urlscan.io logo urlscan.io
SecurityTrails logo

crm.pmweb.com.br Open in urlscan Pro
52.6.114.25  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://crm.pmweb.com.br/Louvrehotels/comunicacao/ca.aspx?v=0-277-581758
Effective URL: https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDY...
Submission: On March 08 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 3 countries across 6 domains to perform 23 HTTP transactions. The main IP is 52.6.114.25, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is crm.pmweb.com.br.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G2 on June 4th 2021. Valid for: a year.
This is the only time crm.pmweb.com.br was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 9 52.6.114.25 14618 (AMAZON-AES)
1 52.95.163.43 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 65.9.78.83 16509 (AMAZON-02)
1 65.9.78.52 16509 (AMAZON-02)
1 65.9.78.119 16509 (AMAZON-02)
1 65.9.78.66 16509 (AMAZON-02)
6 52.207.118.196 14618 (AMAZON-AES)
2 2a00:1450:400... 15169 (GOOGLE)
1 52.95.165.118 16509 (AMAZON-02)
23 10
9    52.6.114.25 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: crm.pmweb.com.br
crm.pmweb.com.br
1    52.95.163.43 (São Paulo, Brazil)

ASN16509 (AMAZON-02, US)
PTR: s3-sa-east-1.amazonaws.com
s3-sa-east-1.amazonaws.com
2    2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    65.9.78.83 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-78-83.ams1.r.cloudfront.net
static.hotjar.com
1    65.9.78.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-78-52.ams1.r.cloudfront.net
script.hotjar.com
1    65.9.78.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-78-119.ams1.r.cloudfront.net
vars.hotjar.com
1    65.9.78.66 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-78-66.ams1.r.cloudfront.net
vc.hotjar.io
6    52.207.118.196 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-207-118-196.compute-1.amazonaws.com
api-pmwebcrm.pmweb.com.br
2    2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    52.95.165.118 (São Paulo, Brazil)

ASN16509 (AMAZON-02, US)
PTR: s3-sa-east-1-r-w.amazonaws.com
crmstaticfiles.s3.sa-east-1.amazonaws.com
Apex Domain
Subdomains		 Transfer
15 pmweb.com.br
crm.pmweb.com.br
api-pmwebcrm.pmweb.com.br
1 MB
3 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 573
script.hotjar.com — Cisco Umbrella Rank: 719
vars.hotjar.com — Cisco Umbrella Rank: 874
66 KB
2 gstatic.com
fonts.gstatic.com
32 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
2 KB
2 amazonaws.com
s3-sa-east-1.amazonaws.com
crmstaticfiles.s3.sa-east-1.amazonaws.com
192 KB
1 hotjar.io
vc.hotjar.io — Cisco Umbrella Rank: 2052
255 B
23 6
Domain Requested by
9 crm.pmweb.com.br 2 redirects crm.pmweb.com.br
6 api-pmwebcrm.pmweb.com.br crm.pmweb.com.br
2 fonts.gstatic.com fonts.googleapis.com
2 fonts.googleapis.com crm.pmweb.com.br
1 crmstaticfiles.s3.sa-east-1.amazonaws.com
1 vc.hotjar.io script.hotjar.com
1 vars.hotjar.com static.hotjar.com
1 script.hotjar.com static.hotjar.com
1 static.hotjar.com crm.pmweb.com.br
1 s3-sa-east-1.amazonaws.com crm.pmweb.com.br
23 10

This site contains no links.

Subject Issuer Validity Valid
*.pmweb.com.br
AlphaSSL CA - SHA256 - G2		 2021-06-04 -
2022-07-06		 a year crt.sh
*.s3-sa-east-1.amazonaws.com
Amazon		 2021-12-09 -
2022-12-02		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
*.hotjar.com
Amazon		 2021-11-25 -
2022-12-23		 a year crt.sh
*.hotjar.io
Amazon		 2021-08-17 -
2022-09-15		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
Frame ID: 2C8DED28F46D97857BC548CC77537C7F
Requests: 19 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Frame ID: B314B6D5B35AF38A075001F671D9954E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Pmweb CRM

Page URL History Show full URLs

  1. http://crm.pmweb.com.br/Louvrehotels/comunicacao/ca.aspx?v=0-277-581758 HTTP 301
    https://crm.pmweb.com.br/Louvrehotels/comunicacao/ca.aspx?v=0-277-581758 HTTP 302
    https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Page Statistics

