urlscan.io logo urlscan.io
SecurityTrails logo

balloting.stretto.com Open in urlscan Pro
2600:9000:206f:5800:5:cea7:7340:93a1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://email.cases-cr.stretto-services.com/c/eJxNjTsOwjAQRE8Td442zseicBFIqLnCxh-w5MSRd8X5MQUSoylGM9IbZyBMfuhENAoUwAQd9FXQdu2i13W-zf26qLFbrp...
Effective URL: https://balloting.stretto.com/
Submission Tags: falconsandbox
Submission: On January 28 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 6 domains to perform 18 HTTP transactions. The main IP is 2600:9000:206f:5800:5:cea7:7340:93a1, located in United States and belongs to AMAZON-02, US. The main domain is balloting.stretto.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on October 16th 2020. Valid for: a year.
This is the only time balloting.stretto.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    54.221.249.251 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-221-249-251.compute-1.amazonaws.com
email.cases-cr.stretto-services.com
11    2600:9000:206f:5800:5:cea7:7340:93a1 (United States)

ASN16509 (AMAZON-02, US)
balloting.stretto.com
3    2a00:1450:4001:824::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
Domain Requested by
11 balloting.stretto.com balloting.stretto.com
3 www.google.com balloting.stretto.com
www.gstatic.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 www.gstatic.com www.google.com
1 www.googletagmanager.com balloting.stretto.com
1 email.cases-cr.stretto-services.com 1 redirects
18 6

This site contains links to these domains. Also see Links.

Domain
cases.stretto.com
www.stretto.com
Subject Issuer Validity Valid
*.stretto.com
DigiCert SHA2 Secure Server CA		 2020-10-16 -
2021-11-16		 a year crt.sh
www.google.com
GTS CA 1O1		 2021-01-05 -
2021-03-30		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2021-01-05 -
2021-03-30		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2021-01-05 -
2021-03-30		 3 months crt.sh
*.google.com
GTS CA 1O1		 2021-01-05 -
2021-03-30		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://balloting.stretto.com/
Frame ID: D2308D600ECFC5F4DF2B5E800AAA453A
Requests: 16 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LekJ8YUAAAAAPnquSluZjrVAVkO_VIr5VbXnIxZ&co=aHR0cHM6Ly9iYWxsb3Rpbmcuc3RyZXR0by5jb206NDQz&hl=en&v=_KUxfxvAoJ4k7SaKyLbja4Mi&size=normal&cb=fnrl4nddvuvg
Frame ID: 318CDA82022411F6EA4B4FA36DC38801
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=_KUxfxvAoJ4k7SaKyLbja4Mi&k=6LekJ8YUAAAAAPnquSluZjrVAVkO_VIr5VbXnIxZ&cb=n8gsrq16g99
Frame ID: 181262EE5ED272B0FE0AC9232060EA94
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://email.cases-cr.stretto-services.com/c/eJxNjTsOwjAQRE8Td442zseicBFIqLnCxh-w5MSRd8X5MQUSoylGM9IbZyBMfuhENAoUwAQd9F... HTTP 302
    https://balloting.stretto.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • headers server /php\/?([\d.]+)?/i
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • headers server /CentOS/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i
Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i

