clients.newbenefits.com Open in urlscan Pro
209.48.208.90  Public Scan

14 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request InvoiceDownload.aspx Show response clients.newbenefits.com/	22 KB 23 KB	919ms 271ms	Document text/html	209.48.208.90 XO-AS15
General Check archive.org Show headers Download Go to Full URL https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 209.48.208.90 , United States, ASN2828 (XO-AS15, US), Reverse DNS Software Microsoft-IIS/8.0 / ASP.NET Resource Hash c50201ccbce05a330370cf188032ba1ddcbfb6624c67e3a3582d00aad33e5fd7 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control private Content-Length 22867 Content-Type text/html; charset=utf-8 Date Tue, 04 Oct 2022 19:05:38 GMT Server Microsoft-IIS/8.0 X-AspNet-Version 4.0.30319 X-Powered-By ASP.NET
GET H/1.1	200 OK	stylesheet.css clients.newbenefits.com/css/	32 KB 7 KB	244ms 239ms	Stylesheet text/css	209.48.208.90 XO-AS15
General Check archive.org Show headers Download Go to Full URL https://clients.newbenefits.com/css/stylesheet.css Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 209.48.208.90 , United States, ASN2828 (XO-AS15, US), Reverse DNS Software Microsoft-IIS/8.0 / ASP.NET Resource Hash ba0e3475e408e285cc7f19836b018dfc1848c7f4b1fae3ead1dee219afb00462 Request headers accept-language de-DE,de;q=0.9 Referer https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Date Tue, 04 Oct 2022 19:05:40 GMT Content-Encoding gzip Last-Modified Mon, 14 Mar 2022 13:52:46 GMT Server Microsoft-IIS/8.0 ETag "0cbc8c8aa37d81:0" X-Powered-By ASP.NET Vary Accept-Encoding Content-Type text/css Accept-Ranges bytes Content-Length 6383
GET H/1.1	200 OK	fonts.css clients.newbenefits.com/css/	2 KB 2 KB	484ms 236ms	Stylesheet text/css	209.48.208.90 XO-AS15
General Check archive.org Show headers Download Go to Full URL https://clients.newbenefits.com/css/fonts.css Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 209.48.208.90 , United States, ASN2828 (XO-AS15, US), Reverse DNS Software Microsoft-IIS/8.0 / ASP.NET Resource Hash 8ab7dd927016210517599301addb0251a3c1d474c9d077b8df8a80751a9997ed Request headers accept-language de-DE,de;q=0.9 Referer https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Date Tue, 04 Oct 2022 19:05:40 GMT Last-Modified Mon, 14 Mar 2022 13:52:46 GMT Server Microsoft-IIS/8.0 ETag "80306c9aa37d81:0" X-Powered-By ASP.NET Content-Type text/css Accept-Ranges bytes Content-Length 1557
GET H/1.1	200 OK	colorbox.css clients.newbenefits.com/css/	3 KB 1 KB	385ms 127ms	Stylesheet text/css	209.48.208.90 XO-AS15
General Check archive.org Show headers Download Go to Full URL https://clients.newbenefits.com/css/colorbox.css Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 209.48.208.90 , United States, ASN2828 (XO-AS15, US), Reverse DNS Software Microsoft-IIS/8.0 / ASP.NET Resource Hash a60d49c582b0d1207c9559306ec1b3f181714fb38ad1cd45658ac1133704ab81 Request headers accept-language de-DE,de;q=0.9 Referer https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Date Tue, 04 Oct 2022 19:05:40 GMT Content-Encoding gzip Last-Modified Mon, 14 Mar 2022 13:52:46 GMT Server Microsoft-IIS/8.0 ETag "0cbc8c8aa37d81:0" X-Powered-By ASP.NET Vary Accept-Encoding Content-Type text/css Accept-Ranges bytes Content-Length 1039
GET H/1.1	200 OK	invoices.css clients.newbenefits.com/css/	5 KB 2 KB	387ms 129ms	Stylesheet text/css	209.48.208.90 XO-AS15
