Submitted URL: http://www.harthaelthslionsjh.us/?khjigdcbekaf=YjR4Q3N0NmRJN3Mxcm13ZjVPMERILytENnEvaU1TQ1E5R3ZyU3A3elpZdlEwbzF1RGRCRFRQcktPd1JXaF...
Effective URL: https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22
Submission: On March 17 via manual from IT

Summary

This website contacted 10 IPs in 2 countries across 9 domains to perform 22 HTTP transactions. The main IP is 161.35.110.208, located in North Bergen, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is provisine.com.
TLS certificate: Issued by R3 on February 1st 2021. Valid for: 3 months.
This is the only time provisine.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
8 provisine.com provisine.com
4 fonts.gstatic.com fonts.googleapis.com
4 fonts.googleapis.com provisine.com
3 www.harthaelthslionsjh.us 3 redirects
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 tracking.buygoods.com provisine.com
1 0coitns4.embtrk.com provisine.com
1 www.googletagmanager.com provisine.com
1 mwexciting.com 1 redirects
22 9

This site contains links to these domains. Also see Links.

Domain
www.buygoods.com
www.google.com
Subject Issuer Validity Valid
provisine.com
R3
2021-02-01 -
2021-05-02
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2021-02-23 -
2021-05-18
3 months crt.sh
0coitns4.embtrk.com
R3
2021-03-07 -
2021-06-05
3 months crt.sh
upload.video.google.com
GTS CA 1O1
2021-02-23 -
2021-05-18
3 months crt.sh
*.gstatic.com
GTS CA 1O1
2021-02-23 -
2021-05-18
3 months crt.sh
clickcrm.com
DigiCert TLS RSA SHA256 2020 CA1
2021-03-09 -
2021-11-02
8 months crt.sh

This page contains 1 frames:

Primary Page: https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22
Frame ID: 33C0612569043439ACD279418E601247
Requests: 22 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://www.harthaelthslionsjh.us/?khjigdcbekaf=YjR4Q3N0NmRJN3Mxcm13ZjVPMERILytENnEvaU1TQ1E5R3ZyU3A3elpZdlEwbz... HTTP 301
    https://www.harthaelthslionsjh.us/?khjigdcbekaf=YjR4Q3N0NmRJN3Mxcm13ZjVPMERILytENnEvaU1TQ1E5R3ZyU3A3elpZdlEwbz... HTTP 302
    https://www.harthaelthslionsjh.us/click.php?tt=manu&mm=481652&ll=Opener%2020/8/18&cc=7826&ss=12949&sid=34808&f... HTTP 302
    http://mwexciting.com/6459/22/14/?&subid=PROVISION_17MARCH2120 HTTP 302
    https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Ubuntu/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

