urlscan.io logo urlscan.io
SecurityTrails logo

www.tfaforms.com Open in urlscan Pro
54.163.170.79  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
Submission: On November 12 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 4 countries across 10 domains to perform 21 HTTP transactions. The main IP is 54.163.170.79, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.tfaforms.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on June 11th 2019. Valid for: 2 years.
This is the only time www.tfaforms.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 54.163.170.79 14618 (AMAZON-AES)
2 2a00:1450:400... 15169 (GOOGLE)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
4 194.75.186.148 2856 (BT-UK-AS ...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 151.101.114.110 54113 (FASTLY)
2 162.247.243.147 13335 (CLOUDFLAR...)
21 10
7    54.163.170.79 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-163-170-79.compute-1.amazonaws.com
www.tfaforms.com
2    2a00:1450:4001:81f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2001:4de0:ac19::1:b:3b (Netherlands)

ASN20446 (HIGHWINDS3, US)
maxcdn.bootstrapcdn.com
1    2001:4de0:ac19::1:b:2a (Netherlands)

ASN20446 (HIGHWINDS3, US)
code.jquery.com
4    194.75.186.148 (United Kingdom)

ASN2856 (BT-UK-AS BTnet UK Regional network, GB)
PTR: services.postcodeanywhere.co.uk
aquam11114.pcapredict.com
services.postcodeanywhere.co.uk
1    2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2606:4700:3037::6812:23b5 (United States)

ASN13335 (CLOUDFLARENET, US)
www.guyspier.com
1    2a00:1450:4001:81b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    151.101.114.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
2    162.247.243.147 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)
bam-cell.nr-data.net
Domain Requested by
7 www.tfaforms.com www.tfaforms.com
3 services.postcodeanywhere.co.uk aquam11114.pcapredict.com
www.tfaforms.com
2 bam-cell.nr-data.net js-agent.newrelic.com
www.tfaforms.com
2 www.guyspier.com 1 redirects www.tfaforms.com
2 fonts.gstatic.com fonts.googleapis.com
2 fonts.googleapis.com www.tfaforms.com
1 js-agent.newrelic.com www.tfaforms.com
1 aquam11114.pcapredict.com www.tfaforms.com
1 code.jquery.com www.tfaforms.com
1 maxcdn.bootstrapcdn.com www.tfaforms.com
21 10

This site contains no links.

Subject Issuer Validity Valid
tfaforms.com
DigiCert SHA2 Secure Server CA		 2019-06-11 -
2021-06-15		 2 years crt.sh
upload.video.google.com
GTS CA 1O1		 2020-10-20 -
2021-01-12		 3 months crt.sh
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2020-09-22 -
2021-10-12		 a year crt.sh
jquery.org
Sectigo RSA Domain Validation Secure Server CA		 2020-10-06 -
2021-10-16		 a year crt.sh
*.pcapredict.com
Sectigo RSA Domain Validation Secure Server CA		 2020-09-01 -
2021-09-01		 a year crt.sh
*.gstatic.com
GTS CA 1O1		 2020-10-20 -
2021-01-12		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-07-10 -
2021-07-10		 a year crt.sh
f4.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2020-10-23 -
2021-05-07		 6 months crt.sh
*.postcodeanywhere.co.uk
Sectigo RSA Domain Validation Secure Server CA		 2020-02-11 -
2021-02-10		 a year crt.sh
*.nr-data.net
DigiCert SHA2 Secure Server CA		 2020-02-05 -
2022-02-08		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
Frame ID: 8C4BA414B875531D9480495E9836C55D
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

21
Requests

100 %
HTTPS

60 %
IPv6

10
Domains

10
Subdomains

10
IPs

4
Countries

236 kB
Transfer

684 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • http://www.guyspier.com/wp-content/uploads/2017/07/arrow.png HTTP 301
  • https://www.guyspier.com/wp-content/uploads/2017/07/arrow.png

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 4670417
www.tfaforms.com/ 		58 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.163.170.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-163-170-79.compute-1.amazonaws.com
Software
nginx /
Resource Hash
d7c301a1965d89e781b94b9f30c16f60addc8aa8e96d697eb4c70c101c9524a6
Security Headers
Name Value
Strict-Transport-Security max-age=10368001; includeSubDomains

