urlscan.io logo urlscan.io
SecurityTrails logo

www.getdreams.com Open in urlscan Pro
141.193.213.11  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://ewstopst.com/index.php?c=2633&t=26188&e=34026
Effective URL: https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672...
Submission: On April 03 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 2 countries across 8 domains to perform 21 HTTP transactions. The main IP is 141.193.213.11, located in and belongs to . The main domain is www.getdreams.com.
TLS certificate: Issued by E1 on March 24th 2024. Valid for: 3 months.
This is the only time www.getdreams.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    2001:41d0:203:9a4f:e77d:3fc3:d1de:5676 (France)

ASN16276 (OVH, FR)
ewstopst.com
2    2607:f8b0:4006:80d::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2607:f8b0:4006:809::200e (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    142.251.40.174 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f14.1e100.net
www.google-analytics.com
1    18.189.111.143 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-189-111-143.us-east-2.compute.amazonaws.com
cnecco.com
1    3.141.116.230 (None, )

ASN- ()
bemediaor.com
12    141.193.213.11 (None, )

ASN- ()
www.getdreams.com
1    2607:f8b0:4006:80f::200e (None, )

ASN- ()
www.googleoptimize.com
Apex Domain
Subdomains		 Transfer
12 getdreams.com
www.getdreams.com
259 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 35
21 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 43
168 KB
1 googleoptimize.com
www.googleoptimize.com
47 KB
1 bemediaor.com
bemediaor.com
513 B
1 cnecco.com
cnecco.com
445 B
1 ewstopst.com
ewstopst.com
1010 B
0 cookiebot.com Failed
consent.cookiebot.com Failed
21 8
Domain Requested by
12 www.getdreams.com www.getdreams.com
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 www.googletagmanager.com ewstopst.com
www.googletagmanager.com
1 www.googleoptimize.com www.getdreams.com
1 bemediaor.com 1 redirects
1 cnecco.com 1 redirects
1 ewstopst.com
0 consent.cookiebot.com Failed www.getdreams.com
21 8

This site contains no links.

Subject Issuer Validity Valid
ewstopst.com
R3		 2024-02-04 -
2024-05-04		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-03-04 -
2024-05-27		 3 months crt.sh
www.getdreams.com
E1		 2024-03-24 -
2024-06-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
Frame ID: 72FF7ADC26517E4A32B2B375102C083E
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://ewstopst.com/index.php?c=2633&t=26188&e=34026 HTTP 307
    https://ewstopst.com/index.php?c=2633&t=26188&e=34026 Page URL
  2. https://cnecco.com/click.track?CID=466274&AFID=468975&SID=ADS HTTP 302
    https://bemediaor.com/click.track?CID=465965&AFID=422872&AffiliateReferenceID=04_126372826_2f167b9... HTTP 302
    https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&Click... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googleoptimize\.com/optimize\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • /revslider/[/\w-]+/js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

21
Requests

90 %
HTTPS

50 %
IPv6

8
Domains

8
Subdomains

7
IPs

2
Countries

496 kB
Transfer

1695 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ewstopst.com/index.php?c=2633&t=26188&e=34026 HTTP 307
    https://ewstopst.com/index.php?c=2633&t=26188&e=34026 Page URL
  2. https://cnecco.com/click.track?CID=466274&AFID=468975&SID=ADS HTTP 302
    https://bemediaor.com/click.track?CID=465965&AFID=422872&AffiliateReferenceID=04_126372826_2f167b9d-0680-49d8-8531-1d7fc1a3b6e8&SID=468975 HTTP 302
    https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://ewstopst.com/index.php?c=2633&t=26188&e=34026 HTTP 307
  • https://ewstopst.com/index.php?c=2633&t=26188&e=34026

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
index.php
ewstopst.com/
Redirect Chain
  • http://ewstopst.com/index.php?c=2633&t=26188&e=34026
  • https://ewstopst.com/index.php?c=2633&t=26188&e=34026
2 KB
1010 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ewstopst.com/index.php?c=2633&t=26188&e=34026
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2001:41d0:203:9a4f:e77d:3fc3:d1de:5676 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
82790275e794d5510eb5d77d1c91fee09bb849e89ba1cb46f82e5ecb27b1b50c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 03 Apr 2024 21:36:16 GMT
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked

