastly.net/static-s3/js/dist/jquery-bs-588006d67e4d9f714827468d51981c22.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ce00:a:9c85:8d80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sun, 13 Aug 2023 04:51:22 GMT
via
1.1 f3e00d74aa4544d776f78a159416d17a.cloudfront.net (CloudFront)
x-content-type-options
nosniff
server
nginx
x-amz-cf-pop
FRA56-P3
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/plain
access-control-allow-origin
https://orthographe.notretemps.com
cache-control
no-cache
access-control-allow-credentials
true
x-amz-cf-id
T0m20wRi0Y6kaynErGVQTnC7Ovt2UAS9oXnW-tTrAYk6qZ7XxTeKWA==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.notretemps.com
URL
https://www.notretemps.com/fonts/icomoon.woff2
Domain
www.notretemps.com
URL
https://www.notretemps.com/fonts/montserrat-latin.woff2
Domain
www.notretemps.com
URL
https://www.notretemps.com/fonts/montserrat-bold-latin.woff2
Domain
www.notretemps.com
URL
https://www.notretemps.com/fonts/opensans-latin.woff2
Domain
www.notretemps.com
URL
https://www.notretemps.com/fonts/opensans-bold-latin.woff2
Domain
www.notretemps.com
URL
https://www.notretemps.com/fonts/icomoon.woff2?i=0

Verdicts & Comments Add Verdict or Comment

118 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| getCleanTrackingUrl object| dataLayer object| _wsq object| a9CookieContentOptions function| sha256 function| sha224 object| base64js function| Keycloak function| jQuery function| $ object| debounce object| Cookies number| uidEvent object| bootstrap object| hostnameRegex object| conf function| Popper object| ParsleyExtend object| ParsleyConfig object| psly object| Parsley object| ParsleyUtils object| ParsleyValidator object| ParsleyUI string| inputEventPatched object| parsley function| ClipboardJS object| Raven object| lazySizesConfig object| lazySizes function| iFrameResize object| mejs function| MediaElement object| HtmlMediaElement function| onYouTubePlayerAPIReady function| DefaultPlayer function| MediaElementPlayer function| SearchIndex function| Bloodhound function| a9jQuery object| a9 object| a9CookieBanner object| google_tag_manager object| google_tag_data function| trim function| _wysistat function| _setNom function| _setFrame function| _setParaWysistat function| _setCompteurExtranet function| _setParaPage function| _setPage function| _setParaRoi function| _setParaProfiling function| _setParaCompte function| _setConsentCookie function| _setEvent function| _reset function| _wstopn function| _setAccount function| _setTag function| _setID object| wsq object| wst string| v number| bayard_first_visit_ga object| itemsToKeep function| getCookieValue function| deleteCookie function| areAllVendorsAndPurposesDisabled number| consentEventsCount undefined| existingConsentString object| didomiEventListeners function| onYouTubeIframeAPIReady object| didomiOnReady boolean| gdprAppliesGlobally function| __tcfapi number| wsdjid number| wsvudj string| wsref string| wscli number| wspage number| wsprof number| wscpt number| wscook string| wsecr number| wsdjcook function| stat function| wysistat function| ws_getScreenSize function| ws_retVide function| ws_writeCook function| ws_readCook function| ws_majCook function| ws_isCookAccept function| storageAvailable function| ws_getConsent number| valeur number| wysi number| wsconsent function| postscribe object| google_tag_manager_external object| didomiRemoteConfig string| didomiCountry object| didomiGeoRegulations object| webpackChunkDidomi object| Didomi object| DidomiSanitizing object| googletag object| adsbygoogle object| didomiState string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| _ga_originalSendHitTask

10 Cookies

Domain/Path Name / Value
.notretemps.com/ Name: AMCV_551310525D816F350A495C48%40AdobeOrg
Value: MCMID%7C64131258693755863031076360310941548543
.notretemps.com/ Name: nlid
Value: 767ac548|5f521cf7
.notretemps.com/ Name: nllastdelid
Value: 5f521cf7
.notretemps.com/ Name: __utmzz
Value: utmcsr=(direct)|utmcmd=(none)|utmccn=(not set)
.notretemps.com/ Name: __utmzzses
Value: 1
.notretemps.com/ Name: __utmzzfirst
Value: utmcsr=(direct)|utmcmd=(none)|utmccn=(not set)
orthographe.notretemps.com/ Name: registeredfrom
Value: NOTRETEMPS_GS_HOME
orthographe.notretemps.com/ Name: Wysistat
Value: 0.42788888980221196_1691902282202%C2%A71%C2%A71691902282202%C2%A71%C2%A71691902282%C2%A70.42788888980221196_1691902282202%C2%A71726030282202
.notretemps.com/ Name: didomi_token
Value: eyJ1c2VyX2lkIjoiMTg5ZWQzYzAtYWM5MS02YjY5LTljMWMtNWRkYTJkNDA1YWMyIiwiY3JlYXRlZCI6IjIwMjMtMDgtMTNUMDQ6NTE6MjIuNDgxWiIsInVwZGF0ZWQiOiIyMDIzLTA4LTEzVDA0OjUxOjIyLjQ4MVoiLCJ2ZXJzaW9uIjpudWxsfQ==
t.notretemps.com/ Name: bayard_cid
Value: 19006684665*1691902282767

