urlscan.io logo urlscan.io
SecurityTrails logo

trk-ca.xiyfi.com Open in urlscan Pro
2606:4700:3032::ac43:b386  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://storage.googleapis.com/ofwego/Shawpay.html
Effective URL: https://trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&sl1=bf7769d3-ed4f-cf...
Submission: On December 15 via api from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 2 countries across 6 domains to perform 24 HTTP transactions. The main IP is 2606:4700:3032::ac43:b386, located in United States and belongs to CLOUDFLARENET, US. The main domain is trk-ca.xiyfi.com.
TLS certificate: Issued by GTS CA 1P5 on November 9th 2022. Valid for: 3 months.
This is the only time trk-ca.xiyfi.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    2607:f8b0:4006:80d::2010 (Nutley, United States)

ASN15169 (GOOGLE, US)
storage.googleapis.com
1    57.128.37.220 (France)

ASN16276 (OVH, FR)
www.deals2cantia.com
1    2606:4700:3032::6815:2b30 (United States)

ASN13335 (CLOUDFLARENET, US)
trk.kryru.com
14    2606:4700:3032::ac43:b386 (United States)

ASN13335 (CLOUDFLARENET, US)
trk-ca.xiyfi.com
cdn-ca.xiyfi.com
1    2607:f8b0:4006:808::200a (Nutley, United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2607:f8b0:4006:809::200a (Nutley, United States)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    2607:f8b0:4006:823::2003 (Nutley, United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
6    2606:4700:3033::6815:2b7e (United States)

ASN13335 (CLOUDFLARENET, US)
trk.xiyfi.com
Apex Domain
Subdomains		 Transfer
20 xiyfi.com
trk-ca.xiyfi.com
cdn-ca.xiyfi.com
trk.xiyfi.com
204 KB
3 googleapis.com
storage.googleapis.com — Cisco Umbrella Rank: 415
fonts.googleapis.com — Cisco Umbrella Rank: 37
ajax.googleapis.com — Cisco Umbrella Rank: 304
32 KB
2 gstatic.com
fonts.gstatic.com
16 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 211
5 KB
1 kryru.com
trk.kryru.com
730 B
1 deals2cantia.com
www.deals2cantia.com
614 B
24 6
Domain Requested by
10 cdn-ca.xiyfi.com trk-ca.xiyfi.com
6 trk.xiyfi.com cdn-ca.xiyfi.com
4 trk-ca.xiyfi.com 2 redirects trk-ca.xiyfi.com
2 fonts.gstatic.com fonts.googleapis.com
1 cdnjs.cloudflare.com trk-ca.xiyfi.com
1 ajax.googleapis.com trk-ca.xiyfi.com
1 fonts.googleapis.com trk-ca.xiyfi.com
1 trk.kryru.com 1 redirects
1 www.deals2cantia.com 1 redirects
1 storage.googleapis.com
24 10

This site contains links to these domains. Also see Links.

Domain
wow-deals.co.uk
Subject Issuer Validity Valid
storage.googleapis.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
*.xiyfi.com
GTS CA 1P5		 2022-11-09 -
2023-02-07		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&sl1=bf7769d3-ed4f-cfd7-a6d3-f6498f03514a&sl2=DvaRyS7v&sl3=0XYyDzmB&sl4=NDqASAci&rc=R-CT-P-SC&pl=742166685&pc_session_id=qhlmmj6nj60hbb5pmju7949753-52745&sid=qhlmmj6nj60hbb5pmju7949753-52745&pc_synd_id=shw_wow_ca_a1_sh387_pp_biz&partner=shw_wow_ca_a1_sh387_pp_biz&prelander=1
Frame ID: 5DA7795703AF4ECD13E219D592B13161
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

WOW Deals

Page URL History Show full URLs

  1. https://storage.googleapis.com/ofwego/Shawpay.html Page URL
  2. https://www.deals2cantia.com/3D8WB7M/213FHH8G/ HTTP 302
    https://trk.kryru.com/a59589d6-daf5-ca5d-f243-85d98df7ed9a/?transaction_id=87a4e7557fa84a73ba7646e... HTTP 302
    https://trk-ca.xiyfi.com/campaign/64237ee91717c16036b1f8f842b1341cf0244639?transaction_id=87a4e7557fa... HTTP 302
    https://trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&... HTTP 302
    https://trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

