urlscan.io logo urlscan.io
SecurityTrails logo

corehr.hrcloud.com Open in urlscan Pro
162.246.160.92  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://corehr.hrcloud.com/Start/#/Authentication/UpdateForgottenPassword/b723079c5d0a02cdbc4f41053790adbb/AAFE008F47D49A32...
Effective URL: https://corehr.hrcloud.com/Start/
Submission: On January 24 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 2 countries across 10 domains to perform 19 HTTP transactions. The main IP is 162.246.160.92, located in United States and belongs to NEOGOV - NEOGOV, US. The main domain is corehr.hrcloud.com.
TLS certificate: Issued by thawte SSL CA - G2 on January 25th 2017. Valid for: 3 years.
This is the only time corehr.hrcloud.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 162.246.160.92 33093 (NEOGOV)
3 52.222.149.237 16509 (AMAZON-02)
2 172.217.21.238 15169 (GOOGLE)
5 172.217.22.10 15169 (GOOGLE)
2 94.31.29.54 6461 (ZAYO-6461)
1 52.222.146.75 16509 (AMAZON-02)
1 172.217.19.195 15169 (GOOGLE)
1 2 104.16.83.55 13335 (CLOUDFLAR...)
1 151.101.114.110 54113 (FASTLY)
1 162.247.242.21 23467 (NEWRELIC-...)
19 11
2    162.246.160.92 (United States)

ASN33093 (NEOGOV - NEOGOV, US)
PTR: corehr-api.hrcloud.com
corehr.hrcloud.com
3    52.222.149.237 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-222-149-237.fra53.r.cloudfront.net
d2iqo0i0q1jxbv.cloudfront.net
2    172.217.21.238 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f238.1e100.net
apis.google.com
5    172.217.22.10 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s14-in-f10.1e100.net
maps.googleapis.com
2    94.31.29.54 (United Kingdom)

ASN6461 (ZAYO-6461 - Zayo Bandwidth, US)
PTR: 94.31.29.54.IPYX-077437-ZYO.above.net
code.jquery.com
1    52.222.146.75 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-222-146-75.fra53.r.cloudfront.net
kendo.cdn.telerik.com
1    172.217.19.195 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: ams16s31-in-f3.1e100.net
csi.gstatic.com
2    104.16.83.55 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
v2.zopim.com
1    151.101.114.110 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
js-agent.newrelic.com
1    162.247.242.21 (United States)

ASN23467 (NEWRELIC-AS-1 - New Relic, US)
PTR: bam-9.nr-data.net
bam.nr-data.net
Domain Requested by
5 maps.googleapis.com corehr.hrcloud.com
maps.googleapis.com
3 d2iqo0i0q1jxbv.cloudfront.net corehr.hrcloud.com
2 v2.zopim.com 1 redirects corehr.hrcloud.com
2 code.jquery.com corehr.hrcloud.com
2 apis.google.com corehr.hrcloud.com
apis.google.com
2 corehr.hrcloud.com js-agent.newrelic.com
1 bam.nr-data.net js-agent.newrelic.com
1 js-agent.newrelic.com corehr.hrcloud.com
1 csi.gstatic.com corehr.hrcloud.com
1 kendo.cdn.telerik.com corehr.hrcloud.com
19 10

This site contains no links.

Subject Issuer Validity Valid
*.hrcloud.com
thawte SSL CA - G2		 2017-01-25 -
2020-02-24		 3 years crt.sh

This page contains 2 frames:

Primary Page: https://corehr.hrcloud.com/Start/
Frame ID: (B0482E839C7D56ED1E18B2520275E253)
Requests: 19 HTTP requests in this frame

Frame: data://truncated
Frame ID: (B0EF84D60C3E09546A0A9D74309C5DB6)
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

19
Requests

11 %
HTTPS

0 %
IPv6

10
Domains

10
Subdomains

11
IPs

2
Countries

1777 kB
Transfer

5561 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://v2.zopim.com/?2dDYCoF0bnmhm0Y2STSbMYJqF21TbvTS HTTP 302
  • https://v2.zopim.com/bin/v/widget_v2.229.js

