signup.fetidfun.com Open in urlscan Pro
2600:9000:2156:8200:13:936:2ac0:93a1  Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request s4.html Show response signup.fetidfun.com/en/html/sf/cc/	21 KB 7 KB	279ms 228ms	Document text/html	2600:9000:2156:8200:13:936:2ac0:93a1
General Check archive.org Show headers Download Go to Full URL https://signup.fetidfun.com/en/html/sf/cc/s4.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:8200:13:936:2ac0:93a1 , United States, ASN (), Reverse DNS Software AmazonS3 / Resource Hash 3a0957c0b5e614d2a96d836b600b27db91347a3c8383241223510d32add1dd32 Request headers :method GET :authority signup.fetidfun.com :scheme https :path /en/html/sf/cc/s4.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers content-type text/html date Thu, 13 May 2021 06:03:43 GMT last-modified Tue, 04 May 2021 10:00:32 GMT etag W/"a706adfde0f45696ad8507888c02ac54" server AmazonS3 content-encoding gzip vary Accept-Encoding x-cache Miss from cloudfront via 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront) x-amz-cf-pop FRA50-C1 x-amz-cf-id kOUP9vmJh4qxuTkfQpaKJ-PtxpYV1iGC90TunnWdSMb3hwXjNCZNdQ==
GET H2	200	flows.js Show response signup.fetidfun.com/en/js/libs/pathway/	13 KB 2 KB	139ms 138ms	Script application/javascript	2600:9000:2156:8200:13:936:2ac0:93a1
General Check archive.org Show headers Download Go to Full URL https://signup.fetidfun.com/en/js/libs/pathway/flows.js Requested by Host: signup.fetidfun.com URL: https://signup.fetidfun.com/en/html/sf/cc/s4.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:8200:13:936:2ac0:93a1 , United States, ASN (), Reverse DNS Software AmazonS3 / Resource Hash 633708f8a89479eddc06d880d1be40eda9a226a663cdd8e7d6cd6ce534de714d Request headers :path /en/js/libs/pathway/flows.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority signup.fetidfun.com referer https://signup.fetidfun.com/en/html/sf/cc/s4.html :scheme https sec-fetch-site same-origin :method GET Referer https://signup.fetidfun.com/en/html/sf/cc/s4.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 13 May 2021 06:03:44 GMT content-encoding gzip last-modified Mon, 10 May 2021 16:01:16 GMT server AmazonS3 x-amz-cf-pop FRA50-C1 etag W/"c18b314d2cdef1839b3174e8ba9ff4ab" vary Accept-Encoding x-cache Miss from cloudfront content-type application/javascript via 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront) x-amz-cf-id UiWobhtRKP7W1R8VHK3kvTbdsbOIe79YaJvbWfhcp0AXFkrh3UF6TA==
GET H2	200	functions.js Show response signup.fetidfun.com/en/js/libs/pathway/	12 KB 3 KB	145ms 144ms	Script application/javascript	2600:9000:2156:8200:13:936:2ac0:93a1
General Check archive.org Show headers Download Go to Full URL https://signup.fetidfun.com/en/js/libs/pathway/functions.js Requested by Host: signup.fetidfun.com URL: https://signup.fetidfun.com/en/html/sf/cc/s4.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:8200:13:936:2ac0:93a1 , United States, ASN (), Reverse DNS Software AmazonS3 / Resource Hash dabce74550c0eaf1d93deb1eef2dec90cd7c4d6740ecf9d1eba9c94fad066e54 Request headers :path /en/js/libs/pathway/functions.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority signup.fetidfun.com referer https://signup.fetidfun.com/en/html/sf/cc/s4.html :scheme https sec-fetch-site same-origin :method GET Referer https://signup.fetidfun.com/en/html/sf/cc/s4.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 13 May 2021 06:03:44 GMT content-encoding gzip last-modified Fri, 02 Apr 2021 01:15:31 GMT server AmazonS3 x-amz-cf-pop FRA50-C1 etag W/"24090cfd4917ed9aef5aaa5e3c1a3bcc" vary Accept-Encoding x-cache Miss from cloudfront content-type application/javascript via 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront) x-amz-cf-id rKuVD30D0l7mkrReLq0IcZYeY0lYbi33I2mGetZ6-yUNTfl6Yd5a-A==
GET H2	200	modernizr.min.js Show response signup.fetidfun.com/en/js/libs/	4 KB 2 KB	126ms 126ms	Script application/javascript	2600:9000:2156:8200:13:936:2ac0:93a1
