Submitted URL: http://email.rodanandfields.com/c/eJwtTstqwzAQ_Br5ZmM9LR10CISUkgRa0kt702trUVs2kl3iv68NhWHYGYbZCRoLIaTkTIrKa8uwhSrqwNqOcQq1ZUrWTC...
Effective URL: https://sp02.netcrimson.com/mrIWeb/mrIWeb.dll
Submission: On October 28 via manual from AU — Scanned from AU

Summary

This website contacted 11 IPs in 3 countries across 9 domains to perform 40 HTTP transactions. The main IP is 131.226.234.72, located in Naperville, United States and belongs to CYXTERA-CYXTERA-TECHNOLOGIES-INC, US. The main domain is sp02.netcrimson.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on March 16th 2022. Valid for: a year.
This is the only time sp02.netcrimson.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 34.127.83.42 396982 (GOOGLE-CL...)
9 131.226.234.72 12213 (CYXTERA-C...)
2 13.224.250.50 16509 (AMAZON-02)
1 104.17.25.14 13335 (CLOUDFLAR...)
1 142.251.10.97 15169 (GOOGLE)
2 3.1.111.220 16509 (AMAZON-02)
1 52.84.251.34 16509 (AMAZON-02)
2 142.251.12.100 15169 (GOOGLE)
1 13.227.254.82 16509 (AMAZON-02)
1 18.116.139.171 16509 (AMAZON-02)
15 52.216.169.85 ()
40 11
Apex Domain
Subdomains
Transfer
15 amazonaws.com
s3.amazonaws.com
460 KB
9 netcrimson.com
sp01.netcrimson.com
sp02.netcrimson.com
216 KB
3 anura.io
script.anura.io — Cisco Umbrella Rank: 49715
ads.anura.io — Cisco Umbrella Rank: 84127
20 KB
3 navigatorsurveys.com
idsuite.navigatorsurveys.com — Cisco Umbrella Rank: 362746
gateway.navigatorsurveys.com — Cisco Umbrella Rank: 416439
41 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 32
20 KB
1 openfpcdn.io
openfpcdn.io — Cisco Umbrella Rank: 25317
14 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 61
43 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 216
4 KB
1 rodanandfields.com
email.rodanandfields.com
353 B
40 9
Domain Requested by
15 s3.amazonaws.com sp02.netcrimson.com
s3.amazonaws.com
8 sp01.netcrimson.com sp01.netcrimson.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 script.anura.io idsuite.navigatorsurveys.com
script.anura.io
2 idsuite.navigatorsurveys.com sp01.netcrimson.com
idsuite.navigatorsurveys.com
1 sp02.netcrimson.com
1 gateway.navigatorsurveys.com idsuite.navigatorsurveys.com
1 ads.anura.io script.anura.io
1 openfpcdn.io sp01.netcrimson.com
1 www.googletagmanager.com sp01.netcrimson.com
1 cdnjs.cloudflare.com sp01.netcrimson.com
1 email.rodanandfields.com 1 redirects
40 12

This site contains no links.

Subject Issuer Validity Valid
*.netcrimson.com
Go Daddy Secure Certificate Authority - G2
2022-03-16 -
2023-03-06
a year crt.sh
idsuite.navigatorsurveys.com
Amazon
2022-05-03 -
2023-06-01
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-08-03 -
2023-08-02
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2022-09-26 -
2022-12-19
3 months crt.sh
script.anura.io
Amazon
2022-02-01 -
2023-03-02
a year crt.sh
openfpcdn.io
Amazon
2022-02-24 -
2023-03-25
a year crt.sh
ads.anura.io
Amazon
2022-06-29 -
2023-07-28
a year crt.sh
gateway.navigatorsurveys.com
Amazon
2022-02-23 -
2023-03-24
a year crt.sh
s3.amazonaws.com
Amazon
2022-04-01 -
2023-03-30
a year crt.sh

This page contains 2 frames:

Primary Page: https://sp02.netcrimson.com/mrIWeb/mrIWeb.dll
Frame ID: 64E0444CD9C5D3EAAEB6293E4EBC64A4
Requests: 40 HTTP requests in this frame

Frame: https://idsuite.navigatorsurveys.com/orid.min.html
Frame ID: B6255B05882228B321D3A9DF8F030FE2
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://email.rodanandfields.com/c/eJwtTstqwzAQ_Br5ZmM9LR10CISUkgRa0kt702trUVs2kl3iv68NhWHYGYbZCRoLIaTkTIrKa8... HTTP 302
    https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25 Page URL
  2. https://sp02.netcrimson.com/mrIWeb/mrIWeb.dll Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • lightbox(?:-plus-jquery)?.{0,32}\.js

Overall confidence: 100%
Detected patterns
  • ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Overall confidence: 100%
Detected patterns
  • sweet(?:-)?alert(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