Request headers

:method
GET
:authority
www.tfaforms.com
:scheme
https
:path
/4670417?cid=00QC000001Pv9WY
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Thu, 12 Nov 2020 16:37:53 GMT
content-type
text/html; charset=UTF-8
set-cookie
AWSALB=r9urWPz/HfURJ6fpNHUz18nUBcTRVZPMRjDFcQ55W88AAM6U+syM5pNaO06NbXh7MVtU5y+Ti0hQDyrX/+ikROdVW5DVzVUrjr8jjR50e6M2DFyjCG2989e42cnh; Expires=Thu, 19 Nov 2020 16:37:52 GMT; Path=/ AWSALBCORS=r9urWPz/HfURJ6fpNHUz18nUBcTRVZPMRjDFcQ55W88AAM6U+syM5pNaO06NbXh7MVtU5y+Ti0hQDyrX/+ikROdVW5DVzVUrjr8jjR50e6M2DFyjCG2989e42cnh; Expires=Thu, 19 Nov 2020 16:37:52 GMT; Path=/; SameSite=None; Secure FORMASSEMBLY=565fb7634f95154fbb9d45f90e105fbb; HttpOnly=1; Path=/; SameSite=None; Secure
server
nginx
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT, -1
p3p
CP="CAO PSA OUR"
strict-transport-security
max-age=10368001; includeSubDomains
x-fa-app
10-53
content-encoding
gzip
wforms-layout.css
www.tfaforms.com/form-builder/4.4.0/css/ 		28 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.tfaforms.com/form-builder/4.4.0/css/wforms-layout.css?v=b32da48fb5359ae5263737f3eafe9b6a4ec85f81
Requested by
Host: www.tfaforms.com
URL: https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.163.170.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-163-170-79.compute-1.amazonaws.com
Software
nginx /
Resource Hash
464d92904b7a61ca1e2809c49fab0652271781f32af0337439e4996476c9fd49
Security Headers
Name Value
Strict-Transport-Security max-age=10368001; includeSubDomains

Request headers

Referer
https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 12 Nov 2020 16:37:54 GMT
content-encoding
gzip
last-modified
Thu, 05 Nov 2020 17:50:48 GMT
server
nginx
etag
W/"5fa43b78-6faf"
strict-transport-security
max-age=10368001; includeSubDomains
content-type
text/css
status
200
x-fa-app
10-53
default
www.tfaforms.com/themes/get/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.tfaforms.com/themes/get/default
Requested by
Host: www.tfaforms.com
URL: https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.163.170.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-163-170-79.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e4628ecc98d00cf0a26ddc5a188232d052b405497250a3b92644ccbc7240b55b
Security Headers
Name Value
Strict-Transport-Security max-age=10368001; includeSubDomains

Request headers

Referer
https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 12 Nov 2020 16:37:54 GMT
content-encoding
gzip
server
nginx
strict-transport-security
max-age=10368001; includeSubDomains
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
status
200
cache-control
no-cache
x-fa-app
10-53
content-type
text/css;charset=UTF-8
expires
-1
wforms.js
www.tfaforms.com/wForms/3.10/js/ 		217 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.tfaforms.com/wForms/3.10/js/wforms.js?v=b32da48fb5359ae5263737f3eafe9b6a4ec85f81
Requested by
Host: www.tfaforms.com
URL: https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.163.170.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-163-170-79.compute-1.amazonaws.com
Software
nginx /
Resource Hash
fded4c8194c829defe8793b7f5faf6bb1d053e7d3261e290fb4102a85599b6e5
Security Headers
Name Value
Strict-Transport-Security max-age=10368001; includeSubDomains

Request headers

Referer
https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 12 Nov 2020 16:37:54 GMT
content-encoding
gzip
last-modified
Thu, 05 Nov 2020 17:50:48 GMT
server
nginx
etag
W/"5fa43b78-36324"
strict-transport-security
max-age=10368001; includeSubDomains
content-type
application/javascript; charset=utf-8
status
200
x-fa-app
10-53
localization-en_US.js
www.tfaforms.com/wForms/3.10/js/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.tfaforms.com/wForms/3.10/js/localization-en_US.js?v=b32da48fb5359ae5263737f3eafe9b6a4ec85f81
Requested by
Host: www.tfaforms.com
URL: https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.163.170.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-163-170-79.compute-1.amazonaws.com
Software
nginx /
Resource Hash
ce6098e1afbd9b04a3051d80e7ed6951ce80e59330bc66f74df78a71b2705a2c
Security Headers
Name Value
Strict-Transport-Security max-age=10368001; includeSubDomains