General Check archive.org Show headers Download Go to Full URL https://signup.fetidfun.com/en/js/libs/modernizr.min.js Requested by Host: signup.fetidfun.com URL: https://signup.fetidfun.com/en/html/sf/cc/s4.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:8200:13:936:2ac0:93a1 , United States, ASN (), Reverse DNS Software AmazonS3 / Resource Hash a0b8b6ee984ad7131b8a33561976b1712f9b2c06f648084be44adf3edfcf3a4d Request headers :path /en/js/libs/modernizr.min.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority signup.fetidfun.com referer https://signup.fetidfun.com/en/html/sf/cc/s4.html :scheme https sec-fetch-site same-origin :method GET Referer https://signup.fetidfun.com/en/html/sf/cc/s4.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 13 May 2021 06:03:44 GMT content-encoding gzip last-modified Wed, 30 Dec 2020 13:18:39 GMT server AmazonS3 x-amz-cf-pop FRA50-C1 etag W/"ec2e4ffb7e3315381f39892955de1c9c" vary Accept-Encoding x-cache Miss from cloudfront content-type application/javascript via 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront) x-amz-cf-id NKIMtsznsAU3uF-1p2qNS7spRSvN0fVkTa1guocdyJR9ODIz88iH7Q==
GET H2	200	css fonts.googleapis.com/	10 KB 903 B	14ms 14ms	Stylesheet text/css	2a00:1450:4001:82f::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans:300,400,400i,600,700 Requested by Host: signup.fetidfun.com URL: https://signup.fetidfun.com/en/html/sf/cc/s4.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash ed7417187bc535fe583beec5f8796cd36869aff2763265a2c29536530319c59e Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://signup.fetidfun.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Thu, 13 May 2021 04:34:00 GMT server ESF date Thu, 13 May 2021 06:03:43 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Thu, 13 May 2021 06:03:43 GMT
GET H2	200	fetidfun.com-logo.png signup.fetidfun.com/en/logo/	4 KB 4 KB	127ms 127ms	Image image/png	2600:9000:2156:8200:13:936:2ac0:93a1
General Check archive.org Show headers Download Go to Show image Full URL https://signup.fetidfun.com/en/logo/fetidfun.com-logo.png Requested by Host: signup.fetidfun.com URL: https://signup.fetidfun.com/en/html/sf/cc/s4.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:8200:13:936:2ac0:93a1 , United States, ASN (), Reverse DNS Software AmazonS3 / Resource Hash 41a65664cf3ccdbbdb3b90f522427adcabffd67bab3486acdade7ffaca284e0b Request headers :path /en/logo/fetidfun.com-logo.png pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority signup.fetidfun.com referer https://signup.fetidfun.com/en/html/sf/cc/s4.html :scheme https sec-fetch-site same-origin :method GET Referer https://signup.fetidfun.com/en/html/sf/cc/s4.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 13 May 2021 06:03:44 GMT via 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront) last-modified Thu, 11 Mar 2021 12:20:05 GMT server AmazonS3 x-amz-cf-pop FRA50-C1 etag "8d5e09c99e3581a5d0e7d87ab2b9fe00" x-cache Miss from cloudfront content-type image/png content-length 3636 x-amz-cf-id rJyyEgj5C3HIrXclaje2iiUR1vOAfTqZxej-iFX8bt9sFRj5ryItoA==
GET H2	200	gtm.js Show response www.googletagmanager.com/	107 KB 38 KB	37ms 14ms	Script application/javascript	2a00:1450:4001:80f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-PXP6H7D Requested by Host: signup.fetidfun.com URL: https://signup.fetidfun.com/en/html/sf/cc/s4.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash a164be91ca5e4957c801c5cc30b235913fb10a30b1e63425944ef4f7be9b15d8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://signup.fetidfun.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 13 May 2021 06:03:43 GMT content-encoding br server Google Tag Manager access-control-allow-headers Cache-Control vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 38018 x-xss-protection 0 expires Thu, 13 May 2021 06:03:43 GMT
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 8faccef541e0ffd86fc0288e855a6b09fab33c73a79dfc0ce5559b5d48847187 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/png
GET H2	200	analytics.js Show response www.google-analytics.com/	48 KB 20 KB	27ms 6ms	Script text/javascript	2a00:1450:4001:829::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXP6H7D Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://signup.fetidfun.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Fri, 09 Apr 2021 23:59:54 GMT server Golfe2 age 5811 date Thu, 13 May 2021 04:26:52 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19569 expires Thu, 13 May 2021 06:26:52 GMT