24
Requests

100 %
HTTPS

89 %
IPv6

6
Domains

10
Subdomains

7
IPs

2
Countries

256 kB
Transfer

348 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://storage.googleapis.com/ofwego/Shawpay.html Page URL
  2. https://www.deals2cantia.com/3D8WB7M/213FHH8G/ HTTP 302
    https://trk.kryru.com/a59589d6-daf5-ca5d-f243-85d98df7ed9a/?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&aff_sub= HTTP 302
    https://trk-ca.xiyfi.com/campaign/64237ee91717c16036b1f8f842b1341cf0244639?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&aff_sub=&sl1=bf7769d3-ed4f-cfd7-a6d3-f6498f03514a&sl2=DvaRyS7v&sl3=0XYyDzmB&sl4=NDqASAci HTTP 302
    https://trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&sl1=bf7769d3-ed4f-cfd7-a6d3-f6498f03514a&sl2=DvaRyS7v&sl3=0XYyDzmB&sl4=NDqASAci&rc=R-CT-P-SC&pl=742166685&pc_session_id=qhlmmj6nj60hbb5pmju7949753-52745&sid=qhlmmj6nj60hbb5pmju7949753-52745&pc_synd_id=shw_wow_ca_a1_sh387_pp_biz&partner=shw_wow_ca_a1_sh387_pp_biz HTTP 302
    https://trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&sl1=bf7769d3-ed4f-cfd7-a6d3-f6498f03514a&sl2=DvaRyS7v&sl3=0XYyDzmB&sl4=NDqASAci&rc=R-CT-P-SC&pl=742166685&pc_session_id=qhlmmj6nj60hbb5pmju7949753-52745&sid=qhlmmj6nj60hbb5pmju7949753-52745&pc_synd_id=shw_wow_ca_a1_sh387_pp_biz&partner=shw_wow_ca_a1_sh387_pp_biz&prelander=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Shawpay.html
storage.googleapis.com/ofwego/ 		90 B
676 B 		Document
General
Check archive.org
Download Go to
Full URL
https://storage.googleapis.com/ofwego/Shawpay.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2010 Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=3600
content-length
90
content-type
text/html
date
Thu, 15 Dec 2022 22:01:03 GMT
etag
"4e182d2198e313bfef4ca4f15cd34c0c"
expires
Thu, 15 Dec 2022 23:01:03 GMT
last-modified
Fri, 09 Dec 2022 17:07:24 GMT
server
UploadServer
x-goog-generation
1670605644134469
x-goog-hash
crc32c=alrX0w== md5=ThgtIZjjE7/vTKTxXNNMDA==
x-goog-metageneration
1
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
90
x-guploader-uploadid
ADPycduz0vpwjZ556pUoakwH6AHTYCSa7vZiWdpfdsj8BUmdyumyv_Sh_b3n8rE9-71UjxwPFAdFOOVTepgeApJ3OU-817KJycxS
Primary Request loader_only.php
trk-ca.xiyfi.com/
Redirect Chain
  • https://www.deals2cantia.com/3D8WB7M/213FHH8G/
  • https://trk.kryru.com/a59589d6-daf5-ca5d-f243-85d98df7ed9a/?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&aff_sub=
  • https://trk-ca.xiyfi.com/campaign/64237ee91717c16036b1f8f842b1341cf0244639?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&aff_sub=&sl1=bf7769d3-ed4f-cfd7-a6d3-f6498f03514a&sl2=DvaRyS7v...
  • https://trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&sl1=bf7769d3-ed4f-cfd7-a6d3-f6498f03514a&sl2=DvaRyS7v&sl3=0XYyDzmB&sl4=NDqASAci&rc=R-CT-P-SC&pl=...
  • https://trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&sl1=bf7769d3-ed4f-cfd7-a6d3-f6498f03514a&sl2=DvaRyS7v&sl3=0XYyDzmB&sl4=NDqASAci&rc=R-CT-P-SC&pl=...
21 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&sl1=bf7769d3-ed4f-cfd7-a6d3-f6498f03514a&sl2=DvaRyS7v&sl3=0XYyDzmB&sl4=NDqASAci&rc=R-CT-P-SC&pl=742166685&pc_session_id=qhlmmj6nj60hbb5pmju7949753-52745&sid=qhlmmj6nj60hbb5pmju7949753-52745&pc_synd_id=shw_wow_ca_a1_sh387_pp_biz&partner=shw_wow_ca_a1_sh387_pp_biz&prelander=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:b386 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.4.16
Resource Hash
abba966c6fac7a3598e3522f10e2742eb0ce0689d7d9dd3ec7d9e41b3b583440

Request headers

Referer
https://storage.googleapis.com/ofwego/Shawpay.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status
DYNAMIC
cf-ray
77a274b5a9e5f005-EWR
content-encoding
br
content-type
text/html
date
Thu, 15 Dec 2022 22:01:06 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fH8x4wOYtf%2BG%2B0gwlJ3FlUe9DKDu80pZsE7SnoaEXEnTML%2F%2B%2Fxb5hQuuNZNAydd6qMM74hLvrQialq3MmQ%2BkZkwBig61iTwBRqbPXGknCZ1GaS%2FDopubIIo%2Fkzw%2BlDn8jmkKAelrGFQdUV1o5etT"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/5.4.16

