urlscan.io logo urlscan.io
SecurityTrails logo

claims-qover.paperform.co Open in urlscan Pro
34.225.103.4  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://claims.qover.com/
Effective URL: https://claims-qover.paperform.co/
Submission: On January 07 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 7 domains to perform 19 HTTP transactions. The main IP is 34.225.103.4, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is claims-qover.paperform.co.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 20th 2020. Valid for: a year.
This is the only time claims-qover.paperform.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 13.224.94.32 16509 (AMAZON-02)
1 3 34.225.103.4 14618 (AMAZON-AES)
2 2600:9000:206... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
5 65.9.7.76 16509 (AMAZON-02)
1 151.101.114.110 54113 (FASTLY)
2 162.247.243.146 13335 (CLOUDFLAR...)
19 8
1    13.224.94.32 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-94-32.zrh50.r.cloudfront.net
claims.qover.com
3    34.225.103.4 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-225-103-4.compute-1.amazonaws.com
claims-qover.paperform.co
2    2600:9000:206f:2000:e:f359:cf80:21 (United States)

ASN16509 (AMAZON-02, US)
duube1y6ojsji.cloudfront.net
1    2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:814::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
5    2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
5    65.9.7.76 (Seattle, United States)

ASN16509 (AMAZON-02, US)
img.paperform.co
1    151.101.114.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
2    162.247.243.146 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)
bam-cell.nr-data.net
Domain Requested by
5 img.paperform.co claims-qover.paperform.co
5 fonts.gstatic.com fonts.googleapis.com
3 claims-qover.paperform.co 1 redirects duube1y6ojsji.cloudfront.net
2 bam-cell.nr-data.net js-agent.newrelic.com
2 fonts.googleapis.com claims-qover.paperform.co
duube1y6ojsji.cloudfront.net
2 duube1y6ojsji.cloudfront.net claims-qover.paperform.co
1 js-agent.newrelic.com claims-qover.paperform.co
1 claims.qover.com 1 redirects
19 8
Subject Issuer Validity Valid
*.paperform.co
Sectigo RSA Domain Validation Secure Server CA		 2020-03-20 -
2021-03-20		 a year crt.sh
*.cloudfront.net
DigiCert Global CA G2		 2020-05-26 -
2021-04-21		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-12-15 -
2021-03-09		 3 months crt.sh
img.paperform.co
Amazon		 2020-06-19 -
2021-07-19		 a year crt.sh
f4.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2020-12-28 -
2021-05-07		 4 months crt.sh
*.nr-data.net
DigiCert SHA2 Secure Server CA		 2020-02-05 -
2022-02-08		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://claims-qover.paperform.co/
Frame ID: 791DDDD3FC17EDE5CC7AC56404F95320
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://claims.qover.com/ HTTP 301
    http://claims-qover.paperform.co/ HTTP 301
    https://claims-qover.paperform.co/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

19
Requests

100 %
HTTPS

44 %
IPv6

7
Domains

8
Subdomains

8
IPs

2
Countries

505 kB
Transfer

1749 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://claims.qover.com/ HTTP 301
    http://claims-qover.paperform.co/ HTTP 301
    https://claims-qover.paperform.co/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
claims-qover.paperform.co/
Redirect Chain
  • https://claims.qover.com/
  • http://claims-qover.paperform.co/
  • https://claims-qover.paperform.co/
45 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://claims-qover.paperform.co/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.225.103.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-103-4.compute-1.amazonaws.com
Software
nginx /
Resource Hash
61f7f24d91c876d4e2e53a9b3315fad82a109342a7946c8228e4f9e3d2b75b51