Page Statistics

18
Requests

100 %
HTTPS

83 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

458 kB
Transfer

990 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://email.cases-cr.stretto-services.com/c/eJxNjTsOwjAQRE8Td442zseicBFIqLnCxh-w5MSRd8X5MQUSoylGM9IbZyBMfuhENAoUwAQd9FXQdu2i13W-zf26qLFbrpdmAIvkSdrSEhfPnCX58o7WU2vzLl4GtL5MIYyud8FNbgSntqC1QkS9KTWKZF7MJzX93Kh79YYpZY7H80f8gmovimGP-_y41de_SbDB00rKKdrIyDEf0iYkGiT7stcYd_oAXU5ESA HTTP 302
    https://balloting.stretto.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
balloting.stretto.com/
Redirect Chain
  • http://email.cases-cr.stretto-services.com/c/eJxNjTsOwjAQRE8Td442zseicBFIqLnCxh-w5MSRd8X5MQUSoylGM9IbZyBMfuhENAoUwAQd9FXQdu2i13W-zf26qLFbrpdmAIvkSdrSEhfPnCX58o7WU2vzLl4GtL5MIYyud8FNbgSntqC1QkS9KTWK...
  • https://balloting.stretto.com/
5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://balloting.stretto.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:5800:5:cea7:7340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.6 (CentOS) PHP/7.4.11 / PHP/7.4.11
Resource Hash
5ad547d155a3b807815eb5787b48bd3b31d77960c527f545c0374baab352e409
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
balloting.stretto.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
content-length
1779
date
Thu, 28 Jan 2021 19:49:44 GMT
set-cookie
AWSALB=ScVAsoan78SV2i/MtpqXEZOc3q4yiPsRQ/Zyz2fK+ep7rLxBX2u8KVaZjL/GAPsCj5PqNFBNbV18HPcg1p/kWY+vfiBjAIBDvMIL5tRD0vVOcrydntf5zjb3pmN7; Expires=Thu, 04 Feb 2021 19:49:43 GMT; Path=/ AWSALBCORS=ScVAsoan78SV2i/MtpqXEZOc3q4yiPsRQ/Zyz2fK+ep7rLxBX2u8KVaZjL/GAPsCj5PqNFBNbV18HPcg1p/kWY+vfiBjAIBDvMIL5tRD0vVOcrydntf5zjb3pmN7; Expires=Thu, 04 Feb 2021 19:49:43 GMT; Path=/; SameSite=None; Secure
server
Apache/2.4.6 (CentOS) PHP/7.4.11
x-xss-protection
1; mode=block
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
frame-ancestors 'self';
referrer-policy
strict-origin
x-powered-by
PHP/7.4.11
link
<https://balloting.stretto.com/wp-json/>; rel="https://api.w.org/" <https://balloting.stretto.com/wp-json/wp/v2/pages/512>; rel="alternate"; type="application/json" <https://balloting.stretto.com/>; rel=shortlink
vary
Accept-Encoding,User-Agent
content-encoding
gzip
x-cache
Miss from cloudfront
via
1.1 c888f786e25e6e3c7dbb7e9da462d715.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
ulA3bBOMtKUQOdlRQ3ME0xsXmhb_rrQbfpkcXOvP6mpNV3ku2nB3Yg==

Redirect headers

Content-Type
text/html; charset=utf-8
Date
Thu, 28 Jan 2021 19:49:43 GMT
Location
https://balloting.stretto.com/
Server
nginx
Content-Length
267
Connection
keep-alive
bootstrap.min.css
balloting.stretto.com/wp-content/themes/flash-child/css/ 		118 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://balloting.stretto.com/wp-content/themes/flash-child/css/bootstrap.min.css?ver=EBW-1.0.8.2-1
Requested by
Host: balloting.stretto.com
URL: https://balloting.stretto.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:5800:5:cea7:7340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a530a4139962ebb1f96522b56914c23c044f1c21d7873bb401c35c03daedd495

Request headers

Referer
https://balloting.stretto.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 28 Jan 2021 19:49:45 GMT
content-encoding
gzip
last-modified
Sat, 23 Jan 2021 06:03:21 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
W/"55224c5fa1229abb7feb29a59d93b21f"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/css
via
1.1 c888f786e25e6e3c7dbb7e9da462d715.cloudfront.net (CloudFront)
x-amz-cf-id
mMdbX3_onY5c12jh1qw1XOFtb9uYMnGuAvWco9o2wKuN313ZYGbwjw==
style.css
balloting.stretto.com/wp-content/themes/flash-child/ 		64 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://balloting.stretto.com/wp-content/themes/flash-child/style.css?ver=EBW-1.0.8.2-1
Requested by
Host: balloting.stretto.com
URL: https://balloting.stretto.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:5800:5:cea7:7340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3e7ac98f26fa365f43969bef8e94af07121a8886e31d505c9afee7fb7ee11d9a

