Submitted URL: http://msg.patientpop.com/ls/click?upn=IgZTrZ8ibPU-2F5UuajpIaYGGXh7sgZB5yz7fKYKhVCIGc2en3OaKAT1F37SPdW-2BYxnuGOOFBVaaEKAhm...
Effective URL: https://widgets.patientpop.com/reputation/af3c408c-409d-315b-95e9-04a5ac87f522.com?review=mQYPOwAwlj&utm_source=quality_survey&...
Submission: On October 01 via api from US — Scanned from DE

Summary

This website contacted 10 IPs in 3 countries across 7 domains to perform 18 HTTP transactions. The main IP is 3.231.236.32, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is widgets.patientpop.com.
TLS certificate: Issued by Amazon on January 15th 2021. Valid for: a year.
This is the only time widgets.patientpop.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.118.83 11377 (SENDGRID)
4 3.231.236.32 14618 (AMAZON-AES)
2 13.224.193.85 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
3 13.224.193.86 16509 (AMAZON-02)
1 151.101.66.137 54113 (FASTLY)
1 162.247.242.19 23467 (NEWRELIC-...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:20e... 16509 (AMAZON-02)
18 10
Domain Requested by
3 sa1s3.patientpop.com sa1co.patientpop.com
3 api.patientpop.com widgets.patientpop.com
3 www.google-analytics.com widgets.patientpop.com
2 sa1co.patientpop.com widgets.patientpop.com
1 sa1s3optim.patientpop.com
1 www.google.de
1 www.google.com
1 stats.g.doubleclick.net widgets.patientpop.com
1 bam.nr-data.net js-agent.newrelic.com
1 js-agent.newrelic.com widgets.patientpop.com
1 widgets.patientpop.com
1 msg.patientpop.com 1 redirects
18 12

This site contains no links.

Subject Issuer Validity Valid
patientpop.com
Amazon
2021-01-15 -
2022-02-12
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
*.newrelic.com
R3
2021-09-17 -
2021-12-16
3 months crt.sh
*.nr-data.net
DigiCert SHA2 Secure Server CA
2020-02-05 -
2022-02-08
2 years crt.sh
*.g.doubleclick.net
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
www.google.com
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
www.google.de
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh

This page contains 1 frames:

Primary Page: https://widgets.patientpop.com/reputation/af3c408c-409d-315b-95e9-04a5ac87f522.com?review=mQYPOwAwlj&utm_source=quality_survey&utm_campaign=third_feedback_request&utm_medium=email&utm_content=share_feedback&utm_term=send_10am&recommend=no
Frame ID: 58E1DCA9C7D27F9C72D2F44B3A68BE9C
Requests: 17 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://msg.patientpop.com/ls/click?upn=IgZTrZ8ibPU-2F5UuajpIaYGGXh7sgZB5yz7fKYKhVCIGc2en3OaKAT1F37SPdW... HTTP 302
    https://widgets.patientpop.com/reputation/af3c408c-409d-315b-95e9-04a5ac87f522.com?review=mQYPOwAwlj&utm_so... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