Request headers

Referer
https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 12 Nov 2020 16:37:54 GMT
content-encoding
gzip
last-modified
Thu, 05 Nov 2020 17:50:48 GMT
server
nginx
etag
W/"5fa43b78-1989"
strict-transport-security
max-age=10368001; includeSubDomains
content-type
application/javascript; charset=utf-8
status
200
x-fa-app
10-53
css
fonts.googleapis.com/ 		9 KB
722 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700&subset=cyrillic,latin-ext,vietnamese
Requested by
Host: www.tfaforms.com
URL: https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
bc0f738c584cf472c672d100ac770734b14a63aef20ee42806942ccc5159390a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 12 Nov 2020 16:37:54 GMT
server
ESF
date
Thu, 12 Nov 2020 16:37:54 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 12 Nov 2020 16:37:54 GMT
css
fonts.googleapis.com/ 		767 B
475 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato
Requested by
Host: www.tfaforms.com
URL: https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
fcbf6af74906eaaff4fcdcba6634e89342bd322c9cb79767bd0df3aeef124333
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 12 Nov 2020 16:35:53 GMT
server
ESF
date
Thu, 12 Nov 2020 16:37:54 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 12 Nov 2020 16:37:54 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: www.tfaforms.com
URL: https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:3b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 12 Nov 2020 16:37:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 12 Dec 2018 18:35:20 GMT
status
200
etag
"1544639720"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
7050
jquery-3.2.1.min.js
code.jquery.com/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.2.1.min.js
Requested by
Host: www.tfaforms.com
URL: https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Origin
https://www.tfaforms.com
Referer
https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 12 Nov 2020 16:37:54 GMT
content-encoding
gzip
last-modified
Mon, 20 Mar 2017 19:01:15 GMT
server
nginx
status
200
etag
W/"58d026fb-15283"
vary
Accept-Encoding
x-hw
1605199074.dop208.fr8.t,1605199074.cds244.fr8.hn,1605199074.cds133.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30125
iframe_message_helper_internal.js
www.tfaforms.com/js/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.tfaforms.com/js/iframe_message_helper_internal.js?v=2
Requested by
Host: www.tfaforms.com
URL: https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.163.170.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-163-170-79.compute-1.amazonaws.com
Software
nginx /
Resource Hash
2cbd11ce833b9779db5e191fd544968ac1c1fa3ea6660a922cdd6646de77c69d
Security Headers
Name Value
Strict-Transport-Security max-age=10368001; includeSubDomains

Request headers

Referer
https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 12 Nov 2020 16:37:54 GMT
content-encoding
gzip
last-modified
Thu, 05 Nov 2020 17:50:48 GMT
server
nginx
etag
W/"5fa43b78-4cec"
strict-transport-security
max-age=10368001; includeSubDomains
content-type
application/javascript; charset=utf-8
status
200
x-fa-app
10-53
wforms-jsonly.css
www.tfaforms.com/form-builder/4.4.0/css/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.tfaforms.com/form-builder/4.4.0/css/wforms-jsonly.css?v=b32da48fb5359ae5263737f3eafe9b6a4ec85f81
Requested by
Host: www.tfaforms.com
URL: https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.163.170.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-163-170-79.compute-1.amazonaws.com
Software
nginx /
Resource Hash
d97dcf9cfa8109e8af62f4b3b8980a1496d7035548d962620e79303dc4f9b308
Security Headers
Name Value
Strict-Transport-Security max-age=10368001; includeSubDomains

Request headers

Referer
https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 12 Nov 2020 16:37:54 GMT
content-encoding
gzip
last-modified
Thu, 05 Nov 2020 17:50:48 GMT
server
nginx
etag
W/"5fa43b78-446"
strict-transport-security
max-age=10368001; includeSubDomains
content-type
text/css
status
200
x-fa-app
10-53
sensor.js
aquam11114.pcapredict.com/js/ 		63 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aquam11114.pcapredict.com/js/sensor.js
Requested by
Host: www.tfaforms.com
URL: https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.75.186.148 , United Kingdom, ASN2856 (BT-UK-AS BTnet UK Regional network, GB),
Reverse DNS
services.postcodeanywhere.co.uk
Software
nginx /
Resource Hash
9aeccce7ffdb38a812e65002625660a8104fb3e92ba1255f25038315cb1f4e33