General Check archive.org Show headers Download Go to Full URL https://clients.newbenefits.com/css/invoices.css Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 209.48.208.90 , United States, ASN2828 (XO-AS15, US), Reverse DNS Software Microsoft-IIS/8.0 / ASP.NET Resource Hash be6ad0e634f5eedebb6d9496d0657f23ec8a9f53648e584e8d4decb69268a1a7 Request headers accept-language de-DE,de;q=0.9 Referer https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Date Tue, 04 Oct 2022 19:05:40 GMT Content-Encoding gzip Last-Modified Mon, 14 Mar 2022 13:52:46 GMT Server Microsoft-IIS/8.0 ETag "0cbc8c8aa37d81:0" X-Powered-By ASP.NET Vary Accept-Encoding Content-Type text/css Accept-Ranges bytes Content-Length 1390
GET H2	200	font-awesome.min.css maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/	28 KB 7 KB	45ms 21ms	Stylesheet text/css	2606:4700::6812:bcf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://clients.newbenefits.com/ Origin https://clients.newbenefits.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Tue, 04 Oct 2022 19:05:39 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding br cdn-edgestorageid 863 age 26189 cdn-cachedat 08/20/2022 02:34:53 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 last-modified Mon, 25 Jan 2021 22:04:55 GMT cdn-proxyver 1.02 cdn-requestpullcode 200 server cloudflare etag W/"4083f5d376eb849a458cc790b53ba080" vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * cdn-cache HIT cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cache-control public, max-age=31919000 cdn-requestid a491507c1ddb47b5f3173757bbf9f431 timing-allow-origin * cdn-requestcountrycode DE cdn-status 200 cf-ray 755030b80a0690b8-FRA cdn-requestpullsuccess True
GET H/1.1	200 OK	jquery-1.8.3.min.js Show response clients.newbenefits.com/scripts/	91 KB 33 KB	780ms 522ms	Script application/javascript	209.48.208.90 XO-AS15
General Check archive.org Show headers Download Go to Full URL https://clients.newbenefits.com/scripts/jquery-1.8.3.min.js Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 209.48.208.90 , United States, ASN2828 (XO-AS15, US), Reverse DNS Software Microsoft-IIS/8.0 / ASP.NET Resource Hash 61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf Request headers accept-language de-DE,de;q=0.9 Referer https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Date Tue, 04 Oct 2022 19:05:40 GMT Content-Encoding gzip Last-Modified Mon, 14 Mar 2022 13:52:48 GMT Server Microsoft-IIS/8.0 ETag "0f8f9c9aa37d81:0" X-Powered-By ASP.NET Vary Accept-Encoding Content-Type application/javascript Accept-Ranges bytes Content-Length 33504
GET H/1.1	200 OK	jquery.colorbox.js Show response clients.newbenefits.com/scripts/	25 KB 8 KB	652ms 388ms	Script application/javascript	209.48.208.90 XO-AS15
General Check archive.org Show headers Download Go to Full URL https://clients.newbenefits.com/scripts/jquery.colorbox.js Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 209.48.208.90 , United States, ASN2828 (XO-AS15, US), Reverse DNS Software Microsoft-IIS/8.0 / ASP.NET Resource Hash c6d73f016d6264c48cd9a9be5d4fd2ad876f7f29f0eab1aa95e1fe516a5cf71b Request headers accept-language de-DE,de;q=0.9 Referer https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Date Tue, 04 Oct 2022 19:05:40 GMT Content-Encoding gzip Last-Modified Mon, 14 Mar 2022 13:52:48 GMT Server Microsoft-IIS/8.0 ETag "0f8f9c9aa37d81:0" X-Powered-By ASP.NET Vary Accept-Encoding Content-Type application/javascript Accept-Ranges bytes Content-Length 8032
GET H/1.1	200 OK	jquery-ui-1.10.4.custom.min.js Show response clients.newbenefits.com/scripts/	223 KB 60 KB	660ms 395ms	Script application/javascript	209.48.208.90 XO-AS15