18
Requests

100 %
HTTPS

45 %
IPv6

7
Domains

12
Subdomains

10
IPs

3
Countries

410 kB
Transfer

722 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://msg.patientpop.com/ls/click?upn=IgZTrZ8ibPU-2F5UuajpIaYGGXh7sgZB5yz7fKYKhVCIGc2en3OaKAT1F37SPdW-2BYxnuGOOFBVaaEKAhmncBLUku4HnE0ke-2BOtDURQLRNOZC4Ie3H1u8UafN5yBM6nILIMy80X-2BiTmINVYLqdMwoy7zjMYyEPgDiG8JwhlIS3K5GqotSxnNIs9iefHVUGMdyZwYRGd5jblBWUHjdhuXrGaJjiH4w6spdHfQoDlrLzbuOncdzsJ9k4jXYuBUwzq8U-2B2KnEmwa8DPdD060zVx3b82ofhbqjKxTQXS1kasodErdKvs5ItkZuHaWIjM2qg2ZMUE4DOAN-2FwmvO4cstSgmvj7w-3D-3DSEJu_dZ5WDwwpW23Ls40NDJ6frp1eECARQmpBTmcoqhGjSxBFxS0n7-2BOxNtK679xe87C6lW-2F805XXvu1sTp4plyph55KtWNRVAXpPlcuK87kdyR-2FjxP7YKdXvtjATz8AHVkGCE-2FrTJugcoRNKxfSGDXOt8l3RfpjxlWFVLQ-2FIqOkYvppfVVa25JmW6ItulaLGrPgWe8eOwvmL39E07SlBJVt7Z0fccAp8aGz2QUnN23KhU8BK5Okc3KAB2lTloJJpQs-2FT73spLkJDEO5qOhIxYCQxv1fZhH0-2F5Pso3R7Nij4yOchqXyYYLk337YOEb68Ben-2BOEbwTWMGp8jg1zWy0OzIYDgmzOLWggGYb9WNeOHcIUwtZ3fllhsNrlxV-2FYO28Kd7uw7vL6yNdrT7dYR06UlKcgqjNNwvvy5T3C-2BYyWd2JnfOkxIFek-2FMjGrWyVCz7MpYlIUPe-2F-2BZI2s-2BBKcI-2BNuXvlZXPDt6-2BcK7scV1ke0m9A2o-3D HTTP 302
    https://widgets.patientpop.com/reputation/af3c408c-409d-315b-95e9-04a5ac87f522.com?review=mQYPOwAwlj&utm_source=quality_survey&utm_campaign=third_feedback_request&utm_medium=email&utm_content=share_feedback&utm_term=send_10am&recommend=no Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request af3c408c-409d-315b-95e9-04a5ac87f522.com
widgets.patientpop.com/reputation/
Redirect Chain
  • http://msg.patientpop.com/ls/click?upn=IgZTrZ8ibPU-2F5UuajpIaYGGXh7sgZB5yz7fKYKhVCIGc2en3OaKAT1F37SPdW-2BYxnuGOOFBVaaEKAhmncBLUku4HnE0ke-2BOtDURQLRNOZC4Ie3H1u8UafN5yBM6nILIMy80X-2BiTmINVYLqdMwoy7zj...
  • https://widgets.patientpop.com/reputation/af3c408c-409d-315b-95e9-04a5ac87f522.com?review=mQYPOwAwlj&utm_source=quality_survey&utm_campaign=third_feedback_request&utm_medium=email&utm_content=share...
27 KB
12 KB
Document
General
Full URL
https://widgets.patientpop.com/reputation/af3c408c-409d-315b-95e9-04a5ac87f522.com?review=mQYPOwAwlj&utm_source=quality_survey&utm_campaign=third_feedback_request&utm_medium=email&utm_content=share_feedback&utm_term=send_10am&recommend=no
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.231.236.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-231-236-32.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
f9343880a1f5a9b31cfb42e69ddb0ae577874966bf246f326ddf782c222a9c85

Request headers

:method
GET
:authority
widgets.patientpop.com
:scheme
https
:path
/reputation/af3c408c-409d-315b-95e9-04a5ac87f522.com?review=mQYPOwAwlj&utm_source=quality_survey&utm_campaign=third_feedback_request&utm_medium=email&utm_content=share_feedback&utm_term=send_10am&recommend=no
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Fri, 01 Oct 2021 16:21:34 GMT
content-type
text/html; charset=UTF-8
server
nginx/1.18.0
x-robots-tag
noindex, nofollow
cache-control
no-cache
set-cookie
lrvls=eyJpdiI6ImhFQmxBU1B1ZCsxdVUyMXdmVU1NN2c9PSIsInZhbHVlIjoiQUZLczZ2bGV0SVlncnFXb0RFMGpwU2E4M0U3cFwvVm1WSEhMTWp2NEZFRTRSRFRmbUxxWHFWZzlZOGo1NVBKZ09OZkxFR2orajRXSlhtZk95RVlKT0NBPT0iLCJtYWMiOiJkOTc4ODQ4YWFhMGI0MmM1ZjhmNmRhMjg0MDZiOGZhNjc0YTFmYjQ3YmViMzRjMGJmNTAyOTQyMjhmM2VhY2QwIn0%3D; expires=Sat, 30-Oct-2021 16:21:34 GMT; Max-Age=2505600; path=/; domain=.patientpop.com; secure; HttpOnly
content-encoding
gzip