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
corehr.hrcloud.com/Start/ 		10 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://corehr.hrcloud.com/Start/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
162.246.160.92 , United States, ASN33093 (NEOGOV - NEOGOV, US),
Reverse DNS
corehr-api.hrcloud.com
Software
/
Resource Hash
a70b22ed4ed6a174db16c47e47367cbbfc5a1d4f052e35a037244a3fee712936
Security Headers
Name Value
Strict-Transport-Security max-age=157680000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Connection
keep-alive
Accept-Encoding
gzip, deflate
Host
corehr.hrcloud.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Strict-Transport-Security
max-age=157680000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-AspNet-Version
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' *.newrelic.com *.hotjar.com *.zopim.com *.cloudfront.net *.google.com maps.googleapis.com www.google-analytics.com *.jquery.com *.linkedin.com linkedin.com *.intercom.io *.intercomcdn.com *.telerik.com *.skypeassets.com *.onesignal.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.cloudfront.net 'unsafe-inline'; font-src 'self' data: *.zopim.com *.intercomcdn.com *.cloudfront.net; img-src 'self' data: *.doubleclick.net *.linkedin.com linkedin.com *.cloudfront.net www.google-analytics.com *.gstatic.com *.giphy.com *.ytimg.com *.skypeassets.com *.vimeocdn.com; form-action 'self'; connect-src 'self' *.onesignal.com *.hotjar.com *.pndsn.com wss: *.intercom.io intercom.io api.sendbird.com *.giphy.com www.googleapis.com vimeo.com; frame-src 'self' *.hotjar.com *.google.com www.youtube.com *.vimeo.com skype:; report-uri /api/reporting/csp-violation-report
Mobile_AuthToken
X-XSS-Protection
1; mode=block
MetadataChangesetId
Referrer-Policy
no-referrer-when-downgrade
X-AspNetMvc-Version
Server
Date
Wed, 24 Jan 2018 17:15:29 GMT
Vary
Accept-Encoding
Content-Type
text/html; charset=utf-8
Cache-Control
private
Set-Cookie
XSRF-TOKEN=912556ec-6354-4d8e-975c-19fcebf25a79; domain=.hrcloud.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/ coreHr=; domain=.hrcloud.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure; HttpOnly __CoreHrTempData=; expires=Tue, 23-Jan-2018 17:15:29 GMT; path=/
Content-Length
4763
authStyles.bundle-b2ef6afc5b5a1e6e1952.css
d2iqo0i0q1jxbv.cloudfront.net/production/hrcloud/GeneratedBundles/bundles/ 		69 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d2iqo0i0q1jxbv.cloudfront.net/production/hrcloud/GeneratedBundles/bundles/authStyles.bundle-b2ef6afc5b5a1e6e1952.css
Requested by
Host: corehr.hrcloud.com
URL: https://corehr.hrcloud.com/Start/
Protocol
SPDY
Server
52.222.149.237 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-149-237.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
00e62b1485c3f14611bec60a778e660a8e34bba77ad0c1dd8a36d4234aed0013

Request headers

Referer
https://corehr.hrcloud.com/Start/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Wed, 24 Jan 2018 11:42:08 GMT
content-encoding
gzip
x-amz-expiration
expiry-date="Sun, 11 Mar 2018 00:00:00 GMT", rule-id="Prod"
last-modified
Wed, 24 Jan 2018 11:34:17 GMT
server
AmazonS3
age
20002
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
status
200
x-amz-cf-id
I1x0EaHTYtrKrOT5xQOucwv9cBIHovl7TguA6gqCqy0LYtgLWF1q6w==
via
1.1 2905d0bd25e66c3f788fb2134262d52a.cloudfront.net (CloudFront)
client:platform.js
apis.google.com/js/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/client:platform.js
Requested by
Host: corehr.hrcloud.com
URL: https://corehr.hrcloud.com/Start/
Protocol
SPDY
Server
172.217.21.238 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s13-in-f238.1e100.net
Software
ESF /
Resource Hash
44df2fc011b74f7ec09bd2d59e1b71f5ba5aa621bfd31f54ebe7cb388aba9c7d
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.gstatic.com https://www.google-analytics.com https://pagead2.googleadservices.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://s.ytimg.com https://www.youtube.com;report-uri /_/cspreport/es_oz_20180122.15_p0
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://corehr.hrcloud.com/Start/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

