Submitted URL: https://mackspear.com/trk/click.php?lg=mtGZmJeXmI1qvdS7ndKYltiTmJS7mJG7oZe0
Effective URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Submission: On March 26 via api from BE

Summary

This website contacted 17 IPs in 7 countries across 18 domains to perform 31 HTTP transactions.
The main IP is 185.15.20.111, located in Portugal and belongs to ALMOUROLTEC, PT. The main domain is solucoes-credito-consolidado.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 9th 2020. Valid for: 3 months.
This is the first time this domain was scanned on urlscan.io!

Verdict: No classification

Domain & IP information

Domain
Subdomains
Transfer
9 solucoes-credito-consolidado.com
325 KB
3 facebook.com
1 KB
3 addthis.com
191 KB
2 facebook.net
54 KB
2 cloudflare.com
8 KB
2 adsplatform.com
675 B
1 addthisedge.com
946 B
1 moatads.com
1 KB
1 google.de
110 B
1 google.com
310 B
1 doubleclick.net
1 KB
1 gstatic.com
25 KB
1 fonts.googleapis.com
676 B
1 googleadservices.com
10 KB
1 easyacross.com
14 KB
1 jquery.com
30 KB
1 googletagmanager.com
28 KB
1 mackspear.com
280 B
31 18
Domain Requested by
9 solucoes-credito-consolidado.com solucoes-credito-consolidado.com
3 s7.addthis.com solucoes-credito-consolidado.com
s7.addthis.com
2 graph.facebook.com s7.addthis.com
2 connect.facebook.net solucoes-credito-consolidado.com
connect.facebook.net
2 cdnjs.cloudflare.com solucoes-credito-consolidado.com
2 adsplatform.com 1 redirects solucoes-credito-consolidado.com
1 v1.addthisedge.com s7.addthis.com
1 z.moatads.com s7.addthis.com
1 www.google.de solucoes-credito-consolidado.com
1 www.google.com solucoes-credito-consolidado.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 fonts.gstatic.com solucoes-credito-consolidado.com
1 fonts.googleapis.com solucoes-credito-consolidado.com
1 www.facebook.com solucoes-credito-consolidado.com
1 www.googleadservices.com www.googletagmanager.com
1 api.easyacross.com solucoes-credito-consolidado.com
1 code.jquery.com solucoes-credito-consolidado.com
1 www.googletagmanager.com solucoes-credito-consolidado.com
1 mackspear.com 1 redirects
31 19

This site contains links to these domains. Also see Links.

Domain
www.codigo-postal.pt
www.addthis.com
Subject / Issuer Validity Valid
solucoes-credito-consolidado.com
Let's Encrypt Authority X3
2020-03-09 -
2020-06-07
3 months
*.google-analytics.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months
cloudflare.com
CloudFlare Inc ECC CA-2
2020-01-07 -
2020-10-09
9 months
jquery.org
COMODO RSA Domain Validation Secure Server CA
2018-10-17 -
2020-10-16
2 years
api.easyacross.com
Let's Encrypt Authority X3
2020-03-13 -
2020-06-11
3 months
odc-prod-01.oracle.com
DigiCert SHA2 Secure Server CA
2019-10-10 -
2020-09-04
a year
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2020-03-01 -
2020-05-30
3 months
adsplatform.com
Amazon
2019-08-13 -
2020-09-13
a year
www.googleadservices.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months
*.storage.googleapis.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months
*.google.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months
*.g.doubleclick.net
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months
www.google.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months
www.google.de
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months
moatads.com
DigiCert SHA2 Secure Server CA
2020-01-17 -
2021-03-17
a year

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Web
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Web
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Web
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

31 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set ?adsid=_6165813741806457