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status
DYNAMIC
cf-ray
77a274b4ba2c8c5d-EWR
content-type
text/html
date
Thu, 15 Dec 2022 22:01:06 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
//trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&sl1=bf7769d3-ed4f-cfd7-a6d3-f6498f03514a&sl2=DvaRyS7v&sl3=0XYyDzmB&sl4=NDqASAci&rc=R-CT-P-SC&pl=742166685&pc_session_id=qhlmmj6nj60hbb5pmju7949753-52745&sid=qhlmmj6nj60hbb5pmju7949753-52745&pc_synd_id=shw_wow_ca_a1_sh387_pp_biz&partner=shw_wow_ca_a1_sh387_pp_biz&prelander=1
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UMoOcDP%2BlTYb%2BJn9KyzhuPGZvoXx3bXfONV3%2Fh7FMgEgAjIPYc7nSn55gzVpfpf%2BXL1CCc%2B4pfZHJKEFW7o2wmLrKx%2BuAnC5Sy%2BdUmfrUJP2EiGRey%2FidULmeoaEn0XQBOMs6csezHeGnJOu7Ww6"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/5.4.16
css2
fonts.googleapis.com/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Poppins:wght@100;200;300;400;500;600;700;800;900&display=swap
Requested by
Host: trk-ca.xiyfi.com
URL: https://trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&sl1=bf7769d3-ed4f-cfd7-a6d3-f6498f03514a&sl2=DvaRyS7v&sl3=0XYyDzmB&sl4=NDqASAci&rc=R-CT-P-SC&pl=742166685&pc_session_id=qhlmmj6nj60hbb5pmju7949753-52745&sid=qhlmmj6nj60hbb5pmju7949753-52745&pc_synd_id=shw_wow_ca_a1_sh387_pp_biz&partner=shw_wow_ca_a1_sh387_pp_biz&prelander=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:808::200a Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a88ee13d2e82bd99ff8c5ac3c2cd52d3a4175f9121e48e30b1683bb80684b711
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://trk-ca.xiyfi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 15 Dec 2022 22:01:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 15 Dec 2022 20:43:45 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 15 Dec 2022 22:01:06 GMT
clock.svg
cdn-ca.xiyfi.com/prelanders/uk/amz/loyalty/img/ 		1 KB
951 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-ca.xiyfi.com/prelanders/uk/amz/loyalty/img/clock.svg
Requested by
Host: trk-ca.xiyfi.com
URL: https://trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&sl1=bf7769d3-ed4f-cfd7-a6d3-f6498f03514a&sl2=DvaRyS7v&sl3=0XYyDzmB&sl4=NDqASAci&rc=R-CT-P-SC&pl=742166685&pc_session_id=qhlmmj6nj60hbb5pmju7949753-52745&sid=qhlmmj6nj60hbb5pmju7949753-52745&pc_synd_id=shw_wow_ca_a1_sh387_pp_biz&partner=shw_wow_ca_a1_sh387_pp_biz&prelander=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:b386 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7080e089dab3a0ae988d8605e0228194997e26bbb43079ac5772315032c966a2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://trk-ca.xiyfi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 22:01:07 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 01 Dec 2021 13:33:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"53e-5d215b98f4119"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MSqjuv%2FwUr8O1BmpY7sjVUnmBlfNxaWfefbfNwhTyMSqmF8c5h%2Fnnm79iXuBTQY7amksDvpj2A%2B56P8e45wJt1KEeW8nUuic0gApepfX0lZoGVMrcJY8PZNsCo3KhC5mMXrkLFLJidDZgCDLO02c"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
77a274badd9d8c5d-EWR
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
animated-loading.gif
cdn-ca.xiyfi.com/assets/global/loading/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-ca.xiyfi.com/assets/global/loading/animated-loading.gif
Requested by
Host: trk-ca.xiyfi.com
URL: https://trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&sl1=bf7769d3-ed4f-cfd7-a6d3-f6498f03514a&sl2=DvaRyS7v&sl3=0XYyDzmB&sl4=NDqASAci&rc=R-CT-P-SC&pl=742166685&pc_session_id=qhlmmj6nj60hbb5pmju7949753-52745&sid=qhlmmj6nj60hbb5pmju7949753-52745&pc_synd_id=shw_wow_ca_a1_sh387_pp_biz&partner=shw_wow_ca_a1_sh387_pp_biz&prelander=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:b386 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5d1d94e30886b697e5ea71ac71e37c1dfd3d22a0f90a4dea73393dbfb273eae

