capital-ford-regina.driveai.ca Open in urlscan Pro
99.84.37.122  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. http://ar-p.co/SN2MK Page URL
2. https://capital-ford-regina.driveai.ca/?dealer_id=271&customer_ar_code=hERQo&selected_vehicle_id=a3502503-0b8d-482f-aa07-c89749554fbc&campaign_type=sms&point_of_entry=click&campaign_id=0eb4d1d0-6331-42ea-b8d8-8cd2c4917f1c&deploy_reference_id=0eb4d1d0-6331-42ea-b8d8-8cd2c4917f1c&offer_type=upgrade&locale=en_CA Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	403 Forbidden	SN2MK Show response ar-p.co/	577 B 1 KB	186ms 155ms	Document text/html	13.225.63.77 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://ar-p.co/SN2MK Protocol HTTP/1.1 Server 13.225.63.77 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-63-77.ewr53.r.cloudfront.net Software AmazonS3 / Resource Hash f5f76a58c028801cad882ec5046899099709b9dce1b0c89b6584b70eb7756952 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers Connection keep-alive Content-Length 577 Content-Type text/html Date Tue, 31 May 2022 16:29:42 GMT ETag "76172e4ac892e8eb3f2daef803ec4f65" Last-Modified Wed, 23 Dec 2020 19:20:00 GMT Server AmazonS3 Via 1.1 fd6ee8ff46440f33e22da71450793e70.cloudfront.net (CloudFront) X-Amz-Cf-Id 7RkuArz6lg7tktbFRM6dHJHNkQ813mdhdqoXgwIi_EEiaWDYonRAkw== X-Amz-Cf-Pop EWR53-C1 X-Cache Error from cloudfront x-amz-error-code AccessDenied x-amz-error-message Access Denied
GET H2	200	css fonts.googleapis.com/	2 KB 930 B	81ms 34ms	Stylesheet text/css	2607:f8b0:4006:821::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Lato:300,400,700&display=swap Requested by Host: ar-p.co URL: http://ar-p.co/SN2MK Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:821::200a Mullica Hill, United States, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 808f97075fc1233d487b23401e97c6c11fb39eb115ec0d9fc251ec09d9b2d5d4 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer http://ar-p.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Tue, 31 May 2022 15:29:55 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Tue, 31 May 2022 16:29:42 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 31 May 2022 16:29:42 GMT
GET H2	200	tfg8zzd.css use.typekit.net/	1 KB 816 B	127ms 37ms	Stylesheet text/css	2600:141b:13::17d7:82c3 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/tfg8zzd.css Requested by Host: ar-p.co URL: http://ar-p.co/SN2MK Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:141b:13::17d7:82c3 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash ba798759795b2d6a3f10a6751698d41e75628f032dffd878d85c27aa8f8b8fe3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; Request headers accept-language en-CA,en;q=0.9 Referer http://ar-p.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; content-encoding gzip server nginx date Tue, 31 May 2022 16:29:42 GMT vary Accept-Encoding content-type text/css;charset=utf-8 access-control-allow-origin * cache-control private, max-age=600, stale-while-revalidate=604800 cross-origin-resource-policy cross-origin timing-allow-origin * content-length 584
GET H/1.1	200 OK	styles.css ar-p.co/	618 KB 67 KB	27ms 27ms	Stylesheet text/css	13.225.63.77 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://ar-p.co/styles.css Requested by Host: ar-p.co URL: http://ar-p.co/SN2MK Protocol HTTP/1.1 Server 13.225.63.77 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-63-77.ewr53.r.cloudfront.net Software AmazonS3 / Resource Hash 690e1e4ca755c8ca30c0f15f90bc374d67d45606f8f0145a97c07074ddf13944 Request headers accept-language en-CA,en;q=0.9 Referer http://ar-p.co/SN2MK User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Tue, 31 May 2022 14:48:12 GMT Content-Encoding gzip Last-Modified Wed, 23 Dec 2020 19:20:00 GMT Server AmazonS3 Age 6091 ETag W/"64f28e4e063bb08d0b12ea0830d923a1" Vary Accept-Encoding X-Cache Hit from cloudfront Content-Type text/css Via 1.1 fd6ee8ff46440f33e22da71450793e70.cloudfront.net (CloudFront) Connection keep-alive Transfer-Encoding chunked X-Amz-Cf-Pop EWR53-C1 X-Amz-Cf-Id bLyUpHpKFKBf2WI23SR0EN5F5zRheoY-BAGbxHUZtJG09nO36Kqp7g==