Request headers

Host
claims-qover.paperform.co
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Cache-Control
no-cache, private
Date
Thu, 07 Jan 2021 14:59:28 GMT
Set-Cookie
XSRF-TOKEN=eyJpdiI6IlJuXC8yY0IxalFxcmwwSE1PMlBVOFFnPT0iLCJ2YWx1ZSI6IjRMRUdiRm04QlJoRVwvb3JlemwxR1ZkRGdvMzZQSWo4UGVlbE9LaFViXC9jcFdrV3N2NHoweG5lYXVKU0JYT1ZTbSIsIm1hYyI6ImY0Yjg2MmFhOWFhOWNmZjEwMzQ3YjMxYzBhMzUwMGI2NmJkZmRjZjBmZGM2YjVmZWE5YzA2NjQ2N2RhOTU1NmUifQ%3D%3D; expires=Thu, 07-Jan-2021 15:29:28 GMT; Max-Age=1800; path=/; secure; samesite=none laravel_session=eyJpdiI6ImxDeEtMb1ZXN25iMVdYeTdnS0ZBaEE9PSIsInZhbHVlIjoidTJ3bkVjVGNqZjdkUmk1RHNKOFBtSVFkUXZwaFVOQnozc21rbVwvaFJ5MjJlWlozTm84anYyWnFyXC9KVTkzRWI0IiwibWFjIjoiNGJhNmJhNjc1MGE2Y2IzZjA2ZThlY2ZlM2MyNTUwNDZjYjhmOGExMTZhY2Y1ZDljMTUwY2UwMjMyNDFiNWNlYiJ9; expires=Thu, 07-Jan-2021 15:29:28 GMT; Max-Age=1800; path=/; secure; httponly; samesite=none
Content-Encoding
gzip

Redirect headers

Content-Type
text/html
Date
Thu, 07 Jan 2021 14:59:28 GMT
Location
https://claims-qover.paperform.co/
Server
nginx
Content-Length
178
Connection
keep-alive
_68696d7d6d7a4d0a4bfe.styles.css
duube1y6ojsji.cloudfront.net/ 		252 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://duube1y6ojsji.cloudfront.net/_68696d7d6d7a4d0a4bfe.styles.css
Requested by
Host: claims-qover.paperform.co
URL: https://claims-qover.paperform.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:2000:e:f359:cf80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d355e502e95c375137984541f6e16f1637c84bbd5666739f3efa6156e9964da3

Request headers

Referer
https://claims-qover.paperform.co/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 01 Dec 2020 00:17:41 GMT
content-encoding
gzip
last-modified
Tue, 01 Dec 2020 00:06:04 GMT
server
AmazonS3
age
3249708
etag
W/"746b64ed094b5be883c925fadf84ebb2"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css; charset=UTF-8
via
1.1 b3dc72c60418e8887de31f772538f118.cloudfront.net (CloudFront)
cache-control
max-age=31536000, immutable
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
JKKOQl22d9yZbmtBOyhcd7R-vaQElhOHBZeMW0RBYvNFyS6V-xl7Bw==
css
fonts.googleapis.com/ 		3 KB
747 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:300,400,700|Material+Icons
Requested by
Host: claims-qover.paperform.co
URL: https://claims-qover.paperform.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
9df0463322a442014907b07d714a8417d10b24a426a44adeea18ce7bf6f4dd57
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://claims-qover.paperform.co/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 07 Jan 2021 14:59:28 GMT
server
ESF
date
Thu, 07 Jan 2021 14:59:28 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 07 Jan 2021 14:59:28 GMT
fa7143c098c107217780.form.min.js
duube1y6ojsji.cloudfront.net/ 		1 MB
378 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://duube1y6ojsji.cloudfront.net/fa7143c098c107217780.form.min.js
Requested by
Host: claims-qover.paperform.co
URL: https://claims-qover.paperform.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:2000:e:f359:cf80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ea2ee3f2aeaaee806f8235e2f7a607ee8652e9fd1904e8280d07749ffa5521a2

Request headers

Referer
https://claims-qover.paperform.co/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 08 Dec 2020 21:11:19 GMT
content-encoding
gzip
last-modified
Tue, 08 Dec 2020 21:10:23 GMT
server
AmazonS3
age
2569690
etag
W/"dc5bf4f2febd00638c9a698565efce59"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
via
1.1 b3dc72c60418e8887de31f772538f118.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
sslOjTJ3ejxc5HuBxM7KszbyNz7x_qldBUZyqangtFGURdBOgZ_fkQ==
css
fonts.googleapis.com/ 		6 KB
840 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Poppins:600,bold%7CRoboto:regular,bold
Requested by
Host: duube1y6ojsji.cloudfront.net
URL: https://duube1y6ojsji.cloudfront.net/fa7143c098c107217780.form.min.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
709233def620c2a522c74be232f257b7a64aa5d3410316e52ada1dfd9cc96eea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://claims-qover.paperform.co/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 07 Jan 2021 14:59:29 GMT
server
ESF
date
Thu, 07 Jan 2021 14:59:29 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 07 Jan 2021 14:59:29 GMT
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v17/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,700|Material+Icons
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://claims-qover.paperform.co
Referer
https://fonts.googleapis.com/css?family=Lato:300,400,700|Material+Icons
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 01 Jan 2021 08:34:06 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:12:59 GMT
server
sffe
age
541523
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14044
x-xss-protection
0
expires
Sat, 01 Jan 2022 08:34:06 GMT
belgium.png
img.paperform.co/fetch/w_100,f_auto/https://s3-ap-southeast-2.amazonaws.com/paperform/u-12039/1/2018-10-25/7o03ylv/ 		279 B
724 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.paperform.co/fetch/w_100,f_auto/https://s3-ap-southeast-2.amazonaws.com/paperform/u-12039/1/2018-10-25/7o03ylv/belgium.png
Requested by
Host: claims-qover.paperform.co
URL: https://claims-qover.paperform.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.7.76 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
51c5a2a98d82f6f1630f8e1918c46b661ac56865c63caf85cd2ed59592e57c09

