Submitted URL: https://mackspear.com/trk/click.php?lg=mtGZmJeXmI1qvdS7ndKYltiTmJS7mJG7oZe0
Effective URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Submission: On March 26 via api from BE

Summary

This website contacted 17 IPs in 7 countries across 18 domains to perform 31 HTTP transactions. The main IP is 185.15.20.111, located in Portugal and belongs to ALMOUROLTEC, PT. The main domain is solucoes-credito-consolidado.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 9th 2020. Valid for: 3 months.
This is the only time solucoes-credito-consolidado.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
9 solucoes-credito-consolidado.com solucoes-credito-consolidado.com
3 s7.addthis.com solucoes-credito-consolidado.com
s7.addthis.com
2 graph.facebook.com s7.addthis.com
2 connect.facebook.net solucoes-credito-consolidado.com
connect.facebook.net
2 cdnjs.cloudflare.com solucoes-credito-consolidado.com
2 adsplatform.com 1 redirects solucoes-credito-consolidado.com
1 v1.addthisedge.com s7.addthis.com
1 z.moatads.com s7.addthis.com
1 www.google.de solucoes-credito-consolidado.com
1 www.google.com solucoes-credito-consolidado.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 fonts.gstatic.com solucoes-credito-consolidado.com
1 fonts.googleapis.com solucoes-credito-consolidado.com
1 www.facebook.com solucoes-credito-consolidado.com
1 www.googleadservices.com www.googletagmanager.com
1 api.easyacross.com solucoes-credito-consolidado.com
1 code.jquery.com solucoes-credito-consolidado.com
1 www.googletagmanager.com solucoes-credito-consolidado.com
1 mackspear.com 1 redirects
31 19

This site contains links to these domains. Also see Links.

Domain
www.codigo-postal.pt
www.addthis.com
Subject Issuer Validity Valid
solucoes-credito-consolidado.com
Let's Encrypt Authority X3
2020-03-09 -
2020-06-07
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
cloudflare.com
CloudFlare Inc ECC CA-2
2020-01-07 -
2020-10-09
9 months crt.sh
jquery.org
COMODO RSA Domain Validation Secure Server CA
2018-10-17 -
2020-10-16
2 years crt.sh
api.easyacross.com
Let's Encrypt Authority X3
2020-03-13 -
2020-06-11
3 months crt.sh
odc-prod-01.oracle.com
DigiCert SHA2 Secure Server CA
2019-10-10 -
2020-09-04
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2020-03-01 -
2020-05-30
3 months crt.sh
adsplatform.com
Amazon
2019-08-13 -
2020-09-13
a year crt.sh
www.googleadservices.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
*.storage.googleapis.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
*.google.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
www.google.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
www.google.de
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
moatads.com
DigiCert SHA2 Secure Server CA
2020-01-17 -
2021-03-17
a year crt.sh

This page contains 2 frames:

Primary Page: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Frame ID: 126449A3B46DD9B3B6959543187470FB
Requests: 31 HTTP requests in this frame

Frame: https://adsplatform.com/?action=click&adsid=_6165813741806457
Frame ID: 4AA2D691A8C0DB64257C2CDB409FBC59
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://mackspear.com/trk/click.php?lg=mtGZmJeXmI1qvdS7ndKYltiTmJS7mJG7oZe0 HTTP 302
    http://adsplatform.com/?adsid=ebbdb0a66097b7fb2f06914b41331e90 HTTP 302
    https://solucoes-credito-consolidado.com/?adsid=_6165813741806457 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

31
Requests

100 %
HTTPS

65 %
IPv6

18
Domains

19
Subdomains

17
IPs

7
Countries

690 kB
Transfer

1422 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mackspear.com/trk/click.php?lg=mtGZmJeXmI1qvdS7ndKYltiTmJS7mJG7oZe0 HTTP 302
    http://adsplatform.com/?adsid=ebbdb0a66097b7fb2f06914b41331e90 HTTP 302
    https://solucoes-credito-consolidado.com/?adsid=_6165813741806457 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