15 Console Messages

Source Level URL
Text
javascript error URL: https://orthographe.notretemps.com/
Message:
Access to font at 'https://www.notretemps.com/fonts/icomoon.woff2' from origin 'https://orthographe.notretemps.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value 'quiz.notretemps.com'.
network error URL: https://www.notretemps.com/fonts/icomoon.woff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://orthographe.notretemps.com/
Message:
Access to font at 'https://www.notretemps.com/fonts/montserrat-latin.woff2' from origin 'https://orthographe.notretemps.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value 'quiz.notretemps.com'.
network error URL: https://www.notretemps.com/fonts/montserrat-latin.woff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://orthographe.notretemps.com/
Message:
Access to font at 'https://www.notretemps.com/fonts/montserrat-bold-latin.woff2' from origin 'https://orthographe.notretemps.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value 'quiz.notretemps.com'.
network error URL: https://www.notretemps.com/fonts/montserrat-bold-latin.woff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://orthographe.notretemps.com/
Message:
Access to font at 'https://www.notretemps.com/fonts/opensans-latin.woff2' from origin 'https://orthographe.notretemps.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value 'quiz.notretemps.com'.
network error URL: https://www.notretemps.com/fonts/opensans-latin.woff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://orthographe.notretemps.com/
Message:
Access to font at 'https://www.notretemps.com/fonts/opensans-bold-latin.woff2' from origin 'https://orthographe.notretemps.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value 'quiz.notretemps.com'.
network error URL: https://www.notretemps.com/fonts/opensans-bold-latin.woff2
Message:
Failed to load resource: net::ERR_FAILED
network error
Message:
A bad HTTP response code (404) was received when fetching the script.
javascript error URL: https://orthographe.notretemps.com/(Line 2073)
Message:
Access to font at 'https://www.notretemps.com/fonts/icomoon.woff2?i=0' from origin 'https://orthographe.notretemps.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value 'quiz.notretemps.com'.
network error URL: https://www.notretemps.com/fonts/icomoon.woff2?i=0
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://orthographe.notretemps.com/keycloak.json
Message:
Failed to load resource: the server responded with a status of 404 ()
javascript warning URL: https://orthographe.notretemps.com/
Message:
The resource https://www.notretemps.com/fonts/icomoon.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fastly-a9fast-com.freetls.fastly.net
orthographe.notretemps.com
pagead2.googlesyndication.com
sdk.privacy-center.org
sso.notretemps.com
t.notretemps.com
t.prod1.emailing.notretemps.com
www.gymglish.com
www.notretemps.com
www.wysistat.com
www.notretemps.com
143.204.98.65
2600:9000:223d:ce00:a:9c85:8d80:93a1
2600:9000:2251:4600:5:b7cc:d3c0:93a1
2a00:1450:4001:803::2002
2a04:4e42:600::591
2a0b:440:1020:22::3b9
52.19.129.124
65.9.66.110
92.243.17.105
0434e0ac4e998b680073143a10cfe294efca7fc93d7b6f2553be27e5cd42e050
0f1d73c5427ceeada7a220fa75c5e25cc82576f5c4474747c2cae5d07627c0f2
11a4e3762b6df9db7ae00faf0ba1748ae3e5d04b26391fd7bb12454ba8f0dadd
142d7e873b9d8d550b53e6e55bac7a11ed1f2c0aa5e2d49966cde5ce3c00faec
1c7d71501b818e345e3c916f2e27268fb9f34531c5a16490e0116162f1860e1e
3d0a8e1aafd5006c52a529e82dbca27875928074596f2d0de0fea88f993370df
4c842e097c4ce8e92fe984a7ad6311cf27126d43a0dd45502fb9d2c7d0609bb2
4f366b79be770a80bbb89749b8efcc418ab398866e8ffa8cfae05a7cb06f218f
5a5f620806afabbc176d04ac3617d811316004f27f245ce6e81b5dc30c78592a
662b25f13ac440a28e31ed0b909d64f8e0ade97b9d9c2b123e1485c091fe21e4
6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b
8351e134b338dd61dcb0dc8a01844f731bb5ab8503371cf84cec49126b1e4456
872ffa9dc91dfe681b9be82cbb41cbcdc0985e77ab27e1583e38d84e1543cb74
88537c796eaf8385c25ba27f3ee8cc20a7080f7eb7fe65c596fa6bde11c4327c
9055f366a3f6bc02f14b8d3f8f25e889ca9c67ed60a6e8eeb36168b27ecfe1fe
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9de39fc4e7ffb197cbd325da08876fa080764ab7214e6d939209b11954f1e2a0
aec7ea3b05d3379c7d69df9571c12ce44fb21194ed3243121c752bd85793c6af
b2af084829cc22c7d1d46ef9f9d92387fcab3cf14af4a83a97e8dd9f31fa4fd7
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
df46b7043c494f21ad222366207573dd8420e08ebf2da3f2604b8edab4b66a5e
e571e5d3249a529955ebddca04ded0ea4244b41fa8ba291f3562033f33eb6139
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
e8da39a835718cf509623f39398d0c9e18f049898c4af01615bac1d1385a0a3a
ef1808464641974179d18d34dd01f90cd923e90e68a4d1f98268a3a873c1c38c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3781bcfaf486555f4f13c3d9ce5542820c85ae9cd9c7ec3e6f05aa65bedcaba