Redirect headers

Server
nginx
Date
Fri, 01 Oct 2021 16:21:33 GMT
Content-Type
text/html; charset=utf-8
Content-Length
285
Connection
keep-alive
Location
https://widgets.patientpop.com/reputation/af3c408c-409d-315b-95e9-04a5ac87f522.com?review=mQYPOwAwlj&utm_source=quality_survey&utm_campaign=third_feedback_request&utm_medium=email&utm_content=share_feedback&utm_term=send_10am&recommend=no
X-Robots-Tag
noindex, nofollow
d564ad8a6acef17181ad8b9fa7148396b1a69470
sa1co.patientpop.com/assetsV/reputation.application.css/v/
168 KB
169 KB
Stylesheet
General
Full URL
https://sa1co.patientpop.com/assetsV/reputation.application.css/v/d564ad8a6acef17181ad8b9fa7148396b1a69470
Requested by
Host: widgets.patientpop.com
URL: https://widgets.patientpop.com/reputation/af3c408c-409d-315b-95e9-04a5ac87f522.com?review=mQYPOwAwlj&utm_source=quality_survey&utm_campaign=third_feedback_request&utm_medium=email&utm_content=share_feedback&utm_term=send_10am&recommend=no
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.193.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-193-85.fra2.r.cloudfront.net
Software
nginx/1.18.0 /
Resource Hash
18cb0e8fb99e17a37cdb468e9bdb3e7db6ffb3b6d51198c299845949e1000458

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://widgets.patientpop.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 01 Oct 2021 16:21:21 GMT
via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
last-modified
1633036537
server
nginx/1.18.0
age
13
x-edge-origin-shield-skipped
0
content-type
text/css; charset=UTF-8
cache-control
max-age=3600, public
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
dKgNf0HNzSNgg3dG5WTH-2892eRnG2iaRGpla8GUSM2JIl-KZS2-nw==
x-ua-compatible
IE=edge,chrome=1
d564ad8a6acef17181ad8b9fa7148396b1a69470
sa1co.patientpop.com/assetsV/reputation.application.js/v/
381 KB
125 KB
Script
General
Full URL
https://sa1co.patientpop.com/assetsV/reputation.application.js/v/d564ad8a6acef17181ad8b9fa7148396b1a69470
Requested by
Host: widgets.patientpop.com
URL: https://widgets.patientpop.com/reputation/af3c408c-409d-315b-95e9-04a5ac87f522.com?review=mQYPOwAwlj&utm_source=quality_survey&utm_campaign=third_feedback_request&utm_medium=email&utm_content=share_feedback&utm_term=send_10am&recommend=no
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.193.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-193-85.fra2.r.cloudfront.net
Software
nginx/1.18.0 /
Resource Hash
fdee113517351e9bda6578ead6c8b22a34c8b58d995c7b6c415d2349bf733336

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://widgets.patientpop.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 01 Oct 2021 03:10:21 GMT
content-encoding
gzip
server
nginx/1.18.0
age
47473
x-edge-origin-shield-skipped
0
content-type
application/javascript
via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
cache-control
max-age=3600, public
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
hU6Bw3CswvnCIllczDuDmIpuSPwpgOZp5ZydECBFyBV5f-WegO2nOw==
x-ua-compatible
IE=edge,chrome=1
analytics.js
www.google-analytics.com/
48 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: widgets.patientpop.com
URL: https://widgets.patientpop.com/reputation/af3c408c-409d-315b-95e9-04a5ac87f522.com?review=mQYPOwAwlj&utm_source=quality_survey&utm_campaign=third_feedback_request&utm_medium=email&utm_content=share_feedback&utm_term=send_10am&recommend=no
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://widgets.patientpop.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
5677
date
Fri, 01 Oct 2021 14:46:57 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Fri, 01 Oct 2021 16:46:57 GMT
reviews
api.patientpop.com/
0
0
Preflight
General
Full URL
https://api.patientpop.com/reviews
Protocol
H2
Server
3.231.236.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-231-236-32.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://widgets.patientpop.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Fri, 01 Oct 2021 16:21:35 GMT
content-type
text/html; charset=UTF-8
server
nginx/1.18.0
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-origin
https://widgets.patientpop.com
access-control-max-age
3600
access-control-allow-methods
POST
access-control-allow-headers
CONTENT-TYPE
content-encoding
gzip
OpenSans-Regular-webfont.woff
sa1s3.patientpop.com/assets/fonts/provider/
22 KB
23 KB
Font
General
Full URL
https://sa1s3.patientpop.com/assets/fonts/provider/OpenSans-Regular-webfont.woff
Requested by
Host: sa1co.patientpop.com
URL: https://sa1co.patientpop.com/assetsV/reputation.application.css/v/d564ad8a6acef17181ad8b9fa7148396b1a69470
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.193.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-193-86.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
22e7a1b10c110072f5a0bfd16e2197a76b279ec879bcce8978fada1dc9ee5d40