GET H2	200	4700574.js Show response js.hs-scripts.com/	1 KB 900 B	47ms 29ms	Script application/javascript	2606:4700::6811:d3cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/4700574.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXP6H7D Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2606:4700::6811:d3cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 943f839a6d3ebfecb414e8f4450ed5cb0ce51b97a32dbe6af2796c00eb2fccd4 Request headers Referer https://signup.fetidfun.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 13 May 2021 06:03:43 GMT content-encoding br vary Accept-Encoding cf-cache-status HIT age 8 cf-polished origSize=1449 cf-request-id 0a05ebf7a40000d6d999288000000001 x-hubspot-correlation-id 6cbf48cd-51e6-438c-be7a-cd02d6c88a61 cf-bgj minify server cloudflare x-trace 2B2755D2AC1F476C037101B5A0713A91979BAD867A000000000000000000 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-max-age 3600 content-type application/javascript;charset=utf-8 access-control-allow-origin https://mb-signup.maseke.net cache-control public, max-age=60 access-control-allow-credentials true cf-ray 64e9af6c38dcd6d9-FRA expires Thu, 13 May 2021 06:04:43 GMT
GET H3-29	200	js Show response www.google-analytics.com/gtm/	110 KB 38 KB	44ms 30ms	Script application/javascript	2a00:1450:4001:829::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/gtm/js?id=GTM-W3NZPX9&t=gtm2&cid=405097821.1620885823 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash f511180bfa21445733621a495a357740c4491731ef0159c941b9052c6e0d8dac Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://signup.fetidfun.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 13 May 2021 06:03:43 GMT content-encoding br server Google Tag Manager access-control-allow-headers Cache-Control vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 39161 x-xss-protection 0 expires Thu, 13 May 2021 06:03:43 GMT
GET H2	200	conversations-embed.js Show response js.usemessages.com/	81 KB 20 KB	36ms 17ms	Script application/javascript	2606:4700::6811:eccc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.usemessages.com/conversations-embed.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/4700574.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2606:4700::6811:eccc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash de10daaa8ce5301bbcfca848844ac3da046a48cda3d07ae0b188f03156e219ae Request headers Referer https://signup.fetidfun.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 13 May 2021 06:03:43 GMT via 1.1 87f435824e071614a6eded8da925c802.cloudfront.net (CloudFront) cf-cache-status HIT age 457 x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=conversations-embed/static-1.8789/bundles/project.js&cfRay=64e9a441bc0896f8-IAD x-cache Hit from cloudfront content-type application/javascript; charset=utf-8 x-amz-replication-status COMPLETED content-encoding br cf-request-id 0a05ebf7d600004e2087862000000001 last-modified Wed, 12 May 2021 06:04:49 UTC server cloudflare etag W/"c24a8903b7dc53df776a6330f033d3be" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding x-amz-version-id wPspo8.jD1LSv8qo.3N.LJnGVMIvYTU9 cache-control max-age=600 x-hs-cache-status EXPIRED x-amz-cf-pop IAD66-C1 cf-ray 64e9af6c88f34e20-FRA x-amz-cf-id -fF0PV9qc0-MU2fsEivcTVImQPpfo8XO-vjj2Eqri3ulwrkl-9Ve7A== x-hs-target-asset conversations-embed/static-1.8789/bundles/project.js
