www.xanterra.com
Open in
urlscan Pro
192.99.20.144
Public Scan
Submitted URL: https://links.email3.xanterra.net/ls/click?upn=Cn6Jf7hlyyvYym5hKiaGxTBwHEirr0wCa1dPSX9A0Ge9KMVCAQ23eyMV-2B8ht3xgMw2ly0sbO2mPLn5AFJ...
Effective URL: https://www.xanterra.com/sweepstakes-official-rules/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_2...
Submission: On June 05 via api from US
Effective URL: https://www.xanterra.com/sweepstakes-official-rules/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_2...
Submission: On June 05 via api from US
Summary
This website contacted 20 IPs
in 7 countries
across 22 domains to perform 56 HTTP transactions.
The main IP is 192.99.20.144, located in
Montreal, Canada and
belongs to OVH, FR.
The main domain is www.xanterra.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on May 31st 2020. Valid for: 3 months.
This is the only time www.xanterra.com was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on May 31st 2020. Valid for: 3 months.
This is the only time www.xanterra.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
5
13.64.150.232
(San Jose, United States)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
| xanwebrpi.rphelios.net |
1
2a00:1450:4001:81c::2008
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| www.googletagmanager.com |
4
2a00:1450:4001:81d::200e
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| www.google-analytics.com |
4
18.197.253.20
(Frankfurt am Main, Germany)
ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
| nexus.ensighten.com |
1
147.75.33.131
(Amsterdam, Netherlands)
ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress9
ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress9
| static.hotjar.com |
1
23.21.83.205
(Ashburn, United States)
ASN14618 (AMAZON-AES, US)
PTR: ec2-23-21-83-205.compute-1.amazonaws.com
ASN14618 (AMAZON-AES, US)
PTR: ec2-23-21-83-205.compute-1.amazonaws.com
| cs.choozle.com |
1
52.17.96.142
(Dublin, Ireland)
ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-96-142.eu-west-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-96-142.eu-west-1.compute.amazonaws.com
| insight.adsrvr.org |
1
13.225.83.200
(Seattle, United States)
ASN16509 (AMAZON-02, US)
PTR: server-13-225-83-200.fra2.r.cloudfront.net
ASN16509 (AMAZON-02, US)
PTR: server-13-225-83-200.fra2.r.cloudfront.net
| d1eoo1tco6rr5e.cloudfront.net |
1
147.75.100.161
(Central, Hong Kong)
ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress17
ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress17
| vc.hotjar.io |
| Domain | Requested by | |
|---|---|---|
| 13 | www.xanterra.com |
www.xanterra.com
|
| 6 | www.facebook.com |
1 redirects
www.xanterra.com
|
| 5 | connect.facebook.net |
www.xanterra.com
connect.facebook.net |
| 5 | fonts.gstatic.com |
www.xanterra.com
|
| 5 | xanwebrpi.rphelios.net |
www.xanterra.com
xanwebrpi.rphelios.net |
| 4 | nexus.ensighten.com |
www.googletagmanager.com
nexus.ensighten.com |
| 4 | www.google-analytics.com |
1 redirects
www.googletagmanager.com
www.google-analytics.com www.xanterra.com |
| 2 | fonts.googleapis.com |
www.xanterra.com
|
| 2 | code.jquery.com |
www.xanterra.com
|
| 1 | vc.hotjar.io |
script.hotjar.com
|
| 1 | vars.hotjar.com |
static.hotjar.com
|
| 1 | cx.atdmt.com |
www.xanterra.com
|
| 1 | d1eoo1tco6rr5e.cloudfront.net |
nexus.ensighten.com
|
| 1 | insight.adsrvr.org | 1 redirects |
| 1 | cs.choozle.com |
www.xanterra.com
|
| 1 | script.hotjar.com |
static.hotjar.com
|
| 1 | s.ytimg.com |
www.youtube.com
|
| 1 | www.google.de |
www.xanterra.com
|
| 1 | www.google.com | 1 redirects |
| 1 | stats.g.doubleclick.net | 1 redirects |
| 1 | static.hotjar.com |
www.xanterra.com
|
| 1 | www.youtube.com |
www.xanterra.com
|
| 1 | www.googletagmanager.com |
www.xanterra.com
|