GET H/1.1	200 OK	4f680a770debc990acc8_vendor.js Show response ar-p.co/	8 KB 4 KB	36ms 19ms	Script application/javascript	13.225.63.77 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://ar-p.co/4f680a770debc990acc8_vendor.js Requested by Host: ar-p.co URL: http://ar-p.co/SN2MK Protocol HTTP/1.1 Server 13.225.63.77 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-63-77.ewr53.r.cloudfront.net Software AmazonS3 / Resource Hash 016d0e549bb9d7e28898c89e4a2ce51eb44deca1d81e6a3aa48103bea467181f Request headers accept-language en-CA,en;q=0.9 Referer http://ar-p.co/SN2MK User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Tue, 31 May 2022 08:12:03 GMT Content-Encoding gzip Last-Modified Wed, 23 Dec 2020 19:20:00 GMT Server AmazonS3 Age 29860 ETag W/"1bad0c0a8907a8284caa0f77b0a734a0" Vary Accept-Encoding X-Cache Hit from cloudfront Content-Type application/javascript Via 1.1 17a79dcb426270de1bedb2a8dbcb8f72.cloudfront.net (CloudFront) Connection keep-alive Transfer-Encoding chunked X-Amz-Cf-Pop EWR53-C1 X-Amz-Cf-Id PSfjQM3QBujqkh163rXbiRWwSmiJtSEAjPCEBw6fU2uvIGHY0gqm9w==
GET H/1.1	200 OK	a94a575ef4bf17a413c5_app.js Show response ar-p.co/	2 MB 449 KB	37ms 20ms	Script application/javascript	13.225.63.77 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://ar-p.co/a94a575ef4bf17a413c5_app.js Requested by Host: ar-p.co URL: http://ar-p.co/SN2MK Protocol HTTP/1.1 Server 13.225.63.77 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-63-77.ewr53.r.cloudfront.net Software AmazonS3 / Resource Hash 1239f4378cfd5d8664f9034c08a680dcded1c863009721177c74e41d826417d0 Request headers accept-language en-CA,en;q=0.9 Referer http://ar-p.co/SN2MK User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Mon, 30 May 2022 20:58:45 GMT Content-Encoding gzip Last-Modified Wed, 23 Dec 2020 19:20:00 GMT Server AmazonS3 Age 70258 ETag W/"8efc24e7b75fe5fbc699ed4f3407c8c7" Vary Accept-Encoding X-Cache Hit from cloudfront Content-Type application/javascript Via 1.1 19f59f4851bd1754171a506ce0726a08.cloudfront.net (CloudFront) Connection keep-alive Transfer-Encoding chunked X-Amz-Cf-Pop EWR53-C1 X-Amz-Cf-Id 5IYNzx-JtHGPQUuVHuhjM_azYfdz0-Ahr7lN8XzPlUL2Fd84URBL8A==
GET H2	200	p.css p.typekit.net/	5 B 181 B	94ms 18ms	Stylesheet text/css	2600:141b:13::17d7:82e3 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://p.typekit.net/p.css?s=1&k=tfg8zzd&ht=tk&f=22708&a=86116339&app=typekit&e=css Requested by Host: use.typekit.net URL: https://use.typekit.net/tfg8zzd.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:141b:13::17d7:82e3 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb Request headers accept-language en-CA,en;q=0.9 Referer https://use.typekit.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 31 May 2022 16:29:43 GMT last-modified Sat, 02 Oct 2021 08:25:28 GMT server nginx etag "61581778-5" content-type text/css access-control-allow-origin * cache-control public, max-age=604800 cross-origin-resource-policy cross-origin accept-ranges bytes content-length 5