General Check archive.org Show headers Download Go to Full URL https://clients.newbenefits.com/scripts/jquery-ui-1.10.4.custom.min.js Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 209.48.208.90 , United States, ASN2828 (XO-AS15, US), Reverse DNS Software Microsoft-IIS/8.0 / ASP.NET Resource Hash 1de9cf221d7a706cf55175edcb2324d49f9c133016a873db6a1be6a44578bb4a Request headers accept-language de-DE,de;q=0.9 Referer https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Date Tue, 04 Oct 2022 19:05:40 GMT Content-Encoding gzip Last-Modified Mon, 14 Mar 2022 13:52:48 GMT Server Microsoft-IIS/8.0 ETag "0f8f9c9aa37d81:0" X-Powered-By ASP.NET Vary Accept-Encoding Content-Type application/javascript Accept-Ranges bytes Content-Length 61256
GET H/1.1	200 OK	Client.Util.160607.min.js Show response clients.newbenefits.com/scripts/	7 KB 3 KB	528ms 144ms	Script application/javascript	209.48.208.90 XO-AS15
General Check archive.org Show headers Download Go to Full URL https://clients.newbenefits.com/scripts/Client.Util.160607.min.js Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 209.48.208.90 , United States, ASN2828 (XO-AS15, US), Reverse DNS Software Microsoft-IIS/8.0 / ASP.NET Resource Hash 784c786ba12c8276a2d0f432abf8a32dc8f48d4223fb423e18dec57c1d49ff3b Request headers accept-language de-DE,de;q=0.9 Referer https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Date Tue, 04 Oct 2022 19:05:40 GMT Content-Encoding gzip Last-Modified Mon, 14 Mar 2022 13:52:47 GMT Server Microsoft-IIS/8.0 ETag "806161c9aa37d81:0" X-Powered-By ASP.NET Vary Accept-Encoding Content-Type application/javascript Accept-Ranges bytes Content-Length 2406
GET H/1.1	200 OK	Invoice.160923.min.js Show response clients.newbenefits.com/scripts/	25 KB 6 KB	527ms 141ms	Script application/javascript	209.48.208.90 XO-AS15
General Check archive.org Show headers Download Go to Full URL https://clients.newbenefits.com/scripts/Invoice.160923.min.js Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 209.48.208.90 , United States, ASN2828 (XO-AS15, US), Reverse DNS Software Microsoft-IIS/8.0 / ASP.NET Resource Hash 6809f577d44f8446ef6a6069a5f11cfd957d6e478b6a39021efeae58edab7cb2 Request headers accept-language de-DE,de;q=0.9 Referer https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Date Tue, 04 Oct 2022 19:05:40 GMT Content-Encoding gzip Last-Modified Mon, 14 Mar 2022 13:52:48 GMT Server Microsoft-IIS/8.0 ETag "0f8f9c9aa37d81:0" X-Powered-By ASP.NET Vary Accept-Encoding Content-Type application/javascript Accept-Ranges bytes Content-Length 5824
GET H/1.1	200 OK	logo_NBCS.png clients.newbenefits.com/images/	15 KB 15 KB	130ms 130ms	Image image/png	209.48.208.90 XO-AS15
General Check archive.org Show headers Download Go to Show image Full URL https://clients.newbenefits.com/images/logo_NBCS.png Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 209.48.208.90 , United States, ASN2828 (XO-AS15, US), Reverse DNS Software Microsoft-IIS/8.0 / ASP.NET Resource Hash f878f9646f576ba5f930d58638af9dd68c0d6c8742b609f6b6b2919d9a623619 Request headers accept-language de-DE,de;q=0.9 Referer https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Date Tue, 04 Oct 2022 19:05:40 GMT Last-Modified Mon, 14 Mar 2022 13:52:46 GMT Server Microsoft-IIS/8.0 ETag "61e529c9aa37d81:0" X-Powered-By ASP.NET Content-Type image/png Accept-Ranges bytes Content-Length 14957
GET H/1.1	200 OK	icon_facebook.png clients.newbenefits.com/images/	3 KB 3 KB	133ms 132ms	Image image/png	209.48.208.90 XO-AS15
General Check archive.org Show headers Download Go to Show image Full URL https://clients.newbenefits.com/images/icon_facebook.png Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 209.48.208.90 , United States, ASN2828 (XO-AS15, US), Reverse DNS Software Microsoft-IIS/8.0 / ASP.NET Resource Hash 23299666de8d795f74d765176750db38d539941ab5216209672e7873d4a654b5 Request headers accept-language de-DE,de;q=0.9 Referer https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Date Tue, 04 Oct 2022 19:05:40 GMT Last-Modified Mon, 14 Mar 2022 13:52:46 GMT Server Microsoft-IIS/8.0 ETag "802e23c9aa37d81:0" X-Powered-By ASP.NET Content-Type image/png Accept-Ranges bytes Content-Length 3116
