URL: http://iwishiwereheather.com/
Submission: On December 04 via manual from US

Summary

This website contacted 8 IPs in 5 countries across 7 domains to perform 23 HTTP transactions. The main IP is 104.40.222.81, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is iwishiwereheather.com.
This is the only time iwishiwereheather.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 104.40.222.81 8075 (MICROSOFT...)
9 152.195.132.196 15133 (EDGECAST)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 51.140.6.23 8075 (MICROSOFT...)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
23 8
Domain Requested by
9 cdn-resources.crowdcat.co iwishiwereheather.com
4 dc.services.visualstudio.com cdn-resources.crowdcat.co
3 api.crowdcat.co cdn-resources.crowdcat.co
2 connect.facebook.net connect.facebook.net
1 glitch.ge cdn-resources.crowdcat.co
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com cdn-resources.crowdcat.co
1 iwishiwereheather.com
23 8

This site contains no links.

Subject Issuer Validity Valid
sa185gl.wpc.edgecastcdn.net
DigiCert SHA2 Secure Server CA
2020-08-12 -
2021-09-20
a year crt.sh
upload.video.google.com
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
*.crowdcat.co
Go Daddy Secure Certificate Authority - G2
2020-09-03 -
2021-09-03
a year crt.sh
*.gstatic.com
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
in.applicationinsights.azure.com
Microsoft IT TLS CA 4
2020-04-30 -
2022-04-30
2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2020-11-02 -
2021-01-30
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-07-11 -
2021-07-11
a year crt.sh

This page contains 3 frames:

Primary Page: http://iwishiwereheather.com/
Frame ID: FCC02E0A41C754A4A2517E1B6DF40DD1
Requests: 18 HTTP requests in this frame

Frame: https://glitch.ge/campaigns/conangray/heather
Frame ID: 3E3206ABB1184F68CDF1A011AF76187B
Requests: 1 HTTP requests in this frame

Frame: https://glitch.ge/campaigns/conangray/heather
Frame ID: B16C8EC728CE9420D7BC7F89196F8B3D
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Page Statistics

23
Requests

91 %
HTTPS

57 %
IPv6

7
Domains

8
Subdomains

8
IPs

5
Countries

556 kB
Transfer

1580 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • http://connect.facebook.net/en_US/sdk.js HTTP 307
  • https://connect.facebook.net/en_US/sdk.js

23 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
iwishiwereheather.com/
14 KB
5 KB
Document
General
Full URL
http://iwishiwereheather.com/
Protocol
HTTP/1.1
Server
104.40.222.81 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
708b4f51df736e62aed79dea5b2834f681a0c57a8b2bc4dd10208cd1c7186116

Request headers

Host
iwishiwereheather.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cache-Control
private,no-transform
Content-Length
4404
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Vary
Accept-Encoding
Server
Microsoft-IIS/10.0
X-AspNetMvc-Version
5.2
X-AspNet-Version
4.0.30319
Request-Context
appId=cid-v1:23e27b55-c534-4575-a720-70d6bb953c01
Access-Control-Expose-Headers
Request-Context
X-Powered-By
ASP.NET
Date
Fri, 04 Dec 2020 15:33:51 GMT
75596b10-820d-4805-ae18-57337401eb6a.css
cdn-resources.crowdcat.co/layouts/styles/
93 KB
22 KB
Stylesheet
General
Full URL
https://cdn-resources.crowdcat.co/layouts/styles/75596b10-820d-4805-ae18-57337401eb6a.css?v=1607019787000
Requested by
Host: iwishiwereheather.com
URL: http://iwishiwereheather.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.196 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (waw/0565) /
Resource Hash
3ad081ba6598536a1a24adc8ce754e4ddf30612f06f354d1f0f926302c48f754

Request headers

Referer
http://iwishiwereheather.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 15:33:52 GMT
content-encoding
gzip
last-modified
Thu, 03 Dec 2020 18:23:07 GMT
server
ECAcc (waw/0565)
age
72670
vary
Accept-Encoding
x-cache
HIT
content-type
text/css
access-control-allow-origin
*
accept-ranges
bytes
content-length
22349
request-context
appId=cid-v1:49a7a42a-48f4-4795-9c92-72ae3b9ed589
styles.css
cdn-resources.crowdcat.co/player/js/crowdcat_player/
16 KB
5 KB
Stylesheet
General
Full URL
https://cdn-resources.crowdcat.co/player/js/crowdcat_player/styles.css?v=0.9-20201005.1
Requested by
Host: iwishiwereheather.com
URL: http://iwishiwereheather.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.196 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (waw/0545) /
Resource Hash
1f5f29032b4aa96b61a87712bd4f4d745ff63a3553848c1fa9fc2c45c2b2c0e3