content-security-policy
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.gstatic.com https://www.google-analytics.com https://pagead2.googleadservices.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://s.ytimg.com https://www.youtube.com;report-uri /_/cspreport/es_oz_20180122.15_p0
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
status
200
alt-svc
hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge, chrome=1
server
ESF
x-frame-options
SAMEORIGIN
date
Wed, 24 Jan 2018 17:15:29 GMT
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
cache-control
private, max-age=1800, stale-while-revalidate=1800
etag
"970c2a8cd79708f691bcf95c9672254a"
timing-allow-origin
*
expires
Wed, 24 Jan 2018 17:15:29 GMT
js
maps.googleapis.com/maps/api/ 		82 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?v=3.exp&libraries=weather,visualization,panoramio,places
Requested by
Host: corehr.hrcloud.com
URL: https://corehr.hrcloud.com/Start/
Protocol
SPDY
Server
172.217.22.10 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s14-in-f10.1e100.net
Software
mafe /
Resource Hash
5a687e3350a5ad68d43e02dad7cee7cc6cb14ce752829ee79797efe247f478f2
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://corehr.hrcloud.com/Start/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Wed, 24 Jan 2018 17:15:29 GMT
content-encoding
gzip
vary
Accept-Language
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, max-age=1800
alt-svc
hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length
27414
x-xss-protection
1; mode=block
expires
Wed, 24 Jan 2018 17:45:29 GMT
jquery-2.0.3.min.js
code.jquery.com/ 		82 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-2.0.3.min.js
Requested by
Host: corehr.hrcloud.com
URL: https://corehr.hrcloud.com/Start/
Protocol
SPDY
Server
94.31.29.54 , United Kingdom, ASN6461 (ZAYO-6461 - Zayo Bandwidth, US),
Reverse DNS
94.31.29.54.IPYX-077437-ZYO.above.net
Software
NetDNA-cache/2.2 /
Resource Hash
b13cb5989e08fcb02314209d101e1102f3d299109bdc253b62aa1da21c9e38ba

Request headers

Referer
https://corehr.hrcloud.com/Start/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Wed, 24 Jan 2018 17:15:29 GMT
content-encoding
gzip
last-modified
Fri, 24 Oct 2014 00:16:07 GMT
server
NetDNA-cache/2.2
status
200
etag
W/"54499a47-1469c"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery-ui.min.js
code.jquery.com/ui/1.11.4/ 		235 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/ui/1.11.4/jquery-ui.min.js
Requested by
Host: corehr.hrcloud.com
URL: https://corehr.hrcloud.com/Start/
Protocol
SPDY
Server
94.31.29.54 , United Kingdom, ASN6461 (ZAYO-6461 - Zayo Bandwidth, US),
Reverse DNS
94.31.29.54.IPYX-077437-ZYO.above.net
Software
NetDNA-cache/2.2 /
Resource Hash
c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c

Request headers

Referer
https://corehr.hrcloud.com/Start/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Wed, 24 Jan 2018 17:15:29 GMT
content-encoding
gzip
last-modified
Wed, 11 Mar 2015 13:03:17 GMT
server
NetDNA-cache/2.2
status
200
etag
W/"55003d15-3ab2b"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
expires
Thu, 31 Dec 2037 23:55:55 GMT
kendo.all.min.js
kendo.cdn.telerik.com/2016.1.112/js/ 		3 MB
908 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kendo.cdn.telerik.com/2016.1.112/js/kendo.all.min.js
Requested by
Host: corehr.hrcloud.com
URL: https://corehr.hrcloud.com/Start/
Protocol
SPDY
Server
52.222.146.75 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-146-75.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
a7471d27b77263e2791e8501168caaedb078917aa7235fa876df60a310baf628

Request headers

Referer
https://corehr.hrcloud.com/Start/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Wed, 06 Sep 2017 17:10:09 GMT
content-encoding
gzip
last-modified
Thu, 03 Aug 2017 11:48:59 GMT
server
nginx
age
12096320
status
200
x-cache
Hit from cloudfront
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=315360000, public
x-amz-cf-id
ox621xb72OKA6dykyOSeNET8hkXzZbUBbKaYLel1eqK8d7t3nt8eJQ==
via
1.1 3283735112d0a322451d32ef038129c9.cloudfront.net (CloudFront)
expires
Thu, 31 Dec 2037 23:55:55 GMT
authVendorScripts.bundle-5c726f263ae3bcd63c68.js
d2iqo0i0q1jxbv.cloudfront.net/production/hrcloud/GeneratedBundles/bundles/ 		752 KB
225 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2iqo0i0q1jxbv.cloudfront.net/production/hrcloud/GeneratedBundles/bundles/authVendorScripts.bundle-5c726f263ae3bcd63c68.js
Requested by
Host: corehr.hrcloud.com
URL: https://corehr.hrcloud.com/Start/
Protocol
SPDY
Server
52.222.149.237 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-149-237.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f7dbcf2678ea42ede62b478fec571f0fee58bf990849244594e8366d4e4395ef