| 1 | ajax.googleapis.com |
www.xanterra.com
|
| 1 | links.email3.xanterra.net | 1 redirects |
| 56 | 25 |
This site contains links to these domains. Also see Links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| xanterra.com Let's Encrypt Authority X3 |
2020-05-31 - 2020-08-29 |
3 months | crt.sh |
| jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
| upload.video.google.com GTS CA 1O1 |
2020-05-05 - 2020-07-28 |
3 months | crt.sh |
| *.rphelios.net Go Daddy Secure Certificate Authority - G2 |
2019-06-30 - 2021-08-29 |
2 years | crt.sh |
| *.google-analytics.com GTS CA 1O1 |
2020-05-20 - 2020-08-12 |
3 months | crt.sh |
| *.gstatic.com GTS CA 1O1 |
2020-05-20 - 2020-08-12 |
3 months | crt.sh |
| *.facebook.com DigiCert SHA2 High Assurance Server CA |
2020-05-14 - 2020-08-05 |
3 months | crt.sh |
| *.google.com GTS CA 1O1 |
2020-05-05 - 2020-07-28 |
3 months | crt.sh |
| nexus.ensighten.com DigiCert SHA2 Secure Server CA |
2019-10-03 - 2020-10-02 |
a year | crt.sh |
| static.hotjar.com Let's Encrypt Authority X3 |
2020-04-04 - 2020-07-03 |
3 months | crt.sh |
| www.google.de GTS CA 1O1 |
2020-05-20 - 2020-08-12 |
3 months | crt.sh |
| script.hotjar.com Let's Encrypt Authority X3 |
2020-04-04 - 2020-07-03 |
3 months | crt.sh |
| *.choozle.com Sectigo RSA Domain Validation Secure Server CA |
2019-06-07 - 2021-06-06 |
2 years | crt.sh |
| *.cloudfront.net DigiCert Global CA G2 |
2019-07-17 - 2020-07-05 |
a year | crt.sh |
| *.atlassolutions.com DigiCert SHA2 High Assurance Server CA |
2020-04-19 - 2020-07-18 |
3 months | crt.sh |
| vars.hotjar.com Let's Encrypt Authority X3 |
2020-04-04 - 2020-07-03 |
3 months | crt.sh |
| vc.hotjar.io Let's Encrypt Authority X3 |
2020-05-15 - 2020-08-13 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://www.xanterra.com/sweepstakes-official-rules/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
Frame ID: 20E53F8B41E498CE6805DDBED2FEABFB
Requests: 54 HTTP requests in this frame
Frame:
https://d1eoo1tco6rr5e.cloudfront.net/j5ww479/3qz8qrq/iframe
Frame ID: 50AAE471B3A34CCC76642A8F65DA9F86
Requests: 1 HTTP requests in this frame
Frame:
https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: 02C944E2AA8B591B034831F4C44AA6A2
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://links.email3.xanterra.net/ls/click?upn=Cn6Jf7hlyyvYym5hKiaGxTBwHEirr0wCa1dPSX9A0Ge9KMVCAQ23eyMV-2B8ht3...
HTTP 302
https://www.xanterra.com/sweepstakes-official-rules/?utm_source=RPI&utm_medium=email&utm_content=Gues... Page URL
Detected technologies
WordPress
(CMS)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/wp-(?:content|includes)\//i
- meta generator /^WordPress ?([\d.]+)?/i
- headers link /rel="https:\/\/api\.w\.org\/"/i
- html /<!-- All in One SEO Pack ([\d.]+) /i
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/wp-(?:content|includes)\//i
- meta generator /^WordPress ?([\d.]+)?/i
- headers link /rel="https:\/\/api\.w\.org\/"/i
- html /<!-- All in One SEO Pack ([\d.]+) /i
MySQL
(Databases)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/wp-(?:content|includes)\//i
- meta generator /^WordPress ?([\d.]+)?/i
- headers link /rel="https:\/\/api\.w\.org\/"/i
- html /<!-- All in One SEO Pack ([\d.]+) /i
All in One SEO Pack
(SEO)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<!-- All in One SEO Pack ([\d.]+) /i
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Ensighten
(Tag Managers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/\/nexus\.ensighten\.com\//i
Facebook
(Widgets)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i
Google Analytics
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Google Font API
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Page Statistics
27 Outgoing links
These are links going to different origins than the main page.