Request headers

Referer
https://sa1co.patientpop.com/
Origin
https://widgets.patientpop.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 01 Oct 2021 16:21:36 GMT
via
1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
vary
Origin
x-edge-origin-shield-skipped
0
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
content-length
22660
last-modified
Thu, 14 Mar 2019 18:44:13 GMT
server
AmazonS3
etag
"79515ad0788973c533405f7012dfeccd"
access-control-max-age
604800
access-control-allow-methods
GET
x-amz-version-id
7N0CRiXKIkKkxel8gxz35HY45qfxEWkK
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-type
application/octet-stream
x-amz-cf-id
CYT4FNfsjBORPsOUbr2v4qQoAiue8b52bDg5qtd-MaeqOnaiyN74vA==
reviews
api.patientpop.com/
478 B
1 KB
XHR
General
Full URL
https://api.patientpop.com/reviews
Requested by
Host: widgets.patientpop.com
URL: https://widgets.patientpop.com/reputation/af3c408c-409d-315b-95e9-04a5ac87f522.com?review=mQYPOwAwlj&utm_source=quality_survey&utm_campaign=third_feedback_request&utm_medium=email&utm_content=share_feedback&utm_term=send_10am&recommend=no
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.231.236.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-231-236-32.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
243bcea234c6f8c7378da7b8e50410267d6b77a67b84fa25bc546fad9e398421

