URL: https://dev.employeesavings.co.uk/
Submission: On February 20 via automatic, source certstream-suspicious — Scanned from GB

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 28 HTTP transactions. The main IP is 18.134.89.98, located in London, United Kingdom and belongs to AMAZON-02, US. The main domain is dev.employeesavings.co.uk.
TLS certificate: Issued by Amazon on March 22nd 2021. Valid for: a year.
This is the only time dev.employeesavings.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
22 18.134.89.98 16509 (AMAZON-02)
4 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
28 4
Apex Domain
Subdomains
Transfer
22 employeesavings.co.uk
dev.employeesavings.co.uk
817 KB
4 unpkg.com
unpkg.com — Cisco Umbrella Rank: 802
78 KB
1 gstatic.com
fonts.gstatic.com
17 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
1 KB
28 4
Domain Requested by
22 dev.employeesavings.co.uk dev.employeesavings.co.uk
4 unpkg.com dev.employeesavings.co.uk
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com dev.employeesavings.co.uk
28 4

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.facebook.com
Subject Issuer Validity Valid
dev.mydriversclub.co.uk
Amazon
2021-03-22 -
2022-04-20
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-07-02 -
2022-07-01
a year crt.sh
upload.video.google.com
GTS CA 1C3
2022-02-07 -
2022-05-02
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2022-02-07 -
2022-05-02
3 months crt.sh

This page contains 1 frames:

Primary Page: https://dev.employeesavings.co.uk/
Frame ID: DB99974754A268AB1C0765224BAA2048
Requests: 28 HTTP requests in this frame

Screenshot

Page Title

ClubUser User

Page Statistics

28
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

912 kB
Transfer

2230 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

28 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
dev.employeesavings.co.uk/
2 KB
1 KB
Document
General
Full URL
https://dev.employeesavings.co.uk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
986b9288e31e379a3ed67e20ca32a729ed18dcf416f3123bc94c72cb995d2e17

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
en-GB,en;q=0.9

Response headers

date
Sun, 20 Feb 2022 00:21:34 GMT
content-type
text/html
content-length
754
server
Apache/2.4.38 (Debian)
last-modified
Mon, 31 Jan 2022 18:43:01 GMT
etag
"870-5d6e5276f1740-gzip"
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
shim.js
unpkg.com/core-js@2.4.1/client/
223 KB
50 KB
Script
General
Full URL
https://unpkg.com/core-js@2.4.1/client/shim.js
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0df0797c04be5b1d4329eae1c02f056b222abd4d42dd440ac0b69b490f637f9e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sun, 20 Feb 2022 00:21:34 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
age
4717328
fly-request-id
01FQXN97T4WZHSY13EF8VP5X5V
content-encoding
br
vary
Accept-Encoding
last-modified
Sun, 17 Jul 2016 21:38:00 GMT
server
cloudflare
etag
W/"37b90-pyYRwCXaQsSB7El6gSfR/PTlDGM"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
6e03935d6abc71ba-LHR
long-stack-trace-zone.js
unpkg.com/zone.js@0.6.24/dist/
5 KB
2 KB
Script
General
Full URL
https://unpkg.com/zone.js@0.6.24/dist/long-stack-trace-zone.js
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e56e9d55fdb6e23cfe3d4fbe0970ae4dee798f83cdb830966c400efc05796b53
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sun, 20 Feb 2022 00:21:34 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
age
856367
fly-request-id
01FVGQCD7N5M674FBW4JXJC9TA
content-encoding
br
vary
Accept-Encoding
last-modified
Mon, 19 Sep 2016 23:12:10 GMT
server
cloudflare
etag
W/"145a-GQ0RFV+Con37ByMd1dhDvoF1LfA"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
6e03935d6abd71ba-LHR
Reflect.js
unpkg.com/reflect-metadata@0.1.3/
37 KB
6 KB
Script
General
Full URL
https://unpkg.com/reflect-metadata@0.1.3/Reflect.js
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4014b80948cd67faa5353c0662583768d8b5e9d8be8a19d37428afeddee8cf3d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sun, 20 Feb 2022 00:21:34 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
age
10079575
fly-request-id
01FJXVEE8WZB0WA5HF46HJ93W9
content-encoding
br
vary
Accept-Encoding
last-modified
Wed, 06 Jan 2016 00:27:14 GMT
server
cloudflare
etag
W/"93a1-tysVFK0VbBx174iyDnMqQ+3Xdcg"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
6e03935d6abe71ba-LHR
system.js
unpkg.com/systemjs@0.19.31/dist/
59 KB
20 KB
Script
General
Full URL
https://unpkg.com/systemjs@0.19.31/dist/system.js
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22b9387b0c85cdaf61f7431a57469f1359981b810d620e970a2d471e22ffe0b9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sun, 20 Feb 2022 00:21:34 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
age
4795287
fly-request-id
01FQVAY38SVDA8HZHJ9MN78CNJ
content-encoding
br
vary
Accept-Encoding
last-modified
Sat, 11 Jun 2016 23:41:38 GMT
server
cloudflare
etag
W/"edea-N4p7fTvFh29jZwqq3Se1+bHYShY"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
6e03935d6ac071ba-LHR
styles.02af9ca974767ee27cc6.bundle.css
dev.employeesavings.co.uk/
119 KB
21 KB
Stylesheet
General
Full URL
https://dev.employeesavings.co.uk/styles.02af9ca974767ee27cc6.bundle.css
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
2c331da35f2975d2d2ceca24e43e910dda7e2aef97ebc73d3f5d4c841f6a8a12