Redirect headers

Location
https://ewstopst.com/index.php?c=2633&t=26188&e=34026
Non-Authoritative-Reason
HttpsUpgrades
js
www.googletagmanager.com/gtag/ 		197 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-153633782-1
Requested by
Host: ewstopst.com
URL: https://ewstopst.com/index.php?c=2633&t=26188&e=34026
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
027ac3895a630965f9a4f19283885571ee68fcc834361f29a13179a4e50c3b5f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://ewstopst.com/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 21:36:16 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
73138
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 03 Apr 2024 21:36:16 GMT
js
www.googletagmanager.com/gtag/ 		285 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-W8ZJSFSEVF&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-153633782-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
45fa205c56cbf474ea25596aa7e44733a7ae40e1630b932f0d5e715272c8deab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://ewstopst.com/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 21:36:17 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
98003
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 03 Apr 2024 21:36:17 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-153633782-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://ewstopst.com/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 03 Apr 2024 20:06:53 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
5364
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Wed, 03 Apr 2024 22:06:53 GMT
collect
www.google-analytics.com/g/ 		0
168 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-W8ZJSFSEVF&gtm=45je4410v9111393022za200&_p=1712180176590&gcd=13l3l3l3l1&npa=0&dma=0&cid=621639670.1712180177&ul=en-us&sr=800x600&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=AAAI&_s=1&sid=1712180177&sct=1&seg=0&dl=https%3A%2F%2Fewstopst.com%2Findex.php%3Fc%3D2633%26t%3D26188%26e%3D34026&dt=Loading...%20%2F%20ewstopst.com&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2285
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-W8ZJSFSEVF&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://ewstopst.com/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 03 Apr 2024 21:36:17 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://ewstopst.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=582024838&t=pageview&_s=1&dl=https%3A%2F%2Fewstopst.com%2Findex.php%3Fc%3D2633%26t%3D26188%26e%3D34026&ul=en-us&de=UTF-8&dt=Loading...%20%2F%20ewstopst.com&sd=24-bit&sr=800x600&vp=1600x1113&je=0&_u=YADAAUABAAAAACAAI~&jid=1434911335&gjid=1057737360&cid=621639670.1712180177&tid=UA-153633782-1&_gid=1249309014.1712180177&_r=1&gtm=457e4410za200&gcd=13l3l3l3l1&dma=0&jsscut=1&z=1903382884
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.174 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://ewstopst.com/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 03 Apr 2024 21:36:17 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://ewstopst.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
Primary Request /
www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/
Redirect Chain
  • https://cnecco.com/click.track?CID=466274&AFID=468975&SID=ADS
  • https://bemediaor.com/click.track?CID=465965&AFID=422872&AffiliateReferenceID=04_126372826_2f167b9d-0680-49d8-8531-1d7fc1a3b6e8&SID=468975
  • https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_mediu...
70 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.11 -, , ASN (),
Reverse DNS
Software
cloudflare / WP Engine
Resource Hash
eb5384dbfe1723b51b3db012facaac5a8186d21f111c70cbd53367ec6db16bd3

Request headers

Referer
https://ewstopst.com/index.php?c=2633&t=26188&e=34026
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-US,en;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=600, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
86ec3194092a67db-MIA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 03 Apr 2024 21:36:21 GMT
link
<https://www.getdreams.com/no/wp-json/>; rel="https://api.w.org/" <https://www.getdreams.com/no/wp-json/wp/v2/pages/431>; rel="alternate"; type="application/json" <https://www.getdreams.com/no/?p=431>; rel=shortlink
server
cloudflare
vary
Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache
MISS
x-cache-group
normal
x-cacheable
SHORT
x-powered-by
WP Engine

Redirect headers

access-control-allow-origin
*
cache-control
private
content-length
372
content-type
text/html; charset=utf-8
date
Wed, 03 Apr 2024 21:36:20 GMT
location
https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
p3p
policyref="/p3p/P3P.bemediaor.com.xml", CP="NOI DSP COR NID ADM DEV OUR STP OTC"
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
optimize.js
www.googleoptimize.com/ 		121 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleoptimize.com/optimize.js?id=OPT-NCQBFZL
Requested by
Host: www.getdreams.com
URL: https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::200e -, , ASN (),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.getdreams.com/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 21:36:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47632
x-xss-protection
0
last-modified
Wed, 03 Apr 2024 21:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 03 Apr 2024 21:36:22 GMT
uc.js
consent.cookiebot.com/ 		0
0
style.min.css
www.getdreams.com/no/wp-includes/css/dist/block-library/ 		108 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.getdreams.com/no/wp-includes/css/dist/block-library/style.min.css?ver=6.4.3
Requested by
Host: www.getdreams.com
URL: https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.11 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 21:36:22 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 24 Jan 2024 19:02:28 GMT
server
cloudflare
etag
W/"65b15ec4-1ae43"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
86ec319a982f67db-MIA
alt-svc
h3=":443"; ma=86400
rs6.css
www.getdreams.com/no/wp-content/plugins/revslider/public/assets/css/ 		60 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.getdreams.com/no/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.4.5
Requested by
Host: www.getdreams.com
URL: https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.11 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
2c676853bc35362cf991f779d8ec093fb2c9b64fbd30c9d46234ae1de7cc1820

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 21:36:22 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 07 Nov 2022 05:00:10 GMT
server
cloudflare
age
51358
etag
W/"636890da-eee3"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
86ec319a983067db-MIA
alt-svc
h3=":443"; ma=86400
app.css
www.getdreams.com/no/wp-content/themes/dreams/ 		102 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.getdreams.com/no/wp-content/themes/dreams/app.css?ver=1696927387
Requested by
Host: www.getdreams.com
URL: https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.11 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 21:36:22 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Tue, 10 Oct 2023 08:43:07 GMT
server
cloudflare
etag
W/"65250e9b-19665"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
86ec319a983267db-MIA
alt-svc
h3=":443"; ma=86400
theme.css
www.getdreams.com/no/wp-content/themes/dreams/ 		85 B
213 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.getdreams.com/no/wp-content/themes/dreams/theme.css?ver=1696927387
Requested by
Host: www.getdreams.com
URL: https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.11 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
dd0ac7848729ded76e1fe3bcce337b22697e3440e9feee3c62a67263afc8abf1

