offers.propertyleadr.net Open in urlscan Pro
3.126.202.50  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response offers.propertyleadr.net/opulent-investments-kiln-house/	48 KB 10 KB	101ms 18ms	Document text/html	3.126.202.50 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://offers.propertyleadr.net/opulent-investments-kiln-house/?affiliate_id=1273&sub_id=%3fcmpid%3dpwtp20220616A&ckm_request_id=62837718&country=US&v=Property&bot=false&fn=&ln= Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 3.126.202.50 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-126-202-50.eu-central-1.compute.amazonaws.com Software / Resource Hash d2b51f609b5d19ba659652791cc9f0e1ccd0b415c24b3e99774d063874f615cf Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers connection close content-encoding gzip content-location https://offers.propertyleadr.net/opulent-investments-kiln-house/ content-type text/html; charset=UTF-8 date Thu, 07 Jul 2022 10:52:25 GMT etag "a:36f921b78030f0c00f5e8a0a224ca937" last-modified Sat, 25 Jun 2022 15:20:52 GMT link <https://offers.propertyleadr.net/opulent-investments-kiln-house/>; rel="canonical" p3p CP="This is not a privacy policy." transfer-encoding chunked x-proxy-backend page-server x-unbounce-pageid 33b7244d-06b6-4b49-857d-80eed755c746 x-unbounce-variant a x-unbounce-visitorid 0090523a-cbc9-4977-bd77-97729a93e2d8
GET H2	200	main-7b78720.z.css builder-assets.unbounce.com/published-css/	15 KB 3 KB	45ms 8ms	Stylesheet text/css	13.224.189.30 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://builder-assets.unbounce.com/published-css/main-7b78720.z.css Requested by Host: offers.propertyleadr.net URL: https://offers.propertyleadr.net/opulent-investments-kiln-house/?affiliate_id=1273&sub_id=%3fcmpid%3dpwtp20220616A&ckm_request_id=62837718&country=US&v=Property&bot=false&fn=&ln= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.189.30 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-189-30.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash 7b787207f29ffd5672ab91b95f681b387b4d6433081cc8b47070f1d564827863 Request headers accept-language de-DE,de;q=0.9 Referer https://offers.propertyleadr.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Fri, 27 May 2022 01:08:10 GMT content-encoding gzip last-modified Wed, 11 May 2022 15:25:12 GMT server AmazonS3 age 3577456 etag "8a6914b8829d3f926055f689771fe755" x-cache Hit from cloudfront x-amz-version-id KMvcis7.L0zEYzi_9UIlTjJ2K9lUXHro via 1.1 e976f829f2d1c4787d42d0595ae7cf74.cloudfront.net (CloudFront) cache-control max-age=31536000 x-amz-cf-pop FRA2-C1 accept-ranges bytes content-type text/css content-length 2902 x-amz-cf-id 1Y15rw1Jw44IzoJZ9EtndkJOD6a2gSPdBrOLKW5zfjbWB4r5ymj8Eg==
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.6.0/	87 KB 31 KB	124ms 37ms	Script text/javascript	2a00:1450:4001:810::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js Requested by Host: offers.propertyleadr.net URL: https://offers.propertyleadr.net/opulent-investments-kiln-house/?affiliate_id=1273&sub_id=%3fcmpid%3dpwtp20220616A&ckm_request_id=62837718&country=US&v=Property&bot=false&fn=&ln= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://offers.propertyleadr.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Thu, 07 Jul 2022 10:04:44 GMT content-encoding gzip x-content-type-options nosniff age 2861 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 31017 x-xss-protection 0 last-modified Wed, 10 Mar 2021 14:28:09 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Fri, 07 Jul 2023 10:04:44 GMT
GET H2	200	ub.js Show response d34qb8suadcc4g.cloudfront.net/	5 KB 2 KB	49ms 7ms	Script application/javascript	2600:9000:21f3:fc00:1d:11cf:5800:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d34qb8suadcc4g.cloudfront.net/ub.js?1618514266 Requested by Host: offers.propertyleadr.net URL: https://offers.propertyleadr.net/opulent-investments-kiln-house/?affiliate_id=1273&sub_id=%3fcmpid%3dpwtp20220616A&ckm_request_id=62837718&country=US&v=Property&bot=false&fn=&ln= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21f3:fc00:1d:11cf:5800:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 0bbb0c157e8aad81455cc5e2d258b835053a0b404b32632adaed6a9075042bc4 Request headers accept-language de-DE,de;q=0.9 Referer https://offers.propertyleadr.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 13 Jun 2022 10:29:43 GMT content-encoding gzip last-modified Thu, 15 Apr 2021 19:15:08 GMT server AmazonS3 age 2074963 etag "f6420c864830b5860bfaadd47a2bb21b" x-cache Hit from cloudfront x-amz-version-id bKC28ufbc849z_LglraHgQe9TbPw1SIU via 1.1 ac0e9b19969df989a920e6d1b834d008.cloudfront.net (CloudFront) cache-control max-age=31536000 x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type application/javascript content-length 1856 x-amz-cf-id LYNMZ4ybB_Pz_e1ZRnGVMOlZGCwmsgaFqY2KcqorWwMtIosQSrl65Q==