GET H2	200	4700574.js Show response js.hs-banner.com/	59 KB 15 KB	37ms 16ms	Script text/javascript	2606:4700::6812:14bf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/4700574.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/4700574.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4f767f7fdd160501da85426cae7c730bd3af122f039dcc777393e70e0cf3337d Request headers Referer https://signup.fetidfun.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 13 May 2021 06:03:43 GMT content-encoding br cf-cache-status HIT age 227 x-amz-server-side-encryption AES256 content-type text/javascript; charset=UTF-8 access-control-max-age 604800 x-amz-request-id 2H0767F4GVRWTBF9 x-amz-id-2 j50Fs023yg8FU/fRRVaI792LPZTw5jjIuYpAbwNHz73RUqpSPbrj+pzAxi+u4D7efhsJGOLKyWA= timing-allow-origin * last-modified Wed, 12 May 2021 19:35:10 GMT server cloudflare etag W/"bbeb6cdb71110ca341bbed0e6c12e72c" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD x-amz-version-id LLStRsIJ9kFGlMtoxQBUQm8FGab6Crq8 access-control-allow-origin https://mb-signup.intoplay.net access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300, public access-control-allow-credentials true cf-request-id 0a05ebf7d80000d72135b8b000000001 cf-ray 64e9af6c888ed721-FRA access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id expires Thu, 13 May 2021 06:04:56 GMT
GET H2	200	4700574.js Show response js.hs-analytics.net/analytics/1620885600000/	62 KB 19 KB	39ms 19ms	Script text/javascript	2606:4700::6811:44b0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1620885600000/4700574.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/4700574.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2606:4700::6811:44b0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9d7d10a4dadb2d6e9122f8a038f6342c82a405034f2f14ce0b066ff62abab2e7 Request headers Referer https://signup.fetidfun.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 13 May 2021 06:03:43 GMT content-encoding br cf-cache-status HIT age 156 x-amz-server-side-encryption AES256 x-amz-request-id WV5KE4KT91VV562Q x-amz-id-2 p+AjJ6UEYicTpprxzxvEsFZKP5K5YGEEE5Zxbq85zeNen13kvyytc8IEpTfCVOrAt2GD9YiWIGk= last-modified Wed, 12 May 2021 19:41:16 GMT server cloudflare etag W/"4013ca9af053c8863154dfb677a16028" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/javascript cache-control max-age=300, public access-control-allow-credentials false x-amz-version-id null cf-request-id 0a05ebf7d800004eaaf59fb000000001 cf-ray 64e9af6c8f084eaa-FRA expires Thu, 13 May 2021 06:06:07 GMT
OPTIONS H2	200	public api.hubspot.com/livechat-public/v1/message/	0 0	143ms 120ms	Preflight text/plain	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubspot.com/livechat-public/v1/message/public?portalId=4700574&conversations-embed=static-1.8789&mobile=false&messagesUtk=b085a80f29f645ce8ba4836b8b21c502&traceId=b085a80f29f645ce8ba4836b8b21c502 Protocol H2 Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept */* Access-Control-Request-Method GET Access-Control-Request-Headers x-hubspot-messages-uri Origin https://signup.fetidfun.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Sec-Fetch-Mode cors Response headers date Thu, 13 May 2021 06:03:43 GMT content-type text/plain; charset=utf-8 content-length 18 cf-ray 64e9af6d0dbb4dee-FRA access-control-allow-origin https://signup.fetidfun.com allow HEAD,GET,OPTIONS strict-transport-security max-age=31536000; includeSubDomains; preload vary Accept-Encoding cf-cache-status DYNAMIC access-control-allow-credentials false access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD cf-request-id 0a05ebf82600004deedd059000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-hubspot-correlation-id e3b92a16-179c-4327-8801-ff4b77989dbd x-trace 2B09AA7B2834861A6CB5835D3D9514CF1E31AA3FC0000000000000000000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9T5%2BAo7Ibti52JUnxAeuizbUbV1edfek2W61AvHEMF9ktEPRT7chpph0CYLZlzwYMftLcRmAZS0WVI35vizlnPsf8D%2FJuQWjflxitr0%2FDAxVLVXLhEcALRyxJOs%3D"}],"group":"cf-nel","max_age":604800} nel {"report_to":"cf-nel","max_age":604800} server cloudflare alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3-29	200	public Show response api.hubspot.com/livechat-public/v1/message/	454 B 1 KB	142ms 132ms	XHR application/json	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubspot.com/livechat-public/v1/message/public?portalId=4700574&conversations-embed=static-1.8789&mobile=false&messagesUtk=b085a80f29f645ce8ba4836b8b21c502&traceId=b085a80f29f645ce8ba4836b8b21c502 Requested by Host: js.usemessages.com URL: https://js.usemessages.com/conversations-embed.