Redirect Chain
  • https://mackspear.com/trk/click.php?lg=mtGZmJeXmI1qvdS7ndKYltiTmJS7mJG7oZe0
  • http://adsplatform.com/?adsid=ebbdb0a66097b7fb2f06914b41331e90
  • https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
25 KB
25 KB
Document
General
Full URL
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.15.20.111 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS
fernando.oxy.agency
Software
nginx / PHP/5.5.38 PleskLin
Resource Hash
436cfcd6b2e2e46bdd9ed9a1af4682c14065bdc2caf9c067abcc14dfda16ad8c

Request headers

Host
solucoes-credito-consolidado.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

Server
nginx
Date
Thu, 26 Mar 2020 08:21:49 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/5.5.38 PleskLin
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Set-Cookie
PHPSESSID=aorkq8pk1u7rhh560e592r9nr2; path=/

Redirect headers

Date
Thu, 26 Mar 2020 08:21:49 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
504
Connection
keep-alive
Server
Apache
Cache-Control
no-cache
Location
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Set-Cookie
laravel_session=eyJpdiI6Im5HQVBmeUx1WnU0bWtZNVRBR1R6RVE9PSIsInZhbHVlIjoiSGR0bVg2b0k5Rk5Pb29Ha2dNVlFMUWNiTHc3Zjh6Z1wvM3EwR0xsYnIwY0VhU2h4alRwNWI5TVwvRkdkYVhDTjR6ZWtGSzhGWXVEZEhhTnAzamZnMG1kZz09IiwibWFjIjoiNzc4YjVjNWUxZjIyYjc2M2Q4MmQ3YjI0MDgxMTllMmE1YWI1OWNhZWIwMjMxMmQ3YmExMzkwNGIwNDJhNDM5ZiJ9; expires=Fri, 28-Feb-2025 08:21:49 GMT; Max-Age=155520000; path=/; samesite=None; Secure; secure; HttpOnly
style.css
/dist
61 KB
61 KB
Stylesheet
General
Full URL
https://solucoes-credito-consolidado.com/dist/style.css
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.15.20.111 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS
fernando.oxy.agency
Software
nginx / PleskLin
Resource Hash
751f482aff6d734922e0a1090224dfcab059487965a686d06ba466dd4967cdcf

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Date
Thu, 26 Mar 2020 08:21:49 GMT
Last-Modified
Fri, 07 Feb 2020 17:27:04 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"5e3d9de8-f454"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
62548
js?id=AW-750488074
www.googletagmanager.com/gtag
74 KB
28 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-750488074
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
942278c97159fd35b3c220e0948b1d2bac10b559a56f4f23058f6d8a1388709d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 08:21:49 GMT
content-encoding
br
status
200
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28422
x-xss-protection
0
last-modified
Thu, 26 Mar 2020 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 26 Mar 2020 08:21:49 GMT
logo.png
/dist/images
2 KB
2 KB
Image
General
Full URL
https://solucoes-credito-consolidado.com/dist/images/logo.png
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.15.20.111 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS
fernando.oxy.agency
Software
nginx / PleskLin
Resource Hash
500087e17a004b47a8d43ce608e8d4e38864bc8ce6970e451471f34d108d76cc

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Thu, 26 Mar 2020 08:21:49 GMT
Last-Modified
Fri, 10 Jan 2020 12:02:57 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"5e1867f1-7df"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2015
bpi.png
/dist/images
3 KB
3 KB
Image
General
Full URL
https://solucoes-credito-consolidado.com/dist/images/bpi.png
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.15.20.111 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS
fernando.oxy.agency
Software
nginx / PleskLin
Resource Hash
36637f612fa84657d5a29f4e46026e5e557c85e22b65c632beb753c3f46b58ba

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Thu, 26 Mar 2020 08:21:49 GMT
Last-Modified
Fri, 10 Jan 2020 12:02:57 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"5e1867f1-c25"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3109
unicre.png
/dist/images
2 KB
3 KB
Image
General
Full URL
https://solucoes-credito-consolidado.com/dist/images/unicre.png
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.15.20.111 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS
fernando.oxy.agency
Software
nginx / PleskLin
Resource Hash
194b20b01513eaec87005b4a7cf5693968ad20ae18507c095edba16f006fb29a

