urlscan.io logo urlscan.io
SecurityTrails logo

28287.com Open in urlscan Pro
2606:4700:3030::ac43:9c2b  Public Scan

Go To Rescan Add Verdict Report
URL: http://28287.com/
Submission: On March 24 via api from BY — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 4 countries across 6 domains to perform 20 HTTP transactions. The main IP is 2606:4700:3030::ac43:9c2b, located in United States and belongs to CLOUDFLARENET, US. The main domain is 28287.com.
This is the only time 28287.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 2606:4700:303... 13335 (CLOUDFLAR...)
1 182.106.158.49 139201 (CHINANET-...)
8 2a00:1450:400... 15169 (GOOGLE)
2 2 43.129.2.11 132203 (TENCENT-N...)
1 1 203.205.137.227 ()
1 203.205.137.72 ()
2 103.235.46.191 55967 (BAIDU Bei...)
3 2a00:1450:400... ()
20 6
5    2606:4700:3030::ac43:9c2b (United States)

ASN13335 (CLOUDFLARENET, US)
28287.com
1    182.106.158.49 (China)

ASN139201 (CHINANET-JIANGXI-JIUJIANG-IDC Jiangxi Jiujiang IDC, CN)
apps.bdimg.com
8    2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
2    43.129.2.11 (Hong Kong, Hong Kong)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)
wpa.qq.com
1    203.205.137.227 (None, )

ASN- ()
pub.idqqimg.com
1    203.205.137.72 (None, )

ASN- ()
pub.idqqimg.com
2    103.235.46.191 (Hong Kong)

ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN)
hm.baidu.com
3    2a00:1450:4001:80f::2001 (None, )

ASN- ()
tpc.googlesyndication.com
Apex Domain
Subdomains		 Transfer
11 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 143
tpc.googlesyndication.com
278 KB
5 28287.com
28287.com
51 KB
2 baidu.com
hm.baidu.com — Cisco Umbrella Rank: 8299
12 KB
2 idqqimg.com
pub.idqqimg.com
4 KB
2 qq.com
wpa.qq.com — Cisco Umbrella Rank: 275858
504 B
1 bdimg.com
apps.bdimg.com — Cisco Umbrella Rank: 113356
34 KB
20 6
Domain Requested by
8 pagead2.googlesyndication.com 28287.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
5 28287.com 28287.com
3 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
2 hm.baidu.com 28287.com
2 pub.idqqimg.com 1 redirects 28287.com
2 wpa.qq.com 2 redirects
1 apps.bdimg.com 28287.com
20 7

This site contains links to these domains. Also see Links.

Domain
wpa.qq.com
www.haomi123.com
Subject Issuer Validity Valid
*.g.doubleclick.net
GTS CA 1C3		 2024-02-26 -
2024-05-20		 3 months crt.sh
baidu.com
GlobalSign RSA OV SSL CA 2018		 2023-07-06 -
2024-08-06		 a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2024-02-26 -
2024-05-20		 3 months crt.sh

This page contains 3 frames:

Primary Page: http://28287.com/
Frame ID: C64B23B12E83BDCBDF7551FF16819793
Requests: 16 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-3893218168461460&output=html&adk=1812271804&adf=3025194257&lmt=1711241168&plat=2%3A16777216%2C3%3A16%2C4%3A16%2C8%3A4194304%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=http%3A%2F%2F28287.com%2F&pra=5&wgl=1&easpi=0&asro=0&dt=1711241168064&bpp=2&bdt=1468&idt=68&shv=r20240320&mjsv=m202403190101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6022268450876&frm=20&pv=2&ga_vid=725354527.1711241168&ga_sid=1711241168&ga_hid=960851867&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31081577%2C31082031%2C31082033%2C42531705%2C42532524%2C44798934%2C95325975%2C95320376%2C31081792&oid=2&pvsid=4070666027091742&tmod=306627591&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&bz=1&ifi=1&uci=a!1&fsb=1&dtd=78
Frame ID: 699604B5CE8A1AFC6B966CABCA311DB2
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: F193AA15767BB0CFB74DF18638A6F195
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