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 62b60e874f1cf4c941d04ba64cdf9dc6c604acc0219946e8e64310bc2647e189 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers X-HubSpot-Messages-Uri https://signup.fetidfun.com/en/html/sf/cc/s4.html#&sf=sweep&lng=en&m=sweepstakes&s=iphone_12pro&ref=5244698&prod=1352&spid=33489-638362941&sub_id=12918_&_sign=e45d161fd37bc2c8867f2b1b0b76ebb1&_signt=1620885790&utm_expid= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://signup.fetidfun.com/ Response headers date Thu, 13 May 2021 06:03:43 GMT content-encoding gzip vary Accept-Encoding cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} x-hubspot-correlation-id c240f6f5-4707-4d55-a93a-c18ed4554ec7 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 345 cf-request-id 0a05ebf8a80000dfc3d28e3000000001 server cloudflare x-trace 2B505C2BA5E99F95F99239E8F223C291A9FA88E430000000000000000000 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zw0z9XH4k6qCmCnaIpix7YEMyMFzY9geiL1w94S2LFQrywAceo355TPhtbKv8sKAnR06FwdK12HliJ2fBMe0Kh0qe45aOZFO8lPZUuMDsh%2FDY5zW6TbdLG5OXDs%3D"}],"group":"cf-nel","max_age":604800} content-type application/json;charset=utf-8 access-control-allow-origin https://signup.fetidfun.com cache-control no-cache, no-store, no-transform, must-revalidate, max-age=0 access-control-allow-credentials false cf-ray 64e9af6dd8a5dfc3-FRA access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
GET H2	200	__ptq.gif track.hubspot.com/	45 B 784 B	45ms 27ms	Image image/gif	2606:4700::6813:9b53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=4700574&pu=https%3A%2F%2Fsignup.fetidfun.com%2Fen%2Fhtml%2Fsf%2Fcc%2Fs4.html%23%26sf%3Dsweep%26lng%3Den%26m%3Dsweepstakes%26s%3Diphone_12pro%26ref%3D5244698%26prod%3D1352%26spid%3D33489-638362941%26sub_id%3D12918_%26_sign%3De45d161fd37bc2c8867f2b1b0b76ebb1%26_signt%3D1620885790%26utm_expid%3D&t=Credit+Card&cts=1620885823532&vi=7eb789a54674a0500cd62984c1362e6c&nc=true&u=22522148.7eb789a54674a0500cd62984c1362e6c.1620885823523.1620885823523.1620885823523.1&b=22522148.1.1620885823523&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://signup.fetidfun.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 13 May 2021 06:03:43 GMT vary Accept-Encoding cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} x-hubspot-correlation-id 9528334a-6a6b-4ffa-9956-e33bca283aca cf-ray 64e9af6d3f584a9d-FRA p3p CP="NOI CUR ADM OUR NOR STA NID" alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 45 cf-request-id 0a05ebf83e00004a9d1d889000000001 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=V7CchoeBktpyUMeAlnolDgwvff6kVNPgE9f7iGvf8OyFa4tk%2FOtin15nEoviefQsagsIy6VG7pWpR732j%2BT2P6xclMIEZt%2Fd2%2BP0yP4w85eaA%2F7xtzRXCtwiWwfhUQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control no-cache, no-store, no-transform access-control-allow-credentials false x-robots-tag none
POST H3-29	200	collect Show response www.google-analytics.com/j/	2 B 22 B	13ms 13ms	XHR text/plain	2a00:1450:4001:829::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j90&a=844294408&t=pageview&_s=1&dl=https%3A%2F%2Fsignup.fetidfun.com%2Fen%2Fhtml%2Fsf%2Fcc%2Fs4.html&ul=en-us&de=UTF-8&dt=Credit%20Card&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAEADQAAAAC~&jid=933096654&gjid=1310282317&cid=405097821.1620885823&tid=UA-35287253-1&_gid=775923975.1620885823&_r=1&gtm=2wg550PXP6H7D&z=314443873 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://signup.fetidfun.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Thu, 13 May 2021 06:03:43 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://signup.fetidfun.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	analytics.js Show response www.google-analytics.com/	48 KB 19 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:829::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXP6H7D Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://signup.fetidfun.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Fri, 09 Apr 2021 23:59:54 GMT server Golfe2 age 5811 date Thu, 13 May 2021 04:26:52 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19569 expires Thu, 13 May 2021 06:26:52 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	1 B 446 B	101ms 29ms	XHR text/plain	2a00:1450:400c:c08::9d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-35287253-1&cid=405097821.1620885823&jid=933096654&gjid=1310282317&_gid=775923975.1620885823&_u=aGDAAEACQAAAAC~&z=1267715171 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://signup.fetidfun.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Thu, 13 May 2021 06:03:43 GMT content-type text/plain access-control-allow-origin https://signup.fetidfun.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT