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://trk-ca.xiyfi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 22:01:07 GMT
cf-cache-status
REVALIDATED
last-modified
Mon, 04 May 2020 15:12:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"a18-5a4d3f6df20f7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d%2FhlEncHm%2B%2FU9r%2BlMSUVKQ4Xebih4wVCSyQIzSZE1G7GrJ1DjfpsNy8Fd2MVh8BFeHJGpNNdntJkFuFSRDnbXhx0Fw%2F0Jutrsro5Neiikw1JQBRIqiZwUx0WEJ0HAgj9oPKeGit8ZgBrCC%2BvbIET"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
77a274badda78c5d-EWR
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2584
email-decode.min.js
trk-ca.xiyfi.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trk-ca.xiyfi.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: trk-ca.xiyfi.com
URL: https://trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&sl1=bf7769d3-ed4f-cfd7-a6d3-f6498f03514a&sl2=DvaRyS7v&sl3=0XYyDzmB&sl4=NDqASAci&rc=R-CT-P-SC&pl=742166685&pc_session_id=qhlmmj6nj60hbb5pmju7949753-52745&sid=qhlmmj6nj60hbb5pmju7949753-52745&pc_synd_id=shw_wow_ca_a1_sh387_pp_biz&partner=shw_wow_ca_a1_sh387_pp_biz&prelander=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:b386 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&sl1=bf7769d3-ed4f-cfd7-a6d3-f6498f03514a&sl2=DvaRyS7v&sl3=0XYyDzmB&sl4=NDqASAci&rc=R-CT-P-SC&pl=742166685&pc_session_id=qhlmmj6nj60hbb5pmju7949753-52745&sid=qhlmmj6nj60hbb5pmju7949753-52745&pc_synd_id=shw_wow_ca_a1_sh387_pp_biz&partner=shw_wow_ca_a1_sh387_pp_biz&prelander=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 22:01:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 12 Dec 2022 12:08:17 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"639719b1-4d7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kQu%2BQQJcwORUC9M1UCs%2BMXnPk9IVFSI9FdNE8c9%2BtTfVB1kRZ5WtDh0Do3r9iKhMvlG57qXQTNZta6HsPcqzr7xu1etMDobNCdYT7MLb7wvQlGnr0iYFGS8XsvAr5LPImwtl8rf5zd9uJffZuglm"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-frame-options
DENY
cache-control
max-age=172800, public
cf-ray
77a274ba2ec3f005-EWR
expires
Sat, 17 Dec 2022 22:01:06 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: trk-ca.xiyfi.com
URL: https://trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&sl1=bf7769d3-ed4f-cfd7-a6d3-f6498f03514a&sl2=DvaRyS7v&sl3=0XYyDzmB&sl4=NDqASAci&rc=R-CT-P-SC&pl=742166685&pc_session_id=qhlmmj6nj60hbb5pmju7949753-52745&sid=qhlmmj6nj60hbb5pmju7949753-52745&pc_synd_id=shw_wow_ca_a1_sh387_pp_biz&partner=shw_wow_ca_a1_sh387_pp_biz&prelander=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::200a Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://trk-ca.xiyfi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 20:17:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6219
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30028
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 15 Dec 2023 20:17:27 GMT
iframeResizer.contentWindow.min.js
cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.5.8/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.5.8/iframeResizer.contentWindow.min.js
Requested by
Host: trk-ca.xiyfi.com
URL: https://trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&sl1=bf7769d3-ed4f-cfd7-a6d3-f6498f03514a&sl2=DvaRyS7v&sl3=0XYyDzmB&sl4=NDqASAci&rc=R-CT-P-SC&pl=742166685&pc_session_id=qhlmmj6nj60hbb5pmju7949753-52745&sid=qhlmmj6nj60hbb5pmju7949753-52745&pc_synd_id=shw_wow_ca_a1_sh387_pp_biz&partner=shw_wow_ca_a1_sh387_pp_biz&prelander=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d4773ada09d3d362bd0eda5e5d872e60ddbc5eeef5103b106c1f50476124f06
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://trk-ca.xiyfi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 22:01:06 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
708600
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
4554
last-modified
Mon, 04 May 2020 16:11:11 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e9f-367d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FVMVcTmlK3xyGc3vrbZkjMqq4JgBZhlBqdPwDgZj2%2F2G6cXEFT1vLxxaCgJxWeE%2BmNWM0eRsGm81i5FRWbDuaejJ0UjKHudRVTDmzdoZmsI22K7T4qEDJJnoWIK4mzbstDevd3aDUr1kZTMjwnjdJpxo"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
77a274ba5d027144-YUL
expires
Tue, 05 Dec 2023 22:01:06 GMT
elephant.js
cdn-ca.xiyfi.com/global-scripts/js/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-ca.xiyfi.com/global-scripts/js/elephant.js
Requested by
Host: trk-ca.xiyfi.com
URL: https://trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&sl1=bf7769d3-ed4f-cfd7-a6d3-f6498f03514a&sl2=DvaRyS7v&sl3=0XYyDzmB&sl4=NDqASAci&rc=R-CT-P-SC&pl=742166685&pc_session_id=qhlmmj6nj60hbb5pmju7949753-52745&sid=qhlmmj6nj60hbb5pmju7949753-52745&pc_synd_id=shw_wow_ca_a1_sh387_pp_biz&partner=shw_wow_ca_a1_sh387_pp_biz&prelander=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:b386 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.4.16
Resource Hash
35b3e07e7d00d7be7794c56684959aa66ea1ad5247a026972dae3a8504b05ac8