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Thu, 26 Mar 2020 08:21:49 GMT
Last-Modified
Fri, 10 Jan 2020 12:02:57 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"5e1867f1-9bd"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2493
cofidis.png
/dist/images
3 KB
3 KB
Image
General
Full URL
https://solucoes-credito-consolidado.com/dist/images/cofidis.png
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.15.20.111 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS
fernando.oxy.agency
Software
nginx / PleskLin
Resource Hash
95d6518a2819b2630290114aa17c97910a973376b1e8750b57d51e9d81bcfa4c

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Thu, 26 Mar 2020 08:21:49 GMT
Last-Modified
Fri, 10 Jan 2020 12:02:57 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"5e1867f1-af9"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2809
cookieconsent.min.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3
4 KB
1 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Thu, 26 Mar 2020 08:21:49 GMT
content-encoding
br
cf-cache-status
HIT
age
12705136
cf-ray
579f75dabde063dd-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:18:36 GMT
server
cloudflare
etag
W/"5afd48ec-f62"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
expires
Tue, 16 Mar 2021 08:21:49 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.001
cookieconsent.min.js
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3
19 KB
6 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 08:21:49 GMT
content-encoding
br
cf-cache-status
HIT
age
21170045
cf-ray
579f75dacdeb63dd-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:18:32 GMT
server
cloudflare
etag
W/"5afd48e8-4d5a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Tue, 16 Mar 2021 08:21:49 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.001
jquery-2.2.4.min.js
code.jquery.com
84 KB
30 KB
Script
General
Full URL
https://code.jquery.com/jquery-2.2.4.min.js
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:4de0:ac19::1:b:3b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Origin
https://solucoes-credito-consolidado.com
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 26 Mar 2020 08:21:49 GMT
Content-Encoding
gzip
Last-Modified
Fri, 20 May 2016 17:24:41 GMT
Server
nginx
ETag
W/"573f4859-14e4a"
Vary
Accept-Encoding
X-HW
1585210909.dop001.fr8.shc,1585210909.dop001.fr8.t,1585210909.cds130.fr8.c
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
29811
jquery.seoval.min.js
api.easyacross.com/js/validation
14 KB
14 KB
Script
General
Full URL
https://api.easyacross.com/js/validation/jquery.seoval.min.js
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.15.20.111 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS
fernando.oxy.agency
Software
nginx / PleskLin
Resource Hash
b8da5a01a403fd9b978e77b69f3275ae3e5370145dcbcd3af42c509735426e3d

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Thu, 26 Mar 2020 08:21:50 GMT
ETag
"5a20bc76-3825"
Last-Modified
Fri, 01 Dec 2017 02:20:38 GMT
Server
nginx
X-Powered-By
PleskLin
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
14373
scripts.js
/dist
138 KB
138 KB
Script
General
Full URL
https://solucoes-credito-consolidado.com/dist/scripts.js
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.15.20.111 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS
fernando.oxy.agency
Software
nginx / PleskLin
Resource Hash
d908178c692771336d125b23853383e8cdb5b039db9faa01f8dcaf898c615191