GET H2	200	main.bundle-7a80b17.z.js Show response builder-assets.unbounce.com/published-js/	103 KB 33 KB	8ms 8ms	Script application/javascript	13.224.189.30 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://builder-assets.unbounce.com/published-js/main.bundle-7a80b17.z.js Requested by Host: offers.propertyleadr.net URL: https://offers.propertyleadr.net/opulent-investments-kiln-house/?affiliate_id=1273&sub_id=%3fcmpid%3dpwtp20220616A&ckm_request_id=62837718&country=US&v=Property&bot=false&fn=&ln= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.189.30 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-189-30.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash 7a80b17346ad96acb74876b1c792e1706cdfdb5e17ce3bc028ee6e832bdfd962 Request headers accept-language de-DE,de;q=0.9 Referer https://offers.propertyleadr.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Sat, 18 Jun 2022 04:26:49 GMT content-encoding gzip last-modified Wed, 11 May 2022 15:25:07 GMT server AmazonS3 age 1664737 etag "115451db447a15fd94ca1eec82178c7c" x-cache Hit from cloudfront x-amz-version-id hO9WFSZalI7CFVogzNPJaI4zzDMeqqnQ via 1.1 e976f829f2d1c4787d42d0595ae7cf74.cloudfront.net (CloudFront) cache-control max-age=31536000 x-amz-cf-pop FRA2-C1 accept-ranges bytes content-type application/javascript content-length 33491 x-amz-cf-id -7d1xz7dJF--9hs8dKq2AVjthMq4ABO-we6n5xjJyjKQtdeLy1tUTA==
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	98 KB 26 KB	41ms 9ms	Script application/x-javascript	2a03:2880:f02d:100:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: offers.propertyleadr.net URL: https://offers.propertyleadr.net/opulent-investments-kiln-house/?affiliate_id=1273&sub_id=%3fcmpid%3dpwtp20220616A&ckm_request_id=62837718&country=US&v=Property&bot=false&fn=&ln= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash f8bdb531d36caf4bb43071d1be58a2d1b153d3a403f4b8f4e6a919dd46213f47 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://offers.propertyleadr.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400,h3-29=":443"; ma=86400 content-length 25939 x-xss-protection 0 pragma public x-fb-debug WG8f80OxQABMTBPQluIPZr+4ICQshpY8bj2xxfdVa4/4J6TJdilaH1oz8XYXmAhZHOO9gTcr1YKPZ22yerXyYg== x-fb-trip-id 2050670934 cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Thu, 07 Jul 2022 10:52:25 GMT strict-transport-security max-age=31536000; preload; includeSubDomains content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	request.js Show response script.anura.io/	50 KB 18 KB	163ms 111ms	Script application/javascript	18.134.125.36 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.anura.io/request.js?instance=3552465468&source=1273-%253fcmpid%253dpwtp20220616A&campaign=288&callback=anuraCallbackFunction&674946811874 Requested by Host: offers.propertyleadr.net URL: https://offers.propertyleadr.net/opulent-investments-kiln-house/?affiliate_id=1273&sub_id=%3fcmpid%3dpwtp20220616A&ckm_request_id=62837718&country=US&v=Property&bot=false&fn=&ln= Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.134.125.36 London, United Kingdom, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-134-125-36.eu-west-2.compute.amazonaws.com Software nginx / Resource Hash ec3f71d4d21433d32e56dce92781468bd442a14bd80daf50f1e121accb7b8c1b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://offers.propertyleadr.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers pragma no-cache date Thu, 07 Jul 2022 10:52:26 GMT content-encoding gzip x-content-type-options nosniff server nginx vary Accept-Encoding content-type application/javascript; charset=utf-8 cache-control private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0 expires Sun, 28 Dec 1980 18:57:00 EST
GET H2	200	2183216491990889 Show response connect.facebook.net/signals/config/	292 KB 84 KB	49ms 48ms	Script application/x-javascript	2a03:2880:f02d:100:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/2183216491990889?v=2.9.64&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash a7fb649e3564bf3afbbc71813f5ac10ea5094fd8e0aab1ede0ebc9fa29e2becd Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://offers.propertyleadr.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400,h3-29=":443"; ma=86400 x-xss-protection 0 pragma public x-fb-debug 6rK9kxqrNwczsfi/CMcTDTS4MMCCs39Do2jqOZrWwQ94ZjpTZcSEx4nglXZtaN9NlFeRkA54QQ6rnDEoHVSkWw== x-fb-trip-id 2050670934 cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Thu, 07 Jul 2022 10:52:26 GMT strict-transport-security max-age=31536000; preload; includeSubDomains x-content-cdn-origin-ts 1657191146049 content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET DATA	200 OK	truncated /	42 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Content-Type image/gif