URL: https://shop.oasisatdeathvalley.com/shop/
Title: Death Valley Gifts
Title: Death Valley Gifts
Search URL Search Domain Scan URL
URL: https://shop.grandcanyonlodges.com/shop/
Title: Grand Canyon Gifts
Title: Grand Canyon Gifts
Search URL Search Domain Scan URL
URL: https://shop.thetrain.com/shop
Title: Grand Canyon Railway Gifts
Title: Grand Canyon Railway Gifts
Search URL Search Domain Scan URL
URL: https://shop.mtrushmorenationalmemorial.com/shop/
Title: Mount Rushmore Gifts
Title: Mount Rushmore Gifts
Search URL Search Domain Scan URL
URL: https://www.trailridgegiftstore.com/shop/
Title: Rocky Mountain Gifts
Title: Rocky Mountain Gifts
Search URL Search Domain Scan URL
URL: https://shop.yellowstonenationalparklodges.com/shop/
Title: Yellowstone Gifts
Title: Yellowstone Gifts
Search URL Search Domain Scan URL
URL: https://www.facebook.com/xanterra.travel.collection/
Title: https://www.facebook.com/xanterra.travel.collection/
Title: https://www.facebook.com/xanterra.travel.collection/
Search URL Search Domain Scan URL
URL: http://xanterra.com/gratitude-contest/
Title: xanterra.com/gratitude-contest/
Title: xanterra.com/gratitude-contest/
Search URL Search Domain Scan URL
URL: https://xpress.xanterra.net/Interact/Login/Default.aspx?abc
Title: Xpress
Title: Xpress
Search URL Search Domain Scan URL
URL: https://privacyportal-cdn.onetrust.com/dsarwebform/c7968fb5-dd42-4c76-8f79-3e5198bd1303/a3d7f950-523c-4ea9-a0c5-c4347e8407a3.html
Title: CA Residents Only: Do Not Sell My Personal Information
Title: CA Residents Only: Do Not Sell My Personal Information
Search URL Search Domain Scan URL
URL: https://www.verbinteractive.com/
Title: VERB
Title: VERB
Search URL Search Domain Scan URL
URL: https://www.oasisatdeathvalley.com/
Title: The Oasis at Death Valley
Title: The Oasis at Death Valley
Search URL Search Domain Scan URL
URL: https://www.glaciernationalparklodges.com/
Title: Glacier National Park
Title: Glacier National Park
Search URL Search Domain Scan URL
URL: https://www.glaciernationalparklodges.com/lodging/cedar-creek-lodge/
Title: Cedar Creek Lodge - Just Outside Glacier National Park
Title: Cedar Creek Lodge - Just Outside Glacier National Park
Search URL Search Domain Scan URL
URL: https://www.grandcanyongrandhotel.com/
Title: The Grand Hotel at the Grand Canyon
Title: The Grand Hotel at the Grand Canyon
Search URL Search Domain Scan URL
URL: https://www.grandcanyonlodges.com/
Title: Grand Canyon National Park – South Rim
Title: Grand Canyon National Park – South Rim
Search URL Search Domain Scan URL
URL: https://www.mtrushmorenationalmemorial.com/
Title: Mount Rushmore National Memorial
Title: Mount Rushmore National Memorial
Search URL Search Domain Scan URL
URL: https://www.trailridgegiftstore.com/
Title: Rocky Mountain National Park
Title: Rocky Mountain National Park
Search URL Search Domain Scan URL
URL: https://www.yellowstonenationalparklodges.com/
Title: Yellowstone National Park
Title: Yellowstone National Park
Search URL Search Domain Scan URL
URL: https://www.zionlodge.com/
Title: Zion National Park
Title: Zion National Park
Search URL Search Domain Scan URL
URL: https://www.countrywalkers.com/
Title: Country Walkers
Title: Country Walkers
Search URL Search Domain Scan URL
URL: https://www.thetrain.com/
Title: Grand Canyon Railway & Hotel
Title: Grand Canyon Railway & Hotel
Search URL Search Domain Scan URL
URL: https://www.holidayvacations.com/
Title: Holiday Vacations
Title: Holiday Vacations
Search URL Search Domain Scan URL
URL: https://www.vbt.com/
Title: VBT Bicycling Vacations
Title: VBT Bicycling Vacations