GET H/1.1	200 OK	icon_youtube.png clients.newbenefits.com/images/	3 KB 4 KB	144ms 144ms	Image image/png	209.48.208.90 XO-AS15
General Check archive.org Show headers Download Go to Show image Full URL https://clients.newbenefits.com/images/icon_youtube.png Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 209.48.208.90 , United States, ASN2828 (XO-AS15, US), Reverse DNS Software Microsoft-IIS/8.0 / ASP.NET Resource Hash adfffb6114a74bf805de9f5fb25c3e37a1621acbaa4181edf22da4a5bcb0505c Request headers accept-language de-DE,de;q=0.9 Referer https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Date Tue, 04 Oct 2022 19:05:40 GMT Last-Modified Mon, 14 Mar 2022 13:52:46 GMT Server Microsoft-IIS/8.0 ETag "869f25c9aa37d81:0" X-Powered-By ASP.NET Content-Type image/png Accept-Ranges bytes Content-Length 3483
GET H/1.1	200 OK	icon_linkedin.png clients.newbenefits.com/images/	3 KB 4 KB	143ms 142ms	Image image/png	209.48.208.90 XO-AS15
General Check archive.org Show headers Download Go to Show image Full URL https://clients.newbenefits.com/images/icon_linkedin.png Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 209.48.208.90 , United States, ASN2828 (XO-AS15, US), Reverse DNS Software Microsoft-IIS/8.0 / ASP.NET Resource Hash 3c12a9ecb17a61a4fcbe10542208b44b6ef45beeaf5c1d6f156e57a0ed6874e1 Request headers accept-language de-DE,de;q=0.9 Referer https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Date Tue, 04 Oct 2022 19:05:40 GMT Last-Modified Mon, 14 Mar 2022 13:52:46 GMT Server Microsoft-IIS/8.0 ETag "c8ca23c9aa37d81:0" X-Powered-By ASP.NET Content-Type image/png Accept-Ranges bytes Content-Length 3429
GET H2	200	new-benefits-34000091.png seal-dallas.bbb.org/logo/ruhzbum/	5 KB 6 KB	341ms 102ms	Image image/png	54.81.51.158 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://seal-dallas.bbb.org/logo/ruhzbum/new-benefits-34000091.png Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.81.51.158 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-81-51-158.compute-1.amazonaws.com Software Apache / Resource Hash 34b5e8928b12c948ebf8b9ce21a307148927446bd36853609e5f7c4f028c2788 Request headers accept-language de-DE,de;q=0.9 Referer https://clients.newbenefits.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Tue, 04 Oct 2022 19:05:40 GMT last-modified Tue, 04 Oct 2022 10:11:36 GMT server Apache etag 69f4281b9dc35c82c7655416895a6f23 node Two-EC2-Seal p3p CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV" content-type image/png content-disposition inline; filename="seal-for-34000091.png" cachehit YES cachefilename e5a5c675a54be50988eeb36f6797647f.png content-length 5532 seal-provided-by Hurdman expires Tue, 04 Oct 2022 22:11:36 GMT
GET H/1.1	200 OK	rss2.gif content.newbenefits.com/contentImages/	592 B 871 B	667ms 129ms	Image image/gif	209.48.208.90 XO-AS15
General Check archive.org Show headers Download Go to Show image Full URL https://content.newbenefits.com/contentImages/rss2.gif Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 209.48.208.90 , United States, ASN2828 (XO-AS15, US), Reverse DNS Software Microsoft-IIS/8.0 / ASP.NET Resource Hash 095ad32bfdf670f997e8fad4cfe907c622e2d4d52dc6bfcd0bf05a8f3e84f31b Request headers accept-language de-DE,de;q=0.9 Referer https://clients.newbenefits.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Date Tue, 04 Oct 2022 19:05:41 GMT Last-Modified Fri, 31 Aug 2018 21:26:52 GMT Server Microsoft-IIS/8.0 ETag "9fecc8557141d41:0" X-Powered-By ASP.NET Content-Type image/gif Access-Control-Allow-Origin * Accept-Ranges bytes Content-Length 592