28287.com-34558官方网站

Detected technologies

Overall confidence: 100%
Detected patterns
  • hm\.baidu\.com/hm\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

65 %
HTTPS

38 %
IPv6

6
Domains

7
Subdomains

6
IPs

4
Countries

378 kB
Transfer

982 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • http://wpa.qq.com/pa?p=2:330331:51 HTTP 302
  • https://wpa.qq.com/pa?p=2:330331:51 HTTP 301
  • http://pub.idqqimg.com/qconn/wpa/button/button_111.gif HTTP 302
  • https://pub.idqqimg.com/qconn/wpa/button/button_111.gif

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
28287.com/ 		4 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://28287.com/
Protocol
HTTP/1.1
Server
2606:4700:3030::ac43:9c2b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a3e3fe2bb4202bd398e0f4cab5494c693565543dae74e007f48c5a069fbdd9d9

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

CF-Cache-Status
DYNAMIC
CF-RAY
8692a467cf2fbbda-FRA
Connection
keep-alive
Content-Encoding
gzip
Content-Language
de-DE
Content-Type
text/html;charset=UTF-8
Date
Sun, 24 Mar 2024 00:46:06 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yKhVEdDfjAj8mCpJ%2BqHncUpzWQbnC70dR0HVnn1ZcUa9%2BbZstC0GPC6JaUDzZUl1WevOiCFIgU28akSp3H4MDAnedrorFE4jlTt57UL2Ans4jCt5uHpeelArTXXiflj2qIX%2FEWbgKyw%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
alt-svc
h3=":443"; ma=86400
jquery.min.js
apps.bdimg.com/libs/jquery/1.10.2/ 		91 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://apps.bdimg.com/libs/jquery/1.10.2/jquery.min.js
Requested by
Host: 28287.com
URL: http://28287.com/
Protocol
HTTP/1.1
Server
182.106.158.49 , China, ASN139201 (CHINANET-JIANGXI-JIUJIANG-IDC Jiangxi Jiujiang IDC, CN),
Reverse DNS
Software
JSP3/2.0.14 /
Resource Hash
c1bcc5f2066e4476e6dbab0b5a9b9700b86f4d6ebeb2900d73ee97e53753d4f9

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://28287.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Sun, 24 Mar 2024 00:46:07 GMT
Content-Encoding
gzip
Age
169679
Transfer-Encoding
chunked
Connection
keep-alive
Ohc-Cache-HIT
jjct63 [2], nb2ctcache63 [2]
Ohc-Response-Time
1 0 0 0 0 0
Last-Modified
Wed, 07 Jan 2015 09:16:30 GMT
Server
JSP3/2.0.14
ETag
"54acf96e-16bb2"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Ohc-Global-Saved-Time
Tue, 27 Feb 2024 16:43:08 GMT
Expires
Thu, 28 Mar 2024 16:43:08 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		144 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3893218168461460
Requested by
Host: 28287.com
URL: http://28287.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4bc8f1f941a568f1629806f4e444c1e22950127bfd021902ccb4a49972ea15c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://28287.com/
Origin
http://28287.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 00:46:06 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51071
x-xss-protection
0
server
cafe
etag
16563437556274083101
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires
Sun, 24 Mar 2024 00:46:06 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		144 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: 28287.com
URL: http://28287.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
76459151ebe8b57481b79b8eec1d651052a569888d78e4b5070c110b31c9feea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://28287.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 00:46:08 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51038
x-xss-protection
0
server
cafe
etag
17832412221440202144
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires
Sun, 24 Mar 2024 00:46:08 GMT
jquery.form.js
28287.com/static/common/js/ 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://28287.com/static/common/js/jquery.form.js
Requested by
Host: 28287.com
URL: http://28287.com/
Protocol
HTTP/1.1
Server
2606:4700:3030::ac43:9c2b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2dd743447ea250fa9ba77c7d0a53151a4544bd94eb21e9ab63ad77b2127f260c