GET H2	200	sp-2.14.0.js Show response d34qb8suadcc4g.cloudfront.net/	98 KB 30 KB	8ms 8ms	Script application/javascript	2600:9000:21f3:fc00:1d:11cf:5800:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d34qb8suadcc4g.cloudfront.net/sp-2.14.0.js Requested by Host: d34qb8suadcc4g.cloudfront.net URL: https://d34qb8suadcc4g.cloudfront.net/ub.js?1618514266 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21f3:fc00:1d:11cf:5800:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 2e8292b18fc2acc297e1aa6acc6abe05136604137e744ba1b49984df330562bb Request headers accept-language de-DE,de;q=0.9 Referer https://offers.propertyleadr.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Sat, 05 Mar 2022 17:27:36 GMT content-encoding gzip last-modified Wed, 04 Nov 2020 01:35:32 GMT server AmazonS3 age 10689891 etag "73de733c308b8b5e44d2a6242dc4bd99" x-cache Hit from cloudfront x-amz-version-id rVTqklA1qqyT_0VdOCY323BKPISR0uej via 1.1 ac0e9b19969df989a920e6d1b834d008.cloudfront.net (CloudFront) cache-control max-age=31536000 x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type application/javascript content-length 30399 x-amz-cf-id Xp2BwHIkhChpWRmvRYnKnTygrreMo3fvHxW0YYfKEkDnyUfGJBRpyQ==
GET BLOB	200 OK	7dafb1d8-eb8e-4012-921e-e237cf16171c https://offers.propertyleadr.net/	5 KB 0		Stylesheet text/css
General Check archive.org Show headers Download Go to Full URL blob:https://offers.propertyleadr.net/7dafb1d8-eb8e-4012-921e-e237cf16171c Requested by Host: builder-assets.unbounce.com URL: https://builder-assets.unbounce.com/published-js/main.bundle-7a80b17.z.js Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 9c29517d31f5827419cfb4f4ff8cd13b478ec5345cfbb24e4f02072c723a87e7 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Content-Length 5603 Content-Type text/css
GET H2	200	css fonts.googleapis.com/	9 KB 1 KB	132ms 48ms	Stylesheet text/css	2a00:1450:4001:828::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto:regular,700,300,500%7CLato:regular Requested by Host: builder-assets.unbounce.com URL: https://builder-assets.unbounce.com/published-js/main.bundle-7a80b17.z.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash e455653f8d109e78d9ddf89d334a09e4d7efd752a10660141e9845a6c23f4603 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://offers.propertyleadr.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Thu, 07 Jul 2022 10:52:26 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Thu, 07 Jul 2022 10:52:26 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Thu, 07 Jul 2022 10:52:26 GMT
GET H2	200	6e956eea-opulent-investments-kiln-house-exterior_10h60bg00000000000001o.jpeg d9hhrg4mnvzow.cloudfront.net/offers.propertyleadr.net/opulent-investments-kiln-house/	43 KB 43 KB	48ms 13ms	Image image/jpeg	13.225.84.77 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d9hhrg4mnvzow.cloudfront.net/offers.propertyleadr.net/opulent-investments-kiln-house/6e956eea-opulent-investments-kiln-house-exterior_10h60bg00000000000001o.jpeg Requested by Host: offers.propertyleadr.net URL: https://offers.propertyleadr.net/opulent-investments-kiln-house/?affiliate_id=1273&sub_id=%3fcmpid%3dpwtp20220616A&ckm_request_id=62837718&country=US&v=Property&bot=false&fn=&ln= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.84.77 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-84-77.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash c1334e3ec11bdd28ded0e2602e2ff40144984d8b6eea2520d6b8d0291da0029c Request headers accept-language de-DE,de;q=0.9 Referer https://offers.propertyleadr.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 00:21:06 GMT via 1.1 286eb4b50e0acf373dd03645aee00b7e.cloudfront.net (CloudFront) last-modified Sat, 25 Jun 2022 15:20:52 GMT server AmazonS3 age 124281 etag "37fa28762894ce18763e2982614667c9" x-cache Hit from cloudfront x-amz-version-id zLeAoTvCt71i_xVY2fEkXkZmhgLGc8c0 cache-control max-age=31557600 x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type image/jpeg content-length 43926 x-amz-cf-id GKi1c-StDPeZjKbiH36-vXfUWi1ou6xOrFd9-P07JbOGyMFSoKS-vQ==