40
Requests

88 %
HTTPS

0 %
IPv6

9
Domains

12
Subdomains

11
IPs

3
Countries

818 kB
Transfer

997 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://email.rodanandfields.com/c/eJwtTstqwzAQ_Br5ZmM9LR10CISUkgRa0kt702trUVs2kl3iv68NhWHYGYbZCRoLIaTkTIrKa8uwhSrqwNqOcQq1ZUrWTCmopSO7tCFwLkBxbxFrcyjBZNcf5-RNMslDDIMvjZvGqtetB8agoxiDBCk9xp11lkuwQXWtF9Wg-2WZC6InRC47ytziJoXF5TiWKR01h7vm37A1psxPRC-P17NC9OwdeX4MiHBiYUg3_vl1vfYv72P83j3q_0k8Tve3PU14lfW4mfQzlX2tWcuSzRBNWlNctuNPY9Y_S0dTUw HTTP 302
    https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25 Page URL
  2. https://sp02.netcrimson.com/mrIWeb/mrIWeb.dll Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://email.rodanandfields.com/c/eJwtTstqwzAQ_Br5ZmM9LR10CISUkgRa0kt702trUVs2kl3iv68NhWHYGYbZCRoLIaTkTIrKa8uwhSrqwNqOcQq1ZUrWTCmopSO7tCFwLkBxbxFrcyjBZNcf5-RNMslDDIMvjZvGqtetB8agoxiDBCk9xp11lkuwQXWtF9Wg-2WZC6InRC47ytziJoXF5TiWKR01h7vm37A1psxPRC-P17NC9OwdeX4MiHBiYUg3_vl1vfYv72P83j3q_0k8Tve3PU14lfW4mfQzlX2tWcuSzRBNWlNctuNPY9Y_S0dTUw HTTP 302
  • https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25

40 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
survey.aspx
sp01.netcrimson.com/
Redirect Chain
  • http://email.rodanandfields.com/c/eJwtTstqwzAQ_Br5ZmM9LR10CISUkgRa0kt702trUVs2kl3iv68NhWHYGYbZCRoLIaTkTIrKa8uwhSrqwNqOcQq1ZUrWTCmopSO7tCFwLkBxbxFrcyjBZNcf5-RNMslDDIMvjZvGqtetB8agoxiDBCk9xp11lkuwQXW...
  • https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25
15 KB
15 KB
Document
General
Full URL
https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
131.226.234.72 Naperville, United States, ASN12213 (CYXTERA-CYXTERA-TECHNOLOGIES-INC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
da86837e8835c2c3a0cd557f297e0fa37dea3ebb33e44cf01f425a0c4a274695

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
private
content-length
15489
content-type
text/html; charset=utf-8
date
Fri, 28 Oct 2022 02:54:13 GMT
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET

Redirect headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Length
524
Content-Type
text/html
Date
Fri, 28 Oct 2022 02:54:12 GMT
Location
https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25
X-Robots-Tag
noindex
X-Xss-Protection
1; mode=block
bootstrap.min.css
sp01.netcrimson.com/css/
118 KB
119 KB
Stylesheet
General
Full URL
https://sp01.netcrimson.com/css/bootstrap.min.css
Requested by
Host: sp01.netcrimson.com
URL: https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
131.226.234.72 Naperville, United States, ASN12213 (CYXTERA-CYXTERA-TECHNOLOGIES-INC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
5a3d04065b97f90b944ef57c99fcc2614e96002413fcd9cfea6e0470d1308ea3

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 02:54:13 GMT
last-modified
Tue, 06 Sep 2022 18:37:17 GMT
server
Microsoft-IIS/10.0
etag
"faccdcb01fc2d81:0"
x-powered-by
ASP.NET
content-type
text/css
accept-ranges
bytes
content-length
121214
cleanid-v3.current.min.js
idsuite.navigatorsurveys.com/
39 KB
40 KB
Script
General
Full URL
https://idsuite.navigatorsurveys.com/cleanid-v3.current.min.js
Requested by
Host: sp01.netcrimson.com
URL: https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.250.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-250-50.sin52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
96ca80804641a210a4466e328b2d64fe3a4eaffc858954c43e99ef5cd3833c63

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp01.netcrimson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 04:51:04 GMT
via
1.1 2aabea8a9cbe7f03f67c33c45d1d592c.cloudfront.net (CloudFront)
last-modified
Wed, 28 Sep 2022 21:56:28 GMT
server
AmazonS3
x-amz-cf-pop
SIN52-C2
age
79397
etag
"c4cc46f415ac33706d17cc57c8d475d4"
vary
Origin
x-cache
Hit from cloudfront
content-type
application/x-javascript
accept-ranges
bytes
content-length
40323
x-amz-cf-id
kw5a4PAYR2f-dhFV1Y50Avy88VGg25cFdJ3DGw9CFj2Atrn-OqucZg==
json3.min.js
cdnjs.cloudflare.com/ajax/libs/json3/3.3.3/
8 KB
4 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/json3/3.3.3/json3.min.js
Requested by
Host: sp01.netcrimson.com
URL: https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.25.14 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33f4c412f7aa407b5d8882446871eaef30e8787036a91c1d42050c73cc3d1b36
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp01.netcrimson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 02:54:13 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=15780000
age
17748
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3268
last-modified
Mon, 04 May 2020 16:11:53 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec9-20de"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
761062b87f01a7ea-SYD
expires
Wed, 18 Oct 2023 02:54:13 GMT
modernizr-custom.js
sp01.netcrimson.com/Scripts/
53 KB
53 KB
Script
General
Full URL
https://sp01.netcrimson.com/Scripts/modernizr-custom.js
Requested by
Host: sp01.netcrimson.com
URL: https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
131.226.234.72 Naperville, United States, ASN12213 (CYXTERA-CYXTERA-TECHNOLOGIES-INC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
f0af30a4535a4cba3e24b8bdff8cf0bf11040127b05a1801af88f8d77ae4da97

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 02:54:13 GMT
last-modified
Tue, 06 Sep 2022 18:37:17 GMT
server
Microsoft-IIS/10.0
etag
"5957e9b01fc2d81:0"
x-powered-by
ASP.NET
content-type
application/javascript
accept-ranges
bytes
content-length
54419
detectizr.min.js
sp01.netcrimson.com/Scripts/
8 KB
8 KB
Script
General
Full URL
https://sp01.netcrimson.com/Scripts/detectizr.min.js
Requested by
Host: sp01.netcrimson.com
URL: https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
131.226.234.72 Naperville, United States, ASN12213 (CYXTERA-CYXTERA-TECHNOLOGIES-INC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
4eb5d699cb7020db9cc5517db67fade68ecdacde2069e3a836574a62d7b07e40