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://28287.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Sun, 24 Mar 2024 00:46:07 GMT
Content-Encoding
gzip
CF-Cache-Status
MISS
Last-Modified
Wed, 06 Mar 2019 04:39:51 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
ETag
W/"41543-1551847191849"
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OW9ZXqbg27eDPx7S9zQBvoC%2FtfIgwMU6YCuTq5KroyTsZ9DXLee9thLVbTdzamhKBVyuTBtQpW0jcZ122pWzUNSuxCj0U7GTN%2Bg80JDMIx8cxF0MhIETc%2BJKaVrDr3qXTIAwHfsUGTY%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Vary
Accept-Encoding
Cache-Control
max-age=14400
Connection
keep-alive
CF-RAY
8692a46b3985bbda-FRA
alt-svc
h3=":443"; ma=86400
web.js
28287.com/static/js/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://28287.com/static/js/web.js
Requested by
Host: 28287.com
URL: http://28287.com/
Protocol
HTTP/1.1
Server
2606:4700:3030::ac43:9c2b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
593f0e0e9f88ed40f2c668133c2e2e496f731265f81f9c1a6358a0a1674cbad2

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://28287.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Sun, 24 Mar 2024 00:46:07 GMT
Content-Encoding
gzip
CF-Cache-Status
MISS
Last-Modified
Tue, 07 Apr 2020 13:43:22 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
ETag
W/"1154-1586267002418"
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GQIEajBr1cnXiNESvD8MnKfY9DDpnifXpAns%2FRQn5nGp7weFbLx%2Fm1Tg3LdYwt6y0CZLLnLqu24NCgt81XpOacv2NInp%2BTUN9uI1MVx0yaUIPgsVvw7%2BNWhIqhIhR1KoonTgkW6rIAo%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Vary
Accept-Encoding
Cache-Control
max-age=14400
Connection
keep-alive
CF-RAY
8692a46b4b2e4d97-FRA
alt-svc
h3=":443"; ma=86400
button_111.gif
pub.idqqimg.com/qconn/wpa/button/
Redirect Chain
  • http://wpa.qq.com/pa?p=2:330331:51
  • https://wpa.qq.com/pa?p=2:330331:51
  • http://pub.idqqimg.com/qconn/wpa/button/button_111.gif
  • https://pub.idqqimg.com/qconn/wpa/button/button_111.gif
3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pub.idqqimg.com/qconn/wpa/button/button_111.gif
Requested by
Host: 28287.com
URL: http://28287.com/
Protocol
H2
Server
203.205.137.72 -, , ASN (),
Reverse DNS
Software
NWS_SSD_MID /
Resource Hash
ae9d6dd007fb1d078da953170c7052d2822b85f719b2f71230791f7ae8db5e5d

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://28287.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 07:47:55 GMT
x-cache-lookup
Cache Hit
last-modified
Fri, 30 Sep 2022 03:20:36 GMT
server
NWS_SSD_MID
age
39283
vary
Origin
content-type
image/jpeg
cache-control
max-age=86400
x-daa-tunnel
hop_count=1
x-nws-log-uuid
12996012094755505785
accept-ranges
bytes
x-verify-code
f43d2141f90038a1ba8d29012a073fe0
content-length
3534
expires
Sat, 18 Nov 2023 07:47:55 GMT

Redirect headers

Date
Sun, 24 Mar 2024 00:46:13 GMT
X-Cache-Lookup
Return Directly
Server
Lego Server
Vary
Origin
Location
https://pub.idqqimg.com/qconn/wpa/button/button_111.gif
Cache-Control
max-age=86400
X-NWS-LOG-UUID
12790699292347176663
Connection
keep-alive
Content-Length
0
QQ.png
28287.com/static/sale/img/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://28287.com/static/sale/img/QQ.png
Requested by
Host: 28287.com
URL: http://28287.com/
Protocol
HTTP/1.1
Server
2606:4700:3030::ac43:9c2b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
198b871a3ee7e9e05d729bb5ae71b4d58d76b2182bd7f4f5f047f95708f61c19