Request headers

Referer
https://balloting.stretto.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 28 Jan 2021 19:49:45 GMT
content-encoding
gzip
last-modified
Sat, 23 Jan 2021 06:03:21 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
W/"04fbfa76ffa14b2cb233dc45f1f17436"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/css
via
1.1 c888f786e25e6e3c7dbb7e9da462d715.cloudfront.net (CloudFront)
x-amz-cf-id
J_oElWdQBcYkk3MAkhsxMTs-DLpoQlr_WMmqJM0_L8atolLFXktdNQ==
jquery.js
balloting.stretto.com/wp-includes/js/jquery/ 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://balloting.stretto.com/wp-includes/js/jquery/jquery.js?ver=EBW-1.0.8.2-1
Requested by
Host: balloting.stretto.com
URL: https://balloting.stretto.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:5800:5:cea7:7340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer
https://balloting.stretto.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 28 Jan 2021 19:49:45 GMT
content-encoding
gzip
last-modified
Sat, 23 Jan 2021 06:03:28 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
W/"49edccea2e7ba985cadc9ba0531cbed1"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
via
1.1 c888f786e25e6e3c7dbb7e9da462d715.cloudfront.net (CloudFront)
x-amz-cf-id
F1magGibZ8CChOtVBHpD99IjHfXOBtNvtA9UfyAgz7InjL9Vs7k7ew==
jquery.validate.min.js
balloting.stretto.com/wp-content/themes/flash-child/js/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://balloting.stretto.com/wp-content/themes/flash-child/js/jquery.validate.min.js?ver=EBW-1.0.8.2-1
Requested by
Host: balloting.stretto.com
URL: https://balloting.stretto.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:5800:5:cea7:7340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
50e497b00818378dcffe856b994f89947b620c66163768879c9b8a63d583f898

Request headers

Referer
https://balloting.stretto.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 28 Jan 2021 19:49:45 GMT
content-encoding
gzip
last-modified
Sat, 23 Jan 2021 06:03:21 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
W/"9346ec27896981bc4c0b146cf327727a"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
via
1.1 c888f786e25e6e3c7dbb7e9da462d715.cloudfront.net (CloudFront)
x-amz-cf-id
IFoZXiiw8IOdOOV17qxWHPyWDgilbnO_1ZsYBf0UGFuLNOL0JNUBqg==
custom.js
balloting.stretto.com/wp-content/themes/flash-child/js/ 		34 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://balloting.stretto.com/wp-content/themes/flash-child/js/custom.js?ver=EBW-1.0.8.2-1
Requested by
Host: balloting.stretto.com
URL: https://balloting.stretto.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:5800:5:cea7:7340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bb61b44210540c9bbe98a5ea408cf4fdb03cbd3341eb2d41caa325726e2b2261

Request headers

Referer
https://balloting.stretto.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 28 Jan 2021 19:49:45 GMT
content-encoding
gzip
last-modified
Sat, 23 Jan 2021 06:03:21 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
W/"c0b43de8aa079519c6f1654d59b535ba"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
via
1.1 c888f786e25e6e3c7dbb7e9da462d715.cloudfront.net (CloudFront)
x-amz-cf-id
nuGmqUX_rYb-hqtG4-Z4GJHrJGrqHyqbgYDPu23nvwsD-I-K-3NiJQ==
api.js
www.google.com/recaptcha/ 		850 B
972 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: balloting.stretto.com
URL: https://balloting.stretto.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
f883ac1ff4bb4a60ccf481ff2f9231b07dcb0bb82c64b8c6f96f5b91e152da9c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://balloting.stretto.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 28 Jan 2021 19:49:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
555
x-xss-protection
1; mode=block
expires
Thu, 28 Jan 2021 19:49:44 GMT
Streeto_Logo.svg
balloting.stretto.com/wp-content/themes/flash-child/images/ 		1 KB
929 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://balloting.stretto.com/wp-content/themes/flash-child/images/Streeto_Logo.svg
Requested by
Host: balloting.stretto.com
URL: https://balloting.stretto.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:5800:5:cea7:7340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
724b481d2b1b1bbb2710463ad55e57a4bd76d1bcf49f9428ed28db168f914e51