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 21:36:22 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 10 Oct 2023 08:43:07 GMT
server
cloudflare
age
51358
etag
W/"65250e9b-55"
vary
Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
86ec319a983467db-MIA
alt-svc
h3=":443"; ma=86400
frontend-lite.min.css
www.getdreams.com/no/wp-content/plugins/elementor/assets/css/ 		115 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.getdreams.com/no/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.18.3
Requested by
Host: www.getdreams.com
URL: https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.11 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
6ecbdb2dc3f86c7ed142dce156d8f3ca1846b75bb512471935f45b8c8949645e

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 21:36:22 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 28 Dec 2023 08:26:12 GMT
server
cloudflare
age
51358
etag
W/"658d3124-1ca54"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
86ec319a983667db-MIA
alt-svc
h3=":443"; ma=86400
general.min.css
www.getdreams.com/no/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.getdreams.com/no/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.9.14
Requested by
Host: www.getdreams.com
URL: https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.11 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 21:36:22 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 28 Mar 2024 18:06:49 GMT
server
cloudflare
etag
W/"6605b1b9-eae"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
86ec319a983867db-MIA
alt-svc
h3=":443"; ma=86400
jquery.min.js
www.getdreams.com/no/wp-includes/js/jquery/ 		86 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.getdreams.com/no/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by
Host: www.getdreams.com
URL: https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.11 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 21:36:22 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 28 Aug 2023 17:14:23 GMT
server
cloudflare
age
51358
etag
W/"64ecd5ef-15601"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
86ec319a983a67db-MIA
alt-svc
h3=":443"; ma=86400
jquery-migrate.min.js
www.getdreams.com/no/wp-includes/js/jquery/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.getdreams.com/no/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by
Host: www.getdreams.com
URL: https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.11 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 21:36:22 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 09 Jun 2023 05:49:24 GMT
server
cloudflare
age
51358
etag
W/"6482bd64-3509"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
86ec319a983c67db-MIA
alt-svc
h3=":443"; ma=86400
rbtools.min.js
www.getdreams.com/no/wp-content/plugins/revslider/public/assets/js/ 		121 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.getdreams.com/no/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.4.4
Requested by
Host: www.getdreams.com
URL: https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.11 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
463f24ed151c0bc8775c09e92c3885fd96dc17f1e91ca64d70f3ba9600e0eb86

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 21:36:22 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 07 Nov 2022 05:00:10 GMT
server
cloudflare
age
51358
etag
W/"636890da-1e437"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
86ec319a983f67db-MIA
alt-svc
h3=":443"; ma=86400
rs6.min.js
www.getdreams.com/no/wp-content/plugins/revslider/public/assets/js/ 		351 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.getdreams.com/no/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.4.5
Requested by
Host: www.getdreams.com
URL: https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.11 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 21:36:22 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 07 Nov 2022 05:00:10 GMT
server
cloudflare
age
51358
etag
W/"636890da-57ae3"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
86ec319a984067db-MIA
alt-svc
h3=":443"; ma=86400
app.js
www.getdreams.com/no/wp-content/themes/dreams/js/ 		0
0
general.min.js
www.getdreams.com/no/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.getdreams.com/no/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.9.14
Requested by
Host: www.getdreams.com
URL: https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.11 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.getdreams.com/no/refinansiering-av-forbrukslan/gjeldfri/?simulate=true&aff-id=422872&ClickID=04_126372835_b672f480-9fc7-4f54-a7f0-9eaaaf732f05&CID=465965&utm_source=orionmedia&utm_medium=affiliate&utm_campaign=anti-debt
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 21:36:22 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 28 Mar 2024 18:06:49 GMT
server
cloudflare
age
51358
etag
W/"6605b1b9-282f"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
86ec319a984167db-MIA
alt-svc
h3=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
consent.cookiebot.com
URL
https://consent.cookiebot.com/uc.js
Domain
www.getdreams.com
URL
https://www.getdreams.com/no/wp-content/themes/dreams/js/app.js?ver=1696927391

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Domain/Path Name / Value
.ewstopst.com/ Name: _ga_W8ZJSFSEVF
Value: GS1.1.1712180177.1.0.1712180177.0.0.0
.ewstopst.com/ Name: _ga
Value: GA1.2.621639670.1712180177
.ewstopst.com/ Name: _gid
Value: GA1.2.1249309014.1712180177
.ewstopst.com/ Name: _gat_gtag_UA_153633782_1
Value: 1
cnecco.com/ Name: LTTC6_466274
Value: 04_126372826_2f167b9d-0680-49d8-8531-1d7fc1a3b6e8