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://widgets.patientpop.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 01 Oct 2021 16:21:35 GMT
content-encoding
gzip
server
nginx/1.18.0
vary
Origin
content-type
application/json
access-control-allow-origin
https://widgets.patientpop.com
cache-control
no-cache
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
nr-1210.min.js
js-agent.newrelic.com/
31 KB
12 KB
Script
General
Full URL
https://js-agent.newrelic.com/nr-1210.min.js
Requested by
Host: widgets.patientpop.com
URL: https://widgets.patientpop.com/reputation/af3c408c-409d-315b-95e9-04a5ac87f522.com?review=mQYPOwAwlj&utm_source=quality_survey&utm_campaign=third_feedback_request&utm_medium=email&utm_content=share_feedback&utm_term=send_10am&recommend=no
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5b8810ee64bade6fc49a6c0948f933337663c3df9526ed7e21694b728a15818e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://widgets.patientpop.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id
tUmpG8VLFN_NnT6837P9feidPwIndCMZ
content-encoding
gzip
etag
"67f7ff413fcbb9300ab2dbf1bb53180c"
x-amz-request-id
3700EJ4ZWWQ4P78Z
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
11781
x-amz-id-2
WHzeslBLMht/NaCF9kkJd18iJ6Fkr2YZAl5iGj0a1qtVGAGpwFyTtZrMMtk5xKXdIU5RYSWHiEw=
x-served-by
cache-hhn4039-HHN
last-modified
Tue, 22 Jun 2021 22:47:07 GMT
server
AmazonS3
x-timer
S1633105295.326548,VS0,VE0
date
Fri, 01 Oct 2021 16:21:35 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
9742
78817c6582
bam.nr-data.net/1/
57 B
322 B
Script
General
Full URL
https://bam.nr-data.net/1/78817c6582?a=333407958&v=1210.e2a3f80&to=YlZSMUdXWkEAW0xZV1sccQZBX1tcTkpdQE1BUkQMWlhrRQhcX1VM&rst=1842&ck=1&ref=https://widgets.patientpop.com/reputation/af3c408c-409d-315b-95e9-04a5ac87f522.com&ap=95&be=1126&fe=1804&dc=1274&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1633105293496,%22n%22:0,%22f%22:661,%22dn%22:661,%22dne%22:662,%22c%22:662,%22s%22:667,%22ce%22:873,%22rq%22:874,%22rp%22:1076,%22rpe%22:1077,%22dl%22:1082,%22di%22:1274,%22ds%22:1274,%22de%22:1299,%22dc%22:1804,%22l%22:1804,%22le%22:1805%7D,%22navigation%22:%7B%7D%7D&fp=1223&at=ThFRRw9NSU8%3D&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1210.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.247.242.19 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
bam-7.nr-data.net
Software
/
Resource Hash
5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://widgets.patientpop.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Cross-Origin-Resource-Policy
cross-origin
Content-Type
text/javascript;charset=iso-8859-1
Content-Length
57
Expires
Thu, 01 Jan 1970 00:00:00 GMT
collect
www.google-analytics.com/j/
4 B
213 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=918058558&t=event&_s=1&dl=https%3A%2F%2Fwidgets.patientpop.com%2Freputation%2Faf3c408c-409d-315b-95e9-04a5ac87f522.com%3Freview%3DmQYPOwAwlj%26utm_source%3Dquality_survey%26utm_campaign%3Dthird_feedback_request%26utm_medium%3Demail%26utm_content%3Dshare_feedback%26utm_term%3Dsend_10am%26recommend%3Dno&dh=widgets.patientpop.com&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&cn=af3c408c-409d-315b-95e9-04a5ac87f522.com&cs=patientpop&cm=quality_survey_email&ck=send_10am&cc=share_feedback&ec=screen&ea=view&el=feedback_screen&_u=aEBAAEABEAAAAC~&jid=1220887771&gjid=1295089254&cid=936737608.1633105295&tid=UA-76715128-4&_gid=510557063.1633105295&_r=1&_slc=1&cd1=13539_14815&cd2=13539_3849113792&cd3=desktopWeb&cd4=13539&z=1118180502
Requested by
Host: widgets.patientpop.com
URL: https://widgets.patientpop.com/reputation/af3c408c-409d-315b-95e9-04a5ac87f522.com?review=mQYPOwAwlj&utm_source=quality_survey&utm_campaign=third_feedback_request&utm_medium=email&utm_content=share_feedback&utm_term=send_10am&recommend=no
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://widgets.patientpop.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 01 Oct 2021 16:21:35 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://widgets.patientpop.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
review-platforms
api.patientpop.com/practices/13539/
224 B
1 KB
XHR
General
Full URL
https://api.patientpop.com/practices/13539/review-platforms?provider=3849113792&location=14815
Requested by
Host: widgets.patientpop.com
URL: https://widgets.patientpop.com/reputation/af3c408c-409d-315b-95e9-04a5ac87f522.com?review=mQYPOwAwlj&utm_source=quality_survey&utm_campaign=third_feedback_request&utm_medium=email&utm_content=share_feedback&utm_term=send_10am&recommend=no
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.231.236.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-231-236-32.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
e9b775f662d6c4dd383c1eb01cb1a06a49f4e547550fdd3209b7105e472fdfaf

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://widgets.patientpop.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 01 Oct 2021 16:21:35 GMT
content-encoding
gzip
server
nginx/1.18.0
vary
Origin
content-type
application/json
access-control-allow-origin
https://widgets.patientpop.com
cache-control
no-cache
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
collect
www.google-analytics.com/
35 B
131 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j93&a=918058558&t=event&_s=2&dl=https%3A%2F%2Fwidgets.patientpop.com%2Freputation%2Faf3c408c-409d-315b-95e9-04a5ac87f522.com%3Freview%3DmQYPOwAwlj%26utm_source%3Dquality_survey%26utm_campaign%3Dthird_feedback_request%26utm_medium%3Demail%26utm_content%3Dshare_feedback%26utm_term%3Dsend_10am%26recommend%3Dno&dh=widgets.patientpop.com&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&cn=af3c408c-409d-315b-95e9-04a5ac87f522.com&cs=patientpop&cm=quality_survey_email&ck=send_10am&cc=share_feedback&ec=screen&ea=view&el=external_profiles&_u=aEBAAEABEAAAAC~&jid=&gjid=&cid=936737608.1633105295&tid=UA-76715128-4&_gid=510557063.1633105295&cd1=13539_14815&cd2=13539_3849113792&cd3=desktopWeb&cd4=13539&z=1463839442
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://widgets.patientpop.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 Oct 2021 14:17:05 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
7470
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
OpenSans-Bold-webfont.woff
sa1s3.patientpop.com/assets/fonts/provider/
22 KB
22 KB
Font
General
Full URL
https://sa1s3.patientpop.com/assets/fonts/provider/OpenSans-Bold-webfont.woff
Requested by
Host: sa1co.patientpop.com
URL: https://sa1co.patientpop.com/assetsV/reputation.application.css/v/d564ad8a6acef17181ad8b9fa7148396b1a69470
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.193.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-193-86.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a0357cb694b5284870c77c0dbcaf33f238004800419288afde313317b0dbd0b7