GET H/1.1	200 OK	/ Show response api.ipify.org/	14 B 231 B	563ms 505ms	Fetch text/plain	52.20.78.240 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.ipify.org/ Requested by Host: ar-p.co URL: http://ar-p.co/a94a575ef4bf17a413c5_app.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 52.20.78.240 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-20-78-240.compute-1.amazonaws.com Software Cowboy / Resource Hash 80dee624efb2853c28aaf107efcd95223773f63fc55afc96b47499a32d7b92f6 Request headers accept-language en-CA,en;q=0.9 Referer http://ar-p.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Tue, 31 May 2022 16:29:43 GMT Via 1.1 vegur Server Cowboy Vary Origin Content-Type text/plain Access-Control-Allow-Origin http://ar-p.co Connection keep-alive Content-Length 14
GET H2	200	SN2MK urls.services.absoluteresults.com/shortener/	547 B 942 B	385ms 245ms	XHR application/json	99.84.37.49 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://urls.services.absoluteresults.com/shortener/SN2MK?ip=149.56.153.178 Requested by Host: ar-p.co URL: http://ar-p.co/a94a575ef4bf17a413c5_app.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.37.49 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-37-49.ewr52.r.cloudfront.net Software / Resource Hash Request headers Accept application/json, text/plain, */* Referer http://ar-p.co/ accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 31 May 2022 16:29:44 GMT via 1.1 af7150da467dea586a5e6a0532adec9c.cloudfront.net (CloudFront) x-amz-cf-pop EWR52-C4 x-amzn-requestid bf36eabd-4eea-4959-a402-ff6768c3f703 x-cache Miss from cloudfront content-type application/json access-control-allow-origin * x-amzn-trace-id Root=1-62964278-527c69e5293325ae44863d0c;Sampled=0 access-control-allow-credentials true x-amz-apigw-id S_9SzFDlvHcFngA= content-length 547 x-amz-cf-id PSvjJ3WXDmytWAHqMU_AjFs7-7Wt89-1v4MhMZWQY2gnx8Ghz4sBSw==
GET H2	200	Primary Request / Show response capital-ford-regina.driveai.ca/	8 KB 2 KB	181ms 20ms	Document text/html	99.84.37.122 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://capital-ford-regina.driveai.ca/?dealer_id=271&customer_ar_code=hERQo&selected_vehicle_id=a3502503-0b8d-482f-aa07-c89749554fbc&campaign_type=sms&point_of_entry=click&campaign_id=0eb4d1d0-6331-42ea-b8d8-8cd2c4917f1c&deploy_reference_id=0eb4d1d0-6331-42ea-b8d8-8cd2c4917f1c&offer_type=upgrade&locale=en_CA Requested by Host: ar-p.co URL: http://ar-p.co/a94a575ef4bf17a413c5_app.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.37.122 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-37-122.ewr52.r.cloudfront.net Software AmazonS3 / Resource Hash 2c1fc435d931e182eca5622d74a95f17630f268ef2a4443f3b19ff2eefd33113 Request headers Referer http://ar-p.co/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers age 30958 content-encoding gzip content-type text/html date Tue, 31 May 2022 07:53:47 GMT etag W/"561a6c4c427f3b1e271ef41e1b4b1049" last-modified Wed, 13 Apr 2022 22:28:16 GMT server AmazonS3 vary Accept-Encoding via 1.1 af7150da467dea586a5e6a0532adec9c.cloudfront.net (CloudFront) x-amz-cf-id d3ePi8UH5x25_PbxOXLfutKzYKy_lJgriMGET3TmeDCTbR6K5Xsz2Q== x-amz-cf-pop EWR52-C4 x-cache Hit from cloudfront
GET H2	200	css fonts.googleapis.com/	2 KB 524 B	35ms 34ms	Stylesheet text/css	2607:f8b0:4006:821::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Lato:300,400,700&display=swap Requested by Host: capital-ford-regina.driveai.ca URL: https://capital-ford-regina.driveai.ca/?dealer_id=271&customer_ar_code=hERQo&selected_vehicle_id=a3502503-0b8d-482f-aa07-c89749554fbc&campaign_type=sms&point_of_entry=click&campaign_id=0eb4d1d0-6331-42ea-b8d8-8cd2c4917f1c&deploy_reference_id=0eb4d1d0-6331-42ea-b8d8-8cd2c4917f1c&offer_type=upgrade&locale=en_CA Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:821::200a Mullica Hill, United States, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 808f97075fc1233d487b23401e97c6c11fb39eb115ec0d9fc251ec09d9b2d5d4 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer https://capital-ford-regina.driveai.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Tue, 31 May 2022 15:19:25 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Tue, 31 May 2022 16:29:44 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 31 May 2022 16:29:44 GMT