Request headers

Referer
https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 12 Nov 2020 16:37:54 GMT
Content-Encoding
gzip
Server
nginx
Content-Type
text/javascript;charset=UTF-8
Cache-Control
public
Connection
keep-alive
X-Robots-Tag
noindex
Content-Length
12881
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v17/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.tfaforms.com
Referer
https://fonts.googleapis.com/css?family=Lato
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 07 Nov 2020 23:28:07 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:12:59 GMT
server
sffe
age
407387
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14044
x-xss-protection
0
expires
Sun, 07 Nov 2021 23:28:07 GMT
arrow.png
www.guyspier.com/wp-content/uploads/2017/07/
Redirect Chain
  • http://www.guyspier.com/wp-content/uploads/2017/07/arrow.png
  • https://www.guyspier.com/wp-content/uploads/2017/07/arrow.png
289 B
984 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.guyspier.com/wp-content/uploads/2017/07/arrow.png
Requested by
Host: www.tfaforms.com
URL: https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:23b5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e4ca2f6f096d2b54f09e4593ef93edb547dea85a9eb528ca10f32565bb3a560f

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 12 Nov 2020 16:37:54 GMT
cf-cache-status
BYPASS
nel
{"report_to":"cf-nel","max_age":604800}
status
200
x-cache-info
caching
content-length
289
last-modified
Sat, 17 Mar 2018 07:10:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=IurxNGCptGIMwnZu131xFr7QHmeLH8oivz2xBTkkMhbXHp0FmGG%2BHOVmNwbtr4wyzf8Ar0PKgNszRcI5T%2F%2BLaq4D%2FKf07IIjzKjJ0dsQcQ6XjYhbkmNxWrF7E0Bf"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=10368000
accept-ranges
bytes
cf-ray
5f11ae288bec177a-FRA
expires
max-age=A10368000, public

Redirect headers

Date
Thu, 12 Nov 2020 16:37:54 GMT
NEL
{"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vI%2FCzvh5fUxpd%2FquY%2FHl6QQMqxoZyisXQSixvqhqQQeFEYnvEAxt%2F7MfXgBrWh7%2Fhoj9%2ByWU2kSPkQIZVPKSdkKlIelvfXF%2BSkwyjsqJx62L4qQYffDSonqTL8o0"}],"group":"cf-nel","max_age":604800}
Location
https://www.guyspier.com/wp-content/uploads/2017/07/arrow.png
Cache-Control
max-age=3600
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
5f11ae283b340eaf-FRA
Expires
Thu, 12 Nov 2020 17:37:54 GMT
TK3iWkUHHAIjg752GT8Gl-1PKw.woff2
fonts.gstatic.com/s/oswald/v35/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/oswald/v35/TK3iWkUHHAIjg752GT8Gl-1PKw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700&subset=cyrillic,latin-ext,vietnamese
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e747521bc9729c30f06bda6471e77ad26ce0e05b104743e93fe14c8ef3b559a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.tfaforms.com
Referer
https://fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700&subset=cyrillic,latin-ext,vietnamese
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 08 Nov 2020 11:20:36 GMT
x-content-type-options
nosniff
last-modified
Mon, 13 Jul 2020 19:17:26 GMT
server
sffe
age
364638
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25376
x-xss-protection
0
expires
Mon, 08 Nov 2021 11:20:36 GMT
nr-1184.min.js
js-agent.newrelic.com/ 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1184.min.js
Requested by
Host: www.tfaforms.com
URL: https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77

Request headers

Referer
https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 12 Nov 2020 16:37:54 GMT
content-encoding
gzip
x-amz-request-id
A21809B1C987C063
x-cache
HIT
status
200
content-length
10624
x-amz-id-2
5/0iWHe8AbcxZN6Jo3BmJ2Q+tztfRSNwr+lcNTrsM79nJm6KurTN6rNwf14f8ELquc1TIDOjlf4=
x-served-by
cache-hhn4063-HHN
last-modified
Mon, 28 Sep 2020 16:34:45 GMT
server
AmazonS3
x-timer
S1605199075.973934,VS0,VE0
etag
"3d7f312be60d08a2568e311e4762f3af"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
44327
platformcaptureplus-2.10.min.css
services.postcodeanywhere.co.uk/css/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://services.postcodeanywhere.co.uk/css/platformcaptureplus-2.10.min.css?key=NN97-YN61-AB19-EH48&BRAND=PostcodeAnywhere
Requested by
Host: aquam11114.pcapredict.com
URL: https://aquam11114.pcapredict.com/js/sensor.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.75.186.148 , United Kingdom, ASN2856 (BT-UK-AS BTnet UK Regional network, GB),
Reverse DNS
services.postcodeanywhere.co.uk
Software
nginx /
Resource Hash
aa4ec892e501cfc31208993dd410911148afeff5286dcb421d788524700a9be9