31 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set /
solucoes-credito-consolidado.com/
Redirect Chain
  • https://mackspear.com/trk/click.php?lg=mtGZmJeXmI1qvdS7ndKYltiTmJS7mJG7oZe0
  • http://adsplatform.com/?adsid=ebbdb0a66097b7fb2f06914b41331e90
  • https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
25 KB
25 KB
Document
General
Full URL
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.15.20.111 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS
fernando.oxy.agency
Software
nginx / PHP/5.5.38 PleskLin
Resource Hash
436cfcd6b2e2e46bdd9ed9a1af4682c14065bdc2caf9c067abcc14dfda16ad8c

Request headers

Host
solucoes-credito-consolidado.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

Server
nginx
Date
Thu, 26 Mar 2020 08:21:49 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/5.5.38 PleskLin
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Set-Cookie
PHPSESSID=aorkq8pk1u7rhh560e592r9nr2; path=/

Redirect headers

Date
Thu, 26 Mar 2020 08:21:49 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
504
Connection
keep-alive
Server
Apache
Cache-Control
no-cache
Location
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Set-Cookie
laravel_session=eyJpdiI6Im5HQVBmeUx1WnU0bWtZNVRBR1R6RVE9PSIsInZhbHVlIjoiSGR0bVg2b0k5Rk5Pb29Ha2dNVlFMUWNiTHc3Zjh6Z1wvM3EwR0xsYnIwY0VhU2h4alRwNWI5TVwvRkdkYVhDTjR6ZWtGSzhGWXVEZEhhTnAzamZnMG1kZz09IiwibWFjIjoiNzc4YjVjNWUxZjIyYjc2M2Q4MmQ3YjI0MDgxMTllMmE1YWI1OWNhZWIwMjMxMmQ3YmExMzkwNGIwNDJhNDM5ZiJ9; expires=Fri, 28-Feb-2025 08:21:49 GMT; Max-Age=155520000; path=/; samesite=None; Secure; secure; HttpOnly
style.css
solucoes-credito-consolidado.com/dist/
61 KB
61 KB
Stylesheet
General
Full URL
https://solucoes-credito-consolidado.com/dist/style.css
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.15.20.111 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS
fernando.oxy.agency
Software
nginx / PleskLin
Resource Hash
751f482aff6d734922e0a1090224dfcab059487965a686d06ba466dd4967cdcf

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Date
Thu, 26 Mar 2020 08:21:49 GMT
Last-Modified
Fri, 07 Feb 2020 17:27:04 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"5e3d9de8-f454"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
62548
js
www.googletagmanager.com/gtag/
74 KB
28 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-750488074
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
942278c97159fd35b3c220e0948b1d2bac10b559a56f4f23058f6d8a1388709d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 08:21:49 GMT
content-encoding
br
status
200
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28422
x-xss-protection
0
last-modified
Thu, 26 Mar 2020 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 26 Mar 2020 08:21:49 GMT
logo.png
solucoes-credito-consolidado.com/dist/images/
2 KB
2 KB
Image
General
Full URL
https://solucoes-credito-consolidado.com/dist/images/logo.png
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.15.20.111 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS
fernando.oxy.agency
Software
nginx / PleskLin
Resource Hash
500087e17a004b47a8d43ce608e8d4e38864bc8ce6970e451471f34d108d76cc

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Thu, 26 Mar 2020 08:21:49 GMT
Last-Modified
Fri, 10 Jan 2020 12:02:57 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"5e1867f1-7df"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2015
bpi.png
solucoes-credito-consolidado.com/dist/images/
3 KB
3 KB
Image
General
Full URL
https://solucoes-credito-consolidado.com/dist/images/bpi.png
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.15.20.111 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS
fernando.oxy.agency
Software
nginx / PleskLin
Resource Hash
36637f612fa84657d5a29f4e46026e5e557c85e22b65c632beb753c3f46b58ba

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Thu, 26 Mar 2020 08:21:49 GMT
Last-Modified
Fri, 10 Jan 2020 12:02:57 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"5e1867f1-c25"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3109
unicre.png
solucoes-credito-consolidado.com/dist/images/
2 KB
3 KB
Image
General
Full URL
https://solucoes-credito-consolidado.com/dist/images/unicre.png
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.15.20.111 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS
fernando.oxy.agency
Software
nginx / PleskLin
Resource Hash
194b20b01513eaec87005b4a7cf5693968ad20ae18507c095edba16f006fb29a