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sun, 20 Feb 2022 00:21:34 GMT
content-encoding
gzip
last-modified
Mon, 31 Jan 2022 18:43:01 GMT
server
Apache/2.4.38 (Debian)
etag
"1da4d-5d6e5276f1740-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
20540
tyre.png
dev.employeesavings.co.uk/images/
361 KB
362 KB
Image
General
Full URL
https://dev.employeesavings.co.uk/images/tyre.png
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
61a7eebf29e4e368f9ab7c1366c8db8cf30de29b649f9b33c45d344924dc959a

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sun, 20 Feb 2022 00:21:35 GMT
last-modified
Tue, 02 Feb 2021 17:45:30 GMT
server
Apache/2.4.38 (Debian)
accept-ranges
bytes
etag
"5a45e-5ba5e0957e280"
content-length
369758
content-type
image/png
inline.2a7d04c1d06e6847feb6.bundle.js
dev.employeesavings.co.uk/
1 KB
1 KB
Script
General
Full URL
https://dev.employeesavings.co.uk/inline.2a7d04c1d06e6847feb6.bundle.js
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
43d4af348e607c117e32f76b9e325af918592a87cd077c88473f26d6db4d8cff

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sun, 20 Feb 2022 00:21:35 GMT
content-encoding
gzip
last-modified
Mon, 31 Jan 2022 18:43:01 GMT
server
Apache/2.4.38 (Debian)
etag
"5a7-5d6e5276f1740-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
805
polyfills.a26ad12020ebba6688c7.bundle.js
dev.employeesavings.co.uk/
212 KB
66 KB
Script
General
Full URL
https://dev.employeesavings.co.uk/polyfills.a26ad12020ebba6688c7.bundle.js
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
80a09239127408bb1335a74446a6d056d1876bac88e52d3f7ed0553ba0abef67

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sun, 20 Feb 2022 00:21:35 GMT
content-encoding
gzip
last-modified
Mon, 31 Jan 2022 18:43:01 GMT
server
Apache/2.4.38 (Debian)
etag
"34f5c-5d6e5276f1740-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
scripts.a4aa5b16ba9f2858e093.bundle.js
dev.employeesavings.co.uk/
126 KB
41 KB
Script
General
Full URL
https://dev.employeesavings.co.uk/scripts.a4aa5b16ba9f2858e093.bundle.js
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
fa85857422817f98132f7063055891e26abddb22e1305a4d2ffdfe0b94cc382b