Request headers

Referer
https://balloting.stretto.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 28 Jan 2021 19:49:45 GMT
content-encoding
gzip
last-modified
Sat, 23 Jan 2021 06:03:21 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
W/"4a79af733963d8d7f17ba67cdccadb3d"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
image/svg+xml
via
1.1 c888f786e25e6e3c7dbb7e9da462d715.cloudfront.net (CloudFront)
x-amz-cf-id
Uh2DYdQXwTbeWdkflh95KbElKxQBeJLvaUxMxl2RXmunbWvLS0OPUw==
gtm.js
www.googletagmanager.com/ 		79 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TB5J729
Requested by
Host: balloting.stretto.com
URL: https://balloting.stretto.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
95da96154a8013502a15bcb78274866f23a4dcfb07d2d00efd12e0223b55f24f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://balloting.stretto.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 28 Jan 2021 19:49:44 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31302
x-xss-protection
0
last-modified
Thu, 28 Jan 2021 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 28 Jan 2021 19:49:44 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/_KUxfxvAoJ4k7SaKyLbja4Mi/ 		331 KB
130 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/_KUxfxvAoJ4k7SaKyLbja4Mi/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2ab2ee6c6698b57f2f3c79839a574a6808197ac57b7fbc6295b1be3ab8a4d279
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://balloting.stretto.com
Referer
https://balloting.stretto.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 28 Jan 2021 18:45:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3878
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
132786
x-xss-protection
0
last-modified
Sun, 17 Jan 2021 15:08:17 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 28 Jan 2022 18:45:06 GMT
background.png
balloting.stretto.com/wp-content/themes/flash-child/images/ 		34 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://balloting.stretto.com/wp-content/themes/flash-child/images/background.png
Requested by
Host: balloting.stretto.com
URL: https://balloting.stretto.com/wp-content/themes/flash-child/style.css?ver=EBW-1.0.8.2-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:5800:5:cea7:7340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f935caadea9d143ae1bad07c855f96e4ffb6798ecd82ca44f1b1c11a14ae37b9

Request headers

Referer
https://balloting.stretto.com/wp-content/themes/flash-child/style.css?ver=EBW-1.0.8.2-1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 28 Jan 2021 19:49:46 GMT
via
1.1 c888f786e25e6e3c7dbb7e9da462d715.cloudfront.net (CloudFront)
last-modified
Sat, 23 Jan 2021 06:03:21 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
"f0436e9a9bdc0a24b059862e619739a9"
x-cache
Miss from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
35259
x-amz-cf-id
Won7ER9og-0jKGcYc233r-5ZVdp3yDdY8T27kZvkRvl8YyfQc7C7Pw==
BioSans-Regular.otf
balloting.stretto.com/wp-content/themes/flash-child/fonts/ 		52 KB
52 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://balloting.stretto.com/wp-content/themes/flash-child/fonts/BioSans-Regular.otf
Requested by
Host: balloting.stretto.com
URL: https://balloting.stretto.com/wp-content/themes/flash-child/style.css?ver=EBW-1.0.8.2-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:5800:5:cea7:7340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
890fa63b421d874d3b67356d3e9d59d62378e35fe34c5b240e17bc531ec8956e

Request headers

Origin
https://balloting.stretto.com
Referer
https://balloting.stretto.com/wp-content/themes/flash-child/style.css?ver=EBW-1.0.8.2-1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 28 Jan 2021 19:49:46 GMT
via
1.1 c888f786e25e6e3c7dbb7e9da462d715.cloudfront.net (CloudFront)
last-modified
Sat, 23 Jan 2021 06:03:21 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
"3f4be8b79f73a2bff9fdb70e61b22388"
x-cache
Miss from cloudfront
content-type
application/vnd.oasis.opendocument.formula-template
accept-ranges
bytes
content-length
53204
x-amz-cf-id
gxhicyOjmfGaYmI3qyU75SdHS3mkCe7Plb8izJCkYKQF0IUmWpMpSQ==
BioSans-SemiBold.otf
balloting.stretto.com/wp-content/themes/flash-child/fonts/ 		53 KB
54 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://balloting.stretto.com/wp-content/themes/flash-child/fonts/BioSans-SemiBold.otf
Requested by
Host: balloting.stretto.com
URL: https://balloting.stretto.com/wp-content/themes/flash-child/style.css?ver=EBW-1.0.8.2-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:5800:5:cea7:7340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b3c39c4e386ded2f790ac52eed6671b011bee854b930fbf32388d7cf9e53f0ac