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Thu, 26 Mar 2020 08:21:49 GMT
Last-Modified
Fri, 10 Jan 2020 12:02:57 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"5e1867f1-9bd"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2493
cofidis.png
solucoes-credito-consolidado.com/dist/images/
3 KB
3 KB
Image
General
Full URL
https://solucoes-credito-consolidado.com/dist/images/cofidis.png
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.15.20.111 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS
fernando.oxy.agency
Software
nginx / PleskLin
Resource Hash
95d6518a2819b2630290114aa17c97910a973376b1e8750b57d51e9d81bcfa4c

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Thu, 26 Mar 2020 08:21:49 GMT
Last-Modified
Fri, 10 Jan 2020 12:02:57 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"5e1867f1-af9"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2809
cookieconsent.min.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/
4 KB
1 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Thu, 26 Mar 2020 08:21:49 GMT
content-encoding
br
cf-cache-status
HIT
age
12705136
cf-ray
579f75dabde063dd-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:18:36 GMT
server
cloudflare
etag
W/"5afd48ec-f62"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
expires
Tue, 16 Mar 2021 08:21:49 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.001
cookieconsent.min.js
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/
19 KB
6 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 08:21:49 GMT
content-encoding
br
cf-cache-status
HIT
age
21170045
cf-ray
579f75dacdeb63dd-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:18:32 GMT
server
cloudflare
etag
W/"5afd48e8-4d5a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Tue, 16 Mar 2021 08:21:49 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.001
jquery-2.2.4.min.js
code.jquery.com/
84 KB
30 KB
Script
General
Full URL
https://code.jquery.com/jquery-2.2.4.min.js
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:4de0:ac19::1:b:3b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Origin
https://solucoes-credito-consolidado.com
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 26 Mar 2020 08:21:49 GMT
Content-Encoding
gzip
Last-Modified
Fri, 20 May 2016 17:24:41 GMT
Server
nginx
ETag
W/"573f4859-14e4a"
Vary
Accept-Encoding
X-HW
1585210909.dop001.fr8.shc,1585210909.dop001.fr8.t,1585210909.cds130.fr8.c
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
29811
jquery.seoval.min.js
api.easyacross.com/js/validation/
14 KB
14 KB
Script
General
Full URL
https://api.easyacross.com/js/validation/jquery.seoval.min.js
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.15.20.111 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS
fernando.oxy.agency
Software
nginx / PleskLin
Resource Hash
b8da5a01a403fd9b978e77b69f3275ae3e5370145dcbcd3af42c509735426e3d

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Thu, 26 Mar 2020 08:21:50 GMT
ETag
"5a20bc76-3825"
Last-Modified
Fri, 01 Dec 2017 02:20:38 GMT
Server
nginx
X-Powered-By
PleskLin
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
14373
scripts.js
solucoes-credito-consolidado.com/dist/
138 KB
138 KB
Script
General
Full URL
https://solucoes-credito-consolidado.com/dist/scripts.js
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.15.20.111 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS
fernando.oxy.agency
Software
nginx / PleskLin
Resource Hash
d908178c692771336d125b23853383e8cdb5b039db9faa01f8dcaf898c615191

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Thu, 26 Mar 2020 08:21:49 GMT
Last-Modified
Fri, 07 Feb 2020 17:27:04 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"5e3d9de8-22721"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
141089
addthis_widget.js
s7.addthis.com/js/300/
349 KB
113 KB
Script
General
Full URL
https://s7.addthis.com/js/300/addthis_widget.js
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
ab8ceea757a634f5ce5a9ed6f6b4bcdd555869b385d315854e16914a2f5a3bc7
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Tue, 21 Jan 2020 20:57:37 GMT
server
nginx/1.15.8
etag
"5e2765c1-57446"
vary
Accept-Encoding
x-distribution
99
content-type
application/javascript
status
200
cache-control
public, max-age=600
date
Thu, 26 Mar 2020 08:21:49 GMT
x-host
s7.addthis.com
content-length
114924
fbevents.js
connect.facebook.net/en_US/
126 KB
30 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
30466
x-xss-protection
0
pragma
public
x-fb-debug
t3I8Eb4ZKlBHubeoPwCvphUyFfGx3HvY9G1RsC3MstqRT9Cr4bmJELwfd+rUTzMuCP1Rq1D89B3hRYZ+3YrOxA==
x-fb-trip-id
1850256238
date
Thu, 26 Mar 2020 08:21:49 GMT, Thu, 26 Mar 2020 08:21:49 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
adsplatform.com/ Frame 4AA2
0
0
Document
General
Full URL
https://adsplatform.com/?action=click&adsid=_6165813741806457
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.173.28.69 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-173-28-69.compute-1.amazonaws.com
Software
Apache /
Resource Hash