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://trk-ca.xiyfi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 22:01:07 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Thu, 15 Dec 2022 17:57:05 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/5.4.16
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mppkzb%2BcThKLjFT6ykNoRqcDa9srejRAXzqUKRhCxvM0z8F9dLIOBKF%2Fbh%2BejhnWdYdd8qElt6%2BgpqXuFNyC1QyC0oeOLydvOa3Wmj8UQa4OMkru6B0HnwIEKaXVzc9cd8bS7GhDmtZ8HD0A2bdl"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
cache-control
max-age=14400
cf-ray
77a274badda08c5d-EWR
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
manageCookies.js
cdn-ca.xiyfi.com/global-scripts/js/ 		741 B
768 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-ca.xiyfi.com/global-scripts/js/manageCookies.js
Requested by
Host: trk-ca.xiyfi.com
URL: https://trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&sl1=bf7769d3-ed4f-cfd7-a6d3-f6498f03514a&sl2=DvaRyS7v&sl3=0XYyDzmB&sl4=NDqASAci&rc=R-CT-P-SC&pl=742166685&pc_session_id=qhlmmj6nj60hbb5pmju7949753-52745&sid=qhlmmj6nj60hbb5pmju7949753-52745&pc_synd_id=shw_wow_ca_a1_sh387_pp_biz&partner=shw_wow_ca_a1_sh387_pp_biz&prelander=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:b386 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
290b1a4f50d2b5d32b9d8bcb6f8369e9bca2372da8604d320903ec8a9cdc058a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://trk-ca.xiyfi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 22:01:07 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 03 Oct 2022 10:03:38 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
6405
etag
W/"2e5-5ea1e75272a48"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=huHOms%2Fc3QpZOuZZa56mrg%2BfuJkx%2F1FrlkfcmKj%2FVFBA16S%2Fx1hng%2FLCNZ9wOkNU7ExJRtP53utgFeq9IduOj77newY8iIFZPv%2BDyYVx207RBAkOHUCTL2P3liRbfCL0fwyldaTpgcn3uM1U4Ilx"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
77a274badda18c5d-EWR
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
paypal_preload.js
cdn-ca.xiyfi.com/global-scripts/js/paypal/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-ca.xiyfi.com/global-scripts/js/paypal/paypal_preload.js
Requested by
Host: trk-ca.xiyfi.com
URL: https://trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&sl1=bf7769d3-ed4f-cfd7-a6d3-f6498f03514a&sl2=DvaRyS7v&sl3=0XYyDzmB&sl4=NDqASAci&rc=R-CT-P-SC&pl=742166685&pc_session_id=qhlmmj6nj60hbb5pmju7949753-52745&sid=qhlmmj6nj60hbb5pmju7949753-52745&pc_synd_id=shw_wow_ca_a1_sh387_pp_biz&partner=shw_wow_ca_a1_sh387_pp_biz&prelander=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:b386 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9df0a2c61415a01702002a96465311a15e60251f4409f1efad20a187059d2b0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://trk-ca.xiyfi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 22:01:07 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Thu, 15 Dec 2022 13:46:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1f74-5efde1330cbf4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1qdM7inQgoUmH8b3DDOwZmDSsXcn8y%2BfdaTegFPRos%2Fc5yip7l57g70VlQ1mbIkz9UN7REc2wpF5a6lsDK0p5yb3ueUuERbTqGHLwVNXZF2qldcW8NN%2Fi9Nw5%2BQHtx3n6hPrlHA9%2FA3VxMb9scZQ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
77a274badda28c5d-EWR
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
lazy_loader.js
cdn-ca.xiyfi.com/global-scripts/js/function/ 		770 B
673 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-ca.xiyfi.com/global-scripts/js/function/lazy_loader.js
Requested by
Host: trk-ca.xiyfi.com
URL: https://trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&sl1=bf7769d3-ed4f-cfd7-a6d3-f6498f03514a&sl2=DvaRyS7v&sl3=0XYyDzmB&sl4=NDqASAci&rc=R-CT-P-SC&pl=742166685&pc_session_id=qhlmmj6nj60hbb5pmju7949753-52745&sid=qhlmmj6nj60hbb5pmju7949753-52745&pc_synd_id=shw_wow_ca_a1_sh387_pp_biz&partner=shw_wow_ca_a1_sh387_pp_biz&prelander=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:b386 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
75fda61b6fe4483c08c1f1d8f05876d6a2d96788104900b50fed574c37cf3652