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sun, 20 Feb 2022 00:21:35 GMT
content-encoding
gzip
last-modified
Mon, 31 Jan 2022 18:43:01 GMT
server
Apache/2.4.38 (Debian)
etag
"1f7b8-5d6e5276f1740-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
41002
vendor.1dc9df84feae4351ef7f.bundle.js
dev.employeesavings.co.uk/
672 KB
152 KB
Script
General
Full URL
https://dev.employeesavings.co.uk/vendor.1dc9df84feae4351ef7f.bundle.js
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
36b22d484b3d0bcf040b21bb80b7f5b45e9be6ae153517c2a366f610db947066

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sun, 20 Feb 2022 00:21:35 GMT
content-encoding
gzip
last-modified
Mon, 31 Jan 2022 18:43:01 GMT
server
Apache/2.4.38 (Debian)
etag
"a7eab-5d6e5276f1740-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
main.ab468e97bd2888d3bc38.bundle.js
dev.employeesavings.co.uk/
107 KB
24 KB
Script
General
Full URL
https://dev.employeesavings.co.uk/main.ab468e97bd2888d3bc38.bundle.js
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
9dc13006ff2457799a02e7e7cb3a3b332cd9f57666205279c9298c73e3bd2f56

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sun, 20 Feb 2022 00:21:35 GMT
content-encoding
gzip
last-modified
Mon, 31 Jan 2022 18:43:01 GMT
server
Apache/2.4.38 (Debian)
etag
"1ab4b-5d6e5276f1740-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
23531
css
fonts.googleapis.com/
3 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/styles.02af9ca974767ee27cc6.bundle.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
48394ef740fabcd6aeb9c1de94df052c57348fc38da106e85828b45eef22580f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 19 Feb 2022 22:23:27 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sun, 20 Feb 2022 00:21:35 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 20 Feb 2022 00:21:35 GMT
getBranding
dev.employeesavings.co.uk/api/passthrough/
249 B
787 B
XHR
General
Full URL
https://dev.employeesavings.co.uk/api/passthrough/getBranding
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/polyfills.a26ad12020ebba6688c7.bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) / PHP/7.2.33
Resource Hash
1b002eb2b315ed106692f877e1948139f698944eda73dd1a83ae20843b1f7dc4

Request headers

Accept
application/json, text/plain, */*
Referer
https://dev.employeesavings.co.uk/
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 20 Feb 2022 00:21:35 GMT
content-encoding
gzip
server
Apache/2.4.38 (Debian)
x-powered-by
PHP/7.2.33
vary
Accept-Encoding
access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS
content-type
text/html; charset=UTF-8
access-control-allow-headers
Authorization,Origin, X-Requested-With, Content-Type, Accept
content-length
183
0.68ec4e8c758f894c49c5.chunk.js
dev.employeesavings.co.uk/
459 B
831 B
Script
General
Full URL
https://dev.employeesavings.co.uk/0.68ec4e8c758f894c49c5.chunk.js
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/inline.2a7d04c1d06e6847feb6.bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
3d7f23bea365a7ae7377bfc144779168d40cfc12151cac0bd76af2b79a31f441

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sun, 20 Feb 2022 00:21:35 GMT
content-encoding
gzip
last-modified
Mon, 31 Jan 2022 18:43:01 GMT
server
Apache/2.4.38 (Debian)
etag
"1cb-5d6e5276f1740-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
297
2.de39bccf7a48f28ab9f7.chunk.js
dev.employeesavings.co.uk/
62 KB
11 KB
Script
General
Full URL
https://dev.employeesavings.co.uk/2.de39bccf7a48f28ab9f7.chunk.js
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/inline.2a7d04c1d06e6847feb6.bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
a3e8bb03c853cf292c31b930b606f01837d13180f44cce2ffc3b723f5a69c8e5