23
Requests

100 %
HTTPS

20 %
IPv6

6
Domains

10
Subdomains

10
IPs

3
Countries

1741 kB
Transfer

4006 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://crm.pmweb.com.br/Louvrehotels/comunicacao/ca.aspx?v=0-277-581758 HTTP 301
    https://crm.pmweb.com.br/Louvrehotels/comunicacao/ca.aspx?v=0-277-581758 HTTP 302
    https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request opt-out
crm.pmweb.com.br/louvrehotels/spa/
Redirect Chain
  • http://crm.pmweb.com.br/Louvrehotels/comunicacao/ca.aspx?v=0-277-581758
  • https://crm.pmweb.com.br/Louvrehotels/comunicacao/ca.aspx?v=0-277-581758
  • https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI...
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.6.114.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
crm.pmweb.com.br
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
fe53897181f109273c261c889dd18681d4380ca0e1dccd50c93e476e8ae9d287

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Content-Type
text/html
Content-Encoding
gzip
Last-Modified
Mon, 21 Feb 2022 19:06:49 GMT
Accept-Ranges
bytes
ETag
"80aa692d5627d81:0"
Vary
Accept-Encoding
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Access-Control-Allow-Origin
*
Date
Tue, 08 Mar 2022 13:36:51 GMT
Content-Length
1333

Redirect headers

Cache-Control
private
Content-Type
text/html; charset=utf-8
Location
https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
Strict-Transport-Security
max-age=300
X-Powered-By
ASP.NET
Access-Control-Allow-Origin
*
Date
Tue, 08 Mar 2022 13:36:51 GMT
Content-Length
423
theme.css
s3-sa-east-1.amazonaws.com/crmstaticfiles/css/ 		189 KB
189 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s3-sa-east-1.amazonaws.com/crmstaticfiles/css/theme.css?version=1.13.6
Requested by
Host: crm.pmweb.com.br
URL: https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.163.43 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-sa-east-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
2fd99f91a4295d81564c8794175c57415a910c529ba7aa9dbb61f2880c94973d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://crm.pmweb.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-meta-cb-modifiedtime
Fri, 08 Nov 2019 14:30:51 GMT
Date
Tue, 08 Mar 2022 13:37:02 GMT
Last-Modified
Mon, 26 Oct 2020 10:57:31 GMT
Server
AmazonS3
x-amz-request-id
9HM13H4SMC6HZWTY
ETag
"da5536576e4a270017d7b1b5b00282be"
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
193201
x-amz-id-2
RFAyMCzEOj2qb2n1IYXgJ0NBr14OtBZJgXsd9eTSug96bG9pXptvArlot317rkIXGqN7NYnQ1t4=
css
fonts.googleapis.com/ 		6 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,400,500
Requested by
Host: crm.pmweb.com.br
URL: https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2ddefcdc9f260c5ffeb93fed110fe9d929028226f9a2d8a4934ea52b546e9640
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://crm.pmweb.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 08 Mar 2022 11:41:13 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 08 Mar 2022 13:37:00 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 08 Mar 2022 13:37:00 GMT
app.87254612.css
crm.pmweb.com.br/spa-prod/css/ 		244 KB
53 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://crm.pmweb.com.br/spa-prod/css/app.87254612.css
Requested by
Host: crm.pmweb.com.br
URL: https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.6.114.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
crm.pmweb.com.br
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
6b79d1fd04011e58eb8ce2defeb75941873eae117765ce80cae32d5b56207c81

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 08 Mar 2022 13:36:51 GMT
Content-Encoding
gzip
Last-Modified
Mon, 21 Feb 2022 19:06:49 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
ETag
"80aa692d5627d81:0"
Vary
Accept-Encoding
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
53662
chunk-vendors.301f8fc3.css
crm.pmweb.com.br/spa-prod/css/ 		80 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://crm.pmweb.com.br/spa-prod/css/chunk-vendors.301f8fc3.css
Requested by
Host: crm.pmweb.com.br
URL: https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.6.114.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
crm.pmweb.com.br
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
94c4642336b7a4795c3cd8a5fac1d45c884b1db775cad10989a905de22f9456f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 08 Mar 2022 13:36:52 GMT
Content-Encoding
gzip
Last-Modified
Mon, 21 Feb 2022 19:06:49 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
ETag
"80aa692d5627d81:0"
Vary
Accept-Encoding
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
18315
app.e6abb583.js
crm.pmweb.com.br/spa-prod/js/ 		875 KB
308 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://crm.pmweb.com.br/spa-prod/js/app.e6abb583.js
Requested by
Host: crm.pmweb.com.br
URL: https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.6.114.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
crm.pmweb.com.br
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
79eb8ef75b0ba80c9c22fc3b80f5c8d9d57a33289c7ab5b64fd71e970ebb0307