Search URL Search Domain Scan URL
URL: https://www.windstarcruises.com/
Title: Windstar Cruises
Title: Windstar Cruises
Search URL Search Domain Scan URL
URL: https://www.broadmoor.com/
Title: The Broadmoor
Title: The Broadmoor
Search URL Search Domain Scan URL
URL: https://www.seaisland.com/
Title: Sea Island
Title: Sea Island
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://links.email3.xanterra.net/ls/click?upn=Cn6Jf7hlyyvYym5hKiaGxTBwHEirr0wCa1dPSX9A0Ge9KMVCAQ23eyMV-2B8ht3xgMw2ly0sbO2mPLn5AFJqx-2BllV5Vg-2Ft9El7poik2xOLCzZaabSIkdEWwAHWmW1x2ZkfJKUeChD9htt45M6eFb6bqT7k5ib3f5YW9RbXdi7fc42oRetAHla2oCWI2-2BwswvVTAH4ZfiLSWI19mZZB3qPmxCLuEL-2BUQHfWoRl5gg-2Fg8obfd1oIIJ8dq-2BqvjAWx0s9isf4-2BeBYtc21BmfYCAqxHqgnkVNR3Ri61nHvxCHEiG0RoYJXVBCys2TlsSnuvviuqWGPleM2Yacl9bB-2FoQrA73SUChqQvdlUrL7l9IAreQm33nnAkMNVECPc-2Fm8VqW82xmJCjGp2hyGq0A6WKzSPSmA-3D-3DcFLC_9x1c33CuWJ1dEEIj3FTKvrlpGPtsBT5LX0-2FFCrGerC3F-2BnU9q2AKmAw6O-2Bi4F44r4pSAM9OHrwD-2FhQbX-2FWi3Rf2AjDrWfmPMo4g5a2-2Bi-2F6UXNX5CJQ-2F-2BYmyuHToOP1CMJfbEtM52jOzlqQteUJX7RmnVWcGyaUdsGazBg0QWrVvjClsE0y01C6X1ewERHINhrHz2DTeHbCRSDaGuQvxkqkTu-2BaDEkCDeh-2BDsnqlVPQsQDpE8DgU-2FESRogonSUBxZAA3qqZ3NWykDx-2BAYprUqmt5u7irBh57eYqtIRxxqwD2ivbY965bMTUmS1L7t5qnA34GKD63Xs9jjd5JZFudspcuWzVect0O-2Fi6e5zUwNIYIq1aWykQqR8O3PBkW5TiCvr2MG3f4tUra8Ax0PN6Z6KQ-3D-3D
HTTP 302
https://www.xanterra.com/sweepstakes-official-rules/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 33- https://www.google-analytics.com/r/collect?v=1&_v=j82&a=1676965925&t=pageview&_s=1&dl=https%3A%2F%2Fwww.xanterra.com%2Fsweepstakes-official-rules%2F%3Futm_source%3DRPI%26utm_medium%3Demail%26utm_content%3DGuest%26utm_campaign%3DXAN_200605_TacNews_Explore_guest_FNAME-6%26PID%3D56799938%26PN_email%3DE2Wx5Sepj%252FYqk9yhsQ5jTQfMz5w4%252FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%252BPEoEHDH5LBwEE%253D&ul=en-us&de=UTF-8&dt=Gratitude%20Sweepstakes%20Official%20Rules%20%7C%20Xanterra&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEADQ~&jid=1072132630&gjid=782297317&cid=738003510.1591381736&tid=UA-1085772-1&_gid=1527783606.1591381736&_r=1>m=2wg5r05WFT4Z6&z=1803419738 HTTP 302
- https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1085772-1&cid=738003510.1591381736&jid=1072132630&_gid=1527783606.1591381736&gjid=782297317&_v=j82&z=1803419738 HTTP 302
- https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1085772-1&cid=738003510.1591381736&jid=1072132630&_v=j82&z=1803419738 HTTP 302
- https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1085772-1&cid=738003510.1591381736&jid=1072132630&_v=j82&z=1803419738&slf_rd=1&random=2848931940
- https://insight.adsrvr.org/tags/j5ww479/3qz8qrq/iframe HTTP 303
- https://d1eoo1tco6rr5e.cloudfront.net/j5ww479/3qz8qrq/iframe
- https://www.facebook.com/tr/?id=236412366966438&ev=PageView&dl=https%3A%2F%2Fwww.xanterra.com%2Fsweepstakes-official-rules%2F%3Futm_source%3DRPI%26utm_medium%3Demail%26utm_content%3DGuest%26utm_campaign%3DXAN_200605_TacNews_Explore_guest_FNAME-6%26PID%3D56799938%26PN_email%3DE2Wx5Sepj%252FYqk9yhsQ5jTQfMz5w4%252FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%252BPEoEHDH5LBwEE%253D&rl=&if=false&ts=1591381736416&sw=1600&sh=1200&v=2.9.18&r=stable&ec=0&o=30&fbp=fb.1.1591381736235.1709907191&it=1591381736019&coo=false&rqm=GET HTTP 302
- https://cx.atdmt.com/?c=18440212889592569307&f=AYzV-Kq3TPPC7LS1FzQQZUPZDfY0bTBf0wNcTlWylfp8rNZVceEuEslXrgaOaWbIfh6uoX9ZOufv2SZ4Al63hu9Y&id=236412366966438&l=3&v=0
56 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
 Cookie set
/
www.xanterra.com/sweepstakes-official-rules/ Redirect Chain
|