Request headers

:method
GET
:authority
adsplatform.com
:scheme
https
:path
/?action=click&adsid=_6165813741806457
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457

Response headers

status
200
date
Thu, 26 Mar 2020 08:21:50 GMT
content-type
text/html; charset=UTF-8
content-length
0
server
Apache
cache-control
no-cache
set-cookie
laravel_session=eyJpdiI6Ijc5MDk2WWVZaEhPTVNiSGxHN01RbGc9PSIsInZhbHVlIjoiczZ3alNTc3l1dHUzRG5RaWMwZGtLWkZYTW9mVEFycklSd2VmWnlBQkxXczZveDBZMGU0c2VQV1BUSnBzbENkZ1dkbDlkRmNFZEZuQlRrR2Q2aE1qcUE9PSIsIm1hYyI6IjI1ZWZhMmRjY2U2NzMwODk1YWQwNWNiNGM0N2IzMmYwZmEyZDI4MzlhNDBlZTk3YzU0YTBhNTU2MTlkMGJhN2YifQ%3D%3D; expires=Fri, 28-Feb-2025 08:21:50 GMT; Max-Age=155520000; path=/; samesite=None; Secure; secure; HttpOnly
bg-lg.jpg
solucoes-credito-consolidado.com/dist/images/
78 KB
79 KB
Image
General
Full URL
https://solucoes-credito-consolidado.com/dist/images/bg-lg.jpg
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.15.20.111 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS
fernando.oxy.agency
Software
nginx / PleskLin
Resource Hash
53674f6caa0c6959898815f3b2c652d53ed4b7c09f8a4444fc026a4d82d22fbb

Request headers

Referer
https://solucoes-credito-consolidado.com/dist/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Thu, 26 Mar 2020 08:21:49 GMT
Last-Modified
Wed, 24 Jul 2019 16:36:09 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"5d3888f9-13995"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
80277
sprite.png
solucoes-credito-consolidado.com/dist/images/
10 KB
10 KB
Image
General
Full URL
https://solucoes-credito-consolidado.com/dist/images/sprite.png
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.15.20.111 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS
fernando.oxy.agency
Software
nginx / PleskLin
Resource Hash
fb88ede20d1c3203088637e210aa9a4f0899ad3dd4553fc8e94ef97aa8216502