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Thu, 26 Mar 2020 08:21:49 GMT
Last-Modified
Fri, 07 Feb 2020 17:27:04 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"5e3d9de8-22721"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
141089
addthis_widget.js
s7.addthis.com/js/300
349 KB
113 KB
Script
General
Full URL
https://s7.addthis.com/js/300/addthis_widget.js
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
ab8ceea757a634f5ce5a9ed6f6b4bcdd555869b385d315854e16914a2f5a3bc7
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Tue, 21 Jan 2020 20:57:37 GMT
server
nginx/1.15.8
etag
"5e2765c1-57446"
vary
Accept-Encoding
x-distribution
99
content-type
application/javascript
status
200
cache-control
public, max-age=600
date
Thu, 26 Mar 2020 08:21:49 GMT
x-host
s7.addthis.com
content-length
114924
fbevents.js
connect.facebook.net/en_US
126 KB
30 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
30466
x-xss-protection
0
pragma
public
x-fb-debug
t3I8Eb4ZKlBHubeoPwCvphUyFfGx3HvY9G1RsC3MstqRT9Cr4bmJELwfd+rUTzMuCP1Rq1D89B3hRYZ+3YrOxA==
x-fb-trip-id
1850256238
date
Thu, 26 Mar 2020 08:21:49 GMT, Thu, 26 Mar 2020 08:21:49 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires
Sat, 01 Jan 2000 00:00:00 GMT
?action=click&adsid=_6165813741806457
adsplatform.com
0
0
Document
General
Full URL
https://adsplatform.com/?action=click&adsid=_6165813741806457
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.173.28.69 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-173-28-69.compute-1.amazonaws.com
Software
Apache /
Resource Hash

Request headers

:method
GET
:authority
adsplatform.com
:scheme
https
:path
/?action=click&adsid=_6165813741806457
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457

Response headers

status
200
date
Thu, 26 Mar 2020 08:21:50 GMT
content-type
text/html; charset=UTF-8
content-length
0
server
Apache
cache-control
no-cache
set-cookie
laravel_session=eyJpdiI6Ijc5MDk2WWVZaEhPTVNiSGxHN01RbGc9PSIsInZhbHVlIjoiczZ3alNTc3l1dHUzRG5RaWMwZGtLWkZYTW9mVEFycklSd2VmWnlBQkxXczZveDBZMGU0c2VQV1BUSnBzbENkZ1dkbDlkRmNFZEZuQlRrR2Q2aE1qcUE9PSIsIm1hYyI6IjI1ZWZhMmRjY2U2NzMwODk1YWQwNWNiNGM0N2IzMmYwZmEyZDI4MzlhNDBlZTk3YzU0YTBhNTU2MTlkMGJhN2YifQ%3D%3D; expires=Fri, 28-Feb-2025 08:21:50 GMT; Max-Age=155520000; path=/; samesite=None; Secure; secure; HttpOnly
bg-lg.jpg
/dist/images
78 KB
79 KB
Image
General
Full URL
https://solucoes-credito-consolidado.com/dist/images/bg-lg.jpg
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.15.20.111 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS
fernando.oxy.agency
Software
nginx / PleskLin
Resource Hash
53674f6caa0c6959898815f3b2c652d53ed4b7c09f8a4444fc026a4d82d22fbb

Request headers

Referer
https://solucoes-credito-consolidado.com/dist/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Thu, 26 Mar 2020 08:21:49 GMT
Last-Modified
Wed, 24 Jul 2019 16:36:09 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"5d3888f9-13995"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
80277
sprite.png
/dist/images
10 KB
10 KB
Image
General
Full URL
https://solucoes-credito-consolidado.com/dist/images/sprite.png
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.15.20.111 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS
fernando.oxy.agency
Software
nginx / PleskLin
Resource Hash
fb88ede20d1c3203088637e210aa9a4f0899ad3dd4553fc8e94ef97aa8216502