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://28287.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Sun, 24 Mar 2024 00:46:07 GMT
CF-Cache-Status
MISS
Last-Modified
Thu, 19 Mar 2020 12:51:38 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
ETag
W/"19922-1584622298565"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ldW0HC0C0de%2F%2FoOlKk48gGrNDnYWhK%2FZQ1r8GFmEfMnmEghXJTEmnfc9LT3NlPNlOJrpFY5Xxz0UgCUQcGeG11L7A0Cel1PVLUGd%2BB0afSqypSAX0nZkl%2F%2BAVblDD1ASBcW2jH4CUw%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
8692a46b4dad383a-FRA
alt-svc
h3=":443"; ma=86400
Content-Length
19922
weixin.png
28287.com/static/sale/img/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://28287.com/static/sale/img/weixin.png
Requested by
Host: 28287.com
URL: http://28287.com/
Protocol
HTTP/1.1
Server
2606:4700:3030::ac43:9c2b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5da825088c28294fafb22904bf929e716f17038d08a1bd9062a1c918c6875cfa

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://28287.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Sun, 24 Mar 2024 00:46:08 GMT
CF-Cache-Status
MISS
Last-Modified
Thu, 19 Mar 2020 12:51:38 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
ETag
W/"12142-1584622298581"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FSXA%2Bb6AsXPyqsfHCzUohKQLkn%2BluxPce8cb4VZya4%2FnNnR2WFqhZjVRzBKzYz2bs4JbWq2GvLqpYgYBAXf2aLWJwOfBLgLfEuyKo%2F5Yk2sI%2F6nJekJbGpXzFGe8MTR1QDm%2FkXcorZg%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
8692a4716ae2383a-FRA
alt-svc
h3=":443"; ma=86400
Content-Length
12142
hm.js
hm.baidu.com/ 		29 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hm.baidu.com/hm.js?70d2e2a79b1acba79aa7d4731ac8d8ff
Requested by
Host: 28287.com
URL: http://28287.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
9f65762a637be76c5f162ec3955229ee21c65c5e9bfda0b7bf24f60881aa2c7d
Security Headers
Name Value
Strict-Transport-Security max-age=172800

