urlscan.io logo urlscan.io
SecurityTrails logo

ldra.com.br Open in urlscan Pro
188.68.248.16  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
Submission: On November 19 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 17 IPs in 7 countries across 14 domains to perform 38 HTTP transactions. The main IP is 188.68.248.16, located in Olsztyn, Poland and belongs to SPRINT-SDC, PL. The main domain is ldra.com.br.
TLS certificate: Issued by cPanel, Inc. Certification Authority on November 15th 2020. Valid for: 3 months.
This is the only time ldra.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

IP Address AS Autonomous System
3 188.68.248.16 197226 (SPRINT-SDC)
7 54.192.229.56 16509 (AMAZON-02)
1 23.96.124.25 8075 (MICROSOFT...)
2 37.9.170.217 51013 (WEBSUPPOR...)
6 172.67.39.17 13335 (CLOUDFLAR...)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 104.111.247.107 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 99.86.2.101 16509 (AMAZON-02)
2 2606:4700::68... 13335 (CLOUDFLAR...)
3 172.217.18.162 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 54.194.90.60 16509 (AMAZON-02)
38 17
3    188.68.248.16 (Olsztyn, Poland)

ASN197226 (SPRINT-SDC, PL)
PTR: n8248h16.sprintdatacenter.net
ldra.com.br
7    54.192.229.56 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-229-56.waw50.r.cloudfront.net
downloads.mailchimp.com
1    23.96.124.25 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ahost.flaunt.nu
2    37.9.170.217 (Slovakia)

ASN51013 (WEBSUPPORT-SRO-SK-AS, SK)
PTR: shinyhousecore.vps.wbsprt.com
static.fatchilli.media
6    172.67.39.17 (United States)

ASN13335 (CLOUDFLARENET, US)
resources.infolinks.com
router.infolinks.com
2    2a00:1450:4001:81c::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ssl.google-analytics.com
1    104.111.247.107 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-247-107.deploy.static.akamaitechnologies.com
mc.us7.list-manage.com
1    2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    99.86.2.101 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-2-101.fra6.r.cloudfront.net
js.gumgum.com
2    2606:4700::6811:485c (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.engine.addroplet.com
engine.addroplet.com
3    172.217.18.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s29-in-f2.1e100.net
securepubads.g.doubleclick.net
3    2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.nl
pagead2.googlesyndication.com
1    2a00:1450:4001:81b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
1    2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
3a7e388922e478aab0edf0af8ce1028a.safeframe.googlesyndication.com
2    2a00:1450:4001:816::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    54.194.90.60 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-90-60.eu-west-1.compute.amazonaws.com
g2.gumgum.com
Domain Requested by
7 downloads.mailchimp.com ldra.com.br
downloads.mailchimp.com
3 securepubads.g.doubleclick.net static.fatchilli.media
securepubads.g.doubleclick.net
3 router.infolinks.com resources.infolinks.com
3 resources.infolinks.com ldra.com.br
resources.infolinks.com
3 ldra.com.br ldra.com.br
2 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
2 pagead2.googlesyndication.com securepubads.g.doubleclick.net
2 ssl.google-analytics.com 1 redirects ldra.com.br
2 static.fatchilli.media ldra.com.br
static.fatchilli.media
1 g2.gumgum.com js.gumgum.com
1 3a7e388922e478aab0edf0af8ce1028a.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 adservice.google.com securepubads.g.doubleclick.net
1 adservice.google.nl securepubads.g.doubleclick.net
1 engine.addroplet.com cdn.engine.addroplet.com
1 cdn.engine.addroplet.com ahost.flaunt.nu
1 js.gumgum.com ahost.flaunt.nu
1 stats.g.doubleclick.net ldra.com.br
1 mc.us7.list-manage.com downloads.mailchimp.com
1 ahost.flaunt.nu ldra.com.br
ahost.flaunt.nu
0 fonts.googleapis.com Failed ldra.com.br
38 20

This site contains no links.

Subject Issuer Validity Valid
ldra.com.br
cPanel, Inc. Certification Authority		 2020-11-15 -
2021-02-13		 3 months crt.sh
downloads.mailchimp.com
Amazon		 2020-07-10 -
2021-08-10		 a year crt.sh
*.azurewebsites.net
Microsoft IT TLS CA 5		 2019-09-24 -
2021-09-24		 2 years crt.sh
static.fatchilli.media
Let's Encrypt Authority X3		 2020-09-30 -
2020-12-29		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-08-15 -
2021-08-15		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-10-28 -
2021-01-20		 3 months crt.sh
wildcardsan.list-manage.com
DigiCert Secure Site ECC CA-1		 2020-08-26 -
2021-11-25		 a year crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-10-28 -
2021-01-20		 3 months crt.sh
*.gumgum.com
Amazon		 2020-11-14 -
2021-12-13		 a year crt.sh
addroplet.com
Cloudflare Inc ECC CA-3		 2020-07-01 -
2021-07-01		 a year crt.sh
*.google.nl
GTS CA 1O1		 2020-11-03 -
2021-01-26		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-11-03 -
2021-01-26		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1O1		 2020-11-03 -
2021-01-26		 3 months crt.sh

This page contains 6 frames:

Primary Page: https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
Frame ID: F02681080DD5B06241819B9D0A66052B
Requests: 22 HTTP requests in this frame