Request headers

Referer
https://solucoes-credito-consolidado.com/dist/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Thu, 26 Mar 2020 08:21:50 GMT
Last-Modified
Fri, 10 Jan 2020 12:02:57 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"5e1867f1-289b"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
10395
conversion_async.js
www.googleadservices.com/pagead/
26 KB
10 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-750488074
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s11-in-f2.1e100.net
Software
cafe /
Resource Hash
ea399158ef2d93ca8c14598e1ee6bfddf924d4b877c8972928d30ff23bcf1a30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 08:21:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
9947
x-xss-protection
0
server
cafe
etag
2742097851886756974
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 26 Mar 2020 08:21:50 GMT
463400190894504
connect.facebook.net/signals/config/
100 KB
25 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/463400190894504?v=2.9.15&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5e1758914cec3a9cb49e52a5f3d6a3b425cd278511bac8d746d1f21c1f40ab6c
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
25011
x-xss-protection
0
pragma
public
x-fb-debug
tinYI+xqqo/UrhP9sEuwUvPaw+QCTD38SzZ66CY1/qEgjsijYjtYOPOrFc0D4kJa9cGvdX/sldV92W/nihwnfQ==
x-fb-trip-id
1850256238
date
Thu, 26 Mar 2020 08:21:49 GMT, Thu, 26 Mar 2020 08:21:49 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
44 B
254 B
Image
General
Full URL
https://www.facebook.com/tr/?id=463400190894504&ev=PageView&dl=https%3A%2F%2Fsolucoes-credito-consolidado.com%2F%3Fadsid%3D_6165813741806457&rl=&if=false&ts=1585210909984&sw=1600&sh=1200&v=2.9.15&r=stable&ec=0&o=28&fbp=fb.1.1585210909983.1750751980&it=1585210909970&coo=false&rqm=GET
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Mar 2020 08:21:49 GMT, Thu, 26 Mar 2020 08:21:49 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-27=":443"; ma=3600
content-length
44
expires
Thu, 26 Mar 2020 08:21:49 GMT
css
fonts.googleapis.com/
5 KB
676 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Oswald:400,600,700
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/dist/scripts.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
068989ec6ad9f4b81299cd9d4ecac72d19f42516b48c049e7c1e754bca6d2238
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 26 Mar 2020 08:21:50 GMT
server
ESF
date
Thu, 26 Mar 2020 08:21:50 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 26 Mar 2020 08:21:50 GMT
TK3iWkUHHAIjg752GT8Gl-1PKw.woff2
fonts.gstatic.com/s/oswald/v31/
25 KB
25 KB
Font
General
Full URL
https://fonts.gstatic.com/s/oswald/v31/TK3iWkUHHAIjg752GT8Gl-1PKw.woff2
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/dist/scripts.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e747521bc9729c30f06bda6471e77ad26ce0e05b104743e93fe14c8ef3b559a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Oswald:400,600,700
Origin
https://solucoes-credito-consolidado.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Mar 2020 00:32:04 GMT
x-content-type-options
nosniff
last-modified
Tue, 03 Mar 2020 00:19:42 GMT
server
sffe
age
2015386
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
25376
x-xss-protection
0
expires
Wed, 03 Mar 2021 00:32:04 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/750488074/
2 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/750488074/?random=1585210910080&cv=9&fst=1585210910080&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa3i0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsolucoes-credito-consolidado.com%2F%3Fadsid%3D_6165813741806457&tiba=KPSG%20Solu%C3%A7%C3%B5es%20de%20cr%C3%A9dito&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5c29ba244b10929f45de1d4ecf39138ab2f9096055254ec89b7a53e978cfbab3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

pragma
no-cache
date
Thu, 26 Mar 2020 08:21:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
text/javascript; charset=UTF-8
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
1066
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/750488074/
42 B
310 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/750488074/?random=1585210910080&cv=9&fst=1585209600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsolucoes-credito-consolidado.com%2F%3Fadsid%3D_6165813741806457&tiba=KPSG%20Solu%C3%A7%C3%B5es%20de%20cr%C3%A9dito&async=1&fmt=3&is_vtc=1&random=1372577557&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Thu, 26 Mar 2020 08:21:50 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/750488074/
42 B
110 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/750488074/?random=1585210910080&cv=9&fst=1585209600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsolucoes-credito-consolidado.com%2F%3Fadsid%3D_6165813741806457&tiba=KPSG%20Solu%C3%A7%C3%B5es%20de%20cr%C3%A9dito&async=1&fmt=3&is_vtc=1&random=1372577557&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: solucoes-credito-consolidado.com
URL: https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Thu, 26 Mar 2020 08:21:50 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
moatframe.js
z.moatads.com/addthismoatframe568911941483/
2 KB
1 KB
Script
General
Full URL
https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.185.246 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-101-185-246.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 08:21:50 GMT
content-encoding
gzip
last-modified
Fri, 08 Nov 2019 20:13:52 GMT
server
AmazonS3
x-amz-request-id
3DA20F33DFB043F4
etag
"f14b4e1f799b14f798a195f43cf58376"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=44961
accept-ranges
bytes
content-length
948
x-amz-id-2
g7+QTkfgFpKXdjIV1ns3PedgNVHG4mi9TLupYfjziOmGieTRD5DTu0V21U3C4oqBbTG5njMGxL0=
_ate.track.config_resp
v1.addthisedge.com/live/boost/ra-59356b6bdf382d70/
3 KB
946 B
Script
General
Full URL
https://v1.addthisedge.com/live/boost/ra-59356b6bdf382d70/_ate.track.config_resp
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
198119e593eb2ca3b9249d007f37a32c7b84a811627e4f5d7ed5835cf95618f2