Request headers

Referer
https://solucoes-credito-consolidado.com/dist/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Thu, 26 Mar 2020 08:21:50 GMT
Last-Modified
Fri, 10 Jan 2020 12:02:57 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"5e1867f1-289b"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
10395
conversion_async.js
www.googleadservices.com/pagead
26 KB
10 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-750488074
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s11-in-f2.1e100.net
Software
cafe /
Resource Hash
ea399158ef2d93ca8c14598e1ee6bfddf924d4b877c8972928d30ff23bcf1a30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 08:21:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
9947
x-xss-protection
0
server
cafe
etag
2742097851886756974
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 26 Mar 2020 08:21:50 GMT
463400190894504?v=2.9.15&r=stable
connect.facebook.net/signals/config
100 KB
25 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/463400190894504?v=2.9.15&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5e1758914cec3a9cb49e52a5f3d6a3b425cd278511bac8d746d1f21c1f40ab6c
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
25011
x-xss-protection
0
pragma
public
x-fb-debug
tinYI+xqqo/UrhP9sEuwUvPaw+QCTD38SzZ66CY1/qEgjsijYjtYOPOrFc0D4kJa9cGvdX/sldV92W/nihwnfQ==
x-fb-trip-id
1850256238
date
Thu, 26 Mar 2020 08:21:49 GMT, Thu, 26 Mar 2020 08:21:49 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
?id=463400190894504&ev=PageView&dl=https%3A%2F%2Fsolucoes-credito-consolidado.com%2F%3Fadsid%3D_6165813741806457&rl=&if=false&ts=1585210909984&sw=1600&sh=1200&v=2.9.15&r=stable&ec=0&o=28&fbp=fb.1.1...
www.facebook.com/tr
44 B
254 B
Image
General
Full URL
https://www.facebook.com/tr/?id=463400190894504&ev=PageView&dl=https%3A%2F%2Fsolucoes-credito-consolidado.com%2F%3Fadsid%3D_6165813741806457&rl=&if=false&ts=1585210909984&sw=1600&sh=1200&v=2.9.15&r=stable&ec=0&o=28&fbp=fb.1.1585210909983.1750751980&it=1585210909970&coo=false&rqm=GET
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 08:21:49 GMT, Thu, 26 Mar 2020 08:21:49 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-27=":443"; ma=3600
content-length
44
expires
Thu, 26 Mar 2020 08:21:49 GMT
css?family=Oswald:400,600,700
fonts.googleapis.com
5 KB
676 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Oswald:400,600,700
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/dist/scripts.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
068989ec6ad9f4b81299cd9d4ecac72d19f42516b48c049e7c1e754bca6d2238
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 26 Mar 2020 08:21:50 GMT
server
ESF
date
Thu, 26 Mar 2020 08:21:50 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 26 Mar 2020 08:21:50 GMT
TK3iWkUHHAIjg752GT8Gl-1PKw.woff2
fonts.gstatic.com/s/oswald/v31
25 KB
25 KB
Font
General
Full URL
https://fonts.gstatic.com/s/oswald/v31/TK3iWkUHHAIjg752GT8Gl-1PKw.woff2
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/dist/scripts.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e747521bc9729c30f06bda6471e77ad26ce0e05b104743e93fe14c8ef3b559a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Oswald:400,600,700
Origin
https://solucoes-credito-consolidado.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Mar 2020 00:32:04 GMT
x-content-type-options
nosniff
last-modified
Tue, 03 Mar 2020 00:19:42 GMT
server
sffe
age
2015386
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
25376
x-xss-protection
0
expires
Wed, 03 Mar 2021 00:32:04 GMT
?random=1585210910080&cv=9&fst=1585210910080&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa3i0&...
googleads.g.doubleclick.net/pagead/viewthroughconversion/750488074
2 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/750488074/?random=1585210910080&cv=9&fst=1585210910080&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa3i0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsolucoes-credito-consolidado.com%2F%3Fadsid%3D_6165813741806457&tiba=KPSG%20Solu%C3%A7%C3%B5es%20de%20cr%C3%A9dito&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5c29ba244b10929f45de1d4ecf39138ab2f9096055254ec89b7a53e978cfbab3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