Frame: https://static.fatchilli.media/stickyBanner-iframe.js
Frame ID: 3341E84FE376A603887FA04ECB37BAA7
Requests: 10 HTTP requests in this frame

Frame: https://router.infolinks.com/usync/manage?pid=3285627&wsid=0
Frame ID: 42A590C5C21AFF175A52D2C8E9BFD296
Requests: 1 HTTP requests in this frame

Frame: https://downloads.mailchimp.com/css/signup-forms/popup/56e7ecd72519300e38d4c8e42744c00035f2bf09/common.css
Frame ID: C07462473AD7FC43826B14C7644F4A29
Requests: 2 HTTP requests in this frame

Frame: https://downloads.mailchimp.com/css/signup-forms/popup/56e7ecd72519300e38d4c8e42744c00035f2bf09/common.css
Frame ID: 3C54A9B2507CD8D43B4562C4A71A0799
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: EC93AECC45F11D0CB9854A0F6298CBFF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

38
Requests

92 %
HTTPS

44 %
IPv6

14
Domains

20
Subdomains

17
IPs

7
Countries

695 kB
Transfer

1889 kB
Size

19
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8
  • https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=265615591&utmhn=ldra.com.br&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=163%E7%BD%91%E6%98%93%E5%85%8D%E8%B4%B9%E9%82%AE--%E4%B8%AD%E6%96%87%E9%82%AE%E7%AE%B1%E7%AC%AC%E4%B8%80%E5%93%81%E7%89%8C&utmhid=218206608&utmr=-&utmp=%2Fwp-content%2Fupgrade%2Fch%2Fp5p5-5%2F&utmht=1605778227522&utmac=UA-6656061-1&utmcc=__utma%3D1.194669767.1605778228.1605778228.1605778228.1%3B%2B__utmz%3D1.1605778228.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1907975159&utmredir=1&utmu=qhAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-6656061-1&cid=194669767.1605778228&jid=1907975159&_v=5.7.2&z=265615591

38 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
ldra.com.br/wp-content/upgrade/ch/p5p5-5/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
188.68.248.16 Olsztyn, Poland, ASN197226 (SPRINT-SDC, PL),
Reverse DNS
n8248h16.sprintdatacenter.net
Software
nginx /
Resource Hash
9bcb7e0a739e8161c9832a714d70b1df07580362645b11ad6b14fb72f719bb53
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
ldra.com.br
:scheme
https
:path
/wp-content/upgrade/ch/p5p5-5/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

server
nginx
date
Thu, 19 Nov 2020 09:30:28 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-xss-protection
1; mode=block
x-content-type-options
nosniff
x-nginx-cache-status
MISS
x-server-powered-by
Engintron
content-encoding
gzip
style.css
ldra.com.br/wp-content/upgrade/ch/p5p5-5/ 		2 KB
837 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/style.css
Requested by
Host: ldra.com.br
URL: https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
188.68.248.16 Olsztyn, Poland, ASN197226 (SPRINT-SDC, PL),
Reverse DNS
n8248h16.sprintdatacenter.net
Software
nginx /
Resource Hash
d79c162546f1b3d7e79c5d4557e619f9d990b2b044806ff058193e142e6c7f2c

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
public
date
Thu, 19 Nov 2020 09:30:28 GMT
content-encoding
gzip
last-modified
Thu, 19 Nov 2020 01:28:34 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
expires
Sat, 19 Dec 2020 09:30:28 GMT
embed.js
downloads.mailchimp.com/js/signup-forms/popup/unique-methods/ 		128 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/embed.js
Requested by
Host: ldra.com.br
URL: https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.192.229.56 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-229-56.waw50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d8c3fbef87d09c09c57ca16e8f7bd8b62d531ccf2aebd4056b73b6395869bca0

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 09:30:02 GMT
Content-Encoding
gzip
Last-Modified
Mon, 27 Jul 2020 14:05:46 GMT
Server
AmazonS3
Age
25
ETag
W/"bc4277913601fee0523d85a320c0578a"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 4cea94b0894987ae880983d50307d214.cloudfront.net (CloudFront)
Connection
keep-alive
Transfer-Encoding
chunked
X-Amz-Cf-Pop
WAW50-C1
X-Amz-Cf-Id
ciqUrbVmyPhfTQsn0yi9m4GwYQSB38ENkFv1q3cU7BKabSjKhQtXXw==
flaunthead.js
ahost.flaunt.nu/scripts/ 		31 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ahost.flaunt.nu/scripts/flaunthead.js
Requested by
Host: ldra.com.br
URL: https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.96.124.25 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
f4b4b8e8bb82266b4847fe753b912795d6a14b231e820901ec9160816c97f475

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 09:30:27 GMT
Content-Encoding
gzip
ETag
"02969ba1043d61:0"
Last-Modified
Mon, 15 Jun 2020 12:30:18 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/x-javascript
Accept-Ranges
bytes
Content-Length
6930
stickyBanner.js
static.fatchilli.media/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.fatchilli.media/stickyBanner.js
Requested by
Host: ldra.com.br
URL: https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
37.9.170.217 , Slovakia, ASN51013 (WEBSUPPORT-SRO-SK-AS, SK),
Reverse DNS
shinyhousecore.vps.wbsprt.com
Software
nginx/1.18.0 /
Resource Hash
2eb6606679ce28fdacdfcd57387ad0bffd631d6b85f1ac7c1ea910454524efd5