Request headers

Origin
https://balloting.stretto.com
Referer
https://balloting.stretto.com/wp-content/themes/flash-child/style.css?ver=EBW-1.0.8.2-1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 28 Jan 2021 19:49:46 GMT
via
1.1 c888f786e25e6e3c7dbb7e9da462d715.cloudfront.net (CloudFront)
last-modified
Sat, 23 Jan 2021 06:03:21 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
"798520d6d5fbda77c03e1bceddf7f63f"
x-cache
Miss from cloudfront
content-type
application/vnd.oasis.opendocument.formula-template
accept-ranges
bytes
content-length
54420
x-amz-cf-id
H_wUaYtKqglxA38FDT-brDTR3-ySICI190ACqm2ott4StAot5lojpA==
BioSans-Bold.otf
balloting.stretto.com/wp-content/themes/flash-child/fonts/ 		54 KB
54 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://balloting.stretto.com/wp-content/themes/flash-child/fonts/BioSans-Bold.otf
Requested by
Host: balloting.stretto.com
URL: https://balloting.stretto.com/wp-content/themes/flash-child/style.css?ver=EBW-1.0.8.2-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:5800:5:cea7:7340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
39a8d78c9df82046fb123ca673d2ba683cc79eafaba52de6c8164081da8b2735

Request headers

Origin
https://balloting.stretto.com
Referer
https://balloting.stretto.com/wp-content/themes/flash-child/style.css?ver=EBW-1.0.8.2-1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 28 Jan 2021 19:49:46 GMT
via
1.1 c888f786e25e6e3c7dbb7e9da462d715.cloudfront.net (CloudFront)
last-modified
Sat, 23 Jan 2021 06:03:21 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
"93e185f820d9d14c0403a7445109d218"
x-cache
Miss from cloudfront
content-type
application/vnd.oasis.opendocument.formula-template
accept-ranges
bytes
content-length
54984
x-amz-cf-id
xqeOekwWJb3VnYLkCEujvdg5PqSNHD-B4csfMpWELD2QVz1TA18TZg==
analytics.js
www.google-analytics.com/ 		46 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TB5J729
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://balloting.stretto.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
2140
date
Thu, 28 Jan 2021 19:14:04 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Thu, 28 Jan 2021 21:14:04 GMT
anchor
www.google.com/recaptcha/api2/ Frame 318C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LekJ8YUAAAAAPnquSluZjrVAVkO_VIr5VbXnIxZ&co=aHR0cHM6Ly9iYWxsb3Rpbmcuc3RyZXR0by5jb206NDQz&hl=en&v=_KUxfxvAoJ4k7SaKyLbja4Mi&size=normal&cb=fnrl4nddvuvg
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_KUxfxvAoJ4k7SaKyLbja4Mi/recaptcha__en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-yOLTrhEfZgh4NDo4NG2JcA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/anchor?ar=1&k=6LekJ8YUAAAAAPnquSluZjrVAVkO_VIr5VbXnIxZ&co=aHR0cHM6Ly9iYWxsb3Rpbmcuc3RyZXR0by5jb206NDQz&hl=en&v=_KUxfxvAoJ4k7SaKyLbja4Mi&size=normal&cb=fnrl4nddvuvg
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://balloting.stretto.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://balloting.stretto.com/

Response headers

content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 28 Jan 2021 19:49:45 GMT
content-security-policy
script-src 'report-sample' 'nonce-yOLTrhEfZgh4NDo4NG2JcA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
11475
server
GSE
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
collect
www.google-analytics.com/j/ 		1 B
390 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=37171860&t=pageview&_s=1&dl=https%3A%2F%2Fballoting.stretto.com%2F&ul=en-us&de=UTF-8&dt=STRETTO&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAABAAAAAC~&jid=322425996&gjid=1303896761&cid=303020478.1611863385&tid=UA-154696569-5&_gid=1507155294.1611863385&_r=1&gtm=2wg1k0TB5J729&z=1386719989
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://balloting.stretto.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 28 Jan 2021 19:49:45 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://balloting.stretto.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
bframe
www.google.com/recaptcha/api2/ Frame 1812 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=_KUxfxvAoJ4k7SaKyLbja4Mi&k=6LekJ8YUAAAAAPnquSluZjrVAVkO_VIr5VbXnIxZ&cb=n8gsrq16g99
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_KUxfxvAoJ4k7SaKyLbja4Mi/recaptcha__en.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-auc3W+zVT7NlOQCppX8rNg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/bframe?hl=en&v=_KUxfxvAoJ4k7SaKyLbja4Mi&k=6LekJ8YUAAAAAPnquSluZjrVAVkO_VIr5VbXnIxZ&cb=n8gsrq16g99
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://balloting.stretto.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://balloting.stretto.com/