pragma
no-cache
date
Thu, 26 Mar 2020 08:21:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
text/javascript; charset=UTF-8
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
1066
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
?random=1585210910080&cv=9&fst=1585209600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa3i0&sendb=1&data=event%3Dg...
www.google.com/pagead/1p-user-list/750488074
42 B
310 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/750488074/?random=1585210910080&cv=9&fst=1585209600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsolucoes-credito-consolidado.com%2F%3Fadsid%3D_6165813741806457&tiba=KPSG%20Solu%C3%A7%C3%B5es%20de%20cr%C3%A9dito&async=1&fmt=3&is_vtc=1&random=1372577557&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Thu, 26 Mar 2020 08:21:50 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
?random=1585210910080&cv=9&fst=1585209600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa3i0&sendb=1&data=event%3Dg...
www.google.de/pagead/1p-user-list/750488074
42 B
110 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/750488074/?random=1585210910080&cv=9&fst=1585209600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsolucoes-credito-consolidado.com%2F%3Fadsid%3D_6165813741806457&tiba=KPSG%20Solu%C3%A7%C3%B5es%20de%20cr%C3%A9dito&async=1&fmt=3&is_vtc=1&random=1372577557&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Thu, 26 Mar 2020 08:21:50 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
moatframe.js
z.moatads.com/addthismoatframe568911941483
2 KB
1 KB
Script
General
Full URL
https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.185.246 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-101-185-246.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 08:21:50 GMT
content-encoding
gzip
last-modified
Fri, 08 Nov 2019 20:13:52 GMT
server
AmazonS3
x-amz-request-id
3DA20F33DFB043F4
etag
"f14b4e1f799b14f798a195f43cf58376"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=44961
accept-ranges
bytes
content-length
948
x-amz-id-2
g7+QTkfgFpKXdjIV1ns3PedgNVHG4mi9TLupYfjziOmGieTRD5DTu0V21U3C4oqBbTG5njMGxL0=
_ate.track.config_resp
v1.addthisedge.com/live/boost/ra-59356b6bdf382d70
3 KB
946 B
Script
General
Full URL
https://v1.addthisedge.com/live/boost/ra-59356b6bdf382d70/_ate.track.config_resp
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
198119e593eb2ca3b9249d007f37a32c7b84a811627e4f5d7ed5835cf95618f2