GET H2	200	6e15abc9-opulent-investments-logo-2_1000000000000000000028.png d9hhrg4mnvzow.cloudfront.net/offers.propertyleadr.net/opulent-investments-kiln-house/	2 KB 2 KB	46ms 11ms	Image image/png	13.225.84.77 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d9hhrg4mnvzow.cloudfront.net/offers.propertyleadr.net/opulent-investments-kiln-house/6e15abc9-opulent-investments-logo-2_1000000000000000000028.png Requested by Host: offers.propertyleadr.net URL: https://offers.propertyleadr.net/opulent-investments-kiln-house/?affiliate_id=1273&sub_id=%3fcmpid%3dpwtp20220616A&ckm_request_id=62837718&country=US&v=Property&bot=false&fn=&ln= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.84.77 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-84-77.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash 33d81dc1a3a2d31dd2b9de90b6b795352afcbc4977988b0def38c53823a35b96 Request headers accept-language de-DE,de;q=0.9 Referer https://offers.propertyleadr.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 00:21:06 GMT via 1.1 286eb4b50e0acf373dd03645aee00b7e.cloudfront.net (CloudFront) last-modified Sat, 25 Jun 2022 15:20:52 GMT server AmazonS3 age 124281 etag "571a094adc0f08c3ce12faab6abe8b42" x-cache Hit from cloudfront x-amz-version-id vfgl4axPYYrLiix0s9FxgCxxha6Rj.Re cache-control max-age=31557600 x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type image/png content-length 2137 x-amz-cf-id CZagnMK5sgZT4h6OTbGH3HI0iez-udXV_4wQ5ORt9xopb_X_PHyJ6A==
GET H2	200	5167df06-opulent-investments-kiln-house-keys_1000000000000000000028.png d9hhrg4mnvzow.cloudfront.net/offers.propertyleadr.net/opulent-investments-kiln-house/	2 KB 2 KB	47ms 12ms	Image image/png	13.225.84.77 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d9hhrg4mnvzow.cloudfront.net/offers.propertyleadr.net/opulent-investments-kiln-house/5167df06-opulent-investments-kiln-house-keys_1000000000000000000028.png Requested by Host: offers.propertyleadr.net URL: https://offers.propertyleadr.net/opulent-investments-kiln-house/?affiliate_id=1273&sub_id=%3fcmpid%3dpwtp20220616A&ckm_request_id=62837718&country=US&v=Property&bot=false&fn=&ln= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.84.77 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-84-77.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash 23446674aa51fde62003dff1adc6ba3ffcfb124c16912c92d6369e2f5ca80bcb Request headers accept-language de-DE,de;q=0.9 Referer https://offers.propertyleadr.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 00:21:06 GMT via 1.1 286eb4b50e0acf373dd03645aee00b7e.cloudfront.net (CloudFront) last-modified Sat, 25 Jun 2022 15:20:52 GMT server AmazonS3 age 124281 etag "39b29dfad0bbe6d915878d83832de538" x-cache Hit from cloudfront x-amz-version-id 9x9jcO9F138uFZsxnkx9FBXJLSe6vMIm cache-control max-age=31557600 x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type image/png content-length 2102 x-amz-cf-id ShQZArOvAYtR0-iT42k4_wmXqSoVXRqlo13Fwtk2NoGN4rE7HE3LPA==
GET H2	200	d3366db8-opulent-investments-kiln-house-pound_1000000000000000000028.png d9hhrg4mnvzow.cloudfront.net/offers.propertyleadr.net/opulent-investments-kiln-house/	2 KB 2 KB	54ms 20ms	Image image/png	13.225.84.77 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d9hhrg4mnvzow.cloudfront.net/offers.propertyleadr.net/opulent-investments-kiln-house/d3366db8-opulent-investments-kiln-house-pound_1000000000000000000028.png Requested by Host: offers.propertyleadr.net URL: https://offers.propertyleadr.net/opulent-investments-kiln-house/?affiliate_id=1273&sub_id=%3fcmpid%3dpwtp20220616A&ckm_request_id=62837718&country=US&v=Property&bot=false&fn=&ln= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.84.77 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-84-77.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash c33f3d27fc298851d0cc2cbfa81c759810bf64f2bcfe6720bb55d72b17261c94 Request headers accept-language de-DE,de;q=0.9 Referer https://offers.propertyleadr.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 00:21:06 GMT via 1.1 286eb4b50e0acf373dd03645aee00b7e.cloudfront.net (CloudFront) last-modified Sat, 25 Jun 2022 15:20:52 GMT server AmazonS3 age 124281 etag "ff6f069ed0c45994077a71939fe19e95" x-cache Hit from cloudfront x-amz-version-id 8ozsmJ4um9.wZadvLOwfuYX9pETAX1lL cache-control max-age=31557600 x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type image/png content-length 1905 x-amz-cf-id ZlayqB3Bvj9KkIlQfboo4s99CtPlZ9vpnCe_1s1GcPvRvrB6jSZAgw==