Request headers

Referer
https://claims-qover.paperform.co/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 04 Jan 2021 13:35:25 GMT
via
1.1 1ce2e02518867b6d4fdccf32e95ab8e4.cloudfront.net (CloudFront), 1.1 c359abeab0060e721cfaac65ce34b1cc.cloudfront.net (CloudFront)
age
264244
x-amzn-requestid
544f7383-f0fa-44d0-ab35-3aa31e444aa6
x-cache
Hit from cloudfront
content-type
image/png
cache-control
public, max-age=864000
x-amzn-trace-id
Root=1-5ff3199d-4662c30111c005453702f0b2;Sampled=0
x-amz-cf-pop
MUC51-C1, FRA56-C1
x-amz-apigw-id
YoDwmHzKSwMFa8A=
content-length
279
x-amz-cf-id
TyXvqqrC1LO-YodoijLXJsZb2iDwEZB6XSj_Yvm75BTqdNQhzYvzlw==
france.png
img.paperform.co/fetch/w_100,f_auto/https://s3-ap-southeast-2.amazonaws.com/paperform/u-12039/1/2019-03-05/7003umc/ 		233 B
678 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.paperform.co/fetch/w_100,f_auto/https://s3-ap-southeast-2.amazonaws.com/paperform/u-12039/1/2019-03-05/7003umc/france.png
Requested by
Host: claims-qover.paperform.co
URL: https://claims-qover.paperform.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.7.76 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
b4382a6c6c3e5b2756837b1dd4c77b7fb14053182017d8dc760d3f6b8cac2824

Request headers

Referer
https://claims-qover.paperform.co/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 04 Jan 2021 13:35:25 GMT
via
1.1 e53b47c398fced59a0a7e03d97bc21f1.cloudfront.net (CloudFront), 1.1 c359abeab0060e721cfaac65ce34b1cc.cloudfront.net (CloudFront)
age
264244
x-amzn-requestid
3b074c67-3f7d-4046-be13-66b7559c114b
x-cache
Hit from cloudfront
content-type
image/png
cache-control
public, max-age=864000
x-amzn-trace-id
Root=1-5ff3199d-590f3a463f4202e15dfbf8bb;Sampled=0
x-amz-cf-pop
HAM50-C2, FRA56-C1
x-amz-apigw-id
YoDwoFmWywMFsVA=
content-length
233
x-amz-cf-id
4A6tJ_oqdjG7jAPjEhgzjQsLjCBPKAWrwFKbHlqDzuNYhvlG2xNAMQ==
spain.png
img.paperform.co/fetch/w_100,f_auto/https://s3-ap-southeast-2.amazonaws.com/paperform/u-12039/1/2018-10-25/wa33yr1/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.paperform.co/fetch/w_100,f_auto/https://s3-ap-southeast-2.amazonaws.com/paperform/u-12039/1/2018-10-25/wa33yr1/spain.png
Requested by
Host: claims-qover.paperform.co
URL: https://claims-qover.paperform.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.7.76 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
8cd9fc226c16ec89287e5ba3b06d3eaac0bffb289750704a3eeb504f8aba5726