GET H2	200	tfg8zzd.css use.typekit.net/	1 KB 816 B	18ms 18ms	Stylesheet text/css	2600:141b:13::17d7:82c3 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/tfg8zzd.css Requested by Host: capital-ford-regina.driveai.ca URL: https://capital-ford-regina.driveai.ca/?dealer_id=271&customer_ar_code=hERQo&selected_vehicle_id=a3502503-0b8d-482f-aa07-c89749554fbc&campaign_type=sms&point_of_entry=click&campaign_id=0eb4d1d0-6331-42ea-b8d8-8cd2c4917f1c&deploy_reference_id=0eb4d1d0-6331-42ea-b8d8-8cd2c4917f1c&offer_type=upgrade&locale=en_CA Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:141b:13::17d7:82c3 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash ba798759795b2d6a3f10a6751698d41e75628f032dffd878d85c27aa8f8b8fe3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; Request headers accept-language en-CA,en;q=0.9 Referer https://capital-ford-regina.driveai.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; content-encoding gzip server nginx date Tue, 31 May 2022 16:29:44 GMT vary Accept-Encoding content-type text/css;charset=utf-8 access-control-allow-origin * cache-control private, max-age=600, stale-while-revalidate=604800 cross-origin-resource-policy cross-origin timing-allow-origin * content-length 584
GET H2	200	styles.css capital-ford-regina.driveai.ca/	705 KB 71 KB	38ms 38ms	Stylesheet text/css	99.84.37.122 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://capital-ford-regina.driveai.ca/styles.css Requested by Host: capital-ford-regina.driveai.ca URL: https://capital-ford-regina.driveai.ca/?dealer_id=271&customer_ar_code=hERQo&selected_vehicle_id=a3502503-0b8d-482f-aa07-c89749554fbc&campaign_type=sms&point_of_entry=click&campaign_id=0eb4d1d0-6331-42ea-b8d8-8cd2c4917f1c&deploy_reference_id=0eb4d1d0-6331-42ea-b8d8-8cd2c4917f1c&offer_type=upgrade&locale=en_CA Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.37.122 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-37-122.ewr52.r.cloudfront.net Software AmazonS3 / Resource Hash f54c889b542d25aa402c84b03f2b5fb13d137f738c167e33fe2fba2a803fde05 Request headers accept-language en-CA,en;q=0.9 Referer https://capital-ford-regina.driveai.ca/?dealer_id=271&customer_ar_code=hERQo&selected_vehicle_id=a3502503-0b8d-482f-aa07-c89749554fbc&campaign_type=sms&point_of_entry=click&campaign_id=0eb4d1d0-6331-42ea-b8d8-8cd2c4917f1c&deploy_reference_id=0eb4d1d0-6331-42ea-b8d8-8cd2c4917f1c&offer_type=upgrade&locale=en_CA User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 31 May 2022 11:22:12 GMT content-encoding br last-modified Wed, 13 Apr 2022 22:28:16 GMT server AmazonS3 age 18453 etag W/"eda9d36df46d54faf7b5a716af0834a1" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css via 1.1 af7150da467dea586a5e6a0532adec9c.cloudfront.net (CloudFront) x-amz-cf-pop EWR52-C4 x-amz-cf-id 81MSh95UeNc2Zv0U7cFmrLmSUFjKpYFI5-8TJ4Jpd5-myAWHHIJ4JA==
GET H2	200	0f119542c0d296d33837_vendor.js Show response capital-ford-regina.driveai.ca/	8 KB 4 KB	39ms 38ms	Script application/javascript	99.84.37.122 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://capital-ford-regina.driveai.ca/0f119542c0d296d33837_vendor.js Requested by Host: capital-ford-regina.driveai.ca URL: https://capital-ford-regina.driveai.ca/?dealer_id=271&customer_ar_code=hERQo&selected_vehicle_id=a3502503-0b8d-482f-aa07-c89749554fbc&campaign_type=sms&point_of_entry=click&campaign_id=0eb4d1d0-6331-42ea-b8d8-8cd2c4917f1c&deploy_reference_id=0eb4d1d0-6331-42ea-b8d8-8cd2c4917f1c&offer_type=upgrade&locale=en_CA Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.37.122 