Request headers

Referer
https://corehr.hrcloud.com/Start/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Wed, 24 Jan 2018 11:42:08 GMT
content-encoding
gzip
x-amz-expiration
expiry-date="Sun, 11 Mar 2018 00:00:00 GMT", rule-id="Prod"
last-modified
Wed, 24 Jan 2018 11:34:17 GMT
server
AmazonS3
age
20002
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
x-amz-cf-id
mUB5WWEhSDWnq101JHBeWAIluwIampg56SXY7iKXCxUtYlbkYxOjkg==
via
1.1 2905d0bd25e66c3f788fb2134262d52a.cloudfront.net (CloudFront)
authScripts.bundle-45241183e3382d236a6b.js
d2iqo0i0q1jxbv.cloudfront.net/production/hrcloud/GeneratedBundles/bundles/ 		110 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2iqo0i0q1jxbv.cloudfront.net/production/hrcloud/GeneratedBundles/bundles/authScripts.bundle-45241183e3382d236a6b.js
Requested by
Host: corehr.hrcloud.com
URL: https://corehr.hrcloud.com/Start/
Protocol
SPDY
Server
52.222.149.237 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-149-237.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8978a7b7f81af35ea2b8114cb05911b7886f6199e46cf5578d36ed3803966026

Request headers

Referer
https://corehr.hrcloud.com/Start/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Wed, 24 Jan 2018 11:42:08 GMT
content-encoding
gzip
x-amz-expiration
expiry-date="Sun, 11 Mar 2018 00:00:00 GMT", rule-id="Prod"
last-modified
Wed, 24 Jan 2018 11:34:17 GMT
server
AmazonS3
age
20002
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
x-amz-cf-id
TICe8cfAZaaMp4xvADjVvP_3Y3YWonWJpqJBtrrC3dBqKcSMV89oOg==
via
1.1 2905d0bd25e66c3f788fb2134262d52a.cloudfront.net (CloudFront)
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qigzBr8I_xo.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOTxpb5DlUsXez87LY8OJMnjHGUIA/ 		241 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qigzBr8I_xo.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOTxpb5DlUsXez87LY8OJMnjHGUIA/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/client:platform.js
Protocol
SPDY
Server
172.217.21.238 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s13-in-f238.1e100.net
Software
sffe /
Resource Hash
0d6cb8f0c3bcbe79eb0446728578e81a071fa975b8e78e80f02b1b439bc0d058
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://corehr.hrcloud.com/Start/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Tue, 23 Jan 2018 18:42:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 23 Jan 2018 01:43:13 GMT
server
sffe
age
81152
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
alt-svc
hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length
85093
x-xss-protection
1; mode=block
expires
Wed, 23 Jan 2019 18:42:57 GMT
csi
csi.gstatic.com/ 		0
47 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://csi.gstatic.com/csi?v=2&s=mapsapi3&v3v=31.7&action=apiboot2&libraries=weather%2Cvisualization%2Cpanoramio%2Cplaces&e=10_1_0,10_2_0&rt=main.6
Requested by
Host: corehr.hrcloud.com
URL: https://corehr.hrcloud.com/Start/
Protocol
SPDY
Server
172.217.19.195 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
ams16s31-in-f3.1e100.net
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://corehr.hrcloud.com/Start/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2018 17:15:29 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
status
204
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
widget_v2.229.js
v2.zopim.com/bin/v/
Redirect Chain
  • https://v2.zopim.com/?2dDYCoF0bnmhm0Y2STSbMYJqF21TbvTS
  • https://v2.zopim.com/bin/v/widget_v2.229.js
1 MB
252 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://v2.zopim.com/bin/v/widget_v2.229.js
Requested by
Host: corehr.hrcloud.com
URL: https://corehr.hrcloud.com/Start/
Protocol
SPDY
Server
104.16.83.55 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e673f3f9838f8b4d89ae3b236ddd3fe863886b826d6235bd5968264ca1525c34