Request headers

Referer
https://claims-qover.paperform.co/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 04 Jan 2021 13:35:25 GMT
via
1.1 9e9acb04b02acc35d5f161ce03745e26.cloudfront.net (CloudFront), 1.1 c359abeab0060e721cfaac65ce34b1cc.cloudfront.net (CloudFront)
age
264244
x-amzn-requestid
f9b43978-1cd1-4420-94dd-f9c02b2c19a8
x-cache
Hit from cloudfront
content-type
image/png
cache-control
public, max-age=864000
x-amzn-trace-id
Root=1-5ff3199d-61f335217cb544c92bd32db2;Sampled=0
x-amz-cf-pop
HAM50-C2, FRA56-C1
x-amz-apigw-id
YoDwoH2ISwMF3cw=
content-length
2506
x-amz-cf-id
xCpGP4PFgiabqAjxrlV60yD6dyhD-WKVPAGmWTISdj9w6LoEktVq1Q==
download.png
img.paperform.co/fetch/w_100,f_auto/https://s3-ap-southeast-2.amazonaws.com/paperform/u-12039/1/2019-05-27/yw03wbv/ 		705 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.paperform.co/fetch/w_100,f_auto/https://s3-ap-southeast-2.amazonaws.com/paperform/u-12039/1/2019-05-27/yw03wbv/download.png
Requested by
Host: claims-qover.paperform.co
URL: https://claims-qover.paperform.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.7.76 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
bacf258569aacc9164302e5bf9091f16c575ab95f83db99a1521985c513c92a8

Request headers

Referer
https://claims-qover.paperform.co/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 04 Jan 2021 13:35:25 GMT
via
1.1 63c9a084de27504ef34be3673921d01e.cloudfront.net (CloudFront), 1.1 c359abeab0060e721cfaac65ce34b1cc.cloudfront.net (CloudFront)
age
264244
x-amzn-requestid
9c49ebbd-ba39-4c3c-a0e5-0d52aceb057e
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
public, max-age=864000
x-amzn-trace-id
Root=1-5ff3199d-3abfb2117adc0c8634fc20a7;Sampled=0
x-amz-cf-pop
HAM50-C2, FRA56-C1
x-amz-apigw-id
YoDwlGmaywMFkPg=
content-length
705
x-amz-cf-id
cQdnMZ7D9VoMBqezOgCnAZ8Umj9e-tiLczXJyIWXtQBe9FTS9ZzAwA==
1200px-Flag_of_Germany.svg.png
img.paperform.co/fetch/w_150,f_auto/https://s3.amazonaws.com/pf-upload-01/u-12039/1/2019-11-13/72031s4/ 		827 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.paperform.co/fetch/w_150,f_auto/https://s3.amazonaws.com/pf-upload-01/u-12039/1/2019-11-13/72031s4/1200px-Flag_of_Germany.svg.png
Requested by
Host: claims-qover.paperform.co
URL: https://claims-qover.paperform.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.7.76 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
0cdcc84747603ab9aaf4723b2c72fa13c0eb5a0b621ea0ffc7356fe8422d4654

Request headers

Referer
https://claims-qover.paperform.co/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 04 Jan 2021 13:35:24 GMT
via
1.1 135eb6368d07b066aff0760ea5228bab.cloudfront.net (CloudFront), 1.1 c359abeab0060e721cfaac65ce34b1cc.cloudfront.net (CloudFront)
age
264245
x-amzn-requestid
d18f3058-80bb-4d5c-86d3-bff31e8b1a9a
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
public, max-age=864000
x-amzn-trace-id
Root=1-5ff3199c-3daae1564b1ce9b0557f8ab9;Sampled=0
x-amz-cf-pop
HAM50-C3, FRA56-C1
x-amz-apigw-id
YoDwfFQuIAMFoHA=
content-length
827
x-amz-cf-id
VMxzKAzvT9hLjIeGAqEdBlT_sODfbKYz07krzCSn6HMNbksU60Kc0g==
event
claims-qover.paperform.co/api/v1/form/5b17d6bcb234f269c46e34f9/ 		1 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://claims-qover.paperform.co/api/v1/form/5b17d6bcb234f269c46e34f9/event
Requested by
Host: duube1y6ojsji.cloudfront.net
URL: https://duube1y6ojsji.cloudfront.net/fa7143c098c107217780.form.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.225.103.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-103-4.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Request headers

accept
application/json
Referer
https://claims-qover.paperform.co/
x-csrf-token
null
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type
application/json