GET H/1.1	200 OK	payment-ssl.png clients.newbenefits.com/images/	30 KB 31 KB	273ms 272ms	Image image/png	209.48.208.90 XO-AS15
General Check archive.org Show headers Download Go to Show image Full URL https://clients.newbenefits.com/images/payment-ssl.png Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 209.48.208.90 , United States, ASN2828 (XO-AS15, US), Reverse DNS Software Microsoft-IIS/8.0 / ASP.NET Resource Hash 9ac864d7e4e5199e540c40e7a5c2b467dec88d2829166db7937c9d4ab952d507 Request headers accept-language de-DE,de;q=0.9 Referer https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Date Tue, 04 Oct 2022 19:05:40 GMT Last-Modified Mon, 14 Mar 2022 13:52:46 GMT Server Microsoft-IIS/8.0 ETag "1ce12bc9aa37d81:0" X-Powered-By ASP.NET Content-Type image/png Accept-Ranges bytes Content-Length 31109
GET H2	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	44ms 13ms	Script text/javascript	2001:4860:4802:32::178 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://clients.newbenefits.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Tue, 04 Oct 2022 17:29:14 GMT last-modified Tue, 27 Sep 2022 22:01:05 GMT server Golfe2 age 5786 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20039 expires Tue, 04 Oct 2022 19:29:14 GMT
GET H2	200	new-benefits-34000091.js Show response seal-dallas.bbb.org/logo/	1 KB 879 B	336ms 98ms	Script text/javascript	54.81.51.158 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://seal-dallas.bbb.org/logo/new-benefits-34000091.js Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.81.51.158 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-81-51-158.compute-1.amazonaws.com Software Apache / Resource Hash 44b3386a0aaddaff8afcad9072caf4a83168ef53e7df00086151098741b9af67 Request headers Referer https://clients.newbenefits.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Tue, 04 Oct 2022 19:05:40 GMT content-encoding gzip last-modified Tue, 04 Oct 2022 14:40:37 GMT server Apache etag 785c5e8bfa90ffdb6d4ba307237a0d89 vary Accept-Encoding node One-EC2-Seal content-type text/javascript content-disposition inline; filename="javascript-for-34000091.js" cachefilename fd62ca1bc48070682c67849319b7a956.js content-length 566 expires Wed, 05 Oct 2022 02:40:37 GMT
GET H/1.1	200 OK	gotham-book-webfont.woff clients.newbenefits.com/fonts/	31 KB 31 KB	142ms 142ms	Font font/x-woff	209.48.208.90 XO-AS15
General Check archive.org Show headers Download Go to Full URL https://clients.newbenefits.com/fonts/gotham-book-webfont.woff Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/css/fonts.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 209.48.208.90 , United States, ASN2828 (XO-AS15, US), Reverse DNS Software Microsoft-IIS/8.0 / ASP.NET Resource Hash a9dd47eacc7b2395a7c6561578909f823f1a280a7af0619ac1a932341fec49ae Request headers Referer https://clients.newbenefits.com/css/fonts.css Origin https://clients.newbenefits.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Date Tue, 04 Oct 2022 19:05:40 GMT Last-Modified Mon, 14 Mar 2022 13:52:46 GMT Server Microsoft-IIS/8.0 ETag "e6d5bc9aa37d81:0" X-Powered-By ASP.NET Content-Type font/x-woff Accept-Ranges bytes Content-Length 31232
GET H/1.1	200 OK	gotham-medium-webfont.woff clients.newbenefits.com/fonts/	21 KB 22 KB	266ms 167ms	Font font/x-woff	209.48.208.90 XO-AS15