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 19 Nov 2020 09:30:27 GMT
content-encoding
gzip
last-modified
Wed, 10 Jun 2020 13:43:11 GMT
server
nginx/1.18.0
etag
W/"5ee0e36f-bee"
vary
Accept-Encoding
content-type
application/javascript
infolinks_main.js
resources.infolinks.com/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/infolinks_main.js
Requested by
Host: ldra.com.br
URL: https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3f3c7d8470743bd602978685d6111b89805782ed555a49879eb8b2090b915787

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray
5f48e9a10e7b1ec6-AMS
date
Thu, 19 Nov 2020 09:30:27 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Thu, 19 Nov 2020 07:50:10 GMT
server
cloudflare
age
6014
etag
W/"b54-5b470fa2cdc0f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=3600
content-encoding
gzip
cf-request-id
06817058a300001ec63dba0000000001
expires
Thu, 19 Nov 2020 08:50:13 GMT
css
fonts.googleapis.com/ 		0
0
ga.js
ssl.google-analytics.com/ 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: ldra.com.br
URL: https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
5778
date
Thu, 19 Nov 2020 07:54:09 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17168
expires
Thu, 19 Nov 2020 09:54:09 GMT
form-settings
mc.us7.list-manage.com/subscribe/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mc.us7.list-manage.com/subscribe/form-settings?u=b31ed076e5aa2d8ad73880341&id=2ecfda4f48&u=b31ed076e5aa2d8ad73880341&id=2ecfda4f48&c=dojo_request_script_callbacks.dojo_request_script0
Requested by
Host: downloads.mailchimp.com
URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/embed.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.111.247.107 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-247-107.deploy.static.akamaitechnologies.com
Software
openresty /
Resource Hash
3d0dfe78f709adb85da673de51aa7fabdd86a562d58feaa7ff1c5300b8917c37

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency
336
date
Thu, 19 Nov 2020 09:30:27 GMT
content-encoding
gzip
referrer-policy
same-origin
server
openresty
x-edgeconnect-midmile-rtt
0
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
max-age=277
x-ua-compatible
IE=edge,chrome=1
content-length
1162
expires
Thu, 19 Nov 2020 09:35:04 GMT
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=265615591&utmhn=ldra.com.br&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=163%E7%BD...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-6656061-1&cid=194669767.1605778228&jid=1907975159&_v=5.7.2&z=265615591
35 B
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-6656061-1&cid=194669767.1605778228&jid=1907975159&_v=5.7.2&z=265615591
Requested by
Host: ldra.com.br
URL: https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Thu, 19 Nov 2020 09:30:27 GMT
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 19 Nov 2020 09:30:27 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-6656061-1&cid=194669767.1605778228&jid=1907975159&_v=5.7.2&z=265615591
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
368
expires
Fri, 01 Jan 1990 00:00:00 GMT
site.css
ahost.flaunt.nu/content/ 		0
0
services.js
js.gumgum.com/ 		98 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.gumgum.com/services.js
Requested by
Host: ahost.flaunt.nu
URL: https://ahost.flaunt.nu/scripts/flaunthead.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.2.101 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-2-101.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1385e71094f42cb99f4cc27ff8372d60f002292c5e3c09557070803a4321743d

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 19 Nov 2020 09:30:28 GMT
content-encoding
gzip
last-modified
Tue, 17 Nov 2020 18:40:56 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
etag
W/"6cb55caae7bbfa1611fc3722a7b58aa5"
vary
Accept-Encoding
x-cache
Miss from cloudfront
x-amz-version-id
NTDIXZCjs.ow59nx5XESxS.eYT3As0DE
via
1.1 c1fb60e38be5022a78e4b52bedded7c2.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-meta-timing-allow-origin
*
x-amz-meta-access-control-allow-origin
*
content-type
application/javascript
x-amz-cf-id
aXLwH9JduhkSpE9k9Qv9INTHwlPxGJxFP8_Hde4Pm7MFZHXD1v-kpA==
infinity.js.aspx
cdn.engine.addroplet.com/Scripts/ 		176 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.engine.addroplet.com/Scripts/infinity.js.aspx?guid=92d36bf9-ee90-4ee0-b87f-22021b6d6ed1
Requested by
Host: ahost.flaunt.nu
URL: https://ahost.flaunt.nu/scripts/flaunthead.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:485c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
ca39bdcd620fb16a2e659c6e0c6e5b4d31479e68a5db9794840e10c751fa6467

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 19 Nov 2020 09:30:27 GMT
content-encoding
gzip
cf-cache-status
HIT
server
cloudflare
age
673
x-powered-by
ASP.NET
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR IND"
access-control-allow-origin
*
cache-control
public, no-transform, max-age=900
cf-ray
5f48e9a42fdd2c42-FRA
content-type
application/x-javascript; charset=utf-8
cf-request-id
0681705aa100002c42d9ad2000000001
ice.js
resources.infolinks.com/js/1717.018-3.007/ 		550 KB
162 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/1717.018-3.007/ice.js
Requested by
Host: ldra.com.br
URL: https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9397735fa641f44779be88a56c8ce233b48411eaddb36e539339ec182bef200