59 KB 60 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-ui.css
code.jquery.com/ui/1.12.1/themes/base/ |
35 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style.css
www.xanterra.com/content/themes/base/css/ |
193 KB 193 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
flipclock.css
www.xanterra.com/content/themes/base/css/ |
12 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
17 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
869 B 507 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wp-emoji-release.min.js
www.xanterra.com/wp/wp-includes/js/ |
12 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rpiweblib_config.js
xanwebrpi.rphelios.net/RPIFormValidation/shared/js/ |
706 B 678 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rpiweblib_v4.2.js
xanwebrpi.rphelios.net/RPIFormValidation/shared/js/ |
55 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
polyfiller.js
xanwebrpi.rphelios.net/RPIFormValidation/shared/js/js-webshim/minified/ |
15 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
xanterra-white-lg.png
www.xanterra.com/content/uploads/2018/01/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
xanterraLogoWhite-280x139.png
www.xanterra.com/content/uploads/2019/08/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
climate-savers.jpg
www.xanterra.com/content/uploads/2017/02/ |
10 KB 11 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
new-tab.js
www.xanterra.com/content/plugins/page-links-to/dist/ |
15 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ |
90 KB 32 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-ui.js
code.jquery.com/ui/1.12.1/ |
509 KB 122 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
scripts.js
www.xanterra.com/content/themes/base/js/ |
348 KB 349 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wp-embed.min.js
www.xanterra.com/wp/wp-includes/js/ |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gtm.js
www.googletagmanager.com/ |
143 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
search.png
www.xanterra.com/content/themes/base/img/icons/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Layer-1074-1800x420.jpg
www.xanterra.com/content/uploads/2017/05/ |
157 KB 157 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
cartographer.png
www.xanterra.com/content/themes/base/img/ |
168 KB 168 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
wlppgwHKFkZgtmSR3NB0oRJX1C1GDNNQ9rJPfw.woff2
fonts.gstatic.com/s/crimsontext/v10/ |
13 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
wlpogwHKFkZgtmSR3NB0oRJfajhRK_Z_3rhH.woff2
fonts.gstatic.com/s/crimsontext/v10/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fbevents.js
connect.facebook.net/en_US/ |
131 KB 31 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
analytics.js
www.google-analytics.com/ |
45 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
iframe_api
www.youtube.com/ |
859 B 941 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
Visit
xanwebrpi.rphelios.net/api/Cache/ |
197 B 310 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Bootstrap.js
nexus.ensighten.com/choozle/8151/ |
29 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
hotjar-1714144.js
static.hotjar.com/c/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js
www.google-analytics.com/gtm/ |
66 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ga-audiences
www.google.de/ads/ Redirect Chain
|
42 B 106 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
www-widgetapi.js
s.ytimg.com/yts/jsbin/www-widgetapi-vfln154-k/ |
68 KB 26 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