Request headers

Referer
http://iwishiwereheather.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 15:33:52 GMT
content-encoding
gzip
last-modified
Tue, 06 Oct 2020 13:55:24 GMT
server
ECAcc (waw/0545)
age
79358
vary
Accept-Encoding
x-cache
HIT
content-type
text/css
access-control-allow-origin
*
accept-ranges
bytes
content-length
4925
request-context
appId=cid-v1:49a7a42a-48f4-4795-9c92-72ae3b9ed589
jquery-1.11.3.min.js
cdn-resources.crowdcat.co/player/js/
94 KB
42 KB
Script
General
Full URL
https://cdn-resources.crowdcat.co/player/js/jquery-1.11.3.min.js?v=0.9-20201005.1
Requested by
Host: iwishiwereheather.com
URL: http://iwishiwereheather.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.196 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (waw/0552) /
Resource Hash
20e11ce61890c08c0529911822233c9023ebc367df6c1050dec105e2b9628104

Request headers

Referer
http://iwishiwereheather.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 15:33:52 GMT
content-encoding
gzip
last-modified
Tue, 06 Oct 2020 13:55:24 GMT
server
ECAcc (waw/0552)
age
473092
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
access-control-allow-origin
*
accept-ranges
bytes
content-length
42852
request-context
appId=cid-v1:49a7a42a-48f4-4795-9c92-72ae3b9ed589
widget.js
cdn-resources.crowdcat.co/widgets/core/basewidget/v2/
31 KB
8 KB
Script
General
Full URL
https://cdn-resources.crowdcat.co/widgets/core/basewidget/v2/widget.js?v=0.9-20201005.1
Requested by
Host: iwishiwereheather.com
URL: http://iwishiwereheather.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.196 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (waw/053D) /
Resource Hash
b56fcc07eb8f913f5da0f88fb3934083ca65c3c4156610b2be892b7d60b23af2

Request headers

Referer
http://iwishiwereheather.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 15:33:52 GMT
content-encoding
gzip
last-modified
Tue, 06 Oct 2020 13:54:55 GMT
server
ECAcc (waw/053D)
age
263518
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
access-control-allow-origin
*
accept-ranges
bytes
content-length
7965
request-context
appId=cid-v1:49a7a42a-48f4-4795-9c92-72ae3b9ed589
richtext.js
cdn-resources.crowdcat.co/widgets/types/richtext/v1/
383 KB
126 KB
Script
General
Full URL
https://cdn-resources.crowdcat.co/widgets/types/richtext/v1/richtext.js?v=1606904085000
Requested by
Host: iwishiwereheather.com
URL: http://iwishiwereheather.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.196 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (waw/055B) /
Resource Hash
c7f8ebff69c758f19ce15714139cca4dab4a6958b5409a123ed3052702da6f61

Request headers

Referer
http://iwishiwereheather.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 15:33:52 GMT
content-encoding
gzip
last-modified
Wed, 02 Dec 2020 10:14:45 GMT
server
ECAcc (waw/055B)
age
180857
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
access-control-allow-origin
*
accept-ranges
bytes
content-length
129200
request-context
appId=cid-v1:49a7a42a-48f4-4795-9c92-72ae3b9ed589
runtime.js
cdn-resources.crowdcat.co/player/js/crowdcat_player/
1 KB
1 KB
Script
General
Full URL
https://cdn-resources.crowdcat.co/player/js/crowdcat_player/runtime.js?v=0.9-20201005.1
Requested by
Host: iwishiwereheather.com
URL: http://iwishiwereheather.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.196 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (waw/0535) /
Resource Hash
ff4354af4e52bef06b5b02360c42b8cb43a844b535abfb123f15ab720e18da01