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 02:54:13 GMT
last-modified
Tue, 06 Sep 2022 18:37:17 GMT
server
Microsoft-IIS/10.0
etag
"2cd7e6b01fc2d81:0"
x-powered-by
ASP.NET
content-type
application/javascript
accept-ranges
bytes
content-length
8089
persist-min.js
sp01.netcrimson.com/Scripts/
9 KB
9 KB
Script
General
Full URL
https://sp01.netcrimson.com/Scripts/persist-min.js
Requested by
Host: sp01.netcrimson.com
URL: https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
131.226.234.72 Naperville, United States, ASN12213 (CYXTERA-CYXTERA-TECHNOLOGIES-INC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
97fa29df907369dd398d2d6218fff9f41a26322c26a009b7ce96655b995da744

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 02:54:13 GMT
last-modified
Tue, 06 Sep 2022 18:37:17 GMT
server
Microsoft-IIS/10.0
etag
"dede4b01fc2d81:0"
x-powered-by
ASP.NET
content-type
application/javascript
accept-ranges
bytes
content-length
9510
datasink.ashx
sp01.netcrimson.com/api/
5 KB
5 KB
Script
General
Full URL
https://sp01.netcrimson.com/api/datasink.ashx?proxy
Requested by
Host: sp01.netcrimson.com
URL: https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
131.226.234.72 Naperville, United States, ASN12213 (CYXTERA-CYXTERA-TECHNOLOGIES-INC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
768ba411e2c9e45f19e288b4dbe444d6b18ae46b37c93aa7efcdac22c6bda596

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 02:54:13 GMT
last-modified
Fri, 21 Oct 2022 20:01:15 GMT
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
content-type
text/javascript; charset=utf-8
cache-control
public
content-disposition
attachment; filename=DataSinkProxy.js
content-length
4737
js
www.googletagmanager.com/gtag/
109 KB
43 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-648355-2
Requested by
Host: sp01.netcrimson.com
URL: https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.10.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
9d7bdf03555d782b06ebd8460180c09b14258bed5acc098dce586ca76b472d60
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp01.netcrimson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 02:54:15 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43606
x-xss-protection
0
last-modified
Fri, 28 Oct 2022 00:17:40 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 28 Oct 2022 02:54:15 GMT
request.js
script.anura.io/
54 KB
20 KB
Script
General
Full URL
https://script.anura.io/request.js?instance=842046990&callback=IDSuite.anuraCallback&9218099518
Requested by
Host: idsuite.navigatorsurveys.com
URL: https://idsuite.navigatorsurveys.com/cleanid-v3.current.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.1.111.220 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-1-111-220.ap-southeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
befa1382aabfb62049c212ae018b47a284f298e1b3ab04a1d3a9d8565e3e0adf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp01.netcrimson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 28 Oct 2022 02:54:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
expires
Sun, 28 Dec 1980 18:57:00 EST
v3
openfpcdn.io/fingerprintjs/
33 KB
14 KB
Script
General
Full URL
https://openfpcdn.io/fingerprintjs/v3
Requested by
Host: sp01.netcrimson.com
URL: https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.84.251.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-84-251-34.sin5.r.cloudfront.net
Software
CloudFront /
Resource Hash
f531e3e24fb22510e9ff3d3e06f72e4837cfc10fc86e45f4a4059ddc8941669c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://sp01.netcrimson.com/
Origin
https://sp01.netcrimson.com
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 00:16:59 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-encoding
br
via
1.1 b95596d6887b20449c59c2fc9d141c4a.cloudfront.net (CloudFront)
x-amz-cf-pop
SIN5-C1
age
9436
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
server
CloudFront
etag
W/"ytrCq59jP2LQBUOoBOlh3iu3ykM"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=628594, s-maxage=10955
x-amz-cf-id
29l8DV7EC-HpWQXSxl5mR-fgovBuTFhZwdXqLAiDfhla2FD9RvIyUA==
orid.min.html
idsuite.navigatorsurveys.com/ Frame B625
793 B
1 KB
Document
General
Full URL
https://idsuite.navigatorsurveys.com/orid.min.html
Requested by
Host: idsuite.navigatorsurveys.com
URL: https://idsuite.navigatorsurveys.com/cleanid-v3.current.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.250.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-250-50.sin52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a70b6b0c23364446cc6edbb5b488b1d9124dde88aeb128174dae1b2018fc8024

Request headers

Referer
https://sp01.netcrimson.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

accept-ranges
bytes
age
60240
content-length
793
content-type
text/html
date
Thu, 27 Oct 2022 10:10:59 GMT
etag
"cb69550948c82c76210bc704121c8124"
last-modified
Tue, 02 Aug 2022 08:38:52 GMT
server
AmazonS3
vary
Origin
via
1.1 2aabea8a9cbe7f03f67c33c45d1d592c.cloudfront.net (CloudFront)
x-amz-cf-id
_O8YLMdHK-JirgPdaG6w6v9-fQtvRowW6xPO0DwVL5EYaVHkMjJjnQ==
x-amz-cf-pop
SIN52-C2
x-cache
Hit from cloudfront
datasink.ashx
sp01.netcrimson.com/api/
22 B
131 B
XHR
General
Full URL
https://sp01.netcrimson.com/api/datasink.ashx
Requested by
Host: sp01.netcrimson.com
URL: https://sp01.netcrimson.com/api/datasink.ashx?proxy
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
131.226.234.72 Naperville, United States, ASN12213 (CYXTERA-CYXTERA-TECHNOLOGIES-INC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
7f650557e190345d8b095801e3d2380904438f9b3e8c50783f5449f5b606e739