Request headers

Referer
https://corehr.hrcloud.com/Start/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Wed, 24 Jan 2018 17:15:30 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 09 Jan 2018 04:03:44 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
cache-control
public, max-age=315360000
cf-ray
3e24a2993ab6271a-FRA
expires
Sat, 22 Jan 2028 17:15:30 GMT

Redirect headers

date
Wed, 24 Jan 2018 17:15:30 GMT
cf-cache-status
HIT
server
cloudflare
status
302
etag
"5a67f6c2-0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/octet-stream
location
https://v2.zopim.com/bin/v/widget_v2.229.js
cache-control
max-age=14400, max-age=14400, public, must-revalidate, proxy-revalidate
cf-ray
3e24a2992aaa271a-FRA
content-length
0
expires
Wed, 24 Jan 2018 20:40:06 GMT
nr-1071.min.js
js-agent.newrelic.com/ 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1071.min.js
Requested by
Host: corehr.hrcloud.com
URL: https://corehr.hrcloud.com/Start/
Protocol
SPDY
Server
151.101.114.110 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
56097e8b7ceb27db42a5e102af6d11dfdcaee13d8716477a8e242b4957d7a280

Request headers

Referer
https://corehr.hrcloud.com/Start/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Wed, 24 Jan 2018 17:15:30 GMT
content-encoding
gzip
x-amz-request-id
5EA69B9E407DB8D1
x-cache
HIT
status
200
content-length
9086
x-amz-id-2
UmIzaBjWpP1dp8unLzp1UKU8AKexnFQRjzIBXsOEawuxNZTvApIKl37QGTZIrusQacKN80XwG98=
x-served-by
cache-hhn1544-HHN
last-modified
Tue, 14 Nov 2017 18:09:22 GMT
server
AmazonS3
x-timer
S1516814130.411127,VS0,VE0
etag
"a1a545c95f313a230157b47dca555c25"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
88979
Cookie set csp-violation-report
corehr.hrcloud.com/api/reporting/ 		0
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://corehr.hrcloud.com/api/reporting/csp-violation-report
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1071.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
162.246.160.92 , United States, ASN33093 (NEOGOV - NEOGOV, US),
Reverse DNS
corehr-api.hrcloud.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=157680000
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Pragma
no-cache
Origin
https://corehr.hrcloud.com
Accept-Encoding
gzip, deflate
Host
corehr.hrcloud.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Content-Type
application/csp-report
Accept
*/*
Cache-Control
no-cache
Referer
https://corehr.hrcloud.com/Start/
Cookie
XSRF-TOKEN=912556ec-6354-4d8e-975c-19fcebf25a79; coreHr=
Connection
keep-alive
Content-Length
1747
Referer
https://corehr.hrcloud.com/Start/
Origin
https://corehr.hrcloud.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Content-Type
application/csp-report

Response headers

Strict-Transport-Security
max-age=157680000
X-Content-Type-Options
nosniff nosniff
X-AspNet-Version
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' *.newrelic.com *.hotjar.com *.zopim.com *.cloudfront.net *.google.com maps.googleapis.com www.google-analytics.com *.jquery.com *.linkedin.com linkedin.com *.intercom.io *.intercomcdn.com *.telerik.com *.skypeassets.com *.onesignal.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.cloudfront.net 'unsafe-inline'; font-src 'self' data: *.zopim.com *.intercomcdn.com *.cloudfront.net; img-src 'self' data: *.doubleclick.net *.linkedin.com linkedin.com *.cloudfront.net www.google-analytics.com *.gstatic.com *.giphy.com *.ytimg.com *.skypeassets.com *.vimeocdn.com; form-action 'self'; connect-src 'self' *.onesignal.com *.hotjar.com *.pndsn.com wss: *.intercom.io intercom.io api.sendbird.com *.giphy.com www.googleapis.com vimeo.com; frame-src 'self' *.hotjar.com *.google.com www.youtube.com *.vimeo.com skype:; report-uri /api/reporting/csp-violation-report
Mobile_AuthToken
X-XSS-Protection
1; mode=block 1; mode=block
MetadataChangesetId
Pragma
no-cache
Referrer-Policy
no-referrer-when-downgrade no-referrer-when-downgrade
X-AspNetMvc-Version
Server
Date
Wed, 24 Jan 2018 17:15:29 GMT
X-Frame-Options
SAMEORIGIN
Cache-Control
no-cache
Set-Cookie
coreHr=; domain=.hrcloud.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure; HttpOnly
Content-Length
0
Expires
-1
89019a8e50
bam.nr-data.net/1/ 		57 B
261 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/1/89019a8e50?a=4102883&v=1071.385e752&to=NlAGYxEFC0RWBhUIDQ8aKWEgSyRCQw0EDxYIVgVDCgsLdFgLFRMNDVkBRUwtC1NSHQ%3D%3D&rst=756&ref=https://corehr.hrcloud.com/Start/&ap=10&be=188&fe=693&dc=692&perf=%7B%22timing%22:%7B%22of%22:1516814129714,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22ce%22:0,%22rq%22:1,%22rp%22:182,%22rpe%22:183,%22dl%22:184,%22di%22:388,%22ds%22:692,%22de%22:693,%22dc%22:694,%22l%22:694,%22le%22:694%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1071.min.js
Protocol
HTTP/1.1
Server
162.247.242.21 , United States, ASN23467 (NEWRELIC-AS-1 - New Relic, US),
Reverse DNS
bam-9.nr-data.net
Software
/
Resource Hash
f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23