22
Requests

95 %
HTTPS

64 %
IPv6

9
Domains

9
Subdomains

10
IPs

2
Countries

1092 kB
Transfer

1260 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.harthaelthslionsjh.us/?khjigdcbekaf=YjR4Q3N0NmRJN3Mxcm13ZjVPMERILytENnEvaU1TQ1E5R3ZyU3A3elpZdlEwbzF1RGRCRFRQcktPd1JXaFZNVXNCL2NqbWNuOVhndVhyZW0zako4OVgxTjVxUWlGOS9qTHhPc2xmVXlzclRxRkwxVDhPaGduTmQraHNGQTdrcksxUGpka0laejM5cHBSWkFHMmNTZmZWWlczaXJiUVp1MGREYmVOeVEvV1JjZERkRWllZEFzbnBvZEZUTVBNQXN3M0QyRzdkbmRZL3lleEplOUY3OWRER2pFNlBxaVpLL2pmL3RVUHVocFRoUT0= HTTP 301
    https://www.harthaelthslionsjh.us/?khjigdcbekaf=YjR4Q3N0NmRJN3Mxcm13ZjVPMERILytENnEvaU1TQ1E5R3ZyU3A3elpZdlEwbzF1RGRCRFRQcktPd1JXaFZNVXNCL2NqbWNuOVhndVhyZW0zako4OVgxTjVxUWlGOS9qTHhPc2xmVXlzclRxRkwxVDhPaGduTmQraHNGQTdrcksxUGpka0laejM5cHBSWkFHMmNTZmZWWlczaXJiUVp1MGREYmVOeVEvV1JjZERkRWllZEFzbnBvZEZUTVBNQXN3M0QyRzdkbmRZL3lleEplOUY3OWRER2pFNlBxaVpLL2pmL3RVUHVocFRoUT0= HTTP 302
    https://www.harthaelthslionsjh.us/click.php?tt=manu&mm=481652&ll=Opener%2020/8/18&cc=7826&ss=12949&sid=34808&fid=23951&rr=click&offer=0&origclickurl=mwexciting.com/6459/22/14/?-*-subid=PROVISION_17MARCH2120 HTTP 302
    http://mwexciting.com/6459/22/14/?&subid=PROVISION_17MARCH2120 HTTP 302
    https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set transcript
provisine.com/
Redirect Chain
  • http://www.harthaelthslionsjh.us/?khjigdcbekaf=YjR4Q3N0NmRJN3Mxcm13ZjVPMERILytENnEvaU1TQ1E5R3ZyU3A3elpZdlEwbzF1RGRCRFRQcktPd1JXaFZNVXNCL2NqbWNuOVhndVhyZW0zako4OVgxTjVxUWlGOS9qTHhPc2xmVXlzclRxRkwxVD...
  • https://www.harthaelthslionsjh.us/?khjigdcbekaf=YjR4Q3N0NmRJN3Mxcm13ZjVPMERILytENnEvaU1TQ1E5R3ZyU3A3elpZdlEwbzF1RGRCRFRQcktPd1JXaFZNVXNCL2NqbWNuOVhndVhyZW0zako4OVgxTjVxUWlGOS9qTHhPc2xmVXlzclRxRkwxV...
  • https://www.harthaelthslionsjh.us/click.php?tt=manu&mm=481652&ll=Opener%2020/8/18&cc=7826&ss=12949&sid=34808&fid=23951&rr=click&offer=0&origclickurl=mwexciting.com/6459/22/14/?-*-subid=PROVISION_17...
  • http://mwexciting.com/6459/22/14/?&subid=PROVISION_17MARCH2120
  • https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22
110 KB
40 KB
Document
General
Full URL
https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
161.35.110.208 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
d693000bd610fa74ca27ae4ded47bd12b81ce555f20ba0b298ab4e2b07a530bd

Request headers

Host
provisine.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
nginx/1.18.0 (Ubuntu)
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-cache, private
Date
Wed, 17 Mar 2021 09:09:54 GMT
Set-Cookie
XSRF-TOKEN=eyJpdiI6IjdGQUtud1Z3L0JNZTZBSjZleXF0Q1E9PSIsInZhbHVlIjoiZ0VJNUJoRHUwUmltcXBSSHJtVVlVUHpZbmdiVG1na1BpRE1KcXFac0UyUGdYdFJsSU9pcituSVVNZU5LcnVKWCIsIm1hYyI6ImEyMDUxNTk2OGMzMTI4ZjhmMTVlMmUyNWNiMDdmZjM2OGJhMjBlNzc2YWY2YzE3M2UyMjA1OTgwNGUyYTVlOGEifQ%3D%3D; expires=Sat, 27-Mar-2021 09:09:54 GMT; Max-Age=864000; path=/; samesite=lax _=eyJpdiI6Iit1MjJEUEduRDd0NmRvMUpXNXBPMVE9PSIsInZhbHVlIjoiVUFTcjQ3QWx0UHBpeGtvdGlLSWE2OGRWZXE0a1R1c3A4RXI0ZVdhSTEzVE9NUDdWSVg1dUhFQ3cwR2RXbThiUyIsIm1hYyI6IjI3MGI4YmFkNjhlN2M3NjQzNWMzMDJjNWRmZjA4YjA4ZTY5ODBmZWRkMTgxYjQzMzcwYWRhZjA2NTNlOTYzZjUifQ%3D%3D; expires=Sat, 27-Mar-2021 09:09:54 GMT; Max-Age=864000; path=/; httponly; samesite=lax
Content-Encoding
gzip