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://28287.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Sun, 24 Mar 2024 00:46:09 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=172800
Server
apache
Etag
999b19778e4132a64d2c3fc431a613ea
P3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type
application/javascript
Cache-Control
max-age=0, must-revalidate
Content-Length
11258
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403190101/ 		407 KB
138 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403190101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3893218168461460&plah=28287.com&aplac=true
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3893218168461460
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
06d30c196309e50bfe3e29b6b34abe1eab16b894da1e8a90d7c5b0b0af112ca7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://28287.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 00:46:08 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
141437
x-xss-protection
0
server
cafe
etag
6053131023064808118
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Sun, 24 Mar 2024 00:46:08 GMT
ads
pagead2.googlesyndication.com/pagead/ Frame 6996 		603 B
65 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-3893218168461460&output=html&adk=1812271804&adf=3025194257&lmt=1711241168&plat=2%3A16777216%2C3%3A16%2C4%3A16%2C8%3A4194304%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=http%3A%2F%2F28287.com%2F&pra=5&wgl=1&easpi=0&asro=0&dt=1711241168064&bpp=2&bdt=1468&idt=68&shv=r20240320&mjsv=m202403190101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6022268450876&frm=20&pv=2&ga_vid=725354527.1711241168&ga_sid=1711241168&ga_hid=960851867&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31081577%2C31082031%2C31082033%2C42531705%2C42532524%2C44798934%2C95325975%2C95320376%2C31081792&oid=2&pvsid=4070666027091742&tmod=306627591&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&bz=1&ifi=1&uci=a!1&fsb=1&dtd=78
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403190101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3893218168461460&plah=28287.com&aplac=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://28287.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 24 Mar 2024 00:46:08 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=aa&ign=false&pw=1600&ph=1200&x=0&y=0
Requested by
Host: 28287.com
URL: http://28287.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://28287.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 24 Mar 2024 00:46:08 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
hm.gif
hm.baidu.com/ 		43 B
299 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=1652823844&si=70d2e2a79b1acba79aa7d4731ac8d8ff&v=1.3.0&lv=1&sn=56785&r=0&ww=1600&u=http%3A%2F%2F28287.com%2F&tt=28287.com-34558%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99
Requested by
Host: 28287.com
URL: http://28287.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=172800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://28287.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 24 Mar 2024 00:46:09 GMT
Strict-Transport-Security
max-age=172800
X-Content-Type-Options
nosniff
Server
apache
Content-Type
image/gif
Cache-Control
private, max-age=0, no-cache
Content-Length
43
sodar
pagead2.googlesyndication.com/getconfig/ 		16 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240320&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403190101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3893218168461460&plah=28287.com&aplac=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
54a6ee5df762b603dab152dd46db8b59026196f2e58b3f344a2fcdbdd6dad247
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://28287.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 00:46:14 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12251
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403190101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3893218168461460&plah=28287.com&aplac=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://28287.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 00:46:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sun, 24 Mar 2024 00:46:14 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F193 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://28287.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
23885
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 23 Mar 2024 18:08:09 GMT
expires
Sun, 23 Mar 2025 18:08:09 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ClgGLJT-anMFFp_jPcSPgTpNjWBfoBtPLqdYJvwYrrQ.js
pagead2.googlesyndication.com/bg/ Frame F193 		40 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/ClgGLJT-anMFFp_jPcSPgTpNjWBfoBtPLqdYJvwYrrQ.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0a58062c94fe6a7305169fe33dc48f813a4d8d605fa01b4f2ea75826fc18aeb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sat, 23 Mar 2024 13:53:00 GMT
content-encoding
br
x-content-type-options
nosniff
age
39194
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15865
x-xss-protection
0
last-modified
Thu, 14 Mar 2024 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 23 Mar 2025 13:53:00 GMT
generate_204
tpc.googlesyndication.com/ Frame F193 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?DBwYjw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 00:46:14 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240320&jk=4070666027091742&bg=!Pj2lPXLNAAZaswqNerM7ADQBe5WfOMz33aZ6c1rnNBy7DxtJYhFQMGx6JCsxuHtMXUHJUXKvW9rA4kGgpHC4aaf459qXAgAAACVSAAAAAmgBB34ANa9gKSibfDbsodb_9QUn5QfihZh6Kzj_W5w1jR1AaQd7FYexhVHYrsu2Shx_aCLm07PAY_z5CgArv-pGieUc5spgTwpyYOxTiFb5km7RhYNyY-UP3rW80uNW4H_TEHZjriYnvpkCZXaNSz2OtTaoFPJ85Vx3Tam1oNoq0xtA79hvQGojIjUD4jcF9J5-EqOLAKt7adFfGR6KzrPhx9wgak8D6n44D9J40Xat0MPc3tsG-RfSgVdNSIGQybXfgK8N-1H22GwZ8mvwCxTVLTiYSMb-bgjLrxaWJ6yiVgPIlwHagXYHPM9o6GVJpPLcGgU9pbKOQB2TX8MVeTam4os0srzeic04im_a76POOH084-SvSwkCOkz-dd6JqNQx6GZ1jLO09_vYrwPVFMrp__tCc1Mb-m0oWbF44T1zmM6KWbt1B-1XHOgI2EBV60z6Xd7YRoj-sq8iQe9ScfrCGsTuS7N1ll67hob2H0Y8yqa9tzCxrd71AUAbuhwZaZRPLq3br5Eq-zqOlDXQB4jj7jW6ulk7hpLcSIcLe4z8spbzpxTpeLVJQulyMNtvu5tB8feREV0zwxcK1luqtbxDnNbYf0f5G0JtYljOYJ9vRV4kOV3B_gtSHFR0lubVq6y2sfhx0kH2BQpJ1CHvmMlmhkuSXRen9xeA8V3JqRuxbitsZ9aYRxz3ZTDuHsKKwkLC1hN_S36qK5bz6X5weUjgXvm403CwM-WVv2pAlIUsghf03KRFo_wWFVYaP78A8zj2nmoD1e3MIEFuZdXZ1mGb-tu5-f-_-YzdzftkaNbkRNnU8z7L4WINlYNXTue1R1KammWJnTvdLzEkVtMcHOrgp_oAPyEkF6vGrea7wRq3at-2AYMnS1QattSqD3POvg86Goxwv5XV6-CvWfj98o1y6Qg2SfUJlb3undiCMj5ycy8-Cduk2gmgnwCXs1HT3vM
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://28287.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| $ function| jQuery object| _isJqueryAjaxSubmitArray object| _doJqueryAjaxSubmitTimeIndexArray function| doJqueryAjaxSubmit function| doSaveOffer function| changeContactType object| _hmt object| google_js_reporting_queue number| google_srt object| google_persistent_state_async object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state object| adsbygoogle object| google_sa_queue function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter function| google_sa_impl object| google_image_requests number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages boolean| _bdhm_loaded_70d2e2a79b1acba79aa7d4731ac8d8ff object| mini_tangram_log_gz5p9o