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-37-122.ewr52.r.cloudfront.net Software AmazonS3 / Resource Hash 97a7ccfc9fbfeabf7261653a1ce0c98ed6e78957010e9161342ede1dd12e43d7 Request headers accept-language en-CA,en;q=0.9 Referer https://capital-ford-regina.driveai.ca/?dealer_id=271&customer_ar_code=hERQo&selected_vehicle_id=a3502503-0b8d-482f-aa07-c89749554fbc&campaign_type=sms&point_of_entry=click&campaign_id=0eb4d1d0-6331-42ea-b8d8-8cd2c4917f1c&deploy_reference_id=0eb4d1d0-6331-42ea-b8d8-8cd2c4917f1c&offer_type=upgrade&locale=en_CA User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 31 May 2022 07:53:49 GMT content-encoding gzip last-modified Wed, 13 Apr 2022 22:28:14 GMT server AmazonS3 age 30956 etag W/"57c54c563debd13b073d6e8e8f05e7eb" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 af7150da467dea586a5e6a0532adec9c.cloudfront.net (CloudFront) x-amz-cf-pop EWR52-C4 x-amz-cf-id B0w7T4XoTDAregOKef63YY3E6CwgYyE5cqgg-SIxPiz68YW9x7soyA==
GET H2	200	763494f3b36e69793784_app.js Show response capital-ford-regina.driveai.ca/	2 MB 593 KB	39ms 38ms	Script application/javascript	99.84.37.122 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://capital-ford-regina.driveai.ca/763494f3b36e69793784_app.js Requested by Host: capital-ford-regina.driveai.ca URL: https://capital-ford-regina.driveai.ca/?dealer_id=271&customer_ar_code=hERQo&selected_vehicle_id=a3502503-0b8d-482f-aa07-c89749554fbc&campaign_type=sms&point_of_entry=click&campaign_id=0eb4d1d0-6331-42ea-b8d8-8cd2c4917f1c&deploy_reference_id=0eb4d1d0-6331-42ea-b8d8-8cd2c4917f1c&offer_type=upgrade&locale=en_CA Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.37.122 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-37-122.ewr52.r.cloudfront.net Software AmazonS3 / Resource Hash e44b5ba63d71ddd73e479b6790d9ec4c2f4e96921e4dee7e5a3ec41595907af1 Request headers accept-language en-CA,en;q=0.9 Referer https://capital-ford-regina.driveai.ca/?dealer_id=271&customer_ar_code=hERQo&selected_vehicle_id=a3502503-0b8d-482f-aa07-c89749554fbc&campaign_type=sms&point_of_entry=click&campaign_id=0eb4d1d0-6331-42ea-b8d8-8cd2c4917f1c&deploy_reference_id=0eb4d1d0-6331-42ea-b8d8-8cd2c4917f1c&offer_type=upgrade&locale=en_CA User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 31 May 2022 07:53:50 GMT content-encoding gzip last-modified Wed, 13 Apr 2022 22:28:14 GMT server AmazonS3 age 30955 etag W/"9b173b2473bb7a5f939dd0cbbbcff9a4" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 af7150da467dea586a5e6a0532adec9c.cloudfront.net (CloudFront) x-amz-cf-pop EWR52-C4 x-amz-cf-id dVSM6c1xkumyHJMrjMdK3QFwrz7Nylkg3C-YuTw57J35ecRa9kaSuw==
GET H2	200	p.css p.typekit.net/	5 B 181 B	18ms 18ms	Stylesheet text/css	2600:141b:13::17d7:82e3 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://p.typekit.net/p.css?s=1&k=tfg8zzd&ht=tk&f=22708&a=86116339&app=typekit&e=css Requested by Host: use.typekit.net URL: https://use.typekit.net/tfg8zzd.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:141b:13::17d7:82e3 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb Request headers accept-language en-CA,en;q=0.9 Referer https://use.typekit.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 31 May 2022 16:29:44 GMT last-modified Sat, 02 Oct 2021 08:25:28 GMT server nginx etag "61581778-5" content-type text/css access-control-allow-origin * cache-control public, max-age=604800 cross-origin-resource-policy cross-origin accept-ranges bytes content-length 5