Redirect headers

server
nginx
date
Wed, 17 Mar 2021 09:09:54 GMT
content-type
text/html; charset=UTF-8
transfer-encoding
chunked
keep-alive
timeout=2
x-powered-by
PHP/7.3.11
cache-control
max-age=3600 private
pragma
no-cache
location
https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22
expires
Wed, 17 Mar 2021 10:09:54 GMT
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
app.css
provisine.com/css/
35 KB
35 KB
Stylesheet
General
Full URL
https://provisine.com/css/app.css?id=db5b65baedb5b7323d62
Requested by
Host: provisine.com
URL: https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
161.35.110.208 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
571c2e545cf44b5c23e1937ac1600544b35a662eab1a8707d56f291ccb9ea66e

Request headers

Referer
https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 17 Mar 2021 09:09:55 GMT
Last-Modified
Wed, 10 Mar 2021 11:20:31 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
"6048ab7f-8a21"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
35361
js
www.googletagmanager.com/gtag/
99 KB
39 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-62785402-56
Requested by
Host: provisine.com
URL: https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
384de4226d4d782377e13c8ac07e18cae3f5dfa286c0be13d395f4f5cca450a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://provisine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 17 Mar 2021 09:09:55 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39825
x-xss-protection
0
expires
Wed, 17 Mar 2021 09:09:55 GMT
1-bottle.png
provisine.com/images/products/prod7/
44 KB
44 KB
Image
General
Full URL
https://provisine.com/images/products/prod7/1-bottle.png
Requested by
Host: provisine.com
URL: https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
161.35.110.208 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
bd05c85a71a6f9b61ce25fe083126047846684322674a79039a6879393316eeb

Request headers

Referer
https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 17 Mar 2021 09:09:55 GMT
Last-Modified
Thu, 03 Dec 2020 16:46:01 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
"5fc91649-b0b8"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
45240
6-bottles.png
provisine.com/images/products/prod9/
134 KB
135 KB
Image
General
Full URL
https://provisine.com/images/products/prod9/6-bottles.png
Requested by
Host: provisine.com
URL: https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
161.35.110.208 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
8e02235b53d56d8996c552c2bf81ad67c16ca057720d7797b77e9eadd5919276

Request headers

Referer
https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 17 Mar 2021 09:09:55 GMT
Last-Modified
Thu, 03 Dec 2020 16:46:01 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
"5fc91649-2194c"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
137548
3-bottles.png
provisine.com/images/products/prod8/
94 KB
95 KB
Image
General
Full URL
https://provisine.com/images/products/prod8/3-bottles.png
Requested by
Host: provisine.com
URL: https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
161.35.110.208 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
2731001605aade7bdabd8727a61933c28c29e087437fafae0c975a7fdde24b57

Request headers

Referer
https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 17 Mar 2021 09:09:55 GMT
Last-Modified
Thu, 03 Dec 2020 16:46:01 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
"5fc91649-179bc"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
96700
buygoods.png
provisine.com/images/app/
11 KB
11 KB
Image
General
Full URL
https://provisine.com/images/app/buygoods.png
Requested by
Host: provisine.com
URL: https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
161.35.110.208 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
f963522c3847eeecf8358c314f6293aa0d314fe539968df7a55c617538d5309c