Request headers

Referer
https://corehr.hrcloud.com/Start/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
57
Content-Type
text/javascript;charset=ISO-8859-1
truncated
/ Frame (B0E 		12 KB
0 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
64264e1ddf964458196866fa3564b53e0da93c79535f991afef3aa753c27df4f

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Origin
https://corehr.hrcloud.com

Response headers

Access-Control-Allow-Origin
*
Content-Type
application/font-woff
common.js
maps.googleapis.com/maps-api-v3/api/js/31/7/ 		116 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/31/7/common.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?v=3.exp&libraries=weather,visualization,panoramio,places
Protocol
SPDY
Server
172.217.22.10 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s14-in-f10.1e100.net
Software
sffe /
Resource Hash
b5e518431d687bb4fe577664949c4f237c9f4cb63bbd9528962fa850acaa0650
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://corehr.hrcloud.com/Start/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Tue, 23 Jan 2018 23:35:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 23 Jan 2018 21:18:19 GMT
server
sffe
age
63629
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length
41085
x-xss-protection
1; mode=block
expires
Wed, 23 Jan 2019 23:35:05 GMT
util.js
maps.googleapis.com/maps-api-v3/api/js/31/7/ 		140 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/31/7/util.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?v=3.exp&libraries=weather,visualization,panoramio,places
Protocol
SPDY
Server
172.217.22.10 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s14-in-f10.1e100.net
Software
sffe /
Resource Hash
ec55a1e0b7c3ce650d19bcada6cd6ffb9f5ec6e6e9d5ec390d2c4e5f78699690
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://corehr.hrcloud.com/Start/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Tue, 23 Jan 2018 23:35:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 23 Jan 2018 21:18:19 GMT
server
sffe
age
63629
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length
53030
x-xss-protection
1; mode=block
expires
Wed, 23 Jan 2019 23:35:05 GMT
stats.js
maps.googleapis.com/maps-api-v3/api/js/31/7/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/31/7/stats.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?v=3.exp&libraries=weather,visualization,panoramio,places
Protocol
SPDY
Server
172.217.22.10 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s14-in-f10.1e100.net
Software
sffe /
Resource Hash
944bc5c2be130b790de057a62303e59412b550a73d520d71c7825ad1645757a3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://corehr.hrcloud.com/Start/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Tue, 23 Jan 2018 23:35:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 23 Jan 2018 21:18:19 GMT
server
sffe
age
63624
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length
1575
x-xss-protection
1; mode=block
expires
Wed, 23 Jan 2019 23:35:10 GMT
AuthenticationService.Authenticate
maps.googleapis.com/maps/api/js/ 		48 B
124 B 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Fcorehr.hrcloud.com%2FStart%2F%23%2FAuthentication%2FUpdateForgottenPassword%2Fb723079c5d0a02cdbc4f41053790adbb%2FAAFE008F47D49A32950C35155526DD200408716A4182A9E061D39B89D4FFC5BC913317451397153BF9D2E0BA53870D9903DD7009E8A82708BD50B9EE08BEA995&callback=_xdc_._foqw0t&token=117617
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?v=3.exp&libraries=weather,visualization,panoramio,places
Protocol
SPDY
Server
172.217.22.10 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s14-in-f10.1e100.net
Software
mafe /
Resource Hash
30b2451cb6027495e9f0a2fc230ced67f745a6ee4131d279ab19571c927feece
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://corehr.hrcloud.com/Start/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2018 17:15:35 GMT
content-encoding
gzip
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment
alt-svc
hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length
57
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| NREUM object| newrelic function| __nr_require object| ___gcfg string| CKEDITOR_BASEPATH number| maxRequestLengthInBytes string| embeddedSharedFolderBase object| gapi object| ___jsl object| ___gu object| google function| $ function| jQuery object| osapi object| gadgets object| shindig object| pos object| googleapis object| iframer function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| __gapi_jstiming__ function| fakeLocalStorage undefined| Skype object| SharedEnumerations object| AngularExtensions object| EmbeddedTemplateUrlFactory undefined| InfrastructureAngular undefined| LayoutUrls undefined| ControllerName undefined| Layout undefined| __extends undefined| AuthAngular undefined| Auth undefined| SignUp undefined| ProductThemes undefined| Shared undefined| Users undefined| patterns object| applicationBootstrapModel undefined| Intercom object| googleAnalyticsConfiguration function| $zopim string| __$__GEO string| __$z_results string| __$z_innerText object| kendo object| _xdc_