General Check archive.org Show headers Download Go to Full URL https://clients.newbenefits.com/fonts/gotham-medium-webfont.woff Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/css/fonts.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 209.48.208.90 , United States, ASN2828 (XO-AS15, US), Reverse DNS Software Microsoft-IIS/8.0 / ASP.NET Resource Hash e9fa79d2689531a463831942dac91d101b8fa4e18337ba490da8ca06e1ef3911 Request headers Referer https://clients.newbenefits.com/css/fonts.css Origin https://clients.newbenefits.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Date Tue, 04 Oct 2022 19:05:40 GMT Last-Modified Mon, 14 Mar 2022 13:52:46 GMT Server Microsoft-IIS/8.0 ETag "13bcec9aa37d81:0" X-Powered-By ASP.NET Content-Type font/x-woff Accept-Ranges bytes Content-Length 21820
GET H/1.1	200 OK	gotham-light-webfont.woff clients.newbenefits.com/fonts/	30 KB 30 KB	267ms 150ms	Font font/x-woff	209.48.208.90 XO-AS15
General Check archive.org Show headers Download Go to Full URL https://clients.newbenefits.com/fonts/gotham-light-webfont.woff Requested by Host: clients.newbenefits.com URL: https://clients.newbenefits.com/css/fonts.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 209.48.208.90 , United States, ASN2828 (XO-AS15, US), Reverse DNS Software Microsoft-IIS/8.0 / ASP.NET Resource Hash 19be47be51e1c0328281fbcb100382b5b621982e19367114bbae6a743e83d6b6 Request headers Referer https://clients.newbenefits.com/css/fonts.css Origin https://clients.newbenefits.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Date Tue, 04 Oct 2022 19:05:40 GMT Last-Modified Mon, 14 Mar 2022 13:52:46 GMT Server Microsoft-IIS/8.0 ETag "7e5cdc9aa37d81:0" X-Powered-By ASP.NET Content-Type font/x-woff Accept-Ranges bytes Content-Length 30960
POST H2	200	collect Show response www.google-analytics.com/j/	4 B 214 B	17ms 17ms	XHR text/plain	2001:4860:4802:32::178 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1727264225&t=pageview&_s=1&dl=https%3A%2F%2Fclients.newbenefits.com%2FInvoiceDownload.aspx%3FID%3D4528b9cf73a24340add906eca7f07c3a&ul=en-us&de=UTF-8&dt=Client.NewBenefits.com%20-%20Client%20Site&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1958731910&gjid=465367316&cid=1131056146.1664910341&tid=UA-7957146-51&_gid=1431996017.1664910341&_r=1&_slc=1&z=17087071 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://clients.newbenefits.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Tue, 04 Oct 2022 19:05:40 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://clients.newbenefits.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	1 B 444 B	50ms 18ms	XHR text/plain	2a00:1450:4025:401::9b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-7957146-51&cid=1131056146.1664910341&jid=1958731910&gjid=465367316&_gid=1431996017.1664910341&_u=IEBAAEAAAAAAACAAI~&z=2139095840 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4025:401::9b Den Helder, Netherlands, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://clients.newbenefits.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Tue, 04 Oct 2022 19:05:40 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://clients.newbenefits.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	2-new-benefits-34000091.css seal-dallas.bbb.org/logo/	3 KB 880 B	98ms 98ms	Stylesheet text/css	54.81.51.158 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://seal-dallas.bbb.org/logo/2-new-benefits-34000091.css Requested by Host: seal-dallas.bbb.org URL: https://seal-dallas.bbb.org/logo/new-benefits-34000091.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.81.51.158 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-81-51-158.compute-1.amazonaws.com Software Apache / Resource Hash 6a2b14ca50e612d4564e626e540e592548a258de0352e25fd0b5c3862d803b68 Request headers accept-language de-DE,de;q=0.9 Referer https://clients.newbenefits.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Tue, 04 Oct 2022 19:05:41 GMT content-encoding gzip last-modified Tue, 04 Oct 2022 09:19:09 GMT server Apache etag 2b7268043c31d31ae6238aea62b2c7ec vary Accept-Encoding node One-EC2-Seal content-type text/css content-disposition inline; filename="styles-for-34000091.css" content-length 613 expires Tue, 04 Oct 2022 21:19:09 GMT