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Thu, 26 Mar 2020 08:21:50 GMT
content-encoding
gzip
etag
976632248--gzip
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
cache-control
public, max-age=59, s-maxage=86400
content-disposition
attachment; filename=1.txt
content-length
771
layers.ab5cd98fe1b9a38a4a9f.js
s7.addthis.com/static/
263 KB
76 KB
Script
General
Full URL
https://s7.addthis.com/static/layers.ab5cd98fe1b9a38a4a9f.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Wed, 18 Sep 2019 14:16:17 GMT
server
nginx/1.15.8
etag
W/"5d823c31-41b9f"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=86313600
date
Thu, 26 Mar 2020 08:21:50 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
77528
client.pt.min.json
s7.addthis.com/l10n/
4 KB
2 KB
XHR
General
Full URL
https://s7.addthis.com/l10n/client.pt.min.json
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
2a0114ee843f8e5fcb15026a43365c3455464f43e1ea135b075e49662a9905b9
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
Origin
https://solucoes-credito-consolidado.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Tue, 10 Sep 2019 15:15:17 GMT
server
nginx/1.15.8
status
200
etag
W/"5d77be05-e24"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
public, s-maxage=604800
date
Thu, 26 Mar 2020 08:21:50 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
1747
/
graph.facebook.com/
106 B
294 B
Script
General
Full URL
https://graph.facebook.com/?id=https%3A%2F%2Fsolucoes-credito-consolidado.com%2F%3Fadsid%3D_6165813741806457&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_8yx30
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
09f037c738d45d479db1baa252dfa1ea8e93217053195e02d1df326209bf6d80
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=15552000; preload
x-app-usage
{"call_count":0,"total_cputime":0,"total_time":0}
status
200
date
Thu, 26 Mar 2020 08:21:51 GMT, Thu, 26 Mar 2020 08:21:51 GMT
x-fb-rev
1001901040
alt-svc
h3-27=":443"; ma=3600
content-length
106
pragma
no-cache
x-fb-debug
DfxikbIgHA+jGcXaIfgwo/bXWXTSUidblrbjbJSAAXqar8VS+ZslnNkxzqfe2ExmyJbmb6vcjyr1omyE+QpelA==
x-fb-trace-id
EDPLvk540yE
etag
"8fbf667b233118e869b513df318b3ef790717c8c"
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
x-fb-request-id
AeXEBiXcEMa9DcN--rVFC8j
cache-control
private, no-cache, no-store, must-revalidate
facebook-api-version
v2.12
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
graph.facebook.com/
105 B
561 B
Script
General
Full URL
https://graph.facebook.com/?id=http%3A%2F%2Fsolucoes-credito-consolidado.com%2F%3Fadsid%3D_6165813741806457&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_daoa0
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
8c09bb34db20525eddbf1aeac65f44b64125873c6d9cdf577c86c4bd89700137
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
https://solucoes-credito-consolidado.com/?adsid=_6165813741806457
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=15552000; preload
x-app-usage
{"call_count":0,"total_cputime":0,"total_time":0}
status
200
date
Thu, 26 Mar 2020 08:21:51 GMT, Thu, 26 Mar 2020 08:21:51 GMT
x-fb-rev
1001901040
alt-svc
h3-27=":443"; ma=3600
content-length
105
pragma
no-cache
x-fb-debug
fqMeE2vBvsttwGhRu+hPN32WTpDDTFxglX2y7q8JMzNAAaMbYctj5rfz7xtTwfGMOVVzvY0+Jk6NyrKSp0GcIg==
x-fb-trace-id
CUKayVs8rCa
etag
"bbe31ddbfbf0e4f475817b4c0b17b03406c8b62e"
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
x-fb-request-id
AfozxcsJFjUWcGCJ-JUcKmA
cache-control
private, no-cache, no-store, must-revalidate
facebook-api-version
v2.12
expires
Sat, 01 Jan 2000 00:00:00 GMT
truncated
/
443 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

55 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| fbq function| _fbq function| gtag object| dataLayer object| google_tag_manager object| cookieconsent function| $ function| jQuery function| _typeof boolean| windowIsDefined object| $jscomp undefined| footHeight function| initModal function| openLoader function| closeLoader function| error function| clearError function| scrollTop function| Slider object| WebFont function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO function| Queue function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto object| addthis_config object| addthis_share boolean| __@@##MUH object| _atw string| addthis_services_loc string| addthis_services_loc_mob object| addthis_translations string| addthis_exclude boolean| addthis_use_personalization string| addthis_options_default string| addthis_options_rank string| addthis_options object| __callbacks number| len