4 Cookies

Domain/Path Name / Value
28287.com/ Name: JSESSIONID
Value: 1501B280F5864FF6E16647AC5B412236
.hm.baidu.com/ Name: HMACCOUNT_BFESS
Value: 9D4E3609CAECC708
.28287.com/ Name: Hm_lvt_70d2e2a79b1acba79aa7d4731ac8d8ff
Value: 1711241170
.28287.com/ Name: Hm_lpvt_70d2e2a79b1acba79aa7d4731ac8d8ff
Value: 1711241170

2 Console Messages

Source Level URL
Text
other warning URL: http://28287.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: http://28287.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

28287.com
apps.bdimg.com
hm.baidu.com
pagead2.googlesyndication.com
pub.idqqimg.com
tpc.googlesyndication.com
wpa.qq.com
103.235.46.191
182.106.158.49
203.205.137.227
203.205.137.72
2606:4700:3030::ac43:9c2b
2a00:1450:4001:80f::2001
2a00:1450:4001:828::2002
43.129.2.11
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
06d30c196309e50bfe3e29b6b34abe1eab16b894da1e8a90d7c5b0b0af112ca7
0a58062c94fe6a7305169fe33dc48f813a4d8d605fa01b4f2ea75826fc18aeb4
198b871a3ee7e9e05d729bb5ae71b4d58d76b2182bd7f4f5f047f95708f61c19
2dd743447ea250fa9ba77c7d0a53151a4544bd94eb21e9ab63ad77b2127f260c
54a6ee5df762b603dab152dd46db8b59026196f2e58b3f344a2fcdbdd6dad247
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
593f0e0e9f88ed40f2c668133c2e2e496f731265f81f9c1a6358a0a1674cbad2
5da825088c28294fafb22904bf929e716f17038d08a1bd9062a1c918c6875cfa
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
76459151ebe8b57481b79b8eec1d651052a569888d78e4b5070c110b31c9feea
9f65762a637be76c5f162ec3955229ee21c65c5e9bfda0b7bf24f60881aa2c7d
a3e3fe2bb4202bd398e0f4cab5494c693565543dae74e007f48c5a069fbdd9d9
a4bc8f1f941a568f1629806f4e444c1e22950127bfd021902ccb4a49972ea15c
ae9d6dd007fb1d078da953170c7052d2822b85f719b2f71230791f7ae8db5e5d
c1bcc5f2066e4476e6dbab0b5a9b9700b86f4d6ebeb2900d73ee97e53753d4f9
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855