Request headers

Referer
http://iwishiwereheather.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 15:33:52 GMT
content-encoding
gzip
last-modified
Tue, 06 Oct 2020 13:55:24 GMT
server
ECAcc (waw/0535)
age
3834
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
access-control-allow-origin
*
accept-ranges
bytes
content-length
972
request-context
appId=cid-v1:49a7a42a-48f4-4795-9c92-72ae3b9ed589
polyfills.js
cdn-resources.crowdcat.co/player/js/crowdcat_player/
150 KB
64 KB
Script
General
Full URL
https://cdn-resources.crowdcat.co/player/js/crowdcat_player/polyfills.js?v=0.9-20201005.1
Requested by
Host: iwishiwereheather.com
URL: http://iwishiwereheather.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.196 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (waw/056A) /
Resource Hash
953c453572f8687e039d93b7f5252ffdb7ed488c1feda40e89ec69aba935bea9

Request headers

Referer
http://iwishiwereheather.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 15:33:52 GMT
content-encoding
gzip
last-modified
Tue, 06 Oct 2020 13:55:24 GMT
server
ECAcc (waw/056A)
age
263518
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
access-control-allow-origin
*
accept-ranges
bytes
content-length
65780
request-context
appId=cid-v1:49a7a42a-48f4-4795-9c92-72ae3b9ed589
scripts.js
cdn-resources.crowdcat.co/player/js/crowdcat_player/
5 KB
2 KB
Script
General
Full URL
https://cdn-resources.crowdcat.co/player/js/crowdcat_player/scripts.js?v=0.9-20201005.1
Requested by
Host: iwishiwereheather.com
URL: http://iwishiwereheather.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.196 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (waw/0534) /
Resource Hash
08263c392ddc6370d8cb50d9e2c4e0210a1917a22a3011dab4645aa474687a99

Request headers

Referer
http://iwishiwereheather.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 15:33:52 GMT
content-encoding
gzip
last-modified
Tue, 06 Oct 2020 13:55:24 GMT
server
ECAcc (waw/0534)
age
263518
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
access-control-allow-origin
*
accept-ranges
bytes
content-length
2193
request-context
appId=cid-v1:49a7a42a-48f4-4795-9c92-72ae3b9ed589
main.js
cdn-resources.crowdcat.co/player/js/crowdcat_player/
571 KB
194 KB
Script
General
Full URL
https://cdn-resources.crowdcat.co/player/js/crowdcat_player/main.js?v=0.9-20201005.1
Requested by
Host: iwishiwereheather.com
URL: http://iwishiwereheather.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.196 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (waw/0570) /
Resource Hash
d837bb364668067819e72524d870652e092859e48b692e30a0c150ad87556ed3

Request headers

Referer
http://iwishiwereheather.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 15:33:52 GMT
content-encoding
gzip
last-modified
Tue, 06 Oct 2020 13:55:24 GMT
server
ECAcc (waw/0570)
age
263518
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
access-control-allow-origin
*
accept-ranges
bytes
content-length
198673
request-context
appId=cid-v1:49a7a42a-48f4-4795-9c92-72ae3b9ed589
css
fonts.googleapis.com/
2 KB
596 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Rubik
Requested by
Host: cdn-resources.crowdcat.co
URL: https://cdn-resources.crowdcat.co/player/js/crowdcat_player/styles.css?v=0.9-20201005.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
293239735472b93fc0f1be43fed21d04abbe2c0d6872ab92c9ee962c6b0bd357
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://cdn-resources.crowdcat.co/player/js/crowdcat_player/styles.css?v=0.9-20201005.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 04 Dec 2020 15:11:20 GMT
server
ESF
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
date
Fri, 04 Dec 2020 15:33:52 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Fri, 04 Dec 2020 15:33:52 GMT
play
api.crowdcat.co/ Frame
0
0
Other
General
Full URL
https://api.crowdcat.co/play
Protocol
HTTP/1.1
Server
104.40.222.81 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
http://iwishiwereheather.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Server
Microsoft-IIS/10.0
Access-Control-Allow-Origin
http://iwishiwereheather.com
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
content-type
Access-Control-Max-Age
600
Request-Context
appId=cid-v1:3b853e67-5ded-4de9-8429-c84b2ab5d529
Access-Control-Expose-Headers
Request-Context
X-Powered-By
ASP.NET
Date
Fri, 04 Dec 2020 15:33:52 GMT
Content-Length
0
play
api.crowdcat.co/
52 B
694 B
XHR
General
Full URL
https://api.crowdcat.co/play
Requested by
Host: cdn-resources.crowdcat.co
URL: https://cdn-resources.crowdcat.co/player/js/crowdcat_player/polyfills.js?v=0.9-20201005.1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.40.222.81 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
f97d96fd39751a6d4fc2a044cab105daf9ec076f78e298a8ecdf9edb76bd0c07