Request headers

Referer
https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
Origin
https://crm.pmweb.com.br
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 08 Mar 2022 13:36:52 GMT
Content-Encoding
gzip
ETag
"80aa692d5627d81:0"
Last-Modified
Mon, 21 Feb 2022 19:06:49 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
Transfer-Encoding
chunked
Accept-Ranges
bytes
chunk-vendors.31a89114.js
crm.pmweb.com.br/spa-prod/js/ 		2 MB
901 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://crm.pmweb.com.br/spa-prod/js/chunk-vendors.31a89114.js
Requested by
Host: crm.pmweb.com.br
URL: https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.6.114.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
crm.pmweb.com.br
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
e53b79dc4ddd757d86ff9919959ce3e03672c5a271dd431b02e370e5cbda1a73

Request headers

Referer
https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
Origin
https://crm.pmweb.com.br
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 08 Mar 2022 13:36:52 GMT
Content-Encoding
gzip
ETag
"80aa692d5627d81:0"
Last-Modified
Mon, 21 Feb 2022 19:06:49 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
Transfer-Encoding
chunked
Accept-Ranges
bytes
dashMkt.f4844dd4.css
crm.pmweb.com.br/spa-prod/css/ 		0
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://crm.pmweb.com.br/spa-prod/css/dashMkt.f4844dd4.css
Requested by
Host: crm.pmweb.com.br
URL: https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.6.114.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
crm.pmweb.com.br
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 08 Mar 2022 13:36:52 GMT
Content-Encoding
gzip
Last-Modified
Mon, 21 Feb 2022 19:06:49 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
ETag
"80aa692d5627d81:0"
Vary
Accept-Encoding
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
6151
dashMkt.4c3c1ffd.js
crm.pmweb.com.br/spa-prod/js/ 		0
160 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://crm.pmweb.com.br/spa-prod/js/dashMkt.4c3c1ffd.js
Requested by
Host: crm.pmweb.com.br
URL: https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.6.114.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
crm.pmweb.com.br
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 08 Mar 2022 13:36:52 GMT
Content-Encoding
gzip
ETag
"80aa692d5627d81:0"
Last-Modified
Mon, 21 Feb 2022 19:06:49 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
Transfer-Encoding
chunked
Accept-Ranges
bytes
css2
fonts.googleapis.com/ 		6 KB
759 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500&display=swap
Requested by
Host: crm.pmweb.com.br
URL: https://crm.pmweb.com.br/spa-prod/css/app.87254612.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2eb3c6f7141618152e18ea9aa0065e841b51393c426c673ab4ba69aa948b8eff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://crm.pmweb.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 08 Mar 2022 11:45:38 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 08 Mar 2022 13:37:00 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 08 Mar 2022 13:37:00 GMT
hotjar-783713.js
static.hotjar.com/c/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-783713.js?sv=6
Requested by
Host: crm.pmweb.com.br
URL: https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.78.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-78-83.ams1.r.cloudfront.net
Software
/
Resource Hash
eda200f04d2b45382e67223fb1527cc47ab0d4a0e3df76c6f201c49a9833f90b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://crm.pmweb.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 08 Mar 2022 13:37:02 GMT
content-encoding
br
x-content-type-options
nosniff
cache-control
max-age=60
x-amz-cf-pop
AMS1-C1
etag
W/de4e32a83d73ea6eae949f5ee97d7e5c
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
UkYJqQosDJgwY-nbsvWJqjm-KUg6f1Sp41ZZ7HZL-eF0Ut44Wu0Cgw==
via
1.1 bdbb0d922c29917c00cfed799f55e7c2.cloudfront.net (CloudFront)
modules.7d8bacab6db9ec11a66d.js
script.hotjar.com/ 		236 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.7d8bacab6db9ec11a66d.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-783713.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.78.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-78-52.ams1.r.cloudfront.net
Software
/
Resource Hash
3bce55872f0ec66f83fb9f28848f386f0f048636fc2fba440cd32978853f3e3a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://crm.pmweb.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 08 Mar 2022 11:09:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
8876
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
62929
access-control-allow-origin
*
last-modified
Tue, 08 Mar 2022 11:08:17 GMT
etag
"7f6d99fa6166e66e262d139196b045a7"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 084f866feba2345e668d9a32662696ce.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
hbjoTL626U4ut6rPkK-zJvFRhwRNGLQifJbkOHOn6QYipOfvbMajoQ==
box-acca23410e696f2ca3087d947271c3d0.html
vars.hotjar.com/ Frame B314 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-783713.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.78.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-78-119.ams1.r.cloudfront.net
Software
/
Resource Hash
e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://crm.pmweb.com.br/