Request headers

Referer
https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 17 Mar 2021 09:09:55 GMT
Last-Modified
Thu, 03 Dec 2020 16:45:41 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
"5fc91635-2b08"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
11016
ext
0coitns4.embtrk.com/
43 B
1 KB
Image
General
Full URL
https://0coitns4.embtrk.com/ext?bid=1&o=0&vendor=6325&aff=770&subid=22
Requested by
Host: provisine.com
URL: https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
34.123.133.9 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
9.133.123.34.bc.googleusercontent.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer
https://provisine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 17 Mar 2021 09:09:55 GMT
Access-Control-Request-Method
GET
Server
nginx/1.14.0 (Ubuntu)
Transfer-Encoding
chunked
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
no-cache, private
Connection
keep-alive
app.js
provisine.com/js/
555 KB
555 KB
Script
General
Full URL
https://provisine.com/js/app.js?id=a5d2a03ff186afa79e79
Requested by
Host: provisine.com
URL: https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
161.35.110.208 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
4550a55107a901b0869747d54ea68a4c9910e737576a735d1cb042d8f7f4718b

Request headers

Referer
https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 17 Mar 2021 09:09:55 GMT
Last-Modified
Wed, 10 Mar 2021 11:20:30 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
"6048ab7e-8ac8f"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
568463
css2
fonts.googleapis.com/
8 KB
726 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Montserrat:wght@400;500;600;700;900
Requested by
Host: provisine.com
URL: https://provisine.com/css/app.css?id=db5b65baedb5b7323d62
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
74c1d9c7a6539b2e080119ce83904f1c3039448c5863681d1acbe1f3a4a27068
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://provisine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 17 Mar 2021 09:09:55 GMT
server
ESF
date
Wed, 17 Mar 2021 09:09:55 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 17 Mar 2021 09:09:55 GMT
css2
fonts.googleapis.com/
7 KB
724 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Oswald:wght@400;500;600;700;800
Requested by
Host: provisine.com
URL: https://provisine.com/css/app.css?id=db5b65baedb5b7323d62
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d761deff6c76352e7abd994fdf953a33f0648ca6cd6651cf54e3ac50e001255a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://provisine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 17 Mar 2021 09:09:55 GMT
server
ESF
date
Wed, 17 Mar 2021 09:09:55 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 17 Mar 2021 09:09:55 GMT
css2
fonts.googleapis.com/
702 B
440 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Sacramento
Requested by
Host: provisine.com
URL: https://provisine.com/css/app.css?id=db5b65baedb5b7323d62
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
afc4e5ddda3a76bbb4c8c3e6f81725a8b13f26e3d49a474366e575a2c3039841
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://provisine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 17 Mar 2021 08:58:42 GMT
server
ESF
date
Wed, 17 Mar 2021 09:09:55 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 17 Mar 2021 09:09:55 GMT
css2
fonts.googleapis.com/
2 KB
586 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400
Requested by
Host: provisine.com
URL: https://provisine.com/css/app.css?id=db5b65baedb5b7323d62
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
04f6abfdaebd7170b5c22848a8ab4f2a5e9fcd76276d5de379d5ab0f14645fb2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://provisine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 17 Mar 2021 09:09:55 GMT
server
ESF
date
Wed, 17 Mar 2021 09:09:55 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 17 Mar 2021 09:09:55 GMT
bg.jpg
provisine.com/images/custom/
31 KB
31 KB
Image
General
Full URL
https://provisine.com/images/custom/bg.jpg
Requested by
Host: provisine.com
URL: https://provisine.com/css/app.css?id=db5b65baedb5b7323d62
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
161.35.110.208 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e350aa2d8fd9e3fc1cee3151233c086bd1f284f2e04f460179ae761f9ab54e56