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray
5f48e9a41db21ec6-AMS
date
Thu, 19 Nov 2020 09:30:27 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Tue, 03 Nov 2020 20:03:58 GMT
server
cloudflare
age
6033
etag
W/"8966b-5b3395d0200fe"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
content-encoding
gzip
cf-request-id
0681705a8c00001ec68f183000000001
expires
Sat, 19 Dec 2020 07:49:54 GMT
bg.png
ldra.com.br/wp-content/upgrade/ch/p5p5-5/ 		94 KB
94 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/bg.png
Requested by
Host: ldra.com.br
URL: https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/style.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
188.68.248.16 Olsztyn, Poland, ASN197226 (SPRINT-SDC, PL),
Reverse DNS
n8248h16.sprintdatacenter.net
Software
nginx /
Resource Hash
34aa021f8933baefa64cd07e049433d1052e6618713dfd7e5a77eefb4883ab90

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
public
date
Thu, 19 Nov 2020 09:30:28 GMT
last-modified
Thu, 19 Nov 2020 01:28:34 GMT
server
nginx
content-type
image/png
cache-control
max-age=5184000
accept-ranges
bytes
content-length
96054
expires
Mon, 18 Jan 2021 09:30:28 GMT
stickyBanner-iframe.js
static.fatchilli.media/ Frame 3341 		8 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.fatchilli.media/stickyBanner-iframe.js
Requested by
Host: static.fatchilli.media
URL: https://static.fatchilli.media/stickyBanner.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
37.9.170.217 , Slovakia, ASN51013 (WEBSUPPORT-SRO-SK-AS, SK),
Reverse DNS
shinyhousecore.vps.wbsprt.com
Software
nginx/1.18.0 /
Resource Hash
1c19097a5d29428316dbe5ec947e84c26b8ea3bd67cc138c31b7e76732388e87

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 19 Nov 2020 09:30:27 GMT
content-encoding
gzip
last-modified
Wed, 10 Jun 2020 13:43:11 GMT
server
nginx/1.18.0
etag
W/"5ee0e36f-1f87"
vary
Accept-Encoding
content-type
application/javascript
Tag.engine
engine.addroplet.com/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://engine.addroplet.com/Tag.engine?time=-60&id=92d36bf9-ee90-4ee0-b87f-22021b6d6ed1&rand=62998&ver=async&referrerUrl=&fingerPrint=123&abr=false&stdTime=60&fpe=1&bw=1600&bh=1200&res=1600x1200&curl=https%3A%2F%2Fldra.com.br%2Fwp-content%2Fupgrade%2Fch%2Fp5p5-5%2F&kw=
Requested by
Host: cdn.engine.addroplet.com
URL: https://cdn.engine.addroplet.com/Scripts/infinity.js.aspx?guid=92d36bf9-ee90-4ee0-b87f-22021b6d6ed1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:485c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
8966be4d46c765ea043aaacb23ad8b0c5aff478c9d5fd6701247d3806507b642

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 19 Nov 2020 09:30:28 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
x-powered-by
ASP.NET
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR IND"
access-control-allow-origin
*
cache-control
private, no-transform
cf-ray
5f48e9a4992e2c42-FRA
content-type
application/json; charset=utf-8
cf-request-id
0681705adc00002c42e38dc000000001
pbice.js
resources.infolinks.com/js/pbice/3.007/ 		265 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/pbice/3.007/pbice.js
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1717.018-3.007/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c2f5864f0015bd6b17bf20ca3b471675b28532a2a0995f8abf3dcd8dbacc2cbf

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray
5f48e9a4cf331ec6-AMS
date
Thu, 19 Nov 2020 09:30:27 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Mon, 05 Oct 2020 14:36:29 GMT
server
cloudflare
age
3583
etag
W/"42428-5b0ed686da547"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
content-encoding
gzip
cf-request-id
0681705afa00001ec6a73fd000000001
expires
Sat, 19 Dec 2020 08:30:44 GMT
manage
router.infolinks.com/usync/ Frame 42A5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://router.infolinks.com/usync/manage?pid=3285627&wsid=0
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1717.018-3.007/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
router.infolinks.com
:scheme
https
:path
/usync/manage?pid=3285627&wsid=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/

Response headers

date
Thu, 19 Nov 2020 09:30:28 GMT
content-type
text/html;charset=UTF-8
set-cookie
__cfduid=d25a0249a44b4f356971082fc7195bc261605778227; expires=Sat, 19-Dec-20 09:30:27 GMT; path=/; domain=.infolinks.com; HttpOnly; SameSite=Lax
cache-control
no-store
p3p
CP="NON DSP NID OUR COR"
via
1.1 google
cf-cache-status
DYNAMIC
cf-request-id
0681705b1000001ec64893a000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5f48e9a4ef7e1ec6-AMS
content-encoding
gzip
lcmanage
router.infolinks.com/usync/ 		0
100 B 		Script
General
Check archive.org
Download Go to
Full URL
https://router.infolinks.com/usync/lcmanage?pid=3285627&wsid=0
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1717.018-3.007/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 19 Nov 2020 09:30:28 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control
no-store
cf-ray
5f48e9a4ef881ec6-AMS
content-length
0
cf-request-id
0681705b1200001ec6a8216000000001
gsd
router.infolinks.com/ 		0
60 B 		Script
General
Check archive.org
Download Go to
Full URL
https://router.infolinks.com/gsd?evt=afterGSD&pid=3285627&wsid=0&pdom=ldra.com.br&purl=https%3A%2F%2Fldra.com.br%2Fwp-content%2Fupgrade%2Fch%2Fp5p5-5%2F&jsv=1717.018-3.007&_cb=16057782279780
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1717.018-3.007/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 19 Nov 2020 09:30:28 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
5f48e9a4ef8c1ec6-AMS
content-length
0
cf-request-id
0681705b1400001ec6963a1000000001
popup.js
downloads.mailchimp.com/js/signup-forms/popup/unique-methods/56e7ecd72519300e38d4c8e42744c00035f2bf09/ 		101 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/56e7ecd72519300e38d4c8e42744c00035f2bf09/popup.js
Requested by
Host: downloads.mailchimp.com
URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/embed.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.192.229.56 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-229-56.waw50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6ed1a215eecd0157174987e302a5f4e1f6a5d1cd7f384608c4e6e8f5cd535ff1