Request headers

Referer
https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 12 Nov 2020 16:37:55 GMT
Content-Encoding
gzip
Server
nginx
Content-Type
text/css;charset=UTF-8
Cache-Control
public
Connection
keep-alive
X-Robots-Tag
noindex
Content-Length
2021
platformcaptureplus-2.10.min.js
services.postcodeanywhere.co.uk/js/ 		90 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://services.postcodeanywhere.co.uk/js/platformcaptureplus-2.10.min.js?key=NN97-YN61-AB19-EH48&BRAND=PostcodeAnywhere
Requested by
Host: aquam11114.pcapredict.com
URL: https://aquam11114.pcapredict.com/js/sensor.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.75.186.148 , United Kingdom, ASN2856 (BT-UK-AS BTnet UK Regional network, GB),
Reverse DNS
services.postcodeanywhere.co.uk
Software
nginx /
Resource Hash
3f08348f594b38470069e7e492b88c2c46e0c7f9a0d61037b10d9d3a10b0dfd7

Request headers

Referer
https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 12 Nov 2020 16:37:55 GMT
Content-Encoding
gzip
Server
nginx
Content-Type
text/javascript;charset=UTF-8
Cache-Control
public
Connection
keep-alive
X-Robots-Tag
noindex
Content-Length
25612
c33294f5df
bam-cell.nr-data.net/1/ 		57 B
469 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam-cell.nr-data.net/1/c33294f5df?a=90069622&v=1184.ab39b52&to=YQNTMBRRXxZTAkJZVlhJchEVRF4IHSJZXldTBUULFGNQCVcSUF9LVQNhEQpccgpcFURfVVoDQ0sDSFQGRxVT&rst=2568&ck=0&ref=https://www.tfaforms.com/4670417&ap=661&be=1804&fe=2486&dc=2190&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1605199072431,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:15,%22c%22:15,%22s%22:29,%22ce%22:231,%22rq%22:231,%22rp%22:1003,%22rpe%22:1097,%22dl%22:1797,%22di%22:2190,%22ds%22:2190,%22de%22:2191,%22dc%22:2486,%22l%22:2486,%22le%22:2487%7D,%22navigation%22:%7B%7D%7D&fp=2190&fcp=2190&at=TURQRlxLTBg%3D&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1184.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.147 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d

Request headers

Referer
https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 12 Nov 2020 16:37:55 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Server
cloudflare
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
Content-Type
text/javascript;charset=ISO-8859-1
Transfer-Encoding
chunked
Connection
keep-alive
CF-Ray
5f11ae2b1ea8fa7c-AMS
json3ex.ws
services.postcodeanywhere.co.uk/Extras/Web/Ip2Country/v1.10/ 		86 B
426 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.postcodeanywhere.co.uk/Extras/Web/Ip2Country/v1.10/json3ex.ws?Key=NN97-YN61-AB19-EH48&SOURCE=PCA-SCRIPT&SESSION=24406b60-3315-f7c2-0751-2923762a8fb8
Requested by
Host: www.tfaforms.com
URL: https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.75.186.148 , United Kingdom, ASN2856 (BT-UK-AS BTnet UK Regional network, GB),
Reverse DNS
services.postcodeanywhere.co.uk
Software
nginx /
Resource Hash
6337bca5c16b9b6af085d63fa463be2284df39d55805285b68e9eec4b5887bc7