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sun, 20 Feb 2022 00:21:35 GMT
content-encoding
gzip
last-modified
Mon, 31 Jan 2022 18:43:01 GMT
server
Apache/2.4.38 (Debian)
etag
"f728-5d6e5276f1740-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
10231
memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v27/
16 KB
17 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v27/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://dev.employeesavings.co.uk
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Tue, 15 Feb 2022 18:59:48 GMT
x-content-type-options
nosniff
age
364907
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16692
x-xss-protection
0
last-modified
Thu, 28 Oct 2021 00:32:10 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 15 Feb 2023 18:59:48 GMT
authenticate
dev.employeesavings.co.uk/api/
0
548 B
XHR
General
Full URL
https://dev.employeesavings.co.uk/api/authenticate
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/polyfills.a26ad12020ebba6688c7.bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) / PHP/7.2.33
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/plain, */*
Referer
https://dev.employeesavings.co.uk/
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 20 Feb 2022 00:21:35 GMT
server
Apache/2.4.38 (Debian)
x-powered-by
PHP/7.2.33
access-control-allow-headers
Authorization,Origin, X-Requested-With, Content-Type, Accept
content-length
0
access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS
content-type
text/html; charset=UTF-8
1.12e37142b6f28e7af37e.chunk.js
dev.employeesavings.co.uk/
105 KB
13 KB
Script
General
Full URL
https://dev.employeesavings.co.uk/1.12e37142b6f28e7af37e.chunk.js
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/inline.2a7d04c1d06e6847feb6.bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
a9e993f29bc4ba4aff2f0a2870200f6fc7139a44f185c49a8f7e51c26c783a41

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sun, 20 Feb 2022 00:21:35 GMT
content-encoding
gzip
last-modified
Mon, 31 Jan 2022 18:43:01 GMT
server
Apache/2.4.38 (Debian)
etag
"1a297-5d6e5276f1740-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
13224
twitterLogo.png
dev.employeesavings.co.uk/images/
1 KB
2 KB
Image
General
Full URL
https://dev.employeesavings.co.uk/images/twitterLogo.png
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
2cefa00bd0c61bda1d755bd4e20ba3168dca1045b5190cbabfd41952d0b2e813

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sun, 20 Feb 2022 00:21:35 GMT
last-modified
Tue, 02 Feb 2021 17:45:30 GMT
server
Apache/2.4.38 (Debian)
accept-ranges
bytes
etag
"438-5ba5e0957e280"
content-length
1080
content-type
image/png
facebook.png
dev.employeesavings.co.uk/images/
881 B
1 KB
Image
General
Full URL
https://dev.employeesavings.co.uk/images/facebook.png
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
d98a488dcadd9085776d9a31ea9618d272392f983bc561c55d4513b6326f5c51

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sun, 20 Feb 2022 00:21:35 GMT
last-modified
Tue, 02 Feb 2021 17:45:18 GMT
server
Apache/2.4.38 (Debian)
accept-ranges
bytes
etag
"371-5ba5e08a0c780"
content-length
881
content-type
image/png
yourfandi.jpg
dev.employeesavings.co.uk/images/dealers/
3 KB
4 KB
Image
General
Full URL
https://dev.employeesavings.co.uk/images/dealers/yourfandi.jpg
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
4b393f55047ce4f551cdf91df9622aa8d3509b49ca1a0b6d560df7bbbcae4d3e

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sun, 20 Feb 2022 00:21:35 GMT
last-modified
Wed, 02 Feb 2022 13:18:26 GMT
server
Apache/2.4.38 (Debian)
accept-ranges
bytes
etag
"c26-5d708da5ce6e8"
content-length
3110
content-type
image/jpeg
getBranding
dev.employeesavings.co.uk/api/passthrough/
249 B
783 B
XHR
General
Full URL
https://dev.employeesavings.co.uk/api/passthrough/getBranding
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/polyfills.a26ad12020ebba6688c7.bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) / PHP/7.2.33
Resource Hash
1b002eb2b315ed106692f877e1948139f698944eda73dd1a83ae20843b1f7dc4

Request headers

Accept
application/json, text/plain, */*
Referer
https://dev.employeesavings.co.uk/login
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 20 Feb 2022 00:21:35 GMT
content-encoding
gzip
server
Apache/2.4.38 (Debian)
x-powered-by
PHP/7.2.33
vary
Accept-Encoding
access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS
content-type
text/html; charset=UTF-8
access-control-allow-headers
Authorization,Origin, X-Requested-With, Content-Type, Accept
content-length
183
getAllLoginOffers
dev.employeesavings.co.uk/api/passthrough/
2 KB
1 KB
XHR
General
Full URL
https://dev.employeesavings.co.uk/api/passthrough/getAllLoginOffers
Requested by
Host: dev.employeesavings.co.uk
URL: https://dev.employeesavings.co.uk/polyfills.a26ad12020ebba6688c7.bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) / PHP/7.2.33
Resource Hash
b800df0b0b0a2693048ae7909f5f5ef7701df7256b4dada73d8d5723e550758d