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 09:29:54 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 May 2020 15:07:51 GMT
Server
AmazonS3
Age
79
ETag
"459011526cbe745c65ba1b165285fbe9"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 4cea94b0894987ae880983d50307d214.cloudfront.net (CloudFront)
Connection
keep-alive
Transfer-Encoding
chunked
X-Amz-Cf-Pop
WAW50-C1
X-Amz-Cf-Id
q-AZWT4Zd8glSagfXtWgyAIe5Gs5YKJazCv6QxFWe0JfEh9bvi2U8Q==
gpt.js
securepubads.g.doubleclick.net/tag/js/ Frame 3341 		55 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: static.fatchilli.media
URL: https://static.fatchilli.media/stickyBanner-iframe.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s29-in-f2.1e100.net
Software
sffe /
Resource Hash
6392cc9127cf31726c8a98b94299e6295e6b2a51d2e54a0338086afb03621571
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 19 Nov 2020 09:30:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"698 / 998 of 1000 / last-modified: 1605740934"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18258
x-xss-protection
0
expires
Thu, 19 Nov 2020 09:30:28 GMT
common.css
downloads.mailchimp.com/css/signup-forms/popup/56e7ecd72519300e38d4c8e42744c00035f2bf09/ Frame C074 		9 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://downloads.mailchimp.com/css/signup-forms/popup/56e7ecd72519300e38d4c8e42744c00035f2bf09/common.css
Requested by
Host: downloads.mailchimp.com
URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/56e7ecd72519300e38d4c8e42744c00035f2bf09/popup.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.192.229.56 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-229-56.waw50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4c69c701fd3700fca10f8e6180c9f60f9af13c943ee7f1513f4b7709d8b75d72

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 09:30:28 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 May 2020 15:07:51 GMT
Server
AmazonS3
X-Amz-Cf-Pop
WAW50-C1
ETag
"82e72d627b04e1654282023cca1d1e69"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
text/css
Via
1.1 4cea94b0894987ae880983d50307d214.cloudfront.net (CloudFront)
Transfer-Encoding
chunked
Connection
keep-alive
X-Amz-Cf-Id
I4rVNo3JWCJKsxgpog7gXpR9fvU6eSN2Z34-MWS8CDgwJh-v7cFDog==
banner.css
downloads.mailchimp.com/css/signup-forms/popup/56e7ecd72519300e38d4c8e42744c00035f2bf09/ Frame C074 		1005 B
959 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://downloads.mailchimp.com/css/signup-forms/popup/56e7ecd72519300e38d4c8e42744c00035f2bf09/banner.css
Requested by
Host: downloads.mailchimp.com
URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/56e7ecd72519300e38d4c8e42744c00035f2bf09/popup.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.192.229.56 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-229-56.waw50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bece213397fe5f546674ee29dd3f69ec2f2cc0e480e67f09dcc4c25c0d12a3d7

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 09:29:55 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 May 2020 15:07:52 GMT
Server
AmazonS3
Age
34
ETag
"78d1bdd981816cfbeb6954a85f9efa58"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
text/css
Via
1.1 4cea94b0894987ae880983d50307d214.cloudfront.net (CloudFront)
Connection
keep-alive
Transfer-Encoding
chunked
X-Amz-Cf-Pop
WAW50-C1
X-Amz-Cf-Id
FxDibB9REkDHlW7rtcIIAzbaDlh4FxABWTjE32w7gMOzHNBmsarC7A==
common.css
downloads.mailchimp.com/css/signup-forms/popup/56e7ecd72519300e38d4c8e42744c00035f2bf09/ Frame 3C54 		9 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://downloads.mailchimp.com/css/signup-forms/popup/56e7ecd72519300e38d4c8e42744c00035f2bf09/common.css
Requested by
Host: downloads.mailchimp.com
URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/56e7ecd72519300e38d4c8e42744c00035f2bf09/popup.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.192.229.56 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-229-56.waw50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4c69c701fd3700fca10f8e6180c9f60f9af13c943ee7f1513f4b7709d8b75d72

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 09:30:16 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 May 2020 15:07:51 GMT
Server
AmazonS3
Age
13
ETag
"82e72d627b04e1654282023cca1d1e69"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
text/css
Via
1.1 11feb51f1ab40a62989608642e908bf8.cloudfront.net (CloudFront)
Connection
keep-alive
Transfer-Encoding
chunked
X-Amz-Cf-Pop
WAW50-C1
X-Amz-Cf-Id
_R85GRu2f2o4mywhI2G3tiLcsfqFuTTSNydPQH87tUo9ZMOIZTvzOg==
layout-1.css
downloads.mailchimp.com/css/signup-forms/popup/56e7ecd72519300e38d4c8e42744c00035f2bf09/ Frame 3C54 		804 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://downloads.mailchimp.com/css/signup-forms/popup/56e7ecd72519300e38d4c8e42744c00035f2bf09/layout-1.css
Requested by
Host: downloads.mailchimp.com
URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/56e7ecd72519300e38d4c8e42744c00035f2bf09/popup.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.192.229.56 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-229-56.waw50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
60defd0229880a6f78696fcf8e687f94e43fc8bb5ff66028e23e546d0345d2f1