GET H2	200	4b787056-opulent-investments-kiln-house-contract_1000000000000000000028.png d9hhrg4mnvzow.cloudfront.net/offers.propertyleadr.net/opulent-investments-kiln-house/	2 KB 2 KB	52ms 18ms	Image image/png	13.225.84.77 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d9hhrg4mnvzow.cloudfront.net/offers.propertyleadr.net/opulent-investments-kiln-house/4b787056-opulent-investments-kiln-house-contract_1000000000000000000028.png Requested by Host: offers.propertyleadr.net URL: https://offers.propertyleadr.net/opulent-investments-kiln-house/?affiliate_id=1273&sub_id=%3fcmpid%3dpwtp20220616A&ckm_request_id=62837718&country=US&v=Property&bot=false&fn=&ln= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.84.77 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-84-77.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash 0e4a2ce3768c14a583eddb1088724124fe0c7cdaf7f0e4d7799b29b7f4dc34c1 Request headers accept-language de-DE,de;q=0.9 Referer https://offers.propertyleadr.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 00:21:06 GMT via 1.1 286eb4b50e0acf373dd03645aee00b7e.cloudfront.net (CloudFront) last-modified Sat, 25 Jun 2022 15:20:52 GMT server AmazonS3 age 124281 etag "3cd73b246259c81e44308c1aef4f1771" x-cache Hit from cloudfront x-amz-version-id vVtYTq_DicvZzNUKrqvfu7DPANVJEd.k cache-control max-age=31557600 x-amz-cf-pop FRA2-C2 accept-ranges bytes content-type image/png content-length 1842 x-amz-cf-id pIQAn-iym8XYQBTY5m5ZRIIX2dVzMHOscr81KvZNnfd1fpQpq3MjWA==
GET H2	200	i events.ub-analytics.com/	43 B 245 B	306ms 98ms	Image image/gif	67.202.52.6 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://events.ub-analytics.com/i?stm=1657191146083&e=pv&url=https%3A%2F%2Foffers.propertyleadr.net%2Fopulent-investments-kiln-house%2F%3Faffiliate_id%3D1273%26sub_id%3D%253fcmpid%253dpwtp20220616A%26ckm_request_id%3D62837718%26country%3DUS%26v%3DProperty%26bot%3Dfalse%26fn%3D%26ln%3D&tv=js-2.14.0&tna=sp-ub&aid=landing_page&p=web&tz=UTC&lang=en-US&cs=UTF-8&f_pdf=1&f_qt=0&f_realp=0&f_wma=0&f_dir=0&f_fla=0&f_java=0&f_gears=0&f_ag=0&res=1600x1200&cd=24&eid=bbd7ee84-6f0d-42a3-882a-8058b30435c0&dtm=1657191146081&vp=1600x1200&ds=1600x1255&vid=1&sid=7c26a9a3-e206-41a0-b1b5-b7e40b625849&duid=7999ba4e-c665-419a-8c89-fb6302a02d40&uid=0090523a-cbc9-4977-bd77-97729a93e2d8&cx=eyJzY2hlbWEiOiJpZ2x1OmNvbS5zbm93cGxvd2FuYWx5dGljcy5zbm93cGxvdy9jb250ZXh0cy9qc29uc2NoZW1hLzEtMC0wIiwiZGF0YSI6W3sic2NoZW1hIjoianNfdHJhY2tlcl9jb250ZXh0X3YxLjEuanNvbiIsImRhdGEiOnsicGFnZUlkIjoiMzNiNzI0NGQtMDZiNi00YjQ5LTg1N2QtODBlZWQ3NTVjNzQ2IiwidmFyaWFudElkIjoiYSIsImV2ZW50VHlwZSI6InZpc2l0IiwiZXZlbnRNZXRhZGF0YSI6W10sInJvdXRpbmdTdHJhdGVneSI6IndlaWdodGVkIn19XX0 Requested by Host: offers.propertyleadr.net URL: https://offers.propertyleadr.net/opulent-investments-kiln-house/?affiliate_id=1273&sub_id=%3fcmpid%3dpwtp20220616A&ckm_request_id=62837718&country=US&v=Property&bot=false&fn=&ln= Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 67.202.52.6 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-67-202-52-6.compute-1.amazonaws.com Software akka-http/10.0.9 / Resource Hash caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c Request headers accept-language de-DE,de;q=0.9 Referer https://offers.propertyleadr.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers access-control-allow-origin * date Thu, 07 Jul 2022 10:52:26 GMT access-control-allow-credentials true server akka-http/10.0.9 p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" content-length 43 content-type image/gif
GET H3	200	820979408346016 Show response connect.facebook.net/signals/config/	291 KB 84 KB	49ms 48ms	Script application/x-javascript	2a03:2880:f02d:100:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/820979408346016?v=2.9.64&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b870cc14b79ca87695f99e5cad90b3628e6b0eb9c3993358ebf644a0c166f4 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://offers.propertyleadr.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400,h3-29=":443"; ma=86400 x-xss-protection 0 pragma public x-fb-debug 8VtZvpImPmEqd6Dlsz4IH0knZM/LqbHrEm262XoIwQbjUmkJM0SH4aF9RfURsx4EW0vHyfUjwt1C5WmXvSMhMQ== cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Thu, 07 Jul 2022 10:52:26 GMT strict-transport-security max-age=31536000; preload; includeSubDomains x-content-cdn-origin-ts 1657191146140 content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	/ www.facebook.com/tr/	44 B 297 B	34ms 8ms	Image image/gif	2a03:2880:f12d:181:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=2183216491990889&ev=PageView&dl=https%3A%2F%2Foffers.propertyleadr.net%2Fopulent-investments-kiln-house%2F%3Faffiliate_id%3D1273%26sub_id%3D%253fcmpid%253dpwtp20220616A%26ckm_request_id%3D62837718%26country%3DUS%26v%3DProperty%26bot%3Dfalse%26fn%3D%26ln%3D&rl=&if=false&ts=1657191146095&sw=1600&sh=1200&v=2.9.64&r=stable&ec=0&o=30&fbp=fb.1.1657191146094.1466600347&it=1657191146002&coo=false&rqm=GET Requested by Host: offers.propertyleadr.net URL: https://offers.propertyleadr.net/opulent-investments-kiln-house/?affiliate_id=1273&sub_id=%3fcmpid%3dpwtp20220616A&ckm_request_id=62837718&country=US&v=Property&bot=false&fn=&ln= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://offers.propertyleadr.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Thu, 07 Jul 2022 10:52:26 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 44 expires Thu, 07 Jul 2022 10:52:26 GMT