Request headers

Referer
https://sa1co.patientpop.com/
Origin
https://widgets.patientpop.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 15 Sep 2021 16:52:11 GMT
via
1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
vary
Origin
age
1380565
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
22432
last-modified
Thu, 14 Mar 2019 18:43:46 GMT
server
AmazonS3
etag
"2e90d5152ce92858b62ba053c7b9d2cb"
access-control-max-age
604800
access-control-allow-methods
GET
x-amz-version-id
k6Wj.CSOe9sBIcAZsBytANULsMRx8KOO
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-type
application/octet-stream
x-amz-cf-id
YxTwPdrpXVZ5EmWItBsT49DThipj-6xqe3jGZDKjpVafHysM_FkvFA==
OpenSans-Light-webfont.woff
sa1s3.patientpop.com/assets/fonts/provider/
22 KB
22 KB
Font
General
Full URL
https://sa1s3.patientpop.com/assets/fonts/provider/OpenSans-Light-webfont.woff
Requested by
Host: sa1co.patientpop.com
URL: https://sa1co.patientpop.com/assetsV/reputation.application.css/v/d564ad8a6acef17181ad8b9fa7148396b1a69470
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.193.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-193-86.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a1cb81c9f07f1f399db66ec188c02a1c74bc382df9a8550ab8091aac93dff8a2

Request headers

Referer
https://sa1co.patientpop.com/
Origin
https://widgets.patientpop.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 15 Sep 2021 16:52:12 GMT
via
1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
vary
Origin
age
1380564
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
22248
last-modified
Thu, 14 Mar 2019 18:43:25 GMT
server
AmazonS3
etag
"45b47f3e9c7d74b80f5c6e0a3c513b23"
access-control-max-age
604800
access-control-allow-methods
GET
x-amz-version-id
G9Ry2j5bJn94lMDZYkt2jvIA.9LxU5BO
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-type
application/octet-stream
x-amz-cf-id
JZTsMyWsWv2yc39Wx0XKMqwTQBCmLDcu2g-qgIsRl8AKDufXwWBbAg==
collect
stats.g.doubleclick.net/j/
4 B
467 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-76715128-4&cid=936737608.1633105295&jid=1220887771&gjid=1295089254&_gid=510557063.1633105295&_u=aEBAAEAAEAAAAC~&z=1022515826
Requested by
Host: widgets.patientpop.com
URL: https://widgets.patientpop.com/reputation/af3c408c-409d-315b-95e9-04a5ac87f522.com?review=mQYPOwAwlj&utm_source=quality_survey&utm_campaign=third_feedback_request&utm_medium=email&utm_content=share_feedback&utm_term=send_10am&recommend=no
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://widgets.patientpop.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 01 Oct 2021 16:21:35 GMT
content-type
text/plain
access-control-allow-origin
https://widgets.patientpop.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/
42 B
522 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-76715128-4&cid=936737608.1633105295&jid=1220887771&_u=aEBAAEAAEAAAAC~&z=736057524
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://widgets.patientpop.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 Oct 2021 16:21:35 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
522 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-76715128-4&cid=936737608.1633105295&jid=1220887771&_u=aEBAAEAAEAAAAC~&z=736057524
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://widgets.patientpop.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 Oct 2021 16:21:35 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Google@3x-gs.png
sa1s3optim.patientpop.com/assets/production/email-stock-images/
1 KB
2 KB
Image
General
Full URL
https://sa1s3optim.patientpop.com/assets/production/email-stock-images/Google@3x-gs.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:9c00:d:3b9f:2e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e1bbd54730cdb9bc3bdad103ae2e175c47aee2239788f02b12b1c399f16285ff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://widgets.patientpop.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 17 Mar 2021 04:24:40 GMT
via
1.1 c379418fd6100691807f32f274ebe9ce.cloudfront.net (CloudFront), 1.1 430fc75cac3bdd04869a39405c45fba2.cloudfront.net (CloudFront)
etag
"d00eac707459de6345d5249b51836771b8f09d40"
age
17150215
x-amzn-requestid
c74b4284-1b67-43e8-9aa4-d2d7694c9d85
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=31536000,public
x-amzn-trace-id
Root=1-60518488-11875a8433476a520a7b0411;Sampled=0
x-amz-cf-pop
FRA2-C1, FRA2-C1
content-length
1058
x-amz-apigw-id
cUGlSHjfIAMFbTw=
x-amzn-remapped-date
Wed, 17 Mar 2021 04:24:40 GMT
x-amz-cf-id
osX5uHxGn-svEKpK6ysPNDTn-MOPoe5mKSPZ02vsBMLE2VB5s0BB4g==
expires
Thu, 17 Mar 2022 04:24:40 GMT