Request headers

Accept
application/json, text/plain, */*
Referer
https://dev.employeesavings.co.uk/login
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 20 Feb 2022 00:21:35 GMT
content-encoding
gzip
server
Apache/2.4.38 (Debian)
x-powered-by
PHP/7.2.33
vary
Accept-Encoding
access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS
content-type
text/html; charset=UTF-8
access-control-allow-headers
Authorization,Origin, X-Requested-With, Content-Type, Accept
content-length
504
HN8FTJUAtYYvksO6POi8ZXtlFGDDIpD1z.jpg
dev.employeesavings.co.uk/images/button/
28 KB
29 KB
Image
General
Full URL
https://dev.employeesavings.co.uk/images/button/HN8FTJUAtYYvksO6POi8ZXtlFGDDIpD1z.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
35563b50fdfc4e4aff4e47ed56e784fca284070e5319c7651cc000a464d919d9

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sun, 20 Feb 2022 00:21:35 GMT
last-modified
Tue, 02 Feb 2021 17:45:16 GMT
server
Apache/2.4.38 (Debian)
accept-ranges
bytes
etag
"71a3-5ba5e08824300"
content-length
29091
content-type
image/jpeg
HgK6C4g20w0jOHerTV7PFVow4LWHRfKsb.jpg
dev.employeesavings.co.uk/images/button/
39 KB
39 KB
Image
General
Full URL
https://dev.employeesavings.co.uk/images/button/HgK6C4g20w0jOHerTV7PFVow4LWHRfKsb.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
55f67ce8d38d5faf80d9d281cb1d33d775665e826cf234fb3cfaef0dd78cd79f

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sun, 20 Feb 2022 00:21:35 GMT
last-modified
Tue, 02 Feb 2021 17:45:16 GMT
server
Apache/2.4.38 (Debian)
accept-ranges
bytes
etag
"9aa7-5ba5e08824300"
content-length
39591
content-type
image/jpeg
HZAn1lUCp3TdsWV3viWFgQAUEps6LgwOY.jpg
dev.employeesavings.co.uk/images/button/
31 KB
31 KB
Image
General
Full URL
https://dev.employeesavings.co.uk/images/button/HZAn1lUCp3TdsWV3viWFgQAUEps6LgwOY.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
e31e06a3ae462cfe263206ed781264e8c68a7c551189219c27cce8ca7a2fede4

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sun, 20 Feb 2022 00:21:35 GMT
last-modified
Tue, 02 Feb 2021 17:45:16 GMT
server
Apache/2.4.38 (Debian)
accept-ranges
bytes
etag
"7ab1-5ba5e08824300"
content-length
31409
content-type
image/jpeg
HBUmpRMycW6p71BJvNumrdhaKZYDpyjtN.jpg
dev.employeesavings.co.uk/images/button/
15 KB
16 KB
Image
General
Full URL
https://dev.employeesavings.co.uk/images/button/HBUmpRMycW6p71BJvNumrdhaKZYDpyjtN.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.89.98 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-89-98.eu-west-2.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
a295530f808b29ac3019478057554f8164ac5f173946e07414ea92a5ba546db8

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://dev.employeesavings.co.uk/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sun, 20 Feb 2022 00:21:35 GMT
last-modified
Tue, 02 Feb 2021 17:45:15 GMT
server
Apache/2.4.38 (Debian)
accept-ranges
bytes
etag
"3cc5-5ba5e087300c0"
content-length
15557
content-type
image/jpeg

Verdicts & Comments Add Verdict or Comment

41 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| core object| __core-js_shared__ object| System function| asap function| Observable function| setImmediate function| clearImmediate object| $__curScript function| URLPolyfill object| SystemJS function| webpackJsonp function| __zone_symbol__Promise function| __zone_symbol__Error function| Zone function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__setImmediate function| __zone_symbol__clearImmediate function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm object| IntlPolyfill object| global object| __zone_symbol__eventTasks function| $ function| jQuery object| ng function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers boolean| __zone_symbol__xhrScheduled function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener

2 Cookies

Domain/Path Name / Value
dev.employeesavings.co.uk/ Name: AWSALB
Value: 8xy55wEYOlNRdVW10uEpNCAWeuSlCNo5n94IVlR7ddiFUUSyaHzNOa179XjIRR1E6TFB6fgfUcRUQIJZyUfycuGUosgtIIDWhD3yfpH7yn9nZyToOz5nM203A00S
dev.employeesavings.co.uk/ Name: AWSALBCORS
Value: 8xy55wEYOlNRdVW10uEpNCAWeuSlCNo5n94IVlR7ddiFUUSyaHzNOa179XjIRR1E6TFB6fgfUcRUQIJZyUfycuGUosgtIIDWhD3yfpH7yn9nZyToOz5nM203A00S

1 Console Messages

Source Level URL
Text
network error URL: https://dev.employeesavings.co.uk/api/authenticate
Message:
Failed to load resource: the server responded with a status of 401 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dev.employeesavings.co.uk
fonts.googleapis.com
fonts.gstatic.com
unpkg.com
18.134.89.98
2606:4700::6810:7eaf
2a00:1450:4001:810::2003
2a00:1450:4001:830::200a
0df0797c04be5b1d4329eae1c02f056b222abd4d42dd440ac0b69b490f637f9e
1b002eb2b315ed106692f877e1948139f698944eda73dd1a83ae20843b1f7dc4
22b9387b0c85cdaf61f7431a57469f1359981b810d620e970a2d471e22ffe0b9
2c331da35f2975d2d2ceca24e43e910dda7e2aef97ebc73d3f5d4c841f6a8a12
2cefa00bd0c61bda1d755bd4e20ba3168dca1045b5190cbabfd41952d0b2e813
35563b50fdfc4e4aff4e47ed56e784fca284070e5319c7651cc000a464d919d9
36b22d484b3d0bcf040b21bb80b7f5b45e9be6ae153517c2a366f610db947066
3d7f23bea365a7ae7377bfc144779168d40cfc12151cac0bd76af2b79a31f441
4014b80948cd67faa5353c0662583768d8b5e9d8be8a19d37428afeddee8cf3d
43d4af348e607c117e32f76b9e325af918592a87cd077c88473f26d6db4d8cff
48394ef740fabcd6aeb9c1de94df052c57348fc38da106e85828b45eef22580f
4b393f55047ce4f551cdf91df9622aa8d3509b49ca1a0b6d560df7bbbcae4d3e
55f67ce8d38d5faf80d9d281cb1d33d775665e826cf234fb3cfaef0dd78cd79f
61a7eebf29e4e368f9ab7c1366c8db8cf30de29b649f9b33c45d344924dc959a
80a09239127408bb1335a74446a6d056d1876bac88e52d3f7ed0553ba0abef67
986b9288e31e379a3ed67e20ca32a729ed18dcf416f3123bc94c72cb995d2e17
9dc13006ff2457799a02e7e7cb3a3b332cd9f57666205279c9298c73e3bd2f56
a295530f808b29ac3019478057554f8164ac5f173946e07414ea92a5ba546db8
a3e8bb03c853cf292c31b930b606f01837d13180f44cce2ffc3b723f5a69c8e5
a9e993f29bc4ba4aff2f0a2870200f6fc7139a44f185c49a8f7e51c26c783a41
b800df0b0b0a2693048ae7909f5f5ef7701df7256b4dada73d8d5723e550758d
cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0
d98a488dcadd9085776d9a31ea9618d272392f983bc561c55d4513b6326f5c51
e31e06a3ae462cfe263206ed781264e8c68a7c551189219c27cce8ca7a2fede4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e56e9d55fdb6e23cfe3d4fbe0970ae4dee798f83cdb830966c400efc05796b53
fa85857422817f98132f7063055891e26abddb22e1305a4d2ffdfe0b94cc382b