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 09:29:55 GMT
Via
1.1 93ca7f89577bcc406284a7bbde241b21.cloudfront.net (CloudFront)
Last-Modified
Fri, 22 May 2020 15:07:51 GMT
Server
AmazonS3
Age
33
ETag
"33e182d2957d66f0239c291b39120c17"
X-Cache
Hit from cloudfront
Content-Type
text/css
Connection
keep-alive
X-Amz-Cf-Pop
WAW50-C1
Accept-Ranges
bytes
Content-Length
804
X-Amz-Cf-Id
OyQvB_tNzJT0vBUaNf0Wetc6rpgcR4NoBB5MSLlIjrk_XooDO30yJQ==
modal-slidein.css
downloads.mailchimp.com/css/signup-forms/popup/56e7ecd72519300e38d4c8e42744c00035f2bf09/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://downloads.mailchimp.com/css/signup-forms/popup/56e7ecd72519300e38d4c8e42744c00035f2bf09/modal-slidein.css
Requested by
Host: downloads.mailchimp.com
URL: https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/56e7ecd72519300e38d4c8e42744c00035f2bf09/popup.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.192.229.56 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-229-56.waw50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
717a079466da86282255203ddb9f6faafb2bf0ca0bb23ecb539463b3f963bde4

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 09:29:36 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 May 2020 15:07:52 GMT
Server
AmazonS3
Age
53
ETag
"d23d4c0fac6d9f158d23552bbd4592f0"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
text/css
Via
1.1 465e661d27b2b6a1c349a5550c745b0f.cloudfront.net (CloudFront)
Connection
keep-alive
Transfer-Encoding
chunked
X-Amz-Cf-Pop
WAW50-C1
X-Amz-Cf-Id
1Q1XxKfikbvvWQYbf_mVzZy5pgJVbp-qAbgrm_6_kOi96hegS7gNuw==
pubads_impl_2020111601.js
securepubads.g.doubleclick.net/gpt/ Frame 3341 		277 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111601.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
172.217.18.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s29-in-f2.1e100.net
Software
sffe /
Resource Hash
c442ff155dca60045b1a65d836acc2e876fd92ed4ad2e1b61272940530839837
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 19 Nov 2020 09:30:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 16 Nov 2020 09:37:34 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
99683
x-xss-protection
0
expires
Thu, 19 Nov 2020 09:30:28 GMT
integrator.js
adservice.google.nl/adsid/ Frame 3341 		109 B
803 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.nl/adsid/integrator.js?domain=
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 19 Nov 2020 09:30:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 3341 		109 B
803 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 19 Nov 2020 09:30:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ Frame 3341 		492 B
723 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=707122323226828&correlator=1641262640561880&output=ldjh&impl=fif&eid=21068750%2C21068418&vrg=2020111601&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20201119&iu_parts=162717810%2CCA-MarketingChoiceMedia%2C728x90-sticky-norefresh&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&eri=4&cookie_enabled=1&cdm=ldra.com.br&bc=31&abxe=1&dt=1605778228316&dlt=1605778227848&idt=451&frm=23&biw=1600&bih=1200&isw=1600&ish=150&oid=3&adxs=436&adys=1041&adks=3646842177&ucis=s7398pww7g00&ifi=1&ifk=3387442832&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=ldra.com.br%2Fwp-content%2Fupgrade%2Fch%2Fp5p5-5%2F&loc=about%3Ablank&top=ldra.com.br&dssz=5&icsg=680&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x90&msz=728x90&ga_vid=81347107.1605778228&ga_sid=1605778228&ga_hid=380741140&fws=0&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111601.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
172.217.18.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s29-in-f2.1e100.net
Software
cafe /
Resource Hash
a2e06facb9f4308619e6561b84e575bfd86359c80a6c70c3ab37fe3780aff00e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 19 Nov 2020 09:30:28 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