identity.js
connect.facebook.net/signals/plugins/ |
42 KB 11 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
206080526490980
connect.facebook.net/signals/config/ |
516 KB 129 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
serverComponent.php
nexus.ensighten.com/choozle/8151/ |
399 B 541 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
b22bb51fa34af6df47bd68272dfded6f.js
nexus.ensighten.com/choozle/8151/code/ |
1 KB 865 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ea56f93204fe867df462f8935ac9693e.js
nexus.ensighten.com/choozle/8151/code/ |
261 B 443 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
modules.c618ee7dde3b49023442.js
script.hotjar.com/ |
369 KB 70 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
13853
cs.choozle.com/dp/chz/ |
35 B 123 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
427130581176467
connect.facebook.net/signals/config/ |
517 KB 129 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
www.facebook.com/tr/ |
44 B 259 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
236412366966438
connect.facebook.net/signals/config/ |
516 KB 129 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
www.facebook.com/tr/ |
44 B 101 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
collect
www.google-analytics.com/ |
35 B 96 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
iframe
d1eoo1tco6rr5e.cloudfront.net/j5ww479/3qz8qrq/ Frame 50AA Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
cx.atdmt.com/ Redirect Chain
|
42 B 329 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame 02C9 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
Events
xanwebrpi.rphelios.net/api/ |
0 24 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
1714144
vc.hotjar.io/sessions/ |
0 116 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
www.facebook.com/tr/ |
44 B 101 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
www.facebook.com/tr/ |
44 B 101 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
www.facebook.com/tr/ |
44 B 101 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
150 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| _wpemojiSettings object| dataLayer object| rpiConfig object| rpiPageParametersForProfile number| cookiesLifeSpan object| RPIGoals object| RPIPendingEvents string| RPIpageGoalName string| RPIpageGoalDetail string| RPIpageGoalContent string| RPIimpressionID string| rpiCID number| rpiExID object| RPIDynamicContentLocations function| setFormTracking function| setRPITrackingParams function| getRPIParamUrlVars function| setCookie function| getCookie function| getVisitorID function| setVisitorID function| setRPIWebOfferParams function| loadRPIDiv function| getWebChannelLink function| GetURLParametersForProfile function| parseVisitorID function| submitVisitorDetails function| submitVisitorParameter function| submitVisitorParameterWithCallback function| cacheDBDataSynch function| cacheDBDataAsynch function| cacheDBDataSynchOnName function| cacheDBDataAsynchOnName function| cacheDBData function| cacheDBDataOnName function| requestCacheDBData function| lookupAttributes function| loadDynamicContentForContext function| loadDynamicContentForContextNoDiv function| parseDecisionResponseArray function| loadDynamicContent function| loadAttributesContentDiv function| loadMultipleDynamicContentDiv function| loadDynamicContentDiv function| getDecisionResult_Asynch function| getDecisionResult_Synch function| setDynamicContentDiv function| setDynamicContentDivFromCache function| GetLatLonParameters function| getVisitorRegistrationDetails