Request headers

Referer
https://provisine.com/css/app.css?id=db5b65baedb5b7323d62
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 17 Mar 2021 09:09:55 GMT
Last-Modified
Fri, 04 Dec 2020 13:21:28 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
"5fca37d8-7c83"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
31875
JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v15/
19 KB
19 KB
Font
General
Full URL
https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@400;500;600;700;900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://provisine.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Mar 2021 10:28:37 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:10:46 GMT
server
sffe
age
340878
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19480
x-xss-protection
0
expires
Sun, 13 Mar 2022 10:28:37 GMT
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v15/
19 KB
19 KB
Font
General
Full URL
https://fonts.gstatic.com/s/montserrat/v15/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@400;500;600;700;900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://provisine.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 11 Mar 2021 19:41:25 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:11:52 GMT
server
sffe
age
480510
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19172
x-xss-protection
0
expires
Fri, 11 Mar 2022 19:41:25 GMT
TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2
fonts.gstatic.com/s/oswald/v36/
24 KB
24 KB
Font
General
Full URL
https://fonts.gstatic.com/s/oswald/v36/TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Oswald:wght@400;500;600;700;800
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f1010cf08825a41c768a117755a496da61a306c41b83c383ea66f1bb3334bb14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://provisine.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 12:24:25 GMT
x-content-type-options
nosniff
last-modified
Thu, 28 Jan 2021 20:31:19 GMT
server
sffe
age
420330
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24064
x-xss-protection
0
expires
Sat, 12 Mar 2022 12:24:25 GMT
/
tracking.buygoods.com/track/
4 KB
6 KB
Script
General
Full URL
https://tracking.buygoods.com/track/?a=6325&firstcookie=0&tracking_redirect=&referrer=&sessid2=&product=prod7,prod8,prod9,prod11&caller_url=https%3A%2F%2Fprovisine.com%2Ftranscript%3Faff_id%3D770%26subid2%3D6459_sessid20210317090913609%26subid%3D22
Requested by
Host: provisine.com
URL: https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
169.61.196.27 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
1b.c4.3da9.ip4.static.sl-reverse.com
Software
nginx / PHP/7.3.11
Resource Hash
889895d2e93b63c2faadaf2a78d7f518e76fddd1ea92151a68785aee0d31c2b6

Request headers

Referer
https://provisine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Mar 2021 09:09:56 GMT
server
nginx
x-powered-by
PHP/7.3.11
transfer-encoding
chunked
p3p
CP="CAO COR CURa ADMa DEVa OUR IND ONL COM DEM PRE"
cache-control
no-cache, must-revalidate
content-type
application/javascript
keep-alive
timeout=2
expires
Tue, Jan 12 1999 01:01:01 GMT
JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2
fonts.gstatic.com/s/montserrat/v15/
17 KB
17 KB
Font
General
Full URL
https://fonts.gstatic.com/s/montserrat/v15/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@400;500;600;700;900
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c75be06dd83179b39507632603aaf3eab56409a1fb41c5a40bb68157d46029d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://provisine.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 15 Mar 2021 18:48:16 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:12:22 GMT
server
sffe
age
138099
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17060
x-xss-protection
0
expires
Tue, 15 Mar 2022 18:48:16 GMT
analytics.js
www.google-analytics.com/
46 KB
19 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-62785402-56
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://provisine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 05 Feb 2021 21:33:27 GMT
server
Golfe2
age
4040
date
Wed, 17 Mar 2021 08:02:35 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18980
expires
Wed, 17 Mar 2021 10:02:35 GMT
collect
www.google-analytics.com/j/
1 B
96 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j88&a=806514726&t=pageview&_s=1&dl=https%3A%2F%2Fprovisine.com%2Ftranscript%3Faff_id%3D770%26subid2%3D6459_sessid20210317090913609%26subid%3D22&ul=en-us&de=UTF-8&dt=Air%20Toxin%20Destroys%20Vision&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=648024394&gjid=1086202028&cid=464557972.1615972195&tid=UA-62785402-56&_gid=962121395.1615972195&_r=1&gtm=2ou330&z=671193808
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://provisine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 17 Mar 2021 09:09:55 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://provisine.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
9f276abd-c911-4ecc-8988-dbfc7634ce4a
https://provisine.com/
31 B
0
Other
General
Full URL
blob:https://provisine.com/9f276abd-c911-4ecc-8988-dbfc7634ce4a
Requested by
Host: provisine.com
URL: https://provisine.com/transcript?aff_id=770&subid2=6459_sessid20210317090913609&subid=22
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
31
Content-Type
application/javascript