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://trk-ca.xiyfi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 22:01:07 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Mon, 23 Mar 2020 12:12:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"302-5a1848c071609"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YniehkVhkkl%2F97RaI%2BcaakQsbWQlwPWtbYECj9%2F37fq72s1D6vozZAk353bFwha8cBW21kX2UYDPSymSy2a150zVKby5mxJFQvm2j4ASKfxHEsfq8QEIX7DLtimYtj4MT%2FJV8b4rZC5vOzzPzZ0Z"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
77a274badda58c5d-EWR
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
stattag_v2.js
cdn-ca.xiyfi.com/global-scripts/js/function/ 		821 B
855 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-ca.xiyfi.com/global-scripts/js/function/stattag_v2.js
Requested by
Host: trk-ca.xiyfi.com
URL: https://trk-ca.xiyfi.com/loader_only.php?transaction_id=87a4e7557fa84a73ba7646ec96d9bad7&aff_id=1482&sl1=bf7769d3-ed4f-cfd7-a6d3-f6498f03514a&sl2=DvaRyS7v&sl3=0XYyDzmB&sl4=NDqASAci&rc=R-CT-P-SC&pl=742166685&pc_session_id=qhlmmj6nj60hbb5pmju7949753-52745&sid=qhlmmj6nj60hbb5pmju7949753-52745&pc_synd_id=shw_wow_ca_a1_sh387_pp_biz&partner=shw_wow_ca_a1_sh387_pp_biz&prelander=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:b386 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94676b5f061ca6a21a44ee0c6e9b0fb6039fecfeb45ec70bcd534319ee9ea4b0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://trk-ca.xiyfi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 22:01:07 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 18 May 2022 13:18:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
6965
etag
W/"335-5df4917a93041"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g0htEFJytF7VtaLLmifdhAAr4vfg4jL%2BaLgpbnl1jcZA4RidrqQGEqC3gnQXuXJAo7HkkB%2B57grI3GMADo4I657DdaSxyAjeb2YHfUvjHbmfn%2BPmldbBwLU%2BO4uelbjcCLbL7qDkNWR5xK2m4meD"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
77a274bb2fe4f005-EWR
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@100;200;300;400;500;600;700;800;900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://trk-ca.xiyfi.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 13:27:13 GMT
x-content-type-options
nosniff
age
30834
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7816
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:11:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 15 Dec 2023 13:27:13 GMT
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@100;200;300;400;500;600;700;800;900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2003 Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://trk-ca.xiyfi.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 14 Dec 2022 07:01:58 GMT
x-content-type-options
nosniff
age
140349
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7884
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 17:03:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 14 Dec 2023 07:01:58 GMT
/
trk.xiyfi.com/api/logger/post_interaction/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://trk.xiyfi.com/api/logger/post_interaction/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:2b7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.4.16
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-requested-with
Access-Control-Request-Method
POST
Origin
https://trk-ca.xiyfi.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-requested-with
access-control-allow-methods
GET, POST, DELETE, UPDATE, OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
77a274bc8cc218d0-EWR
content-encoding
br
content-type
text/html
date
Thu, 15 Dec 2022 22:01:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0bdQ7Rm7qjfmlJATWA%2BShRJWA5dYVUZpY%2BXwNyfedHn3LD3R3645r58yZPpOx4qIPC4CMugZ7X7F2qZWVYqcRrkKXDBx3sA1ArDbYF5A68EZmz%2FB6cNfELpZaOIPfUga15McUn3g8PoIvMhZ"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/5.4.16
/
trk.xiyfi.com/api/logger/post_interaction/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://trk.xiyfi.com/api/logger/post_interaction/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:2b7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.4.16
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-requested-with
Access-Control-Request-Method
POST
Origin
https://trk-ca.xiyfi.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-requested-with
access-control-allow-methods
GET, POST, DELETE, UPDATE, OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
77a274bc8cc918d0-EWR
content-encoding
br
content-type
text/html
date
Thu, 15 Dec 2022 22:01:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=imHB%2BC5uR5DkGYj3MzUPy4HtN8J07OyLMttV7FtIAYcPzTinZfWaYD%2B1vBcUqVOQJ1bAT2W8qh2sLtGhFQ80VA8IonGD0qB9L6TEIipAxP4lcqvGXe0NnP4l5DcoZrbeL3Tk7I00cCcuVlqb"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/5.4.16
/
trk.xiyfi.com/api/logger/post_interaction/ 		60 B
649 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://trk.xiyfi.com/api/logger/post_interaction/
Requested by
Host: cdn-ca.xiyfi.com
URL: https://cdn-ca.xiyfi.com/global-scripts/js/elephant.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::6815:2b7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.4.16
Resource Hash
985cda61d2f3c9badf29d033b54b2ca54edb0be9f07507a267f9bc0d95576c20

Request headers

Referer
https://trk-ca.xiyfi.com/
X-Requested-With
XMLHttpRequest
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-type
application/json