267
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://ldra.com.br
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
3a7e388922e478aab0edf0af8ce1028a.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 3341 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://3a7e388922e478aab0edf0af8ce1028a.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
sodar
pagead2.googlesyndication.com/getconfig/ Frame 3341 		8 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020111601&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2e31af7d9c524bb57f41010a02ac0f86b130f7bc55033e1dbab09f8a3ffda6eb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 19 Nov 2020 09:30:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
6477
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 3341 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 19 Nov 2020 09:30:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1603823857801521"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6015
x-xss-protection
0
expires
Thu, 19 Nov 2020 09:30:28 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame EC93 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/219/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
content-length
4867
date
Thu, 19 Nov 2020 09:10:29 GMT
expires
Fri, 19 Nov 2021 09:10:29 GMT
last-modified
Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
1199
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
gen_204
pagead2.googlesyndication.com/pagead/ Frame 3341 		0
166 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gpt_2020111601&jk=707122323226828&bg=!VlWlVXXNAAUoamvQKFiFfNXbxVU2KwIAAACRUgAAABJoAQcKARVYkKOFCwb-KVcSyS4C8Ya4MAeQelcO6d9XAr1DvNownbFi-yR84BlrVUu62_16N4SdhCRCq1vlYoJE1ZnsUhnfJzu6xpWgdWCuw5HNI6iKuZFTfG3b5M87-2WDV-xRHkYLe2H1nYfWXdWGyMx1udt5mJycGAv7-Tu2efTNH1QJjGeynKxnlLy6D0c5LampJWGl6dKHyrMvnCkD1lwmiWNQd4QIrKINTbr808vDsAyzha6JH1625ZmvpoTJxOELyBZ8IerWYJx0faJu4OkrYD2x_S8eyweo1s9wvDmPt5ifUr6XfV_DDynEERs8oRzPzXXpOCeghpY-RhuOnsDC7mG5mNVSj9t5VvfZjbE_3Cjgbgf0fXTtmQHJdqjQwJzSIMewRnbKNGSqaFP_SjHXPi1Ut3OnZFRZQxzzRN5RLHnBIJUnAZBNZrbGxZ9GqOhuRKTr6Zq-7DjcHy5jZJiwvc1XW98UJbvBGONLQcr3rXMnNguwzgUiS4NkFvapDjw5X-WHSMG9XaYsmqfhCflK1u2TMqKTuZMMZ1r-cTx2T6E34KXMSsDh-iT0rtejaXDoBlIXVNS_I08N5RmsvUVIhLM9PG48Id5lqYsn6Eix9N77gcsbipbXRK5arwWMP9he9ijYWVY7-PycxILEw5GTCjPfaWYiSuUqK6muCiHmo4DwnIh_lmysbYIHnO9NZtoenMTcbZ3RBdDJ0HE4t8HCq9No70zxnSp1vVe7heK0bv3p7tSQXBTjwsKqbo-6wRlK5BbxgcxZ2qwpZTdhLlOFMTvlt4U10_dZHKu8bpejYOvojtPSQ8uacbylztChTWbh5Wl2o8-OJlvZNCsR9O4vlPjnmbX0vFpRFKIWELtZp2nS27pTvQ6GqFIk0ppyM63NjGjAE2aM4vM4ASDa_1p0v2CPDeVK_WnN5d3YoY86lF0H-sAunfVzBb7HZDmiRfuvQGWVvSdk-IwGNbybhGNgPEmc4w
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 19 Nov 2020 09:30:29 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
services
g2.gumgum.com/zones/a788e880/ 		0
530 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/zones/a788e880/services?dp=https%3A%2F%2Fldra.com.br%2Fwp-content%2Fupgrade%2Fch%2Fp5p5-5%2F&pu=https%3A%2F%2Fldra.com.br%2Fwp-content%2Fupgrade%2Fch%2Fp5p5-5%2F&rf=&r=3.74.2&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A2%2C%22ren%22%3A2%2C%22fc%22%3A0%2C%22ctx%22%3A%5B0%5D%2C%22jsv%22%3A%223.74.2%22%2C%22pbv%22%3A%220.0.0%22%7D&ns=10240&bf=1a67474b70276f01141e12c412f0b0d753906e9a&ce=true&fs=false&dpr=1&sch=1200&scw=1600&lt=1605778230738&to=-60&vpii=false&vph=1200&vpw=1600
Requested by
Host: js.gumgum.com
URL: https://js.gumgum.com/services.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.90.60 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-90-60.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ldra.com.br/wp-content/upgrade/ch/p5p5-5/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin
https://ldra.com.br
date
Thu, 19 Nov 2020 09:30:30 GMT
access-control-allow-credentials
true
server
nginx
timing-allow-origin
*
etag
"0d41d8cd98f00b204e9800998ecf8427e"
p3p
CP="This is not a P3P policy"