Response headers

content-type
text/html
content-length
1044
date
Fri, 04 Feb 2022 08:52:06 GMT
accept-ranges
bytes
cache-control
max-age=31536000
content-encoding
br
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
etag
"6f65fac4e8efe167ff5132c0c54c5729"
last-modified
Fri, 04 Feb 2022 08:51:39 GMT
x-robots-tag
none
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 f54d9ad301a95e7dcfde675e1cd5ba88.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-C1
x-amz-cf-id
JN5-hjXok19EHdRUkzzJaPEunUgtjbu888TcUDvD4JQYNNXD71u3gw==
age
2781896
783713
vc.hotjar.io/sessions/ 		0
255 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vc.hotjar.io/sessions/783713?s=0.25&r=0.22588363645838183
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.7d8bacab6db9ec11a66d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.78.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-78-66.ams1.r.cloudfront.net
Software
Python/3.7 aiohttp/3.5.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://crm.pmweb.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 08 Mar 2022 13:37:02 GMT
via
1.1 3ffec0ecfde687fb371812ad42f5cfc2.cloudfront.net (CloudFront)
server
Python/3.7 aiohttp/3.5.4
x-amz-cf-pop
AMS1-C1
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-store
x-amz-cf-id
I1N1x6rAjdjpGJ04DOESwPjh5qWwneoX9rsa-tDEe1Why0ZsxTsJmg==
check
api-pmwebcrm.pmweb.com.br/cancellation/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api-pmwebcrm.pmweb.com.br/cancellation/check
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.207.118.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-207-118-196.compute-1.amazonaws.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
x-access-token
Origin
https://crm.pmweb.com.br
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Tue, 08 Mar 2022 13:37:05 GMT
x-powered-by
Express
access-control-allow-origin
*
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
vary
Access-Control-Request-Headers
access-control-allow-headers
x-access-token
check
api-pmwebcrm.pmweb.com.br/cancellation/ 		100 B
275 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-pmwebcrm.pmweb.com.br/cancellation/check
Requested by
Host: crm.pmweb.com.br
URL: https://crm.pmweb.com.br/spa-prod/js/chunk-vendors.31a89114.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.207.118.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-207-118-196.compute-1.amazonaws.com
Software
/ Express
Resource Hash
25b57699903cb26db7574accb5e1d97a3216f50e057ddf014aa53647419c079c

Request headers

Accept
application/json, text/plain, */*
Referer
https://crm.pmweb.com.br/
Accept-Language
de-DE,de;q=0.9
x-access-token
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 08 Mar 2022 13:37:06 GMT
x-powered-by
Express
etag
W/"64-tHKD4XZdBn5JHm7uuoqf4/9LvHk"
content-length
100
vary
Accept-Encoding
content-type
application/json; charset=utf-8
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://crm.pmweb.com.br
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Fri, 04 Mar 2022 09:48:03 GMT
x-content-type-options
nosniff
age
359342
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 04 Mar 2023 09:48:03 GMT
info
api-pmwebcrm.pmweb.com.br/cancellation/justification/message/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api-pmwebcrm.pmweb.com.br/cancellation/justification/message/info
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.207.118.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-207-118-196.compute-1.amazonaws.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
x-access-token
Origin
https://crm.pmweb.com.br
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Tue, 08 Mar 2022 13:37:06 GMT
x-powered-by
Express
access-control-allow-origin
*
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
vary
Access-Control-Request-Headers
access-control-allow-headers
x-access-token
info
api-pmwebcrm.pmweb.com.br/cancellation/justification/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api-pmwebcrm.pmweb.com.br/cancellation/justification/info
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.207.118.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-207-118-196.compute-1.amazonaws.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
x-access-token
Origin
https://crm.pmweb.com.br
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Tue, 08 Mar 2022 13:37:06 GMT
x-powered-by
Express
access-control-allow-origin
*
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
vary
Access-Control-Request-Headers
access-control-allow-headers
x-access-token
info
api-pmwebcrm.pmweb.com.br/cancellation/justification/message/ 		1 KB
811 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-pmwebcrm.pmweb.com.br/cancellation/justification/message/info
Requested by
Host: crm.pmweb.com.br
URL: https://crm.pmweb.com.br/spa-prod/js/chunk-vendors.31a89114.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.207.118.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-207-118-196.compute-1.amazonaws.com
Software
/ Express
Resource Hash
05229ee4783b4a1eb6a7f4738be14f58c62c7aea022d551657767900d845a15a