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 08:21:50 GMT
content-encoding
gzip
etag
976632248--gzip
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
cache-control
public, max-age=59, s-maxage=86400
content-disposition
attachment; filename=1.txt
content-length
771
layers.ab5cd98fe1b9a38a4a9f.js
s7.addthis.com/static
263 KB
76 KB
Script
General
Full URL
https://s7.addthis.com/static/layers.ab5cd98fe1b9a38a4a9f.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Wed, 18 Sep 2019 14:16:17 GMT
server
nginx/1.15.8
etag
W/"5d823c31-41b9f"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=86313600
date
Thu, 26 Mar 2020 08:21:50 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
77528
client.pt.min.json
s7.addthis.com/l10n
4 KB
2 KB
XHR
General
Full URL
https://s7.addthis.com/l10n/client.pt.min.json
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
2a0114ee843f8e5fcb15026a43365c3455464f43e1ea135b075e49662a9905b9
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Origin
https://solucoes-credito-consolidado.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Tue, 10 Sep 2019 15:15:17 GMT
server
nginx/1.15.8
status
200
etag
W/"5d77be05-e24"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
public, s-maxage=604800
date
Thu, 26 Mar 2020 08:21:50 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
1747
?id=https%3A%2F%2Fsolucoes-credito-consolidado.com%2F%3Fadsid%3D_6165813741806457&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_8yx30
graph.facebook.com
106 B
294 B
Script
General
Full URL
https://graph.facebook.com/?id=https%3A%2F%2Fsolucoes-credito-consolidado.com%2F%3Fadsid%3D_6165813741806457&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_8yx30
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
09f037c738d45d479db1baa252dfa1ea8e93217053195e02d1df326209bf6d80
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=15552000; preload
x-app-usage
{"call_count":0,"total_cputime":0,"total_time":0}
status
200
date
Thu, 26 Mar 2020 08:21:51 GMT, Thu, 26 Mar 2020 08:21:51 GMT
x-fb-rev
1001901040
alt-svc
h3-27=":443"; ma=3600
content-length
106
pragma
no-cache
x-fb-debug
DfxikbIgHA+jGcXaIfgwo/bXWXTSUidblrbjbJSAAXqar8VS+ZslnNkxzqfe2ExmyJbmb6vcjyr1omyE+QpelA==
x-fb-trace-id
EDPLvk540yE
etag
"8fbf667b233118e869b513df318b3ef790717c8c"
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
x-fb-request-id
AeXEBiXcEMa9DcN--rVFC8j
cache-control
private, no-cache, no-store, must-revalidate
facebook-api-version
v2.12
expires
Sat, 01 Jan 2000 00:00:00 GMT
?id=http%3A%2F%2Fsolucoes-credito-consolidado.com%2F%3Fadsid%3D_6165813741806457&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_daoa0
graph.facebook.com
105 B
561 B
Script
General
Full URL
https://graph.facebook.com/?id=http%3A%2F%2Fsolucoes-credito-consolidado.com%2F%3Fadsid%3D_6165813741806457&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_daoa0
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
8c09bb34db20525eddbf1aeac65f44b64125873c6d9cdf577c86c4bd89700137
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=15552000; preload
x-app-usage
{"call_count":0,"total_cputime":0,"total_time":0}
status
200
date
Thu, 26 Mar 2020 08:21:51 GMT, Thu, 26 Mar 2020 08:21:51 GMT
x-fb-rev
1001901040
alt-svc
h3-27=":443"; ma=3600
content-length
105
pragma
no-cache
x-fb-debug
fqMeE2vBvsttwGhRu+hPN32WTpDDTFxglX2y7q8JMzNAAaMbYctj5rfz7xtTwfGMOVVzvY0+Jk6NyrKSp0GcIg==
x-fb-trace-id
CUKayVs8rCa
etag
"bbe31ddbfbf0e4f475817b4c0b17b03406c8b62e"
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
x-fb-request-id
AfozxcsJFjUWcGCJ-JUcKmA
cache-control
private, no-cache, no-store, must-revalidate
facebook-api-version
v2.12
expires
Sat, 01 Jan 2000 00:00:00 GMT
data:truncated
data:truncated
443 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Request 0
  • https://mackspear.com/trk/click.php?lg=mtGZmJeXmI1qvdS7ndKYltiTmJS7mJG7oZe0
  • http://adsplatform.com/?adsid=ebbdb0a66097b7fb2f06914b41331e90
  • https://solucoes-credito-consolidado.com/?adsid=_6165813741806457

55 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| fbq function| _fbq function| gtag object| dataLayer object| google_tag_manager object| cookieconsent function| $ function| jQuery function| _typeof boolean| windowIsDefined object| $jscomp undefined| footHeight function| initModal function| openLoader function| closeLoader function| error function| clearError function| scrollTop function| Slider object| WebFont function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO function| Queue function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto object| addthis_config object| addthis_share boolean| __@@##MUH object| _atw string| addthis_services_loc string| addthis_services_loc_mob object| addthis_translations string| addthis_exclude boolean| addthis_use_personalization string| addthis_options_default string| addthis_options_rank string| addthis_options object| __callbacks number| len

5 Cookies

Domain/Path Name / Value
adsplatform.com/ Name: laravel_session
Value: eyJpdiI6Ijc5MDk2WWVZaEhPTVNiSGxHN01RbGc9PSIsInZhbHVlIjoiczZ3alNTc3l1dHUzRG5RaWMwZGtLWkZYTW9mVEFycklSd2VmWnlBQkxXczZveDBZMGU0c2VQV1BUSnBzbENkZ1dkbDlkRmNFZEZuQlRrR2Q2aE1qcUE9PSIsIm1hYyI6IjI1ZWZhMmRjY2U2NzMwODk1YWQwNWNiNGM0N2IzMmYwZmEyZDI4MzlhNDBlZTk3YzU0YTBhNTU2MTlkMGJhN2YifQ%3D%3D
solucoes-credito-consolidado.com/ Name: __atuvc
Value: 1%7C13
solucoes-credito-consolidado.com/ Name: __atuvs
Value: 5e7c661eccc39b6b000
.solucoes-credito-consolidado.com/ Name: _fbp
Value: fb.1.1585210909983.1750751980
solucoes-credito-consolidado.com/ Name: PHPSESSID
Value: aorkq8pk1u7rhh560e592r9nr2