Request headers

Referer
https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25
accept-language
en-AU,en;q=0.9
X-JSON-RPC
recordStart
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 28 Oct 2022 02:54:14 GMT
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
content-type
application/json; charset=utf-8
cache-control
no-cache
content-length
22
expires
-1
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-648355-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.12.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f100.1e100.net
Software
Golfe2 /
Resource Hash
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp01.netcrimson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 28 Oct 2022 01:42:24 GMT
last-modified
Tue, 27 Sep 2022 22:01:05 GMT
server
Golfe2
age
4312
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20039
expires
Fri, 28 Oct 2022 03:42:24 GMT
showads.js
ads.anura.io/
0
351 B
XHR
General
Full URL
https://ads.anura.io/showads.js?899277656844
Requested by
Host: script.anura.io
URL: https://script.anura.io/request.js?instance=842046990&callback=IDSuite.anuraCallback&9218099518
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.227.254.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-227-254-82.sin52.r.cloudfront.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp01.netcrimson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 00:11:40 GMT
content-encoding
gzip
via
1.1 20bb709a751569d186bca51c132b4c86.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
SIN52-C3
age
9756
vary
Accept-Encoding
x-cache
Hit from cloudfront
access-control-allow-methods
GET
access-control-allow-origin
*
content-type
application/javascript; charset=utf-8
x-amz-cf-id
u6SgkBNavBVmkpEtZSj1MwbPQL1o1m8zgCWbE7rf5vUnaegG8GGH7w==
collect
www.google-analytics.com/j/
1 B
208 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1201901399&t=pageview&_s=1&dl=https%3A%2F%2Fsp01.netcrimson.com%2Fsurvey.aspx%3FSID9%3Ddc2xTl%252bflnL5YZKKhGQmig%253d%253d%26SAMP%3D25&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=501609290&gjid=1108480816&cid=433304845.1666925656&tid=UA-648355-2&_gid=1979171879.1666925656&_r=1&gtm=2ouaq0&z=2062137748
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.12.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f100.1e100.net
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://sp01.netcrimson.com/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 28 Oct 2022 02:54:16 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://sp01.netcrimson.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
response.json
script.anura.io/
146 B
482 B
XHR
General
Full URL
https://script.anura.io/response.json
Requested by
Host: script.anura.io
URL: https://script.anura.io/request.js?instance=842046990&callback=IDSuite.anuraCallback&9218099518
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.1.111.220 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-1-111-220.ap-southeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
2f2250a85053060fae87b44e42dfaae80b473309dab341fd501d26989068750f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://sp01.netcrimson.com/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Fri, 28 Oct 2022 02:54:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx
vary
Accept-Encoding
access-control-allow-methods
POST
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
expires
Sun, 28 Dec 1980 18:57:00 EST
cleanid
gateway.navigatorsurveys.com/
164 B
423 B
XHR
General
Full URL
https://gateway.navigatorsurveys.com/cleanid
Requested by
Host: idsuite.navigatorsurveys.com
URL: https://idsuite.navigatorsurveys.com/cleanid-v3.current.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.116.139.171 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-116-139-171.us-east-2.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://sp01.netcrimson.com/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 28 Oct 2022 02:54:18 GMT
x-amzn-requestid
2d5ec49c-aac7-4865-8a89-07c9500a2189
x-amzn-trace-id
Root=1-635b445a-7bc1212250339201446ffd4c;Sampled=1
access-control-allow-methods
*
content-type
application/json
access-control-allow-origin
*
x-amz-apigw-id
aseeJE24iYcFSzA=
content-length
164
access-control-allow-headers
*
datasink.ashx
sp01.netcrimson.com/api/
22 B
82 B
XHR
General
Full URL
https://sp01.netcrimson.com/api/datasink.ashx
Requested by
Host: sp01.netcrimson.com
URL: https://sp01.netcrimson.com/api/datasink.ashx?proxy
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
131.226.234.72 Naperville, United States, ASN12213 (CYXTERA-CYXTERA-TECHNOLOGIES-INC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash

Request headers

Referer
https://sp01.netcrimson.com/survey.aspx?SID9=dc2xTl%2bflnL5YZKKhGQmig%3d%3d&SAMP=25
accept-language
en-AU,en;q=0.9
X-JSON-RPC
cleanIDInsert
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 28 Oct 2022 02:54:18 GMT
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
content-type
application/json; charset=utf-8
cache-control
no-cache
content-length
22
expires
-1
Primary Request mrIWeb.dll
sp02.netcrimson.com/mrIWeb/
6 KB
6 KB
Document
General
Full URL
https://sp02.netcrimson.com/mrIWeb/mrIWeb.dll
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
131.226.234.72 Naperville, United States, ASN12213 (CYXTERA-CYXTERA-TECHNOLOGIES-INC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
0719dd364771da740e82e5223b86e0c9be389d75022f0597d434a05196f04ab3

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://sp01.netcrimson.com
Referer
https://sp01.netcrimson.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

content-length
6581
content-type
text/html; charset=utf-8
date
Fri, 28 Oct 2022 02:54:18 GMT
expires
-1
pragma
no-cache
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
jquery-3.6.0.js
s3.amazonaws.com/s3.netcrimson.com/Template2022/js/
297 KB
298 KB
Script
General
Full URL
https://s3.amazonaws.com/s3.netcrimson.com/Template2022/js/jquery-3.6.0.js
Requested by
Host: sp02.netcrimson.com
URL: https://sp02.netcrimson.com/mrIWeb/mrIWeb.dll
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.169.85 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d841f4b6e4086f93e8f420b602fa9852087575a2094acde586bf79f444a12485