Response headers

date
Thu, 15 Dec 2022 22:01:07 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PHP/5.4.16
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma
no-cache
server
cloudflare
access-control-max-age
86400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ytlBD9b6sCR5TDW1IKAFE9U8yG8e%2FeDGLgzTeCwV8pMqErDQzEmZdjAyVYAM3A%2BjBJffmstKXcw3a6JGhGGDYT8QQ6cvY%2BgGJlJ6NY57fxCwGSOa77W5LyrqeL0Wb6jQeRsuCOThK7ht1U54"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-credentials
true
cf-ray
77a274bdfa320ca5-EWR
expires
Thu, 19 Nov 1981 08:52:00 GMT
/
trk.xiyfi.com/api/logger/post_interaction/ 		60 B
645 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://trk.xiyfi.com/api/logger/post_interaction/
Requested by
Host: cdn-ca.xiyfi.com
URL: https://cdn-ca.xiyfi.com/global-scripts/js/elephant.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::6815:2b7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.4.16
Resource Hash
f1643c628d3c0ae425c62e70dfb37be0975d7324179d0695044d5eae51c93f5c

Request headers

Referer
https://trk-ca.xiyfi.com/
X-Requested-With
XMLHttpRequest
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-type
application/json

Response headers

date
Thu, 15 Dec 2022 22:01:07 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PHP/5.4.16
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma
no-cache
server
cloudflare
access-control-max-age
86400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=heLPP76PIkJ5Hhk7QTLe9%2FZQQYQYUU8sYhuBQrg6uqBKZ5aJBNuUVITbQm3B58auBYykIefduwf13P7sX1PUBugaEcwAfmdxpfEQk1MOAhf7dTwCjwbTtwDzgqO82suHH18pJwLiMp3LyguL"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-credentials
true
cf-ray
77a274bdfa350ca5-EWR
expires
Thu, 19 Nov 1981 08:52:00 GMT
/
trk.xiyfi.com/api/logger/post_interaction/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://trk.xiyfi.com/api/logger/post_interaction/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:2b7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.4.16
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-requested-with
Access-Control-Request-Method
POST
Origin
https://trk-ca.xiyfi.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-requested-with
access-control-allow-methods
GET, POST, DELETE, UPDATE, OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
77a274bc8cc618d0-EWR
content-encoding
br
content-type
text/html
date
Thu, 15 Dec 2022 22:01:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GhL1Hv5idN%2FLiGRGLRSQ02HSgMtAiJFEW0hyUxo1hGkIzVTS6ZRXijIxkTd9JlO5NL1zU%2F10h8hPr1pqVeFoeUmfZHgviQ7IZtxn%2BjoXD5tG1c3OwEynGK%2F8W8mGRJaQtZonzHWFLE88%2BSzL"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/5.4.16
/
trk.xiyfi.com/api/logger/post_interaction/ 		60 B
692 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://trk.xiyfi.com/api/logger/post_interaction/
Requested by
Host: cdn-ca.xiyfi.com
URL: https://cdn-ca.xiyfi.com/global-scripts/js/elephant.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::6815:2b7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.4.16
Resource Hash
060ca4cbb65d587d7b9ea832712bd89885acf3cd266ed2ff670201716c750dc1

Request headers

Referer
https://trk-ca.xiyfi.com/
X-Requested-With
XMLHttpRequest
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-type
application/json

Response headers

date
Thu, 15 Dec 2022 22:01:07 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PHP/5.4.16
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma
no-cache
server
cloudflare
access-control-max-age
86400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=42xYP%2BvUH0UMelTxtDcI66z8TONo%2FQaPUd7MPadJfcFWBngMpA16xVvLGwqeulz28Y%2Fy5mgZAY%2F4oiFxRWDVBY4Vsyn%2BViODu3mH9h4AuME4yITILc1PN574d%2F3tWwy9%2F%2Fwzth3Q8qDMwGHC"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-credentials
true
cf-ray
77a274bdfa370ca5-EWR
expires
Thu, 19 Nov 1981 08:52:00 GMT
rating.png
cdn-ca.xiyfi.com/assets/CA/WOWDeals/shw-lander-ca/img/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-ca.xiyfi.com/assets/CA/WOWDeals/shw-lander-ca/img/rating.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:b386 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aaf3c62d91707d3bb5e75e08a27fbacbb8771ca90ac50da8928d927402b998f1

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://trk-ca.xiyfi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 22:01:07 GMT
cf-cache-status
MISS
last-modified
Wed, 23 Nov 2022 16:35:39 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"148f-5ee25e0f79aa9"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=btOym1TONKz%2BcPXOB1nET9%2FMH9zdHbMHsTO4hpCmrtWt4EUCuqkJxaVnV3SwEgb8XQW3KvYN9usAj5ht5Gc%2BN4vYg3BqXPRXZiPNqYwR5jnrBibrqCpy9iEVhbmt2NmJ8M2n2y0zxSYwHrZZxAPg"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
77a274bc390bf005-EWR
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5263
desktop-img.png
cdn-ca.xiyfi.com/assets/CA/WOWDeals/shw-lander-ca/img/ 		169 KB
170 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-ca.xiyfi.com/assets/CA/WOWDeals/shw-lander-ca/img/desktop-img.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:b386 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
954841751780517712fbfd0f2ea8e3ae62f860b85a975235a156bf2c513160ae