GET H2	200	showads.js Show response ads.anura.io/	0 351 B	57ms 8ms	XHR application/javascript	13.225.78.75 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ads.anura.io/showads.js?2585489618 Requested by Host: script.anura.io URL: https://script.anura.io/request.js?instance=3552465468&source=1273-%253fcmpid%253dpwtp20220616A&campaign=288&callback=anuraCallbackFunction&674946811874 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.75 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-75.fra2.r.cloudfront.net Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://offers.propertyleadr.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 06 Jul 2022 16:43:58 GMT content-encoding gzip server nginx age 65308 vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-allow-methods GET x-amz-cf-pop FRA2-C2 x-amz-cf-id Kr5N6JwKbPv9ylewA5qTLNKG-eEUxwAM1ozuS4i_ODFLtlTvSV8IJg== via 1.1 ec9e3bc729d9c6d55ed32446408ad62e.cloudfront.net (CloudFront)
GET H2	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v30/	15 KB 16 KB	118ms 35ms	Font font/woff2	2a00:1450:4001:80b::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:regular,700,300,500%7CLato:regular Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://offers.propertyleadr.net accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 19:07:55 GMT x-content-type-options nosniff age 229471 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15744 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:48 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 04 Jul 2023 19:07:55 GMT
GET H2	200	KFOlCnqEu92Fr1MmWUlfBBc4.woff2 fonts.gstatic.com/s/roboto/v30/	15 KB 16 KB	154ms 76ms	Font font/woff2	2a00:1450:4001:80b::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:regular,700,300,500%7CLato:regular Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://offers.propertyleadr.net accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Tue, 05 Jul 2022 08:45:42 GMT x-content-type-options nosniff age 180404 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15860 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:42 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 05 Jul 2023 08:45:42 GMT
GET H2	200	KFOlCnqEu92Fr1MmSU5fBBc4.woff2 fonts.gstatic.com/s/roboto/v30/	15 KB 15 KB	119ms 46ms	Font font/woff2	2a00:1450:4001:80b::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:regular,700,300,500%7CLato:regular Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://offers.propertyleadr.net accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 16:39:45 GMT x-content-type-options nosniff age 238361 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15740 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:56 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 04 Jul 2023 16:39:45 GMT
GET H2	200	KFOlCnqEu92Fr1MmEU9fBBc4.woff2 fonts.gstatic.com/s/roboto/v30/	16 KB 16 KB	120ms 88ms	Font font/woff2	2a00:1450:4001:80b::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:regular,700,300,500%7CLato:regular Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://offers.propertyleadr.net accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 04 Jul 2022 12:56:05 GMT x-content-type-options nosniff age 251781 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15920 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:45 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 04 Jul 2023 12:56:05 GMT