Response headers

Date
Thu, 07 Jan 2021 14:59:29 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
X-RateLimit-Remaining
59
Cache-Control
no-cache, private
Transfer-Encoding
chunked
X-RateLimit-Limit
60
Connection
keep-alive
pxiByp8kv8JHgFVrLEj6Z1xlFd2JQEk.woff2
fonts.gstatic.com/s/poppins/v15/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLEj6Z1xlFd2JQEk.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:600,bold%7CRoboto:regular,bold
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://claims-qover.paperform.co
Referer
https://fonts.googleapis.com/css?family=Poppins:600,bold%7CRoboto:regular,bold
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 01 Jan 2021 03:41:42 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 22:02:15 GMT
server
sffe
age
559067
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7988
x-xss-protection
0
expires
Sat, 01 Jan 2022 03:41:42 GMT
pxiByp8kv8JHgFVrLCz7Z1xlFd2JQEk.woff2
fonts.gstatic.com/s/poppins/v15/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLCz7Z1xlFd2JQEk.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:600,bold%7CRoboto:regular,bold
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://claims-qover.paperform.co
Referer
https://fonts.googleapis.com/css?family=Poppins:600,bold%7CRoboto:regular,bold
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 06 Jan 2021 14:33:32 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 22:01:44 GMT
server
sffe
age
87957
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7832
x-xss-protection
0
expires
Thu, 06 Jan 2022 14:33:32 GMT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:600,bold%7CRoboto:regular,bold
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://claims-qover.paperform.co
Referer
https://fonts.googleapis.com/css?family=Poppins:600,bold%7CRoboto:regular,bold
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 01 Jan 2021 07:38:50 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
544839
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11016
x-xss-protection
0
expires
Sat, 01 Jan 2022 07:38:50 GMT
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:600,bold%7CRoboto:regular,bold
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://claims-qover.paperform.co
Referer
https://fonts.googleapis.com/css?family=Poppins:600,bold%7CRoboto:regular,bold
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 07 Jan 2021 08:55:28 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:58 GMT
server
sffe
age
21841
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11020
x-xss-protection
0
expires
Fri, 07 Jan 2022 08:55:28 GMT
nr-1184.min.js
js-agent.newrelic.com/ 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1184.min.js
Requested by
Host: claims-qover.paperform.co
URL: https://claims-qover.paperform.co/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77

Request headers

Referer
https://claims-qover.paperform.co/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 07 Jan 2021 14:59:29 GMT
content-encoding
gzip
x-amz-request-id
A21809B1C987C063
x-cache
HIT
content-length
10624
x-amz-id-2
5/0iWHe8AbcxZN6Jo3BmJ2Q+tztfRSNwr+lcNTrsM79nJm6KurTN6rNwf14f8ELquc1TIDOjlf4=
x-served-by
cache-hhn4022-HHN
last-modified
Mon, 28 Sep 2020 16:34:45 GMT
server
AmazonS3
x-timer
S1610031569.472248,VS0,VE0
etag
"3d7f312be60d08a2568e311e4762f3af"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
6016
87e8d511b7
bam-cell.nr-data.net/1/ 		57 B
647 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam-cell.nr-data.net/1/87e8d511b7?a=103052976&v=1184.ab39b52&to=ZgAGN0dYWRdRVENdV19KJQBBUFgKH3ZHRGR5ERATaXpYCkRFWFhUVBcXP3NWRQlzWFlASl4JCAZHeVELQlphXV1G&rst=1605&ck=1&ref=https://claims-qover.paperform.co/&ap=21&be=863&fe=1528&dc=1418&perf=%7B%22timing%22:%7B%22of%22:1610031567890,%22n%22:0,%22f%22:426,%22dn%22:427,%22dne%22:427,%22c%22:427,%22s%22:441,%22ce%22:642,%22rq%22:642,%22rp%22:841,%22rpe%22:843,%22dl%22:850,%22di%22:1418,%22ds%22:1418,%22de%22:1419,%22dc%22:1527,%22l%22:1527,%22le%22:1530%7D,%22navigation%22:%7B%7D%7D&fp=1438&fcp=1438&at=SkcFQQ9CShk%3D&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1184.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.146 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e02cdaa490caecb3bb5303b6e28acdb8a08d4f866ec1eb932a2d2c81bc95ebe9

Request headers

Referer
https://claims-qover.paperform.co/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 07 Jan 2021 14:59:29 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Server
cloudflare
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
Content-Type
text/javascript;charset=ISO-8859-1
Transfer-Encoding
chunked
Connection
keep-alive
CF-Ray
60de8afd6a820c15-AMS
cf-request-id
077ef5325d00000c15a50ec000000001
Expires
Thu, 01 Jan 1970 00:00:00 GMT
87e8d511b7
bam-cell.nr-data.net/events/1/ 		24 B
501 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bam-cell.nr-data.net/events/1/87e8d511b7?a=103052976&v=1184.ab39b52&to=ZgAGN0dYWRdRVENdV19KJQBBUFgKH3ZHRGR5ERATaXpYCkRFWFhUVBcXP3NWRQlzWFlASl4JCAZHeVELQlphXV1G&rst=11605&ck=1&ref=https://claims-qover.paperform.co/
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1184.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.146 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer
https://claims-qover.paperform.co/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type
text/plain