Request headers

Accept
application/json, text/plain, */*
Referer
http://iwishiwereheather.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/json

Response headers

Pragma
no-cache
Date
Fri, 04 Dec 2020 15:33:52 GMT
Content-Encoding
gzip
Expires
-1
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
http://iwishiwereheather.com
Access-Control-Expose-Headers
Request-Context
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Content-Length
172
Request-Context
appId=cid-v1:3b853e67-5ded-4de9-8429-c84b2ab5d529
iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFV0UzdYPFkZVO.woff
fonts.gstatic.com/s/rubik/v11/
22 KB
23 KB
Font
General
Full URL
https://fonts.gstatic.com/s/rubik/v11/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFV0UzdYPFkZVO.woff
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Rubik
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
47f568aa91ffb756af69523453b21e18adeb97adffcc4085e1f13120597be28d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
http://iwishiwereheather.com
Referer
https://fonts.googleapis.com/css?family=Rubik
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 11:25:59 GMT
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 2020 22:20:15 GMT
server
sffe
age
101273
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23024
x-xss-protection
0
expires
Fri, 03 Dec 2021 11:25:59 GMT
track
dc.services.visualstudio.com/v2/ Frame
0
0
Other
General
Full URL
https://dc.services.visualstudio.com/v2/track
Protocol
H2
Server
51.140.6.23 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,sdk-context
Origin
http://iwishiwereheather.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-methods
POST
access-control-allow-headers
Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
access-control-allow-origin
*
access-control-max-age
3600
x-content-type-options
nosniff
date
Fri, 04 Dec 2020 15:33:52 GMT
content-length
0
track
dc.services.visualstudio.com/v2/
96 B
213 B
XHR
General
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: cdn-resources.crowdcat.co
URL: https://cdn-resources.crowdcat.co/player/js/crowdcat_player/polyfills.js?v=0.9-20201005.1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.140.6.23 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8be2e0594c1190f847dbce7183ba539805f85b61fdee2e475151e87948cf5fec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
http://iwishiwereheather.com/
Sdk-Context
appId
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/json

Response headers

x-ms-session-id
A4831CBB-8C33-4F8D-A103-FB5D95327F10
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
date
Fri, 04 Dec 2020 15:33:52 GMT
access-control-max-age
3600
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
content-length
96
sdk.js
connect.facebook.net/en_US/
Redirect Chain
  • http://connect.facebook.net/en_US/sdk.js
  • https://connect.facebook.net/en_US/sdk.js
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
72784d6bc74e790c65acc1f4361ea27f9254b1473ec06c35698aed3061d43dc3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
http://iwishiwereheather.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
nB5Rx9xKxquxobgMS9c/6w==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1779
etag
"d1212ee88e38e414d1ab608e35458d67"
x-fb-debug
2kvNGnCM6uvd6O2+kTamPaYgJVVrtGdh04Wdt96loZzw6shCCMpCPRw/Xhx5deaussNk5nzmKZTnCNS2w43oJQ==
x-fb-trip-id
664085054
x-fb-content-md5
a1220defe4a31d3c81dc77bde5871b68
x-frame-options
DENY
date
Fri, 04 Dec 2020 15:33:53 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 04 Dec 2020 15:36:14 GMT

Redirect headers

Location
https://connect.facebook.net/en_US/sdk.js
Non-Authoritative-Reason
HSTS
heather
glitch.ge/campaigns/conangray/ Frame 3E32
0
0

heather
glitch.ge/campaigns/conangray/ Frame B16C
0
0
Document
General
Full URL
https://glitch.ge/campaigns/conangray/heather
Requested by
Host: cdn-resources.crowdcat.co
URL: https://cdn-resources.crowdcat.co/widgets/types/richtext/v1/richtext.js?v=1606904085000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:480c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Next.js
Resource Hash

Request headers

:method
GET
:authority
glitch.ge
:scheme
https
:path
/campaigns/conangray/heather
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
http://iwishiwereheather.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://iwishiwereheather.com/