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp02.netcrimson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 28 Oct 2022 02:54:21 GMT
Last-Modified
Fri, 25 Feb 2022 18:24:26 GMT
Server
AmazonS3
x-amz-request-id
H91G1Y6AN91Z8XCA
ETag
"d7a5cbf0093c2d9ec81ba2d05f585ed7"
x-amz-meta-cb-modifiedtime
Fri, 25 Feb 2022 18:24:13 GMT
Content-Type
application/x-javascript
Accept-Ranges
bytes
Content-Length
304636
x-amz-id-2
uKRCfJD3UajG0fURNNHFvb4zCukOJgnhTyZPiRTSPYzTRsYp9r+twraZTL4Kj/JcVGSh7Y5qSnA=
AutoAnswer.js
s3.amazonaws.com/s3.netcrimson.com/Template2022/js/
4 KB
4 KB
Script
General
Full URL
https://s3.amazonaws.com/s3.netcrimson.com/Template2022/js/AutoAnswer.js
Requested by
Host: sp02.netcrimson.com
URL: https://sp02.netcrimson.com/mrIWeb/mrIWeb.dll
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.169.85 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
eac93f84cc6d1130ae8dac00b1635ed657c315fa09b96674e262b243a85f23f6

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp02.netcrimson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 28 Oct 2022 02:54:21 GMT
Last-Modified
Fri, 22 Jul 2022 21:14:06 GMT
Server
AmazonS3
x-amz-request-id
H91QW7E36YR24JH9
ETag
"446caddfbddc0b40971b37d47d133c1c"
x-amz-meta-cb-modifiedtime
Fri, 22 Jul 2022 21:12:55 GMT
Content-Type
application/x-javascript
Accept-Ranges
bytes
Content-Length
4160
x-amz-id-2
T2Xxt1k6QcpzA9ee40tOAEiEdDRPf77NQ2mQ2oEvK7FPZycHEqS557RJoAZgJPeXLeYxIPndfLA=
Tweaks.js
s3.amazonaws.com/s3.netcrimson.com/Template2022/js/
5 KB
6 KB
Script
General
Full URL
https://s3.amazonaws.com/s3.netcrimson.com/Template2022/js/Tweaks.js
Requested by
Host: sp02.netcrimson.com
URL: https://sp02.netcrimson.com/mrIWeb/mrIWeb.dll
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.169.85 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1ae8be86ef8fe99de12e68f61783874284681ad2e34bb7cd478a49f41dd73e7f

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp02.netcrimson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 28 Oct 2022 02:54:22 GMT
Last-Modified
Thu, 02 Jun 2022 20:25:33 GMT
Server
AmazonS3
x-amz-request-id
T2K5QN7QNFKFJT7P
ETag
"ee1eb54f3d08044e12cf5fa9eb5136c5"
x-amz-meta-cb-modifiedtime
Thu, 02 Jun 2022 20:25:25 GMT
Content-Type
application/x-javascript
Accept-Ranges
bytes
Content-Length
5326
x-amz-id-2
3rpqoRf1CR9M6lhZ6vnuMBACkk5lolseIsoVHQpqGuhLLc/cveJq3/jMzE+qBT0LGXD9el5tENM=
original_jquery.js
s3.amazonaws.com/s3.netcrimson.com/Template2022/js/
28 KB
28 KB
Script
General
Full URL
https://s3.amazonaws.com/s3.netcrimson.com/Template2022/js/original_jquery.js
Requested by
Host: sp02.netcrimson.com
URL: https://sp02.netcrimson.com/mrIWeb/mrIWeb.dll
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.169.85 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0050f264acc18a434f540556a6cfaa6ebfb27b94b1af0eacf84784ca0e39fb73

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp02.netcrimson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 28 Oct 2022 02:54:22 GMT
Last-Modified
Thu, 21 Jul 2022 22:30:38 GMT
Server
AmazonS3
x-amz-request-id
T2K3ET2D4KNFH0EK
ETag
"5c7d1719f21104ea1e46eb67ff6a3c1c"
x-amz-meta-cb-modifiedtime
Thu, 21 Jul 2022 22:29:17 GMT
Content-Type
application/x-javascript
Accept-Ranges
bytes
Content-Length
28275
x-amz-id-2
Obp1INTaqER46wXy7PWf6i6tuR7VdOuH8gZEXCQfWZOSnG9AYWRuQhOU8WFCJs/eq66bZJlLwSE=
SurveyHelpLink.js
s3.amazonaws.com/s3.netcrimson.com/Template2022/js/
1 KB
2 KB
Script
General
Full URL
https://s3.amazonaws.com/s3.netcrimson.com/Template2022/js/SurveyHelpLink.js
Requested by
Host: sp02.netcrimson.com
URL: https://sp02.netcrimson.com/mrIWeb/mrIWeb.dll
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.169.85 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
db0c1069f51715c0c14213d4f22fa86dd1973ee29ff6d91702404b7180208b72