5 Cookies

Domain/Path Name / Value
adsplatform.com/ Name: laravel_session
Value: eyJpdiI6Ijc5MDk2WWVZaEhPTVNiSGxHN01RbGc9PSIsInZhbHVlIjoiczZ3alNTc3l1dHUzRG5RaWMwZGtLWkZYTW9mVEFycklSd2VmWnlBQkxXczZveDBZMGU0c2VQV1BUSnBzbENkZ1dkbDlkRmNFZEZuQlRrR2Q2aE1qcUE9PSIsIm1hYyI6IjI1ZWZhMmRjY2U2NzMwODk1YWQwNWNiNGM0N2IzMmYwZmEyZDI4MzlhNDBlZTk3YzU0YTBhNTU2MTlkMGJhN2YifQ%3D%3D
solucoes-credito-consolidado.com/ Name: __atuvc
Value: 1%7C13
solucoes-credito-consolidado.com/ Name: __atuvs
Value: 5e7c661eccc39b6b000
.solucoes-credito-consolidado.com/ Name: _fbp
Value: fb.1.1585210909983.1750751980
solucoes-credito-consolidado.com/ Name: PHPSESSID
Value: aorkq8pk1u7rhh560e592r9nr2

1 Console Messages

Source Level URL
Text
console-api warning URL: https://solucoes-credito-consolidado.com/dist/scripts.js(Line 1)
Message:
Can't find language "pt" in Datepicker.language, will use "ru" instead

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adsplatform.com
api.easyacross.com
cdnjs.cloudflare.com
code.jquery.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
graph.facebook.com
mackspear.com
s7.addthis.com
solucoes-credito-consolidado.com
v1.addthisedge.com
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
z.moatads.com
172.217.16.162
185.15.20.111
2001:4de0:ac19::1:b:3b
217.182.75.102
23.210.248.44
2606:4700::6811:4104
2a00:1450:4001:800::2008
2a00:1450:4001:806::2004
2a00:1450:4001:808::2002
2a00:1450:4001:814::2003
2a00:1450:4001:816::200a
2a00:1450:4001:81e::2003
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f02d:e:face:b00c:0:2
2a03:2880:f12d:83:face:b00c:0:25de
54.173.28.69
95.101.185.246
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
068989ec6ad9f4b81299cd9d4ecac72d19f42516b48c049e7c1e754bca6d2238
09f037c738d45d479db1baa252dfa1ea8e93217053195e02d1df326209bf6d80
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
194b20b01513eaec87005b4a7cf5693968ad20ae18507c095edba16f006fb29a
198119e593eb2ca3b9249d007f37a32c7b84a811627e4f5d7ed5835cf95618f2
2a0114ee843f8e5fcb15026a43365c3455464f43e1ea135b075e49662a9905b9
36637f612fa84657d5a29f4e46026e5e557c85e22b65c632beb753c3f46b58ba
436cfcd6b2e2e46bdd9ed9a1af4682c14065bdc2caf9c067abcc14dfda16ad8c
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
500087e17a004b47a8d43ce608e8d4e38864bc8ce6970e451471f34d108d76cc
53674f6caa0c6959898815f3b2c652d53ed4b7c09f8a4444fc026a4d82d22fbb
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
5c29ba244b10929f45de1d4ecf39138ab2f9096055254ec89b7a53e978cfbab3
5e1758914cec3a9cb49e52a5f3d6a3b425cd278511bac8d746d1f21c1f40ab6c
751f482aff6d734922e0a1090224dfcab059487965a686d06ba466dd4967cdcf
8c09bb34db20525eddbf1aeac65f44b64125873c6d9cdf577c86c4bd89700137
942278c97159fd35b3c220e0948b1d2bac10b559a56f4f23058f6d8a1388709d
95d6518a2819b2630290114aa17c97910a973376b1e8750b57d51e9d81bcfa4c
ab8ceea757a634f5ce5a9ed6f6b4bcdd555869b385d315854e16914a2f5a3bc7
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
b8da5a01a403fd9b978e77b69f3275ae3e5370145dcbcd3af42c509735426e3d
d908178c692771336d125b23853383e8cdb5b039db9faa01f8dcaf898c615191
e747521bc9729c30f06bda6471e77ad26ce0e05b104743e93fe14c8ef3b559a7
ea399158ef2d93ca8c14598e1ee6bfddf924d4b877c8972928d30ff23bcf1a30
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fb88ede20d1c3203088637e210aa9a4f0899ad3dd4553fc8e94ef97aa8216502