Request headers

Accept
application/json, text/plain, */*
Referer
https://crm.pmweb.com.br/
Accept-Language
de-DE,de;q=0.9
x-access-token
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 08 Mar 2022 13:37:06 GMT
content-encoding
gzip
x-powered-by
Express
etag
W/"49a-nxCNM1WGn0ma1uRFfeE95u1b8zc"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
info
api-pmwebcrm.pmweb.com.br/cancellation/justification/ 		2 KB
784 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-pmwebcrm.pmweb.com.br/cancellation/justification/info
Requested by
Host: crm.pmweb.com.br
URL: https://crm.pmweb.com.br/spa-prod/js/chunk-vendors.31a89114.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.207.118.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-207-118-196.compute-1.amazonaws.com
Software
/ Express
Resource Hash
3cfd87221b4eb7ab525656c53f171e8c2357141c25ffda949e1fe1053c0d6f9d

Request headers

Accept
application/json, text/plain, */*
Referer
https://crm.pmweb.com.br/
Accept-Language
de-DE,de;q=0.9
x-access-token
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 08 Mar 2022 13:37:06 GMT
content-encoding
gzip
x-powered-by
Express
etag
W/"87c-fuqEx7nQeOJntq+utcA8Nq4i9k8"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://crm.pmweb.com.br
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 01 Mar 2022 14:02:00 GMT
x-content-type-options
nosniff
age
603306
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 01 Mar 2023 14:02:00 GMT
cloud-icon.png
crmstaticfiles.s3.sa-east-1.amazonaws.com/img/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crmstaticfiles.s3.sa-east-1.amazonaws.com/img/cloud-icon.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.165.118 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-sa-east-1-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
256d4c507e47c19f6053cd297777ec8e7f9dc9ec5c164c798464e66df61eb45b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://crm.pmweb.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-meta-cb-modifiedtime
Tue, 23 Mar 2021 18:15:11 GMT
Date
Tue, 08 Mar 2022 13:37:08 GMT
Last-Modified
Tue, 23 Mar 2021 18:15:54 GMT
Server
AmazonS3
x-amz-request-id
RERHF3XSG6VWJ1J6
ETag
"424d95f696114259c2aff796c049c077"
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
2190
x-amz-id-2
ebHB/54pBgXH17nF+BySbVtFaP7afmompxqbjmtHAJT34Ituvztt0fCr6pGHvoE5KShaj4S2Cg0=

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| structuredClone object| oncontextlost object| oncontextrestored function| hj object| _hjSettings object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| webpackJsonp function| _ object| core

6 Cookies

Domain/Path Name / Value
crm.pmweb.com.br/ Name: ASP.NET_SessionId
Value: nbvby4k05sbj0qzhysnjrzhh
.pmweb.com.br/ Name: _hjSessionUser_783713
Value: eyJpZCI6IjdmMzA1MGYyLWRlMmEtNTAzMS1hZGNlLTY0YzdkZmFkMmI0MyIsImNyZWF0ZWQiOjE2NDY3NDY2MjI1OTEsImV4aXN0aW5nIjpmYWxzZX0=
.pmweb.com.br/ Name: _hjFirstSeen
Value: 1
crm.pmweb.com.br/ Name: _hjIncludedInSessionSample
Value: 1
.pmweb.com.br/ Name: _hjSession_783713
Value: eyJpZCI6ImNlNGNjNDEwLTkwYmQtNDcxZS1hNGE1LTBmOGFmNjEzM2ZkMyIsImNyZWF0ZWQiOjE2NDY3NDY2MjI2NDAsImluU2FtcGxlIjp0cnVlfQ==
.pmweb.com.br/ Name: _hjAbsoluteSessionInProgress
Value: 1