Request headers

Referer
https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 12 Nov 2020 16:37:55 GMT
Server
nginx
Access-Control-Allow-Origin
*
Content-Type
application/json;charset=UTF-8
Records
1
Cache-Control
no-cache
Connection
keep-alive
X-Robots-Tag
noindex
Access-Control-Allow-Headers
Content-Type, pca-source
Content-Length
86
Expires
-1
c33294f5df
bam-cell.nr-data.net/events/1/ 		24 B
443 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bam-cell.nr-data.net/events/1/c33294f5df?a=90069622&v=1184.ab39b52&to=YQNTMBRRXxZTAkJZVlhJchEVRF4IHSJZXldTBUULFGNQCVcSUF9LVQNhEQpccgpcFURfVVoDQ0sDSFQGRxVT&rst=12568&ck=0&ref=https://www.tfaforms.com/4670417
Requested by
Host: www.tfaforms.com
URL: https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.147 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer
https://www.tfaforms.com/4670417?cid=00QC000001Pv9WY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type
text/plain

Response headers

Date
Thu, 12 Nov 2020 16:38:05 GMT
CF-Cache-Status
DYNAMIC
Server
cloudflare
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
Content-Type
image/gif
Access-Control-Allow-Origin
https://www.tfaforms.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
CF-Ray
5f11ae694c0cfa7c-AMS
Content-Length
24

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| NREUM object| newrelic function| __nr_require object| base2 boolean| loadIE object| _b function| _i object| StopIteration object| wFORMS object| cfg object| wFormsNumericLocaleFormattingInfo object| pca function| $ function| jQuery object| simpleStorage undefined| base function| attachEvent object| capturePlus

3 Cookies

Domain/Path Name / Value
www.tfaforms.com/ Name: AWSALBCORS
Value: bUw9kvHJ4oD94adneoKL8Mh1Q87UurGV+x/ciIfP1w5cbhtX2souMG/cDvyPw+VVFXgUIL0FYEwu+f4ANh6mG0A7o5LVrHMrVvKcGMrmF8H32kx4tB8hzakTJU/b
www.tfaforms.com/ Name: AWSALB
Value: bUw9kvHJ4oD94adneoKL8Mh1Q87UurGV+x/ciIfP1w5cbhtX2souMG/cDvyPw+VVFXgUIL0FYEwu+f4ANh6mG0A7o5LVrHMrVvKcGMrmF8H32kx4tB8hzakTJU/b
www.tfaforms.com/ Name: FORMASSEMBLY
Value: 565fb7634f95154fbb9d45f90e105fbb

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=10368001; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aquam11114.pcapredict.com
bam-cell.nr-data.net
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
js-agent.newrelic.com
maxcdn.bootstrapcdn.com
services.postcodeanywhere.co.uk
www.guyspier.com
www.tfaforms.com
151.101.114.110
162.247.243.147
194.75.186.148
2001:4de0:ac19::1:b:2a
2001:4de0:ac19::1:b:3b
2606:4700:3037::6812:23b5
2a00:1450:4001:801::2003
2a00:1450:4001:81b::2003
2a00:1450:4001:81f::200a
54.163.170.79
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
2cbd11ce833b9779db5e191fd544968ac1c1fa3ea6660a922cdd6646de77c69d
3f08348f594b38470069e7e492b88c2c46e0c7f9a0d61037b10d9d3a10b0dfd7
464d92904b7a61ca1e2809c49fab0652271781f32af0337439e4996476c9fd49
5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d
6337bca5c16b9b6af085d63fa463be2284df39d55805285b68e9eec4b5887bc7
780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
9aeccce7ffdb38a812e65002625660a8104fb3e92ba1255f25038315cb1f4e33
aa4ec892e501cfc31208993dd410911148afeff5286dcb421d788524700a9be9
bc0f738c584cf472c672d100ac770734b14a63aef20ee42806942ccc5159390a
ce6098e1afbd9b04a3051d80e7ed6951ce80e59330bc66f74df78a71b2705a2c
d7c301a1965d89e781b94b9f30c16f60addc8aa8e96d697eb4c70c101c9524a6
d97dcf9cfa8109e8af62f4b3b8980a1496d7035548d962620e79303dc4f9b308
e4628ecc98d00cf0a26ddc5a188232d052b405497250a3b92644ccbc7240b55b
e4ca2f6f096d2b54f09e4593ef93edb547dea85a9eb528ca10f32565bb3a560f
e747521bc9729c30f06bda6471e77ad26ce0e05b104743e93fe14c8ef3b559a7
fcbf6af74906eaaff4fcdcba6634e89342bd322c9cb79767bd0df3aeef124333
fded4c8194c829defe8793b7f5faf6bb1d053e7d3261e290fb4102a85599b6e5