Response headers

date
Fri, 04 Dec 2020 15:33:53 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=d7376f510abe078399123d7ab82e735221607096033; expires=Sun, 03-Jan-21 15:33:53 GMT; path=/; domain=.glitch.ge; HttpOnly; SameSite=Lax; Secure
x-powered-by
Next.js
access-control-allow-origin
https://yellowbus.ge
vary
Origin, Accept-Encoding
via
1.1 vegur
cf-cache-status
DYNAMIC
cf-request-id
06cffc77d60000e003ee2fb000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0qBazsmOjF30Y1k%2B9Ev5ELgnW9NMT4z%2BXY1orXtmgHR174TLxw0oBz75BBaeFPm7GC2X8mu5TAyjfKBhl%2FM3FPutfBu0%2Be3UxDp%2B6QRAmJC6Z5DTQmA%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
5fc6969fbedae003-FRA
content-encoding
br
sdk.js
connect.facebook.net/en_US/
195 KB
59 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=520cef5f928cec77d7169742f6a00ddf&ua=modern_es6
Requested by
Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e53e7c21ddca402dc63622ed9cffe348624f1bee3b8c511164d3f70381a7fd87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Origin
http://iwishiwereheather.com
Referer
http://iwishiwereheather.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
0YxZdYjD0PCm6dGwPUGduw==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
60126
etag
"7f7640b7646217b9c2a33c4f3c12d107"
x-fb-debug
VwFRUF/Mg8Ob4vLFgzG6i2tvD4+HCPZUqiJzPDJWN3t/uXTz7OAcka20npZrljzUrabJoE2d1/hgq45IgpZwzg==
x-fb-trip-id
2050670934
x-fb-content-md5
032a9779fdf5f373c4d58aa6025585db
x-frame-options
DENY
date
Fri, 04 Dec 2020 15:33:53 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin
*
expires
Sat, 04 Dec 2021 14:30:35 GMT
track
dc.services.visualstudio.com/v2/ Frame
0
0
Other
General
Full URL
https://dc.services.visualstudio.com/v2/track
Protocol
H2
Server
51.140.6.23 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,sdk-context
Origin
http://iwishiwereheather.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-methods
POST
access-control-allow-headers
Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
access-control-allow-origin
*
access-control-max-age
3600
x-content-type-options
nosniff
date
Fri, 04 Dec 2020 15:33:52 GMT
content-length
0
track
dc.services.visualstudio.com/v2/
96 B
186 B
XHR
General
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: cdn-resources.crowdcat.co
URL: https://cdn-resources.crowdcat.co/player/js/crowdcat_player/polyfills.js?v=0.9-20201005.1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.140.6.23 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8be2e0594c1190f847dbce7183ba539805f85b61fdee2e475151e87948cf5fec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
http://iwishiwereheather.com/
Sdk-Context
appId
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/json

Response headers

x-ms-session-id
B9EF4AD4-8461-4F5F-B56A-575D7215B14A
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
date
Fri, 04 Dec 2020 15:33:53 GMT
access-control-max-age
3600
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
content-length
96
2e1bcea8-1e96-4a9b-88d6-dafe34fb3831
api.crowdcat.co/play/
81 B
714 B
XHR
General
Full URL
https://api.crowdcat.co/play/2e1bcea8-1e96-4a9b-88d6-dafe34fb3831
Requested by
Host: cdn-resources.crowdcat.co
URL: https://cdn-resources.crowdcat.co/player/js/crowdcat_player/polyfills.js?v=0.9-20201005.1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.40.222.81 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e97a9bbb4cd1e60516581cec057c41ef5395b3f976ffeb448d0b9bd4a12ea225

Request headers

Accept
application/json, text/plain, */*
Referer
http://iwishiwereheather.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 04 Dec 2020 15:33:53 GMT
Content-Encoding
gzip
Expires
-1
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
http://iwishiwereheather.com
Access-Control-Expose-Headers
Request-Context
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Content-Length
192
Request-Context
appId=cid-v1:3b853e67-5ded-4de9-8429-c84b2ab5d529

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
glitch.ge
URL
https://glitch.ge/campaigns/conangray/heather