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://trk-ca.xiyfi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 22:01:07 GMT
cf-cache-status
MISS
last-modified
Wed, 23 Nov 2022 16:35:38 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"2a472-5ee25e0f5123a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7fHSnqqQVwDUwQq1rDPxIJPZjdX41BQymIbfxnZujXw4o5YXPPrJ6dG1kXmnqOw5ZtfjDZihjKN%2B%2FcwQe%2FST1LvSuGH0%2Fd%2F7JLewkUkaFsjO9fIf8DIFen5KRfrwAHUcX5JDQ8%2FSF%2FDKNFh7kElb"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
77a274bc390cf005-EWR
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
173170
poweredBy.png
cdn-ca.xiyfi.com/assets/CA/WOWDeals/shw-lander-ca/img/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-ca.xiyfi.com/assets/CA/WOWDeals/shw-lander-ca/img/poweredBy.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:b386 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
978cca3cb41f552073f24add2674a6b734268d2d222d87c135a0e9b131aeaae8

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://trk-ca.xiyfi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 15 Dec 2022 22:01:07 GMT
cf-cache-status
MISS
last-modified
Wed, 23 Nov 2022 16:35:38 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"1668-5ee25e0f65671"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KVC4pLB7qCWdS11WPMFMspcqMzwIwQ3uXFCNR6XPPOhWiaJ4NaAn3zdrw53AzuuNFPJh%2BGzQ%2BUKWkaFGINtn4o915WCu9%2BsVrdr%2FqaER7vw4VdOKNM84PGNEy5OpqUfhQMgQezj%2Frg68xbBOO9eh"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
77a274bc390df005-EWR
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5736

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange string| assets_domain string| bckLink function| $ function| jQuery object| Logger function| warn function| error string| baseUrl object| warn_log function| _warn_log object| error_log function| _erro_log function| setCookie function| getCookie function| eraseCookie object| Paypal function| answerReject function| RespondToVisibility function| stattag function| testCall string| log_cat string| fallback_link string| endpoint_redirect string| query function| doExit number| timer number| pulseAdd number| interval

3 Cookies

Domain/Path Name / Value
trk.kryru.com/ Name: PHPSESSID
Value: 2oudnef6nk208risfs6qmtv8t5
trk-ca.xiyfi.com/ Name: PHPSESSID
Value: qhlmmj6nj60hbb5pmju7949753-52745
trk-ca.xiyfi.com/ Name: visit
Value: {"1671141667219":{"pl":"742166685"}}

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn-ca.xiyfi.com
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
storage.googleapis.com
trk-ca.xiyfi.com
trk.kryru.com
trk.xiyfi.com
www.deals2cantia.com
2606:4700:3032::6815:2b30
2606:4700:3032::ac43:b386
2606:4700:3033::6815:2b7e
2606:4700::6811:190e
2607:f8b0:4006:808::200a
2607:f8b0:4006:809::200a
2607:f8b0:4006:80d::2010
2607:f8b0:4006:823::2003
57.128.37.220
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
060ca4cbb65d587d7b9ea832712bd89885acf3cd266ed2ff670201716c750dc1
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
290b1a4f50d2b5d32b9d8bcb6f8369e9bca2372da8604d320903ec8a9cdc058a
35b3e07e7d00d7be7794c56684959aa66ea1ad5247a026972dae3a8504b05ac8
7080e089dab3a0ae988d8605e0228194997e26bbb43079ac5772315032c966a2
75fda61b6fe4483c08c1f1d8f05876d6a2d96788104900b50fed574c37cf3652
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
8d4773ada09d3d362bd0eda5e5d872e60ddbc5eeef5103b106c1f50476124f06
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
94676b5f061ca6a21a44ee0c6e9b0fb6039fecfeb45ec70bcd534319ee9ea4b0
954841751780517712fbfd0f2ea8e3ae62f860b85a975235a156bf2c513160ae
978cca3cb41f552073f24add2674a6b734268d2d222d87c135a0e9b131aeaae8
985cda61d2f3c9badf29d033b54b2ca54edb0be9f07507a267f9bc0d95576c20
a88ee13d2e82bd99ff8c5ac3c2cd52d3a4175f9121e48e30b1683bb80684b711
aaf3c62d91707d3bb5e75e08a27fbacbb8771ca90ac50da8928d927402b998f1
abba966c6fac7a3598e3522f10e2742eb0ce0689d7d9dd3ec7d9e41b3b583440
d5d1d94e30886b697e5ea71ac71e37c1dfd3d22a0f90a4dea73393dbfb273eae
f1643c628d3c0ae425c62e70dfb37be0975d7324179d0695044d5eae51c93f5c
f9df0a2c61415a01702002a96465311a15e60251f4409f1efad20a187059d2b0