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp02.netcrimson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 28 Oct 2022 02:54:22 GMT
Last-Modified
Tue, 30 Aug 2022 02:02:13 GMT
Server
AmazonS3
x-amz-request-id
T2K2Z3DZRBEWSRS6
ETag
"4c89ff651d065b0b7f42e26a08d87dc8"
x-amz-meta-cb-modifiedtime
Tue, 30 Aug 2022 02:01:16 GMT
Content-Type
application/x-javascript
Accept-Ranges
bytes
Content-Length
1327
x-amz-id-2
mkwoD+8xt0QAlIygjipxXhiQg1KPzBPm4/qc/B9Y3jxQI1L0EjvyxTvh+kRcfOFOabMqyy6slvs=
font-awesome.css
s3.amazonaws.com/s3.netcrimson.com/Template2017/font-awesome-4.7.0/css/
37 KB
37 KB
Stylesheet
General
Full URL
https://s3.amazonaws.com/s3.netcrimson.com/Template2017/font-awesome-4.7.0/css/font-awesome.css
Requested by
Host: sp02.netcrimson.com
URL: https://sp02.netcrimson.com/mrIWeb/mrIWeb.dll
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.169.85 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp02.netcrimson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 28 Oct 2022 02:54:21 GMT
Last-Modified
Mon, 06 Feb 2017 22:53:34 GMT
Server
AmazonS3
x-amz-request-id
H91HS03CG0WWKJX1
ETag
"c495654869785bc3df60216616814ad1"
x-amz-meta-cb-modifiedtime
Mon, 06 Feb 2017 22:51:59 GMT
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
37414
x-amz-id-2
XSQjyrSIaCcqe3+cskce9zQ9/82KfxfzhG+ol3C2wNBTMCbzHsqgnSnIwweSSrRJ1EgoNITh8V4=
original_css.css
s3.amazonaws.com/s3.netcrimson.com/Template2022/css/
12 KB
13 KB
Stylesheet
General
Full URL
https://s3.amazonaws.com/s3.netcrimson.com/Template2022/css/original_css.css
Requested by
Host: sp02.netcrimson.com
URL: https://sp02.netcrimson.com/mrIWeb/mrIWeb.dll
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.169.85 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b4b74414f1c3ff03e9ec18d03c83d204b83cc9d1889741f73d9adf67781744db

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp02.netcrimson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 28 Oct 2022 02:54:21 GMT
Last-Modified
Fri, 30 Sep 2022 17:03:50 GMT
Server
AmazonS3
x-amz-request-id
H91GY4CZT0YPXTMX
ETag
"9648b1807eb8c08c2a5234814d0c31fe"
x-amz-meta-cb-modifiedtime
Fri, 30 Sep 2022 16:50:32 GMT
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
12558
x-amz-id-2
wJz6afUSB6NrPY8ersB+j/HmCQmD+Pi+Nm6rBW0G5AihM0YeqXOC+1vQJnEswW9UYIxJts7ZDpc=
sweetalert.min.js
s3.amazonaws.com/s3.netcrimson.com/Template2017/sweetalert/
28 KB
28 KB
Script
General
Full URL
https://s3.amazonaws.com/s3.netcrimson.com/Template2017/sweetalert/sweetalert.min.js
Requested by
Host: sp02.netcrimson.com
URL: https://sp02.netcrimson.com/mrIWeb/mrIWeb.dll
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.169.85 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f8650899e301249bd1e5bc6d93f1cae896f8a9d735960cb0a745059d7f0ea3b2

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp02.netcrimson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 28 Oct 2022 02:54:22 GMT
Last-Modified
Tue, 07 Feb 2017 22:51:55 GMT
Server
AmazonS3
x-amz-request-id
T2K0PCY4GC1EFQFC
ETag
"c6eea1759dd05d3bb9ddfb74dbb75171"
x-amz-meta-cb-modifiedtime
Tue, 07 Feb 2017 22:51:48 GMT
Content-Type
application/x-javascript
Accept-Ranges
bytes
Content-Length
28531
x-amz-id-2
T7/X5vVsO2umsIdiXudrgkv+WpPbE2pQJuO1x/2l1hApnyKRuBZVJVI7F4L7Nv+IrKP3YMkdCAU=
sweetalert.css
s3.amazonaws.com/s3.netcrimson.com/Template2017/sweetalert/
23 KB
23 KB
Stylesheet
General
Full URL
https://s3.amazonaws.com/s3.netcrimson.com/Template2017/sweetalert/sweetalert.css
Requested by
Host: sp02.netcrimson.com
URL: https://sp02.netcrimson.com/mrIWeb/mrIWeb.dll
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.169.85 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7216ca6ae467afc41e058c62f3231df0c1c47876621daa091261adb5574b1a30

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp02.netcrimson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 28 Oct 2022 02:54:21 GMT
Last-Modified
Thu, 09 Feb 2017 17:50:34 GMT
Server
AmazonS3
x-amz-request-id
H91QCPMGH8ZTY7DH
ETag
"fc7286f6ee42ec046c6d154b68cfcfd7"
x-amz-meta-cb-modifiedtime
Thu, 09 Feb 2017 17:50:31 GMT
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
23297
x-amz-id-2
052qPu+AqHyUiYm2fWPFqRPva9n8UDLSxh5xFJ5v17nKRyloUvmokrrd00N1QvP02iMDFfvFW3o=
lightbox.min.js
s3.amazonaws.com/s3.netcrimson.com/Template2017/js/
9 KB
10 KB
Script
General
Full URL
https://s3.amazonaws.com/s3.netcrimson.com/Template2017/js/lightbox.min.js
Requested by
Host: sp02.netcrimson.com
URL: https://sp02.netcrimson.com/mrIWeb/mrIWeb.dll
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.169.85 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f6bec31e895f7b96a81fe6d48f8144a9106adad99a21707139851915a9428d21