Verdicts & Comments Add Verdict or Comment

161 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| SocialPromote object| promotion object| runtimeSettings object| analyticsProperties object| webpackJsonp function| Zone function| __zone_symbol__Promise function| __zone_symbol__ZoneAwarePromise function| __zone_symbol__fetch function| __zone_symbol__legacyPatch function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader boolean| __zone_symbol__ononabortpatched boolean| __zone_symbol__ononanimationendpatched boolean| __zone_symbol__ononanimationiterationpatched boolean| __zone_symbol__ononauxclickpatched boolean| __zone_symbol__ononblurpatched boolean| __zone_symbol__ononcancelpatched boolean| __zone_symbol__ononcanplaypatched boolean| __zone_symbol__ononcanplaythroughpatched boolean| __zone_symbol__ononchangepatched boolean| __zone_symbol__ononcuechangepatched boolean| __zone_symbol__ononclickpatched boolean| __zone_symbol__ononclosepatched boolean| __zone_symbol__ononcontextmenupatched boolean| __zone_symbol__onondblclickpatched boolean| __zone_symbol__onondragpatched boolean| __zone_symbol__onondragendpatched boolean| __zone_symbol__onondragenterpatched boolean| __zone_symbol__onondragleavepatched boolean| __zone_symbol__onondragoverpatched boolean| __zone_symbol__onondroppatched boolean| __zone_symbol__onondurationchangepatched boolean| __zone_symbol__ononemptiedpatched boolean| __zone_symbol__ononendedpatched boolean| __zone_symbol__ononerrorpatched boolean| __zone_symbol__ononfocuspatched boolean| __zone_symbol__onongotpointercapturepatched boolean| __zone_symbol__ononinputpatched boolean| __zone_symbol__ononinvalidpatched boolean| __zone_symbol__ononkeydownpatched boolean| __zone_symbol__ononkeypresspatched boolean| __zone_symbol__ononkeyuppatched boolean| __zone_symbol__ononloadpatched boolean| __zone_symbol__ononloadstartpatched boolean| __zone_symbol__ononloadeddatapatched boolean| __zone_symbol__ononloadedmetadatapatched boolean| __zone_symbol__ononlostpointercapturepatched boolean| __zone_symbol__ononmousedownpatched boolean| __zone_symbol__ononmouseenterpatched boolean| __zone_symbol__ononmouseleavepatched boolean| __zone_symbol__ononmousemovepatched boolean| __zone_symbol__ononmouseoutpatched boolean| __zone_symbol__ononmouseoverpatched boolean| __zone_symbol__ononmouseuppatched boolean| __zone_symbol__ononmousewheelpatched boolean| __zone_symbol__ononpausepatched boolean| __zone_symbol__ononplaypatched boolean| __zone_symbol__ononplayingpatched boolean| __zone_symbol__ononpointercancelpatched boolean| __zone_symbol__ononpointerdownpatched boolean| __zone_symbol__ononpointerenterpatched boolean| __zone_symbol__ononpointerleavepatched boolean| __zone_symbol__ononpointermovepatched boolean| __zone_symbol__ononpointeroverpatched boolean| __zone_symbol__ononpointeruppatched boolean| __zone_symbol__ononprogresspatched boolean| __zone_symbol__ononratechangepatched boolean| __zone_symbol__ononresetpatched boolean| __zone_symbol__ononresizepatched boolean| __zone_symbol__ononscrollpatched boolean| __zone_symbol__ononseekedpatched boolean| __zone_symbol__ononseekingpatched boolean| __zone_symbol__ononselectpatched boolean| __zone_symbol__ononselectionchangepatched boolean| __zone_symbol__ononselectstartpatched boolean| __zone_symbol__ononstalledpatched boolean| __zone_symbol__ononsubmitpatched boolean| __zone_symbol__ononsuspendpatched boolean| __zone_symbol__onontimeupdatepatched boolean| __zone_symbol__ononvolumechangepatched boolean| __zone_symbol__onontransitioncancelpatched boolean| __zone_symbol__onontransitionendpatched boolean| __zone_symbol__ononwaitingpatched boolean| __zone_symbol__ononwheelpatched boolean| __zone_symbol__onontogglepatched boolean| __zone_symbol__ononafterprintpatched boolean| __zone_symbol__ononappinstalledpatched boolean| __zone_symbol__ononbeforeinstallpromptpatched boolean| __zone_symbol__ononbeforeprintpatched boolean| __zone_symbol__ononbeforeunloadpatched boolean| __zone_symbol__ononhashchangepatched boolean| __zone_symbol__ononlanguagechangepatched boolean| __zone_symbol__ononmessagepatched boolean| __zone_symbol__ononofflinepatched boolean| __zone_symbol__onononlinepatched boolean| __zone_symbol__ononpageshowpatched boolean| __zone_symbol__ononpagehidepatched boolean| __zone_symbol__ononpopstatepatched boolean| __zone_symbol__ononrejectionhandledpatched boolean| __zone_symbol__ononstoragepatched boolean| __zone_symbol__ononunhandledrejectionpatched boolean| __zone_symbol__ononunloadpatched boolean| __zone_symbol__onondragstartpatched boolean| __zone_symbol__ononanimationstartpatched boolean| __zone_symbol__ononsearchpatched boolean| __zone_symbol__onontransitionrunpatched boolean| __zone_symbol__onontransitionstartpatched boolean| __zone_symbol__ononwebkitanimationendpatched boolean| __zone_symbol__ononwebkitanimationiterationpatched boolean| __zone_symbol__ononwebkitanimationstartpatched boolean| __zone_symbol__ononwebkittransitionendpatched boolean| __zone_symbol__ononpointeroutpatched boolean| __zone_symbol__ononmessageerrorpatched object| JSON_delta function| __assign function| __extends object| __zone_symbol__onlinefalse object| __zone_symbol__offlinefalse object| ng object| __zone_symbol__popstatefalse object| __zone_symbol__hashchangefalse object| __zone_symbol__CookiebotOnLoadfalse function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers function| __zone_symbol__ON_PROPERTYerror object| __zone_symbol__errorfalse object| __zone_symbol__locationchangefalse object| __zone_symbol__beforeunloadfalse object| __zone_symbol__pagehidefalse object| __zone_symbol__messagefalse object| FB function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener undefined| __zone_symbol__eventListeners undefined| __zone_symbol__removeAllListeners function| eventListeners function| removeAllListeners