GET H3	200	/ www.facebook.com/tr/	44 B 91 B	17ms 7ms	Image image/gif	2a03:2880:f12d:181:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=820979408346016&ev=PageView&dl=https%3A%2F%2Foffers.propertyleadr.net%2Fopulent-investments-kiln-house%2F%3Faffiliate_id%3D1273%26sub_id%3D%253fcmpid%253dpwtp20220616A%26ckm_request_id%3D62837718%26country%3DUS%26v%3DProperty%26bot%3Dfalse%26fn%3D%26ln%3D&rl=&if=false&ts=1657191146319&sw=1600&sh=1200&v=2.9.64&r=stable&ec=0&o=30&fbp=fb.1.1657191146094.1466600347&it=1657191146002&coo=false&rqm=GET Requested by Host: offers.propertyleadr.net URL: https://offers.propertyleadr.net/opulent-investments-kiln-house/?affiliate_id=1273&sub_id=%3fcmpid%3dpwtp20220616A&ckm_request_id=62837718&country=US&v=Property&bot=false&fn=&ln= Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://offers.propertyleadr.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Thu, 07 Jul 2022 10:52:26 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin content-length 44 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 priority u=3,i expires Thu, 07 Jul 2022 10:52:26 GMT
GET H2	200	S6uyw4BMUTPHjx4wXg.woff2 fonts.gstatic.com/s/lato/v23/	23 KB 23 KB	118ms 101ms	Font font/woff2	2a00:1450:4001:80b::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:regular,700,300,500%7CLato:regular Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://offers.propertyleadr.net accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Tue, 05 Jul 2022 17:07:14 GMT x-content-type-options nosniff age 150312 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 23580 x-xss-protection 0 last-modified Tue, 26 Apr 2022 15:48:56 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 05 Jul 2023 17:07:14 GMT
GET H3	200	/ www.facebook.com/tr/	44 B 88 B	7ms 7ms	Image image/gif	2a03:2880:f12d:181:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=2183216491990889&ev=Microdata&dl=https%3A%2F%2Foffers.propertyleadr.net%2Fopulent-investments-kiln-house%2F%3Faffiliate_id%3D1273%26sub_id%3D%253fcmpid%253dpwtp20220616A%26ckm_request_id%3D62837718%26country%3DUS%26v%3DProperty%26bot%3Dfalse%26fn%3D%26ln%3D&rl=&if=false&ts=1657191146597&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%22%2C%22meta%3Akeywords%22%3A%22%22%2C%22meta%3Adescription%22%3A%22%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22http%3A%2F%2Foffers.propertyleadr.net%2Fopulent-investments-kiln-house%2F%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.64&r=stable&ec=1&o=30&fbp=fb.1.1657191146094.1466600347&it=1657191146002&coo=false&es=automatic&tm=3&rqm=GET Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://offers.propertyleadr.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Thu, 07 Jul 2022 10:52:26 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin content-length 44 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 priority u=3,i expires Thu, 07 Jul 2022 10:52:26 GMT
POST H2	200	response.json Show response script.anura.io/	52 B 405 B	186ms 141ms	XHR application/json	18.134.125.36 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.anura.io/response.json Requested by Host: script.anura.io URL: https://script.anura.io/request.js?instance=3552465468&source=1273-%253fcmpid%253dpwtp20220616A&campaign=288&callback=anuraCallbackFunction&674946811874 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.134.125.36 London, United Kingdom, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-134-125-36.eu-west-2.compute.amazonaws.com Software nginx / Resource Hash ffda31b4744db7a66c94f7c20c6984efe1287905f8442875f295ad5c582dd6da Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://offers.propertyleadr.net/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers pragma no-cache date Thu, 07 Jul 2022 10:52:26 GMT content-encoding gzip x-content-type-options nosniff server nginx vary Accept-Encoding access-control-allow-methods POST content-type application/json; charset=utf-8 access-control-allow-origin * cache-control private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0 expires Sun, 28 Dec 1980 18:57:00 EST
GET H3	200	/ www.facebook.com/tr/	44 B 88 B	8ms 7ms	Image image/gif	2a03:2880:f12d:181:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=820979408346016&ev=Microdata&dl=https%3A%2F%2Foffers.propertyleadr.net%2Fopulent-investments-kiln-house%2F%3Faffiliate_id%3D1273%26sub_id%3D%253fcmpid%253dpwtp20220616A%26ckm_request_id%3D62837718%26country%3DUS%26v%3DProperty%26bot%3Dfalse%26fn%3D%26ln%3D&rl=&if=false&ts=1657191146838&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%22%2C%22meta%3Akeywords%22%3A%22%22%2C%22meta%3Adescription%22%3A%22%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22http%3A%2F%2Foffers.propertyleadr.net%2Fopulent-investments-kiln-house%2F%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.64&r=stable&ec=1&o=30&fbp=fb.1.1657191146094.1466600347&it=1657191146002&coo=false&es=automatic&tm=3&rqm=GET Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://offers.propertyleadr.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Thu, 07 Jul 2022 10:52:26 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin content-length 44 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 priority u=3,i expires Thu, 07 Jul 2022 10:52:26 GMT