6 Console Messages

Source Level URL
Text
security warning URL: https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
Message:
Mixed Content: The page at 'https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws' was loaded over HTTPS, but requested an insecure element 'http://crmstaticfiles.s3.sa-east-1.amazonaws.com/img/cloud-icon.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
Message:
Mixed Content: The page at 'https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws' was loaded over HTTPS, but requested an insecure element 'http://crmstaticfiles.s3.sa-east-1.amazonaws.com/img/cloud-icon.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
Message:
Mixed Content: The page at 'https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws' was loaded over HTTPS, but requested an insecure element 'http://crmstaticfiles.s3.sa-east-1.amazonaws.com/img/cloud-icon.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
Message:
Mixed Content: The page at 'https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws' was loaded over HTTPS, but requested an insecure element 'http://crmstaticfiles.s3.sa-east-1.amazonaws.com/img/cloud-icon.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
Message:
Mixed Content: The page at 'https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws' was loaded over HTTPS, but requested an insecure element 'http://crmstaticfiles.s3.sa-east-1.amazonaws.com/img/cloud-icon.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws
Message:
Mixed Content: The page at 'https://crm.pmweb.com.br/louvrehotels/spa/opt-out?user_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiRDY2NTQ0NDYtQjI4Qy00NUFDLUFGMjctMTE5REU2N0U3MUFGIiwiVGlwb0FjYW8iOiIwIiwiTnVtQWNhbyI6IjI3NyIsIk51bVBlc3NvYSI6IjU4MTc1OCIsIklkZW50aWZpY2Fkb3JFbnZpbyI6IiJ9.DCcqEjJ3zYfUOhZHR0ZMZKenJ0hSNLCZjw0obD9k1Ws' was loaded over HTTPS, but requested an insecure element 'http://crmstaticfiles.s3.sa-east-1.amazonaws.com/img/cloud-icon.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-pmwebcrm.pmweb.com.br
crm.pmweb.com.br
crmstaticfiles.s3.sa-east-1.amazonaws.com
fonts.googleapis.com
fonts.gstatic.com
s3-sa-east-1.amazonaws.com
script.hotjar.com
static.hotjar.com
vars.hotjar.com
vc.hotjar.io
2a00:1450:4001:803::2003
2a00:1450:4001:82b::200a
52.207.118.196
52.6.114.25
52.95.163.43
52.95.165.118
65.9.78.119
65.9.78.52
65.9.78.66
65.9.78.83
05229ee4783b4a1eb6a7f4738be14f58c62c7aea022d551657767900d845a15a
256d4c507e47c19f6053cd297777ec8e7f9dc9ec5c164c798464e66df61eb45b
25b57699903cb26db7574accb5e1d97a3216f50e057ddf014aa53647419c079c
2ddefcdc9f260c5ffeb93fed110fe9d929028226f9a2d8a4934ea52b546e9640
2eb3c6f7141618152e18ea9aa0065e841b51393c426c673ab4ba69aa948b8eff
2fd99f91a4295d81564c8794175c57415a910c529ba7aa9dbb61f2880c94973d
3bce55872f0ec66f83fb9f28848f386f0f048636fc2fba440cd32978853f3e3a
3cfd87221b4eb7ab525656c53f171e8c2357141c25ffda949e1fe1053c0d6f9d
6b79d1fd04011e58eb8ce2defeb75941873eae117765ce80cae32d5b56207c81
79eb8ef75b0ba80c9c22fc3b80f5c8d9d57a33289c7ab5b64fd71e970ebb0307
94c4642336b7a4795c3cd8a5fac1d45c884b1db775cad10989a905de22f9456f
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e53b79dc4ddd757d86ff9919959ce3e03672c5a271dd431b02e370e5cbda1a73
eda200f04d2b45382e67223fb1527cc47ab0d4a0e3df76c6f201c49a9833f90b
fe53897181f109273c261c889dd18681d4380ca0e1dccd50c93e476e8ae9d287