1 Console Messages

Source Level URL
Text
console-api warning URL: https://solucoes-credito-consolidado.com/dist/scripts.js, Line 1, Column39378
Message:
Can't find language "pt" in Datepicker.language, will use "ru" instead

Indicators of compromise (IoCs)

This is a term in the security industry to describe indicators around an attack. This includes IPs, hashes, domains, etc.

adsplatform.com
api.easyacross.com
cdnjs.cloudflare.com
code.jquery.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
graph.facebook.com
mackspear.com
s7.addthis.com
solucoes-credito-consolidado.com
v1.addthisedge.com
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
z.moatads.com


172.217.16.162
185.15.20.111
2001:4de0:ac19::1:b:3b
217.182.75.102
23.210.248.44
2606:4700::6811:4104
2a00:1450:4001:800::2008
2a00:1450:4001:806::2004
2a00:1450:4001:808::2002
2a00:1450:4001:814::2003
2a00:1450:4001:816::200a
2a00:1450:4001:81e::2003
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f02d:e:face:b00c:0:2
2a03:2880:f12d:83:face:b00c:0:25de
54.173.28.69
95.101.185.246

05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
068989ec6ad9f4b81299cd9d4ecac72d19f42516b48c049e7c1e754bca6d2238
09f037c738d45d479db1baa252dfa1ea8e93217053195e02d1df326209bf6d80
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
194b20b01513eaec87005b4a7cf5693968ad20ae18507c095edba16f006fb29a
198119e593eb2ca3b9249d007f37a32c7b84a811627e4f5d7ed5835cf95618f2
2a0114ee843f8e5fcb15026a43365c3455464f43e1ea135b075e49662a9905b9
36637f612fa84657d5a29f4e46026e5e557c85e22b65c632beb753c3f46b58ba
436cfcd6b2e2e46bdd9ed9a1af4682c14065bdc2caf9c067abcc14dfda16ad8c
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
500087e17a004b47a8d43ce608e8d4e38864bc8ce6970e451471f34d108d76cc
53674f6caa0c6959898815f3b2c652d53ed4b7c09f8a4444fc026a4d82d22fbb
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
5c29ba244b10929f45de1d4ecf39138ab2f9096055254ec89b7a53e978cfbab3
5e1758914cec3a9cb49e52a5f3d6a3b425cd278511bac8d746d1f21c1f40ab6c
751f482aff6d734922e0a1090224dfcab059487965a686d06ba466dd4967cdcf
8c09bb34db20525eddbf1aeac65f44b64125873c6d9cdf577c86c4bd89700137
942278c97159fd35b3c220e0948b1d2bac10b559a56f4f23058f6d8a1388709d
95d6518a2819b2630290114aa17c97910a973376b1e8750b57d51e9d81bcfa4c
ab8ceea757a634f5ce5a9ed6f6b4bcdd555869b385d315854e16914a2f5a3bc7
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
b8da5a01a403fd9b978e77b69f3275ae3e5370145dcbcd3af42c509735426e3d
d908178c692771336d125b23853383e8cdb5b039db9faa01f8dcaf898c615191
e747521bc9729c30f06bda6471e77ad26ce0e05b104743e93fe14c8ef3b559a7
ea399158ef2d93ca8c14598e1ee6bfddf924d4b877c8972928d30ff23bcf1a30
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fb88ede20d1c3203088637e210aa9a4f0899ad3dd4553fc8e94ef97aa8216502