GET H3	200	css2 fonts.googleapis.com/	20 KB 873 B	36ms 36ms	Stylesheet text/css	2607:f8b0:4006:821::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap Requested by Host: capital-ford-regina.driveai.ca URL: https://capital-ford-regina.driveai.ca/styles.css Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:821::200a Mullica Hill, United States, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash fb251250adab71e2202eca2aeade54dfdeefd680b38181fe3c1d9580bbaae027 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language en-CA,en;q=0.9 Referer https://capital-ford-regina.driveai.ca/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Tue, 31 May 2022 16:03:28 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Tue, 31 May 2022 16:29:44 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 31 May 2022 16:29:44 GMT
OPTIONS H2	200	request-access auth.services.absoluteresults.com/auth/	0 0	412ms 225ms	Preflight application/json	13.33.86.84 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://auth.services.absoluteresults.com/auth/request-access Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.33.86.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-33-86-84.ewr52.r.cloudfront.net Software / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://capital-ford-regina.driveai.ca Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers access-control-allow-credentials false access-control-allow-headers Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent access-control-allow-methods OPTIONS,DELETE,GET,HEAD,PATCH,POST,PUT access-control-allow-origin https://capital-ford-regina.driveai.ca content-length 1 content-type application/json date Tue, 31 May 2022 16:29:45 GMT via 1.1 b78bfeca7339074512b7289497872df2.cloudfront.net (CloudFront) x-amz-apigw-id S_9S8F6UPHcF9hQ= x-amz-cf-id qe4WUwLDSFn1WwvvKWDz1CogaTz5lvEJKhqVGoXPKbOG5_A_RYPx7A== x-amz-cf-pop EWR52-C1 x-amzn-requestid e29b9302-1f1f-4b25-ae74-803b7bdebec6 x-cache Miss from cloudfront
POST H2	200	request-access Show response auth.services.absoluteresults.com/auth/	356 B 752 B	663ms 663ms	XHR application/json	13.33.86.84 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://auth.services.absoluteresults.com/auth/request-access Requested by Host: capital-ford-regina.driveai.ca URL: https://capital-ford-regina.driveai.ca/763494f3b36e69793784_app.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.33.86.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-33-86-84.ewr52.r.cloudfront.net Software / Resource Hash 9ab82b308556ed8e34f7735a8063c92edc63700552d8848cbd4eb7b922af49eb Request headers Accept application/json, text/plain, */* Referer https://capital-ford-regina.driveai.ca/ accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Content-Type application/json;charset=UTF-8 Response headers date Tue, 31 May 2022 16:29:45 GMT via 1.1 b78bfeca7339074512b7289497872df2.cloudfront.net (CloudFront) x-amz-cf-pop EWR52-C1 x-amzn-requestid fbd6ec6b-5238-49cb-97b0-9f711247ed30 x-cache Miss from cloudfront content-type application/json access-control-allow-origin * x-amzn-trace-id Root=1-62964279-4bb905e63bd4f76d60831a32;Sampled=0 access-control-allow-credentials true x-amz-apigw-id S_9S-EkvPHcFaRA= content-length 356 x-amz-cf-id l_JTU1L-FhYztxMeq826SjmUBusfF0P15ldqVHN8XnTfvfOVH48ubQ==
OPTIONS H2	200	271 ar.absoluteresults.com/rest/dealers/	0 0	368ms 118ms	Preflight text/html	52.48.147.175 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ar.absoluteresults.com/rest/dealers/271 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.48.147.175 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-48-147-175.eu-west-1.compute.amazonaws.com Software Apache/2.4.46 (Amazon) OpenSSL/1.0.2k-fips PHP/5.5.38 / PHP/5.5.38 Resource Hash Request headers Accept */* Access-Control-Request-Headers authorization Access-Control-Request-Method GET Origin https://capital-ford-regina.driveai.ca Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers access-control-allow-headers Content-Type,Access-Control-Allow-Headers,Authorization,X-Requested-With access-control-allow-origin * access-control-max-age 1728000 content-length 0 content-type text/html; charset=UTF-8 date Tue, 31 May 2022 16:29:46 GMT server Apache/2.4.46 (Amazon) OpenSSL/1.0.2k-fips PHP/5.5.38 x-powered-by PHP/5.5.38