function| getVisitorURL function| submitVisitorSynchRequest function| submitVisitorParameterSynchRequest function| submitVisitorAjaxRequest function| CacheFBParam function| setDynamicContentLocation function| getDynamicContentLocation function| setPendingMetric function| flushPendingEvents function| sendMetric function| registerPageVisit function| registerForClickEvents function| setPageGoalDetails function| getAPIServer function| getXmlHttpObject function| AJAXInteraction function| ajaxRequest function| postRequest function| ajaxPostRequest function| GetConfigValue object| webshims object| webshim object| asyncWebshims function| $ function| jQuery object| google_tag_manager function| fbq function| _fbq object| google_tag_data string| GoogleAnalyticsObject function| ga function| onYouTubeIframeAPIReady string| rPIServer function| hj object| _hjSettings object| gaplugins object| gaGlobal object| gaData object| YT object| YTConfig function| onYTReady object| ensBootstraps object| Bootstrapper object| google_optimize object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter object| ytPubsubPubsubInstance object| ytPubsubPubsubSubscribedKeys object| ytPubsubPubsubTopicToKeys object| ytPubsubPubsubIsSynchronous object| ytLoggingTransportLogPayloadsQueue_ object| ytLoggingTransportGELQueue_ object| ytLoggingTransportTokensToCttTargetIds_ object| ytLoggingGelSequenceIdObj_ object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| twemoji object| wp function| Base function| FlipClock function| formatDate function| myReservation function| locationSelect function| navigationClickHandler function| hideSubMenus function| setSubnavWidth function| setFixedSubNav function| setSubNavPosition function| closeMenusOnScroll function| throttle function| cta_img_logo_text_heights function| resizeHeight function| openNav function| closeNav function| stickyEmailScroll function| hideSliderVidOnMobile function| autoplaySliderVideo function| popupInit function| getParameterByName function| autoPlayYouTubeModal function| initCountdown function| isValidRedpointEmailAddress function| validateRedpointEmailForm function| EvEmitter function| imagesLoaded object| jQuery1910638030617230873 object| eventie function| EventEmitter function| getStyleProperty function| getSize function| docReady function| matchesSelector object| fizzyUIUtils function| Outlayer function| Masonry11 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .xanterra.com/ | Name: _hjAbsoluteSessionInProgress Value: 1 |
|
| www.xanterra.com/ | Name: e596cb96-5e4d-459a-9834-a10116b42d71_d Value: e39e6f28-6a2b-4f3a-89fb-aa62f1b95844 |
|
| .xanterra.com/ | Name: _fbp Value: fb.1.1591381736235.1709907191 |
|
| .xanterra.com/ | Name: _gat_UA-1085772-1 Value: 1 |
|
| www.xanterra.com/ | Name: e596cb96-5e4d-459a-9834-a10116b42d71 Value: 56799938 |
|
| www.xanterra.com/ | Name: PHPSESSID Value: 045ff99365d357fe34987cae9604ea97 |
|
| .xanterra.com/ | Name: _ga Value: GA1.2.738003510.1591381736 |
|
| .xanterra.com/ | Name: _hjid Value: 715a7f66-6c6e-4380-8c13-4571e5f55de1 |
|
| .xanterra.com/ | Name: _gid Value: GA1.2.1527783606.1591381736 |
|
| www.xanterra.com/ | Name: FirstTimerers Value: 1 |
|
| www.xanterra.com/ | Name: wfvt_3392168791 Value: 5eda8ee6ef3cc |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Strict-Transport-Security | max-age=63072000; |
| X-Frame-Options | SAMEORIGIN |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
code.jquery.com
connect.facebook.net
cs.choozle.com
cx.atdmt.com
d1eoo1tco6rr5e.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
insight.adsrvr.org