POST H2	200	result.json Show response script.anura.io/	41 B 396 B	33ms 32ms	XHR application/json	18.134.125.36 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.anura.io/result.json Requested by Host: offers.propertyleadr.net URL: https://offers.propertyleadr.net/opulent-investments-kiln-house/?affiliate_id=1273&sub_id=%3fcmpid%3dpwtp20220616A&ckm_request_id=62837718&country=US&v=Property&bot=false&fn=&ln= Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.134.125.36 London, United Kingdom, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-134-125-36.eu-west-2.compute.amazonaws.com Software nginx / Resource Hash 73c54eec23bd5786eee2abde558ae996cc30db654cc6d513369ef8e6e1681de9 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://offers.propertyleadr.net/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers pragma no-cache date Thu, 07 Jul 2022 10:52:26 GMT content-encoding gzip x-content-type-options nosniff server nginx vary Accept-Encoding access-control-allow-methods GET, POST content-type application/json; charset=utf-8 access-control-allow-origin * cache-control private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0 expires Sun, 28 Dec 1980 18:57:00 EST

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| ub object| module function| fbq function| _fbq function| anuraProcessFunction function| anuraCallbackFunction function| getResult function| $ function| jQuery object| UnbounceSnowplowNamespace function| ubSnowplow object| d8Validation function| startData8Validation function| validateEmailAsync function| validatePhoneAsync function| reportValidationResult function| checkForErrors function| setImmediate function| clearImmediate boolean| VimeoPlayerResizeEmbeds_ function| ownKeys function| _objectSpread function| _defineProperty function| _typeof object| Snowplow object| Anura

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			offers.propertyleadr.net/opulent-investments-kiln-house/	1970-01-20 08:44:48	Name: ubpv Value: a%2C33b7244d-06b6-4b49-857d-80eed755c746
			offers.propertyleadr.net/	1970-01-20 08:39:03	Name: ubvs Value: 0090523a-cbc9-4977-bd77-97729a93e2d8
			.propertyleadr.net/	1970-01-20 04:24:10	Name: ubvt Value: 0090523a-cbc9-4977-bd77-97729a93e2d8
			.propertyleadr.net/	1970-01-20 06:29:27	Name: _fbp Value: fb.1.1657191146094.1466600347

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.anura.io
ajax.googleapis.com
builder-assets.unbounce.com
connect.facebook.net
d34qb8suadcc4g.cloudfront.net
d9hhrg4mnvzow.cloudfront.net
events.ub-analytics.com
fonts.googleapis.com
fonts.gstatic.com
offers.propertyleadr.net
script.anura.io
www.facebook.com
13.224.189.30
13.225.78.75
13.225.84.77
18.134.125.36
2600:9000:21f3:fc00:1d:11cf:5800:93a1
2a00:1450:4001:80b::2003
2a00:1450:4001:810::200a
2a00:1450:4001:828::200a
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
3.126.202.50
67.202.52.6
0bbb0c157e8aad81455cc5e2d258b835053a0b404b32632adaed6a9075042bc4
0e4a2ce3768c14a583eddb1088724124fe0c7cdaf7f0e4d7799b29b7f4dc34c1
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
23446674aa51fde62003dff1adc6ba3ffcfb124c16912c92d6369e2f5ca80bcb
2e8292b18fc2acc297e1aa6acc6abe05136604137e744ba1b49984df330562bb
33d81dc1a3a2d31dd2b9de90b6b795352afcbc4977988b0def38c53823a35b96
73c54eec23bd5786eee2abde558ae996cc30db654cc6d513369ef8e6e1681de9
7a80b17346ad96acb74876b1c792e1706cdfdb5e17ce3bc028ee6e832bdfd962
7b787207f29ffd5672ab91b95f681b387b4d6433081cc8b47070f1d564827863
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
9c29517d31f5827419cfb4f4ff8cd13b478ec5345cfbb24e4f02072c723a87e7
a7fb649e3564bf3afbbc71813f5ac10ea5094fd8e0aab1ede0ebc9fa29e2becd
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
c1334e3ec11bdd28ded0e2602e2ff40144984d8b6eea2520d6b8d0291da0029c
c33f3d27fc298851d0cc2cbfa81c759810bf64f2bcfe6720bb55d72b17261c94
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
d2b51f609b5d19ba659652791cc9f0e1ccd0b415c24b3e99774d063874f615cf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b870cc14b79ca87695f99e5cad90b3628e6b0eb9c3993358ebf644a0c166f4
e455653f8d109e78d9ddf89d334a09e4d7efd752a10660141e9845a6c23f4603
ec3f71d4d21433d32e56dce92781468bd442a14bd80daf50f1e121accb7b8c1b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f8bdb531d36caf4bb43071d1be58a2d1b153d3a403f4b8f4e6a919dd46213f47
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ffda31b4744db7a66c94f7c20c6984efe1287905f8442875f295ad5c582dd6da