4 Cookies

Domain/Path Name / Value
.hrcloud.com/ Name: __zlcmid
Value: kdh4R3HHa0rmC6
.hrcloud.com/ Name: coreHr
Value:
.google.com/ Name: NID
Value: 122=GV58dgYMGUR3QBL21Vdb1hbm0hOiEDtKVb64xEs4IwVUkzlhpNi1RifKvN7ksUbkgaddJz7YhLlf3UNeTUcva9zv0uMJx5V2d-xkpWfrG-wh-kdOyFFrhQT9cUq5Uwb1
.hrcloud.com/ Name: XSRF-TOKEN
Value: 912556ec-6354-4d8e-975c-19fcebf25a79

1 Console Messages

Source Level URL
Text
console-api warning URL: https://maps.googleapis.com/maps-api-v3/api/js/31/7/util.js(Line 248)
Message:
Google Maps API warning: NoApiKeys https://developers.google.com/maps/documentation/javascript/error-messages#no-api-keys

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=157680000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apis.google.com
bam.nr-data.net
code.jquery.com
corehr.hrcloud.com
csi.gstatic.com
d2iqo0i0q1jxbv.cloudfront.net
js-agent.newrelic.com
kendo.cdn.telerik.com
maps.googleapis.com
v2.zopim.com
104.16.83.55
151.101.114.110
162.246.160.92
162.247.242.21
172.217.19.195
172.217.21.238
172.217.22.10
52.222.146.75
52.222.149.237
94.31.29.54
00e62b1485c3f14611bec60a778e660a8e34bba77ad0c1dd8a36d4234aed0013
0d6cb8f0c3bcbe79eb0446728578e81a071fa975b8e78e80f02b1b439bc0d058
30b2451cb6027495e9f0a2fc230ced67f745a6ee4131d279ab19571c927feece
44df2fc011b74f7ec09bd2d59e1b71f5ba5aa621bfd31f54ebe7cb388aba9c7d
56097e8b7ceb27db42a5e102af6d11dfdcaee13d8716477a8e242b4957d7a280
5a687e3350a5ad68d43e02dad7cee7cc6cb14ce752829ee79797efe247f478f2
64264e1ddf964458196866fa3564b53e0da93c79535f991afef3aa753c27df4f
8978a7b7f81af35ea2b8114cb05911b7886f6199e46cf5578d36ed3803966026
944bc5c2be130b790de057a62303e59412b550a73d520d71c7825ad1645757a3
a70b22ed4ed6a174db16c47e47367cbbfc5a1d4f052e35a037244a3fee712936
a7471d27b77263e2791e8501168caaedb078917aa7235fa876df60a310baf628
b13cb5989e08fcb02314209d101e1102f3d299109bdc253b62aa1da21c9e38ba
b5e518431d687bb4fe577664949c4f237c9f4cb63bbd9528962fa850acaa0650
c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e673f3f9838f8b4d89ae3b236ddd3fe863886b826d6235bd5968264ca1525c34
ec55a1e0b7c3ce650d19bcada6cd6ffb9f5ec6e6e9d5ec390d2c4e5f78699690
f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23
f7dbcf2678ea42ede62b478fec571f0fee58bf990849244594e8366d4e4395ef