Response headers

Date
Thu, 07 Jan 2021 14:59:39 GMT
CF-Cache-Status
DYNAMIC
Server
cloudflare
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
Content-Type
image/gif
Access-Control-Allow-Origin
https://claims-qover.paperform.co
Access-Control-Allow-Credentials
true
Connection
keep-alive
CF-Ray
60de8b3bdb180c15-AMS
Content-Length
24
cf-request-id
077ef5596e00000c155b28b000000001

Verdicts & Comments Add Verdict or Comment

48 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| NREUM object| newrelic function| __nr_require object| _tzs object| _state number| _edit number| _inj number| _is_ppradmin string| _ppradmin_user string| _user object| _ff object| _translation object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| text object| _saved object| _pages object| _sections object| _blockMetadata object| _questionPageMap object| _initialForm object| React object| ReactDOM object| store function| _exportReactApp string| _activeColorCheckout boolean| stylesLoaded function| loadFallbackFormCss function| checkFormCssLoaded function| loadFallbackFormJs object| analytics

2 Cookies

Domain/Path Name / Value
claims-qover.paperform.co/ Name: laravel_session
Value: eyJpdiI6IlJCekxMWEtVSzlMSmRBY2dSYlozTUE9PSIsInZhbHVlIjoiZGpDTFwvNVozbG1vK0d1WU5udGRTSFRNejF1SVdzOGFtZ3A1RUJhWG9Xc3pzckV6MDJheE9jZU5Lbnh2a1FLZXkiLCJtYWMiOiJiMDIwMWM2MWQ4YzQwMWEyZmFmMGVhZDhkYjM2YjZhM2YyNjRmM2Y0YTBiMjFiMmE1NGMxMjhlZDMzOTg5ZWIyIn0%3D
claims-qover.paperform.co/ Name: XSRF-TOKEN
Value: eyJpdiI6IkRrTFJlaERydDJJQ3NaR2ZaNVNzZHc9PSIsInZhbHVlIjoibHRjQ0R6N0pBQUt4aWV2TmJReEhReXpvSjJuVDhTWnJuWGRlR3NlWVwvV3pNQndpR2VVRXh6M2RaWUNGcmp1R2giLCJtYWMiOiI4NTMyNzY5NDQxYjE0NWE1N2JiNjE4ZjM4ZTJmNDEwZTQyMTcxZDJlODUzNWFkODQ4YTE2NWY2NjBkZmJiNzZhIn0%3D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bam-cell.nr-data.net
claims-qover.paperform.co
claims.qover.com
duube1y6ojsji.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
img.paperform.co
js-agent.newrelic.com
13.224.94.32
151.101.114.110
162.247.243.146
2600:9000:206f:2000:e:f359:cf80:21
2a00:1450:4001:802::200a
2a00:1450:4001:803::2003
2a00:1450:4001:814::200a
34.225.103.4
65.9.7.76
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0cdcc84747603ab9aaf4723b2c72fa13c0eb5a0b621ea0ffc7356fe8422d4654
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
51c5a2a98d82f6f1630f8e1918c46b661ac56865c63caf85cd2ed59592e57c09
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
61f7f24d91c876d4e2e53a9b3315fad82a109342a7946c8228e4f9e3d2b75b51
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
709233def620c2a522c74be232f257b7a64aa5d3410316e52ada1dfd9cc96eea
780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77
8cd9fc226c16ec89287e5ba3b06d3eaac0bffb289750704a3eeb504f8aba5726
9df0463322a442014907b07d714a8417d10b24a426a44adeea18ce7bf6f4dd57
b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f
b4382a6c6c3e5b2756837b1dd4c77b7fb14053182017d8dc760d3f6b8cac2824
b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b
bacf258569aacc9164302e5bf9091f16c575ab95f83db99a1521985c513c92a8
d355e502e95c375137984541f6e16f1637c84bbd5666739f3efa6156e9964da3
e02cdaa490caecb3bb5303b6e28acdb8a08d4f866ec1eb932a2d2c81bc95ebe9
ea2ee3f2aeaaee806f8235e2f7a607ee8652e9fd1904e8280d07749ffa5521a2