2 Cookies

Domain/Path Name / Value
iwishiwereheather.com/ Name: ai_session
Value: waw4L|1607096032992.705|1607096032992.705
iwishiwereheather.com/ Name: ai_user
Value: HZerm|2020-12-04T15:33:52.841Z

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.crowdcat.co
cdn-resources.crowdcat.co
connect.facebook.net
dc.services.visualstudio.com
fonts.googleapis.com
fonts.gstatic.com
glitch.ge
iwishiwereheather.com
glitch.ge
104.40.222.81
152.195.132.196
2606:4700:20::ac43:480c
2a00:1450:4001:814::2003
2a00:1450:4001:820::200a
2a03:2880:f01c:8012:face:b00c:0:3
51.140.6.23
08263c392ddc6370d8cb50d9e2c4e0210a1917a22a3011dab4645aa474687a99
1f5f29032b4aa96b61a87712bd4f4d745ff63a3553848c1fa9fc2c45c2b2c0e3
20e11ce61890c08c0529911822233c9023ebc367df6c1050dec105e2b9628104
293239735472b93fc0f1be43fed21d04abbe2c0d6872ab92c9ee962c6b0bd357
3ad081ba6598536a1a24adc8ce754e4ddf30612f06f354d1f0f926302c48f754
47f568aa91ffb756af69523453b21e18adeb97adffcc4085e1f13120597be28d
708b4f51df736e62aed79dea5b2834f681a0c57a8b2bc4dd10208cd1c7186116
72784d6bc74e790c65acc1f4361ea27f9254b1473ec06c35698aed3061d43dc3
8be2e0594c1190f847dbce7183ba539805f85b61fdee2e475151e87948cf5fec
953c453572f8687e039d93b7f5252ffdb7ed488c1feda40e89ec69aba935bea9
b56fcc07eb8f913f5da0f88fb3934083ca65c3c4156610b2be892b7d60b23af2
c7f8ebff69c758f19ce15714139cca4dab4a6958b5409a123ed3052702da6f61
d837bb364668067819e72524d870652e092859e48b692e30a0c150ad87556ed3
e53e7c21ddca402dc63622ed9cffe348624f1bee3b8c511164d3f70381a7fd87
e97a9bbb4cd1e60516581cec057c41ef5395b3f976ffeb448d0b9bd4a12ea225
f97d96fd39751a6d4fc2a044cab105daf9ec076f78e298a8ecdf9edb76bd0c07
ff4354af4e52bef06b5b02360c42b8cb43a844b535abfb123f15ab720e18da01