68 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| dataLayer string| default_home string| default_signup string| default_lander object| flows function| getAllUrlParams function| isNumeric function| isNaaN function| getHashParameter function| sendGraphiteCounterEvent function| loadJsFile function| loadCSSFile function| setCSS function| setJS function| loadAssets function| signupNext function| signupSkip function| checkStep function| validateDataIntegrity function| resetFlow function| goTo function| goToLink function| redirectLink function| goToHome function| buildUrlParamsStepZero function| getTrackParams function| getNextPageAssetsList function| reconstructUrlParamFromHash function| checkUpdatedParameters object| Pathway object| Modernizr object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| getBaseDomain object| date undefined| flow undefined| step undefined| track undefined| refCode object| gaplugins object| gaGlobal object| gaData object| _hsp boolean| _hspb_ran boolean| _hspb_loaded boolean| hubspot_live_messages_running object| HubSpotConversations object| _hsq object| _paq function| sanitizeKey boolean| _hstc_ran string| __hsUserToken number| expireDateTime boolean| _hstc_loaded object| google_optimize

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.fetidfun.com/	1970-01-19 18:14:45	Name: _gat_UA-35287253-1 Value: 1
			signup.fetidfun.com/	1970-01-19 18:14:47	Name: __hssc Value: 22522148.1.1620885823523
			signup.fetidfun.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
			signup.fetidfun.com/	1970-01-20 03:36:21	Name: hubspotutk Value: 7eb789a54674a0500cd62984c1362e6c
			.fetidfun.com/	1970-01-19 18:16:12	Name: _gid Value: GA1.2.775923975.1620885823
			signup.fetidfun.com/	1970-01-20 03:36:21	Name: __hstc Value: 22522148.7eb789a54674a0500cd62984c1362e6c.1620885823523.1620885823523.1620885823523.1
			.fetidfun.com/	1970-01-20 11:45:57	Name: _ga Value: GA1.2.405097821.1620885823

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.hubspot.com
fonts.googleapis.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.usemessages.com
signup.fetidfun.com
stats.g.doubleclick.net
track.hubspot.com
www.google-analytics.com
www.googletagmanager.com
2600:9000:2156:8200:13:936:2ac0:93a1
2606:4700::6811:44b0
2606:4700::6811:d3cc
2606:4700::6811:eccc
2606:4700::6812:14bf
2606:4700::6813:9a53
2606:4700::6813:9b53
2a00:1450:4001:80f::2008
2a00:1450:4001:829::200e
2a00:1450:4001:82f::200a
2a00:1450:400c:c08::9d
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
3a0957c0b5e614d2a96d836b600b27db91347a3c8383241223510d32add1dd32
41a65664cf3ccdbbdb3b90f522427adcabffd67bab3486acdade7ffaca284e0b
4f767f7fdd160501da85426cae7c730bd3af122f039dcc777393e70e0cf3337d
62b60e874f1cf4c941d04ba64cdf9dc6c604acc0219946e8e64310bc2647e189
633708f8a89479eddc06d880d1be40eda9a226a663cdd8e7d6cd6ce534de714d
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
8faccef541e0ffd86fc0288e855a6b09fab33c73a79dfc0ce5559b5d48847187
943f839a6d3ebfecb414e8f4450ed5cb0ce51b97a32dbe6af2796c00eb2fccd4
9d7d10a4dadb2d6e9122f8a038f6342c82a405034f2f14ce0b066ff62abab2e7
a0b8b6ee984ad7131b8a33561976b1712f9b2c06f648084be44adf3edfcf3a4d
a164be91ca5e4957c801c5cc30b235913fb10a30b1e63425944ef4f7be9b15d8
dabce74550c0eaf1d93deb1eef2dec90cd7c4d6740ecf9d1eba9c94fad066e54
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de10daaa8ce5301bbcfca848844ac3da046a48cda3d07ae0b188f03156e219ae
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
ed7417187bc535fe583beec5f8796cd36869aff2763265a2c29536530319c59e
f511180bfa21445733621a495a357740c4491731ef0159c941b9052c6e0d8dac