GET		271 ar.absoluteresults.com/rest/dealers/	0 0
GET H2	200	d50a36fc-a33c-4e68-83fb-3859119b46b7 Show response customers.eu.services.absoluteresults.com/customers/	24 KB 25 KB	1036ms 1036ms	XHR application/json	13.225.223.128 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://customers.eu.services.absoluteresults.com/customers/d50a36fc-a33c-4e68-83fb-3859119b46b7?dealer_id=271&activity_types[]=sales&activity_types[]=service&activity_types[]=service_appointment&activity_types[]=appointment_booked&activity_types[]=appointment_request&data_types[]=names&data_types[]=addresses&data_types[]=vehicles&data_types[]=phones&data_types[]=emails&data_types[]=activities&data_types[]=customer&data_types[]=casl&show_no_longer_owned_vehicles=true&show_distance=1&show_activity_descriptions=1&show_vehicle_offers=true&locale=en_CA Requested by Host: capital-ford-regina.driveai.ca URL: https://capital-ford-regina.driveai.ca/763494f3b36e69793784_app.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.128 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-128.jfk51.r.cloudfront.net Software / Express Resource Hash 3238afd64900ede6a12654227c918b69c912a97e3d7bd0ed0c0b22798b83afdd Request headers Accept application/json, text/plain, */* Referer https://capital-ford-regina.driveai.ca/ Authorization JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NTY2MDY1ODUsImRhdGEiOnsidHlwZSI6ImN1c3RvbWVyIiwiaWQiOiJkNTBhMzZmYy1hMzNjLTRlNjgtODNmYi0zODU5MTE5YjQ2YjciLCJjdXN0b21lcl9pZCI6ImQ1MGEzNmZjLWEzM2MtNGU2OC04M2ZiLTM4NTkxMTliNDZiNyIsImRlYWxlcl9pZCI6IjI3MSJ9LCJpYXQiOjE2NTQwMTQ1ODV9.Ie79MRyLwhDK--MD7TiCSaWz9ACdfMCOlxZVVo_t0pA accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 31 May 2022 16:29:46 GMT via 1.1 73d76685a18ed386cef8f6fb5f61f844.cloudfront.net (CloudFront) etag W/"618d-BWpEL24r9rN78ZbCqPc0IQNsIEc" x-amzn-remapped-content-length 24973 x-amz-cf-pop JFK51-C1 x-powered-by Express x-amzn-requestid 1d4477f3-1bfd-4d7d-bebe-75f136f59cd8 x-cache Miss from cloudfront content-type application/json; charset=utf-8 access-control-allow-origin * x-amzn-trace-id Root=1-6296427a-103216b1699e1f5243b18f82;Sampled=0 x-amz-apigw-id S_9THGVxDoEFutw= content-length 24973 x-amz-cf-id UQYYv4iBPrwdjVWnIidwlbcDjtFGWUKwbl4gKeZS4IQbIH3HwmfGKQ==
OPTIONS H2	200	d50a36fc-a33c-4e68-83fb-3859119b46b7 customers.eu.services.absoluteresults.com/customers/	0 0	187ms 85ms	Preflight application/json	13.225.223.128 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://customers.eu.services.absoluteresults.com/customers/d50a36fc-a33c-4e68-83fb-3859119b46b7?dealer_id=271&activity_types[]=sales&activity_types[]=service&activity_types[]=service_appointment&activity_types[]=appointment_booked&activity_types[]=appointment_request&data_types[]=names&data_types[]=addresses&data_types[]=vehicles&data_types[]=phones&data_types[]=emails&data_types[]=activities&data_types[]=customer&data_types[]=casl&show_no_longer_owned_vehicles=true&show_distance=1&show_activity_descriptions=1&show_vehicle_offers=true&locale=en_CA Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.223.128 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-223-128.jfk51.r.cloudfront.net Software / Resource Hash Request headers Accept */* Access-Control-Request-Headers authorization Access-Control-Request-Method GET Origin https://capital-ford-regina.driveai.ca Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers access-control-allow-credentials false access-control-allow-headers Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent access-control-allow-methods OPTIONS,DELETE,GET,HEAD,PATCH,POST,PUT access-control-allow-origin https://capital-ford-regina.driveai.ca content-length 1 content-type application/json date Tue, 31 May 2022 16:29:45 GMT via 1.1 73d76685a18ed386cef8f6fb5f61f844.cloudfront.net (CloudFront) x-amz-apigw-id S_9TFFOWjoEFpKQ= x-amz-cf-id xali7nsf8X46O0s20TP5yw1hclz-BIJ5swKWg6Uj_aidb9ZRTqbJHA== x-amz-cf-pop JFK51-C1 x-amzn-requestid a863453c-a0b5-4eaa-975c-e79a17438e07 x-cache Miss from cloudfront
GET H2	200	UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 fonts.gstatic.com/s/inter/v11/	37 KB 37 KB	67ms 20ms	Font font/woff2	2607:f8b0:4006:80b::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/inter/v11/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:80b::2003 Mullica Hill, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://capital-ford-regina.driveai.ca accept-language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 31 May 2022 03:18:54 GMT x-content-type-options nosniff age 47451 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37716 x-xss-protection 0 last-modified Tue, 26 Apr 2022 15:29:50 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 31 May 2023 03:18:54 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

ar.absoluteresults.com

URL

https://ar.absoluteresults.com/rest/dealers/271

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation object| __core-js_shared__ object| core object| regeneratorRuntime function| _ function| setImmediate function| clearImmediate object| FontAwesomeConfig object| ___FONT_AWESOME___

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.driveai.ca/	1970-01-23 19:02:54	Name: auth_token Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NTY2MDY1ODUsImRhdGEiOnsidHlwZSI6ImN1c3RvbWVyIiwiaWQiOiJkNTBhMzZmYy1hMzNjLTRlNjgtODNmYi0zODU5MTE5YjQ2YjciLCJjdXN0b21lcl9pZCI6ImQ1MGEzNmZjLWEzM2MtNGU2OC04M2ZiLTM4NTkxMTliNDZiNyIsImRlYWxlcl9pZCI6IjI3MSJ9LCJpYXQiOjE2NTQwMTQ1ODV9.Ie79MRyLwhDK--MD7TiCSaWz9ACdfMCOlxZVVo_t0pA

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://ar-p.co/SN2MK Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipify.org
ar-p.co
ar.absoluteresults.com
auth.services.absoluteresults.com
capital-ford-regina.driveai.ca
customers.eu.services.absoluteresults.com
fonts.googleapis.com
fonts.gstatic.com
p.typekit.net
urls.services.absoluteresults.com
use.typekit.net
ar.absoluteresults.com
13.225.223.128
13.225.63.77
13.33.86.84
2600:141b:13::17d7:82c3
2600:141b:13::17d7:82e3
2607:f8b0:4006:80b::2003
2607:f8b0:4006:821::200a
52.20.78.240
52.48.147.175
99.84.37.122
99.84.37.49
016d0e549bb9d7e28898c89e4a2ce51eb44deca1d81e6a3aa48103bea467181f
1239f4378cfd5d8664f9034c08a680dcded1c863009721177c74e41d826417d0
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
2c1fc435d931e182eca5622d74a95f17630f268ef2a4443f3b19ff2eefd33113
3238afd64900ede6a12654227c918b69c912a97e3d7bd0ed0c0b22798b83afdd
690e1e4ca755c8ca30c0f15f90bc374d67d45606f8f0145a97c07074ddf13944
808f97075fc1233d487b23401e97c6c11fb39eb115ec0d9fc251ec09d9b2d5d4
80dee624efb2853c28aaf107efcd95223773f63fc55afc96b47499a32d7b92f6
97a7ccfc9fbfeabf7261653a1ce0c98ed6e78957010e9161342ede1dd12e43d7
9ab82b308556ed8e34f7735a8063c92edc63700552d8848cbd4eb7b922af49eb
b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce
ba798759795b2d6a3f10a6751698d41e75628f032dffd878d85c27aa8f8b8fe3
e44b5ba63d71ddd73e479b6790d9ec4c2f4e96921e4dee7e5a3ec41595907af1
f54c889b542d25aa402c84b03f2b5fb13d137f738c167e33fe2fba2a803fde05
f5f76a58c028801cad882ec5046899099709b9dce1b0c89b6584b70eb7756952
fb251250adab71e2202eca2aeade54dfdeefd680b38181fe3c1d9580bbaae027