Response headers

content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 28 Jan 2021 19:49:45 GMT
content-security-policy
script-src 'report-sample' 'nonce-auc3W+zVT7NlOQCppX8rNg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
1126
server
GSE
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Verdicts & Comments Add Verdict or Comment

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| dataLayer undefined| $ function| jQuery boolean| unsaved object| next_np_id object| notice_party_data function| removeContantEditableAttr function| add_ballot_response function| deleteNoticeParty function| openNoticePartyViewModal function| openNoticeParty function| check_creditor_fields function| update_ballot function| display_creditor_info function| display_notice_party_info undefined| clicked function| goToUrl object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| recaptcha object| closure_lm_144887 object| gaplugins object| gaGlobal object| gaData

5 Cookies

Domain/Path Name / Value
.balloting.stretto.com/ Name: _ga
Value: GA1.3.303020478.1611863385
.balloting.stretto.com/ Name: _gid
Value: GA1.3.1507155294.1611863385
balloting.stretto.com/ Name: AWSALBCORS
Value: ScVAsoan78SV2i/MtpqXEZOc3q4yiPsRQ/Zyz2fK+ep7rLxBX2u8KVaZjL/GAPsCj5PqNFBNbV18HPcg1p/kWY+vfiBjAIBDvMIL5tRD0vVOcrydntf5zjb3pmN7
.balloting.stretto.com/ Name: _gat_UA-154696569-5
Value: 1
balloting.stretto.com/ Name: AWSALB
Value: ScVAsoan78SV2i/MtpqXEZOc3q4yiPsRQ/Zyz2fK+ep7rLxBX2u8KVaZjL/GAPsCj5PqNFBNbV18HPcg1p/kWY+vfiBjAIBDvMIL5tRD0vVOcrydntf5zjb3pmN7

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

balloting.stretto.com
email.cases-cr.stretto-services.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
2600:9000:206f:5800:5:cea7:7340:93a1
2a00:1450:4001:808::2008
2a00:1450:4001:812::200e
2a00:1450:4001:824::2004
2a00:1450:4001:825::2003
54.221.249.251
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
2ab2ee6c6698b57f2f3c79839a574a6808197ac57b7fbc6295b1be3ab8a4d279
39a8d78c9df82046fb123ca673d2ba683cc79eafaba52de6c8164081da8b2735
3e7ac98f26fa365f43969bef8e94af07121a8886e31d505c9afee7fb7ee11d9a
50e497b00818378dcffe856b994f89947b620c66163768879c9b8a63d583f898
5ad547d155a3b807815eb5787b48bd3b31d77960c527f545c0374baab352e409
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
724b481d2b1b1bbb2710463ad55e57a4bd76d1bcf49f9428ed28db168f914e51
890fa63b421d874d3b67356d3e9d59d62378e35fe34c5b240e17bc531ec8956e
95da96154a8013502a15bcb78274866f23a4dcfb07d2d00efd12e0223b55f24f
a530a4139962ebb1f96522b56914c23c044f1c21d7873bb401c35c03daedd495
b3c39c4e386ded2f790ac52eed6671b011bee854b930fbf32388d7cf9e53f0ac
bb61b44210540c9bbe98a5ea408cf4fdb03cbd3341eb2d41caa325726e2b2261
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
f883ac1ff4bb4a60ccf481ff2f9231b07dcb0bb82c64b8c6f96f5b91e152da9c
f935caadea9d143ae1bad07c855f96e4ffb6798ecd82ca44f1b1c11a14ae37b9