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Oleo+Script
Domain
ahost.flaunt.nu
URL
http://ahost.flaunt.nu/content/site.css

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

61 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| _gaq function| dojoDefine function| dojoRequire object| dojo object| dijit object| dojox object| dojo_request_script_callbacks object| _gat object| gaGlobal function| isMobile function| isMobileOrTablet function| setCookie function| getCookie boolean| isInIframe function| isTopFlaunt boolean| isSoSugary string| ggv2id object| gptPassbackConfig object| gptConstants function| init function| injectIframe function| fileExists function| addScript number| infolinks_pid number| infolinks_wsid object| $iceboot object| INFOLINKS object| g367CB268B1094004A3689751E7AC568F undefined| g undefined| adscoreVerificationStatus undefined| freqms undefined| elapsed undefined| waitForAdscoreSignature function| UAParser function| _typeof object| $ice object| $infolinks function| hb_iceChunk object| hb_ice object| _pbjsGlobals object| $ICE_HB function| SignupForm function| PopupSignupForm object| parts object| ggevents undefined| bean object| GUMGUM object| ggData

19 Cookies

Domain/Path Name / Value
.casalemedia.com/ Name: CMID
Value: X7Y7NKz7LS0vSNqCYqM6.QAA
.infolinks.com/ Name: ZMNUSERCOOKIE
Value: ""
.ldra.com.br/ Name: __gads
Value: ID=6f26be81c59960e6-2202845374a600c3:T=1605778228:S=ALNI_MbWz3cDjyNmMyjMWd47oAOnqSEP-A
.infolinks.com/ Name: PUBMUSERCOOKIE
Value: 4F51F01F-65F7-4557-8B0E-939912FA29FD
ldra.com.br/ Name: __utmb
Value: 1.1.10.1605778228
.casalemedia.com/ Name: CMPS
Value: 3164
.infolinks.com/ Name: BIZZCUSERCOOKIE
Value: 4e42123fce38789612b4874d31f3ab695fa4315da8390bf163a6d8a9c24cd49a
.infolinks.com/ Name: IXUSERCOOKIE
Value: X7Y7NKz7LS0vSNqCYqM6.QAA&1151
.infolinks.com/ Name: SOVRNUSERCOOKIE
Value: 8ceb27cc0b8646f260406002
ldra.com.br/ Name: __utmt
Value: 1
.casalemedia.com/ Name: CMST
Value: X7Y7NF+2OzQA
.infolinks.com/ Name: OUTHUSERCOOKIE
Value: y-AVy_mIZ1l2baXYDvFlS5o_LVt1K83tlK~UPdc510b92-2a49-11eb-b6e9-02790b775656
.casalemedia.com/ Name: CMRUM3
Value: 275fb63b340b40&295fb63b3405a00&f15fb63b3405a00&bc5fb63b3405a00&5a5fb63b3405a0&2d5fb63b3405a0&e65fb63b3427600&985fb63b342760d03424d2-2d03-445c-8d65-73d3489b9e2e
ldra.com.br/ Name: __utma
Value: 1.194669767.1605778228.1605778228.1605778228.1
ldra.com.br/ Name: __utmz
Value: 1.1605778228.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
.casalemedia.com/ Name: CMPRO
Value: 1151
.infolinks.com/ Name: ZTUSERCOOKIE
Value: 1875819614011723816
ldra.com.br/ Name: __utmc
Value: 1
ldra.com.br/wp-content/upgrade/ch/p5p5-5 Name: logglytrackingsession
Value: 23f4111a-63ce-46d9-84c0-faeaa076b7ab

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3a7e388922e478aab0edf0af8ce1028a.safeframe.googlesyndication.com
adservice.google.com
adservice.google.nl
ahost.flaunt.nu
cdn.engine.addroplet.com
downloads.mailchimp.com
engine.addroplet.com
fonts.googleapis.com
g2.gumgum.com
js.gumgum.com
ldra.com.br
mc.us7.list-manage.com
pagead2.googlesyndication.com
resources.infolinks.com
router.infolinks.com
securepubads.g.doubleclick.net
ssl.google-analytics.com
static.fatchilli.media
stats.g.doubleclick.net
tpc.googlesyndication.com
ahost.flaunt.nu
fonts.googleapis.com
104.111.247.107
172.217.18.162
172.67.39.17
188.68.248.16
23.96.124.25
2606:4700::6811:485c
2a00:1450:4001:806::2001
2a00:1450:4001:80b::2002
2a00:1450:4001:816::2001
2a00:1450:4001:81b::2002
2a00:1450:4001:81c::2008
2a00:1450:400c:c00::9b
37.9.170.217
54.192.229.56
54.194.90.60
99.86.2.101
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
1385e71094f42cb99f4cc27ff8372d60f002292c5e3c09557070803a4321743d
1c19097a5d29428316dbe5ec947e84c26b8ea3bd67cc138c31b7e76732388e87
2e31af7d9c524bb57f41010a02ac0f86b130f7bc55033e1dbab09f8a3ffda6eb
2eb6606679ce28fdacdfcd57387ad0bffd631d6b85f1ac7c1ea910454524efd5
34aa021f8933baefa64cd07e049433d1052e6618713dfd7e5a77eefb4883ab90
3d0dfe78f709adb85da673de51aa7fabdd86a562d58feaa7ff1c5300b8917c37
3f3c7d8470743bd602978685d6111b89805782ed555a49879eb8b2090b915787
4c69c701fd3700fca10f8e6180c9f60f9af13c943ee7f1513f4b7709d8b75d72
60defd0229880a6f78696fcf8e687f94e43fc8bb5ff66028e23e546d0345d2f1
6392cc9127cf31726c8a98b94299e6295e6b2a51d2e54a0338086afb03621571
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
6ed1a215eecd0157174987e302a5f4e1f6a5d1cd7f384608c4e6e8f5cd535ff1
717a079466da86282255203ddb9f6faafb2bf0ca0bb23ecb539463b3f963bde4
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8966be4d46c765ea043aaacb23ad8b0c5aff478c9d5fd6701247d3806507b642
9bcb7e0a739e8161c9832a714d70b1df07580362645b11ad6b14fb72f719bb53
a2e06facb9f4308619e6561b84e575bfd86359c80a6c70c3ab37fe3780aff00e
a9397735fa641f44779be88a56c8ce233b48411eaddb36e539339ec182bef200
bece213397fe5f546674ee29dd3f69ec2f2cc0e480e67f09dcc4c25c0d12a3d7
c2f5864f0015bd6b17bf20ca3b471675b28532a2a0995f8abf3dcd8dbacc2cbf
c442ff155dca60045b1a65d836acc2e876fd92ed4ad2e1b61272940530839837
ca39bdcd620fb16a2e659c6e0c6e5b4d31479e68a5db9794840e10c751fa6467
d79c162546f1b3d7e79c5d4557e619f9d990b2b044806ff058193e142e6c7f2c
d8c3fbef87d09c09c57ca16e8f7bd8b62d531ccf2aebd4056b73b6395869bca0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f4b4b8e8bb82266b4847fe753b912795d6a14b231e820901ec9160816c97f475