Verdicts & Comments Add Verdict or Comment

61 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| App function| gtag object| dataLayer object| google_tag_manager string| mysrc object| newScript object| s function| ReadCookie object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| getUrlParameter function| elementIsVisible function| scrollToElement function| _debounce number| modalZIndex object| modals function| Modal function| getModal function| openModal function| closeModal function| Dropdown function| showExitPopup object| vttjs function| WebVTT object| _wq object| __SENTRY__ function| resizePlayers function| getStarted function| hideTranscriptButton object| spitoday object| spiexpire function| SPIGetDomainName string| hostname object| spi_myNodelist number| spi_i string| spi_pattern_enc_bg string| spi_pattern_base_bg string| spi_replace_str_bg string| spi_pattern_enc_spi string| spi_pattern_base_spi string| spi_replace_str_spi string| spi_pattern_enc_cbd string| spi_pattern_base_cbd string| spi_replace_str_cbd string| spi_replace_enc_cbd string| spi_replace_enc_bg string| spi_replace_enc_spi string| spi_track_link

6 Cookies

Domain/Path Name / Value
.provisine.com/ Name: campaign_id
Value:
.provisine.com/ Name: sid
Value: 22%7C6459_sessid20210317090913609
.provisine.com/ Name: spi_funnel_codename
Value:
.provisine.com/ Name: aff_id
Value: 770
.provisine.com/ Name: referrer
Value: 194.99.105.99::provisine.com%2Ftranscript
.provisine.com/ Name: sessid2
Value: sessid20210317090910250

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0coitns4.embtrk.com
fonts.googleapis.com
fonts.gstatic.com
mwexciting.com
provisine.com
tracking.buygoods.com
www.google-analytics.com
www.googletagmanager.com
www.harthaelthslionsjh.us
161.35.110.208
169.61.196.20
169.61.196.27
2606:4700:3030::6815:cc1
2a00:1450:4001:800::2003
2a00:1450:4001:800::200e
2a00:1450:4001:811::2003
2a00:1450:4001:827::2008
2a00:1450:4001:828::200e
2a00:1450:4001:82a::200a
34.123.133.9
04f6abfdaebd7170b5c22848a8ab4f2a5e9fcd76276d5de379d5ab0f14645fb2
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
2731001605aade7bdabd8727a61933c28c29e087437fafae0c975a7fdde24b57
384de4226d4d782377e13c8ac07e18cae3f5dfa286c0be13d395f4f5cca450a5
4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a
4550a55107a901b0869747d54ea68a4c9910e737576a735d1cb042d8f7f4718b
571c2e545cf44b5c23e1937ac1600544b35a662eab1a8707d56f291ccb9ea66e
5c75be06dd83179b39507632603aaf3eab56409a1fb41c5a40bb68157d46029d
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
74c1d9c7a6539b2e080119ce83904f1c3039448c5863681d1acbe1f3a4a27068
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94
889895d2e93b63c2faadaf2a78d7f518e76fddd1ea92151a68785aee0d31c2b6
8e02235b53d56d8996c552c2bf81ad67c16ca057720d7797b77e9eadd5919276
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
afc4e5ddda3a76bbb4c8c3e6f81725a8b13f26e3d49a474366e575a2c3039841
bd05c85a71a6f9b61ce25fe083126047846684322674a79039a6879393316eeb
d693000bd610fa74ca27ae4ded47bd12b81ce555f20ba0b298ab4e2b07a530bd
d761deff6c76352e7abd994fdf953a33f0648ca6cd6651cf54e3ac50e001255a
e350aa2d8fd9e3fc1cee3151233c086bd1f284f2e04f460179ae761f9ab54e56
f1010cf08825a41c768a117755a496da61a306c41b83c383ea66f1bb3334bb14
f963522c3847eeecf8358c314f6293aa0d314fe539968df7a55c617538d5309c