links.email3.xanterra.net
nexus.ensighten.com
s.ytimg.com
script.hotjar.com
static.hotjar.com
stats.g.doubleclick.net
vars.hotjar.com
vc.hotjar.io
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.xanterra.com
www.youtube.com
xanwebrpi.rphelios.net
13.225.83.200
13.64.150.232
147.75.100.161
147.75.33.131
147.75.84.91
18.197.253.20
192.99.20.144
2001:4de0:ac19::1:b:2b
23.21.83.205
2606:4700:20::ac43:4692
2a00:1450:4001:802::2003
2a00:1450:4001:806::200a
2a00:1450:4001:809::200e
2a00:1450:4001:816::2004
2a00:1450:4001:819::200e
2a00:1450:4001:81c::2008
2a00:1450:4001:81d::200e
2a00:1450:4001:820::2003
2a00:1450:4001:821::200a
2a00:1450:400c:c00::9c
2a03:2880:f007:2:face:b00c:0:1
2a03:2880:f007:8:face:b00c:0:1
2a03:2880:f107:83:face:b00c:0:25de
52.17.96.142
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
14cf40bc69ccd46f166fc3c4ef6a79b86ecde4de1e1e10ffebbee739bae75d78
1a38de0692129675b5b3c76dcc508dabdbb67a1df02ce06b5a630606aa5263c4
1c71b9d39da6e88a7e701b1c8aaee4ae48bbba173abf32faaec5f96439792615
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
33367bba4a5dc9b2654baae1da2442ce081f383578c475dccce533446f8286f6
3e2bad60fb2ae83313f3f98a04893164c2a6a0aeada301b785210b56fb111dc1
3f480b6fa1d6a3f9b83a50338bc46f2fb4f8d2bafa16a1e69cd82909b9c706e1
3ff904565543981d78679d6e90aaaded0d29dfb47198f711f2bc16c43dc57d89
449a906d6b2ab46252e1ae6a93424fe8ac608ae9dbc2c10428d797520fc704f0
44f8a56d427917b5fa0dd7933ba545679be5e6b3b93099e64a4e29c2159f57c0
4a708a3010997190375120453f3b9f8657dc9bc5ada4325c4f9cb45d59263d36
4bcc80b636a61b36149ef6a4ec7081ca873e68782396f5f0e2d988c854322d8b
4cb61e44bf63a9e090e666898cd04d382e4c33b55b62cc5e9ff7dab055fbf787
4ea4de94b05caf25349848cbcd53119ee2fe36a8b23a4a3d7f8ca1f2303b73a5
4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d
520a9d657be586adfbc60a77d88d35aeddda94ca2040d9f055d2db6cd3c30f25
5316e0ab38a57f2c981b785d6d43dbab7d485dce10bd1ce9eb5623aaa6fd8a5e
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5d74961bcc822fc959e3459905d99cadaec34598dc0639db21e5d7a3cabb6695
6701141ade0b13657f1339ecad529f40dab31125c5700fc90506b259758abf48
670c1e1231b975ab1eb9aef5092176dd4697cdb2f81b5ddec865fb67fa7e705d
6890d0206a75ab7bccfe291de59a8f80cbb6272a8f6f89b258523a2d7d65096d
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
71fd12d97b9f9aecaf7da4de60c8fdbf77596dc869bcb3562fb3fca82f2b4bdb
72cb54e595c06719ddad137010d51703ae6c2912099dff2ef332020ca27f28dd
7840b882c40dbf74ed59a55fa03d3045829b3c09db856ad6e08ac4ae8d3b5bff
7b7ce130a306561a4101914e820186deaf9e9e012255c96667706129853c1084
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
9f7ee1126aee7616c59ef5ce2b6c48561957562a826de7927c21b4b23e13f9cd
b003b4bb9f910d93e4f42f609cc96dff2fe12888d3caaf9dea8b17c6b0901c9a
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c928fdb51385041f3f674421c855f81de6dbb21b0085a3d003073cb810bc5208
d2458b9fd9089fdcb9de317093e004ef3a65597dc68b9adfdeb15a7c9968d0d5
d26f7c010747e1726413f29d8e50f3487099881b4466ecaefabf0fbfcff887ff
d2be7803ce22ea4563d3577bf0d5bfa8de3e85a754cf233a65b8cd34a156807c
d8a00caf71b945c76b24a4522d65d9bbf386b8396aaf08ec78fa781b2b21bc05
dc463bbb21a41c0ab117254c5024a8b0b76ec538b8f2f0482d1b90cf3ef3b5a9
e2f08eb7b2b2f2d4b2d071b3da887c5e13554f7748488cd168331a2c62b249a0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7d4aca9287a103aa79dc49ebf6936d089ca25a0d46ddae23cef17f880652a6c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f29bcb61e16acf81997f5e0cb5136f7946f993981c43a2e6416fd9284453318a
fb7fe3880d4edf70cb056bd165b519ea2aa3aff8b40de081ce64b5f6a068db74
fe89f7a270664ccebaf60f89dc237b7aa911e25c6ec8893daa7c96cc02ee714a