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp02.netcrimson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 28 Oct 2022 02:54:22 GMT
Last-Modified
Fri, 16 Jun 2017 15:52:17 GMT
Server
AmazonS3
x-amz-request-id
T2K47FJ982XGXRT5
ETag
"d1b2d54f5f160c52d406faf162c46d94"
x-amz-meta-cb-modifiedtime
Fri, 16 Jun 2017 15:46:37 GMT
Content-Type
application/x-javascript
Accept-Ranges
bytes
Content-Length
9372
x-amz-id-2
B8EugJR4X47JVixQOSt1XdH+kuuUZ4jVUuGPm7QQcCXALLEChyLIbRLwBmnJOHfo1rlQvBLiRbw=
lightbox.css
s3.amazonaws.com/s3.netcrimson.com/Template2017/css/
5 KB
5 KB
Stylesheet
General
Full URL
https://s3.amazonaws.com/s3.netcrimson.com/Template2017/css/lightbox.css
Requested by
Host: sp02.netcrimson.com
URL: https://sp02.netcrimson.com/mrIWeb/mrIWeb.dll
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.169.85 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7672069e64c9fcb3cdb19ad4075e7fc214c7e5760908d5063a4e413e0d199a45

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp02.netcrimson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 28 Oct 2022 02:54:21 GMT
Last-Modified
Thu, 26 Apr 2018 16:03:28 GMT
Server
AmazonS3
x-amz-request-id
H91VS3YYV11K5QP3
ETag
"39194feea215302bfd874c38d68a7aff"
x-amz-meta-cb-modifiedtime
Thu, 26 Apr 2018 16:03:24 GMT
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
4630
x-amz-id-2
hkiHBJAmTfE8YvBuMgNj5JqUiLQFnG49tmJFwcThkcyWc8GqDWCQSU+FOu0k/W9KK7myHGKoWe8=
Smallplus.png
s3.amazonaws.com/s3.netcrimson.com/Template2022/backgroundImage/
1 KB
2 KB
Image
General
Full URL
https://s3.amazonaws.com/s3.netcrimson.com/Template2022/backgroundImage/Smallplus.png
Requested by
Host: sp02.netcrimson.com
URL: https://sp02.netcrimson.com/mrIWeb/mrIWeb.dll
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.169.85 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
700bc56030dbb93da0d1a7d3b99be57021f58fb0ead1e0759f6ac31a64257e4c

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp02.netcrimson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 28 Oct 2022 02:54:22 GMT
Last-Modified
Fri, 08 Apr 2022 19:20:55 GMT
Server
AmazonS3
x-amz-request-id
T2K1HWZED55CD220
ETag
"ea0e7c705f79cb6590c89a71d4314782"
x-amz-meta-cb-modifiedtime
Fri, 08 Apr 2022 19:20:47 GMT
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
1476
x-amz-id-2
zcpsiuvasoDNxb5SA97G/dOhvlW2r3y+dBfmmkf0rmLOur/t0CFfJONVdpTGLTI0XCHnr9cT214=
logo_white.png
s3.amazonaws.com/s3.netcrimson.com/Template2017/images/
1 KB
2 KB
Image
General
Full URL
https://s3.amazonaws.com/s3.netcrimson.com/Template2017/images/logo_white.png
Requested by
Host: sp02.netcrimson.com
URL: https://sp02.netcrimson.com/mrIWeb/mrIWeb.dll
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.169.85 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
063581fbbe1a009c75d5a80d34edff29c7321b24aab9c7b161337eb14ff5e8e1

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp02.netcrimson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 28 Oct 2022 02:54:23 GMT
Last-Modified
Tue, 28 Feb 2017 22:28:21 GMT
Server
AmazonS3
x-amz-request-id
99TV6TD115K0XR1Y
ETag
"cd05467febf3674fbef33d2022f25ac1"
x-amz-meta-cb-modifiedtime
Tue, 28 Feb 2017 22:27:42 GMT
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
1165
x-amz-id-2
OLDAgziYYB8eoU+Ue23ls393WDbqO20t7X+s68Hj/FXkcwuo4V3D07BisWh0WkA+pJqwKjuVQZA=
CRLogoFadedHalfPintWidth.png
s3.amazonaws.com/s3.netcrimson.com/Template2022/backgroundImage/
2 KB
3 KB
Image
General
Full URL
https://s3.amazonaws.com/s3.netcrimson.com/Template2022/backgroundImage/CRLogoFadedHalfPintWidth.png
Requested by
Host: sp02.netcrimson.com
URL: https://sp02.netcrimson.com/mrIWeb/mrIWeb.dll
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.169.85 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e6ce8f8061f409356cdfd434e3ee77524788025e31f0dc6ae0a036733aa49ca5

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://sp02.netcrimson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 28 Oct 2022 02:54:23 GMT
Last-Modified
Tue, 10 May 2022 17:51:07 GMT
Server
AmazonS3
x-amz-request-id
99TW93T4E7VT6J5C
ETag
"317271b8a82f52ad2c78f836d6198a3a"
x-amz-meta-cb-modifiedtime
Tue, 10 May 2022 17:50:28 GMT
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
2559
x-amz-id-2
FwH+ztVoEH3hKbthMNjSJs3ntA6NEE9i2U43ao6T3ela7AuffCXclvyxWjtqlbj4JjEk0EbmsMA=
next_icon.png
s3.amazonaws.com/s3.netcrimson.com/Template2022/
35 KB
0
Image
General
Full URL
https://s3.amazonaws.com/s3.netcrimson.com/Template2022/next_icon.png
Requested by
Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/s3.netcrimson.com/Template2022/css/original_css.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.169.85 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://s3.amazonaws.com/s3.netcrimson.com/Template2022/css/original_css.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 28 Oct 2022 02:54:23 GMT
Last-Modified
Thu, 17 Mar 2022 21:58:04 GMT
Server
AmazonS3
x-amz-request-id
99TNZY04XM5YBY2A
ETag
"397d2ce4681c19c0c06b74719e2685dc"
x-amz-meta-cb-modifiedtime
Thu, 17 Mar 2022 21:57:50 GMT
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
46592
x-amz-id-2
5ROYliDILzOYF1BmjJc05/7l4OUUd2KXgjt1y758DdBCBu1eL4gddbdAyCIB2A2OHgEEXO/QnaM=
fontawesome-webfont.woff2
s3.amazonaws.com/s3.netcrimson.com/Template2017/font-awesome-4.7.0/fonts/
0
0