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster object| NREUM object| newrelic function| __nr_require string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins function| $ function| jQuery function| moment function| _ object| Backbone object| Handlebars object| Base object| Reputation object| JST function| getUrlParam object| gaGlobal object| gaData

5 Cookies

Domain/Path Name / Value
.patientpop.com/ Name: lrvls
Value: eyJpdiI6ImhFQmxBU1B1ZCsxdVUyMXdmVU1NN2c9PSIsInZhbHVlIjoiQUZLczZ2bGV0SVlncnFXb0RFMGpwU2E4M0U3cFwvVm1WSEhMTWp2NEZFRTRSRFRmbUxxWHFWZzlZOGo1NVBKZ09OZkxFR2orajRXSlhtZk95RVlKT0NBPT0iLCJtYWMiOiJkOTc4ODQ4YWFhMGI0MmM1ZjhmNmRhMjg0MDZiOGZhNjc0YTFmYjQ3YmViMzRjMGJmNTAyOTQyMjhmM2VhY2QwIn0%3D
.patientpop.com/ Name: _ga
Value: GA1.2.936737608.1633105295
.patientpop.com/ Name: _gid
Value: GA1.2.510557063.1633105295
.patientpop.com/ Name: _gat
Value: 1
.nr-data.net/ Name: JSESSIONID
Value: 777b87c35d389e2b

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.patientpop.com
bam.nr-data.net
js-agent.newrelic.com
msg.patientpop.com
sa1co.patientpop.com
sa1s3.patientpop.com
sa1s3optim.patientpop.com
stats.g.doubleclick.net
widgets.patientpop.com
www.google-analytics.com
www.google.com
www.google.de
13.224.193.85
13.224.193.86
151.101.66.137
162.247.242.19
167.89.118.83
2600:9000:20eb:9c00:d:3b9f:2e80:93a1
2a00:1450:4001:810::2003
2a00:1450:4001:812::200e
2a00:1450:4001:829::2004
2a00:1450:400c:c00::9c
3.231.236.32
18cb0e8fb99e17a37cdb468e9bdb3e7db6ffb3b6d51198c299845949e1000458
22e7a1b10c110072f5a0bfd16e2197a76b279ec879bcce8978fada1dc9ee5d40
243bcea234c6f8c7378da7b8e50410267d6b77a67b84fa25bc546fad9e398421
5b8810ee64bade6fc49a6c0948f933337663c3df9526ed7e21694b728a15818e
5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
a0357cb694b5284870c77c0dbcaf33f238004800419288afde313317b0dbd0b7
a1cb81c9f07f1f399db66ec188c02a1c74bc382df9a8550ab8091aac93dff8a2
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
e1bbd54730cdb9bc3bdad103ae2e175c47aee2239788f02b12b1c399f16285ff
e9b775f662d6c4dd383c1eb01cb1a06a49f4e547550fdd3209b7105e472fdfaf
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f9343880a1f5a9b31cfb42e69ddb0ae577874966bf246f326ddf782c222a9c85
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fdee113517351e9bda6578ead6c8b22a34c8b58d995c7b6c415d2349bf733336