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| namespace object| Client string| GoogleAnalyticsObject function| ga object| theForm function| __doPostBack function| jqueryDisplay function| ValidatorUpdateDisplay string| bbbprotocol object| google_tag_data object| gaplugins object| gaGlobal object| gaData string| cp function| addOnloadEvent

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.newbenefits.com/	1970-01-20 16:04:30	Name: _ga Value: GA1.2.1131056146.1664910341
			.newbenefits.com/	1970-01-20 06:29:56	Name: _gid Value: GA1.2.1431996017.1664910341
			.newbenefits.com/	1970-01-20 06:28:30	Name: _gat Value: 1

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a Message: Mixed Content: The page at 'https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a' was loaded over HTTPS, but requested an insecure element 'http://seal-dallas.bbb.org/logo/ruhzbum/new-benefits-34000091.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a(Line 149) Message: Mixed Content: The page at 'https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a' was loaded over HTTPS, but requested an insecure element 'http://seal-dallas.bbb.org/logo/ruhzbum/new-benefits-34000091.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
javascript	warning	URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a(Line 149) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://seal-dallas.bbb.org/logo/new-benefits-34000091.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://clients.newbenefits.com/InvoiceDownload.aspx?ID=4528b9cf73a24340add906eca7f07c3a(Line 149) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://seal-dallas.bbb.org/logo/new-benefits-34000091.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

clients.newbenefits.com
content.newbenefits.com
maxcdn.bootstrapcdn.com
seal-dallas.bbb.org
stats.g.doubleclick.net
www.google-analytics.com
2001:4860:4802:32::178
209.48.208.90
2606:4700::6812:bcf
2a00:1450:4025:401::9b
54.81.51.158
008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420
095ad32bfdf670f997e8fad4cfe907c622e2d4d52dc6bfcd0bf05a8f3e84f31b
19be47be51e1c0328281fbcb100382b5b621982e19367114bbae6a743e83d6b6
1de9cf221d7a706cf55175edcb2324d49f9c133016a873db6a1be6a44578bb4a
23299666de8d795f74d765176750db38d539941ab5216209672e7873d4a654b5
34b5e8928b12c948ebf8b9ce21a307148927446bd36853609e5f7c4f028c2788
3c12a9ecb17a61a4fcbe10542208b44b6ef45beeaf5c1d6f156e57a0ed6874e1
44b3386a0aaddaff8afcad9072caf4a83168ef53e7df00086151098741b9af67
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
6809f577d44f8446ef6a6069a5f11cfd957d6e478b6a39021efeae58edab7cb2
6a2b14ca50e612d4564e626e540e592548a258de0352e25fd0b5c3862d803b68
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
784c786ba12c8276a2d0f432abf8a32dc8f48d4223fb423e18dec57c1d49ff3b
8ab7dd927016210517599301addb0251a3c1d474c9d077b8df8a80751a9997ed
9ac864d7e4e5199e540c40e7a5c2b467dec88d2829166db7937c9d4ab952d507
a60d49c582b0d1207c9559306ec1b3f181714fb38ad1cd45658ac1133704ab81
a9dd47eacc7b2395a7c6561578909f823f1a280a7af0619ac1a932341fec49ae
adfffb6114a74bf805de9f5fb25c3e37a1621acbaa4181edf22da4a5bcb0505c
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
ba0e3475e408e285cc7f19836b018dfc1848c7f4b1fae3ead1dee219afb00462
be6ad0e634f5eedebb6d9496d0657f23ec8a9f53648e584e8d4decb69268a1a7
c50201ccbce05a330370cf188032ba1ddcbfb6624c67e3a3582d00aad33e5fd7
c6d73f016d6264c48cd9a9be5d4fd2ad876f7f29f0eab1aa95e1fe516a5cf71b
e9fa79d2689531a463831942dac91d101b8fa4e18337ba490da8ca06e1ef3911
f878f9646f576ba5f930d58638af9dd68c0d6c8742b609f6b6b2919d9a623619