prev.png
s3.amazonaws.com/s3.netcrimson.com/Template2017/css/Lightbox_images/
0
0

next.png
s3.amazonaws.com/s3.netcrimson.com/Template2017/css/Lightbox_images/
0
0

loading.gif
s3.amazonaws.com/s3.netcrimson.com/Template2017/css/Lightbox_images/
0
0

close.png
s3.amazonaws.com/s3.netcrimson.com/Template2017/css/Lightbox_images/
0
0

truncated
/
43 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/gif

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
s3.amazonaws.com
URL
https://s3.amazonaws.com/s3.netcrimson.com/Template2017/font-awesome-4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Domain
s3.amazonaws.com
URL
https://s3.amazonaws.com/s3.netcrimson.com/Template2017/css/Lightbox_images/prev.png
Domain
s3.amazonaws.com
URL
https://s3.amazonaws.com/s3.netcrimson.com/Template2017/css/Lightbox_images/next.png
Domain
s3.amazonaws.com
URL
https://s3.amazonaws.com/s3.netcrimson.com/Template2017/css/Lightbox_images/loading.gif
Domain
s3.amazonaws.com
URL
https://s3.amazonaws.com/s3.netcrimson.com/Template2017/css/Lightbox_images/close.png

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation

4 Cookies

Domain/Path Name / Value
.netcrimson.com/ Name: DGID
Value: fp%245def2299140ae31d720d9c1c4907b995
.netcrimson.com/ Name: _ga
Value: GA1.2.433304845.1666925656
.netcrimson.com/ Name: _gid
Value: GA1.2.1979171879.1666925656
.netcrimson.com/ Name: _gat_gtag_UA_648355_2
Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.anura.io
cdnjs.cloudflare.com
email.rodanandfields.com
gateway.navigatorsurveys.com
idsuite.navigatorsurveys.com
openfpcdn.io
s3.amazonaws.com
script.anura.io
sp01.netcrimson.com
sp02.netcrimson.com
www.google-analytics.com
www.googletagmanager.com
s3.amazonaws.com
104.17.25.14
13.224.250.50
13.227.254.82
131.226.234.72
142.251.10.97
142.251.12.100
18.116.139.171
3.1.111.220
34.127.83.42
52.216.169.85
52.84.251.34
0050f264acc18a434f540556a6cfaa6ebfb27b94b1af0eacf84784ca0e39fb73
063581fbbe1a009c75d5a80d34edff29c7321b24aab9c7b161337eb14ff5e8e1
0719dd364771da740e82e5223b86e0c9be389d75022f0597d434a05196f04ab3
1ae8be86ef8fe99de12e68f61783874284681ad2e34bb7cd478a49f41dd73e7f
2f2250a85053060fae87b44e42dfaae80b473309dab341fd501d26989068750f
33f4c412f7aa407b5d8882446871eaef30e8787036a91c1d42050c73cc3d1b36
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
4eb5d699cb7020db9cc5517db67fade68ecdacde2069e3a836574a62d7b07e40
5a3d04065b97f90b944ef57c99fcc2614e96002413fcd9cfea6e0470d1308ea3
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
700bc56030dbb93da0d1a7d3b99be57021f58fb0ead1e0759f6ac31a64257e4c
7216ca6ae467afc41e058c62f3231df0c1c47876621daa091261adb5574b1a30
7672069e64c9fcb3cdb19ad4075e7fc214c7e5760908d5063a4e413e0d199a45
768ba411e2c9e45f19e288b4dbe444d6b18ae46b37c93aa7efcdac22c6bda596
7f650557e190345d8b095801e3d2380904438f9b3e8c50783f5449f5b606e739
96ca80804641a210a4466e328b2d64fe3a4eaffc858954c43e99ef5cd3833c63
97fa29df907369dd398d2d6218fff9f41a26322c26a009b7ce96655b995da744
9d7bdf03555d782b06ebd8460180c09b14258bed5acc098dce586ca76b472d60
a70b6b0c23364446cc6edbb5b488b1d9124dde88aeb128174dae1b2018fc8024
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b4b74414f1c3ff03e9ec18d03c83d204b83cc9d1889741f73d9adf67781744db
befa1382aabfb62049c212ae018b47a284f298e1b3ab04a1d3a9d8565e3e0adf
d841f4b6e4086f93e8f420b602fa9852087575a2094acde586bf79f444a12485
da86837e8835c2c3a0cd557f297e0fa37dea3ebb33e44cf01f425a0c4a274695
db0c1069f51715c0c14213d4f22fa86dd1973ee29ff6d91702404b7180208b72
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6ce8f8061f409356cdfd434e3ee77524788025e31f0dc6ae0a036733aa49ca5
eac93f84cc6d1130ae8dac00b1635ed657c315fa09b96674e262b243a85f23f6
f0af30a4535a4cba3e24b8bdff8cf0bf11040127b05a1801af88f8d77ae4da97
f531e3e24fb22510e9ff3d3e06f72e4837cfc10fc86e45f4a4059ddc8941669c
f6bec31e895f7b96a81fe6d48f8144a9106adad99a21707139851915a9428d21
f8650899e301249bd1e5bc6d93f1cae896f8a9d735960cb0a745059d7f0ea3b2