urlscan.io logo urlscan.io
SecurityTrails logo

blog.rhemaeducacao.com.br Open in urlscan Pro
189.1.169.3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://blog.rhemaeducacao.com.br/
Effective URL: https://blog.rhemaeducacao.com.br/
Submission: On April 19 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 5 countries across 11 domains to perform 42 HTTP transactions. The main IP is 189.1.169.3, located in São Paulo, Brazil and belongs to Latitude.sh LTDA, BR. The main domain is blog.rhemaeducacao.com.br.
TLS certificate: Issued by R3 on April 13th 2024. Valid for: 3 months.
This is the only time blog.rhemaeducacao.com.br was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
15 189.1.169.3 262287 (Latitude....)
2 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
5 52.222.250.175 16509 (AMAZON-02)
2 34.68.90.188 396982 (GOOGLE-CL...)
2 2a03:2880:f08... 32934 (FACEBOOK)
1 2a03:2880:f17... 32934 (FACEBOOK)
2 2a00:1450:400... 15169 (GOOGLE)
1 35.223.116.65 396982 (GOOGLE-CL...)
1 2a00:1450:400... 15169 (GOOGLE)
2 104.17.24.14 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
42 13
15    189.1.169.3 (São Paulo, Brazil)

ASN262287 (Latitude.sh LTDA, BR)
PTR: mbr10.wpdash.com.br
blog.rhemaeducacao.com.br
2    2a00:1450:4001:81d::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
7    2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
5    52.222.250.175 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-250-175.fra60.r.cloudfront.net
d335luupugsy2.cloudfront.net
2    34.68.90.188 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 188.90.68.34.bc.googleusercontent.com
forms.rdstation.com.br
popups.rdstation.com.br
2    2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    35.223.116.65 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 65.116.223.35.bc.googleusercontent.com
pageview-notify.rdstation.com.br
1    2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
Apex Domain
Subdomains		 Transfer
15 rhemaeducacao.com.br
blog.rhemaeducacao.com.br
2 MB
7 gstatic.com
fonts.gstatic.com
160 KB
5 cloudfront.net
d335luupugsy2.cloudfront.net
521 KB
3 rdstation.com.br
forms.rdstation.com.br — Cisco Umbrella Rank: 314521
pageview-notify.rdstation.com.br — Cisco Umbrella Rank: 106973
popups.rdstation.com.br — Cisco Umbrella Rank: 88085
72 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
197 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 231
19 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31
452 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 180
72 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33
6 KB
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 84
353 B
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 97
273 B
42 11
Domain Requested by
15 blog.rhemaeducacao.com.br blog.rhemaeducacao.com.br
7 fonts.gstatic.com fonts.googleapis.com
5 d335luupugsy2.cloudfront.net blog.rhemaeducacao.com.br
2 www.googletagmanager.com d335luupugsy2.cloudfront.net
blog.rhemaeducacao.com.br
2 cdnjs.cloudflare.com client
blog.rhemaeducacao.com.br
2 www.google-analytics.com blog.rhemaeducacao.com.br
2 connect.facebook.net blog.rhemaeducacao.com.br
connect.facebook.net
2 fonts.googleapis.com blog.rhemaeducacao.com.br
1 popups.rdstation.com.br d335luupugsy2.cloudfront.net
1 stats.g.doubleclick.net blog.rhemaeducacao.com.br
1 pageview-notify.rdstation.com.br d335luupugsy2.cloudfront.net
1 www.facebook.com blog.rhemaeducacao.com.br
1 forms.rdstation.com.br blog.rhemaeducacao.com.br
42 13
Subject Issuer Validity Valid
blog.rhemaeducacao.com.br
R3		 2024-04-13 -
2024-07-12		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-03-18 -
2024-06-10		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2024-03-18 -
2024-06-10		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2023-10-10 -
2024-09-19		 a year crt.sh
forms.rdstation.com.br
R3		 2024-02-18 -
2024-05-18		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-01-27 -
2024-04-26		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-03-18 -
2024-06-10		 3 months crt.sh
*.rdstation.com.br
Sectigo RSA Domain Validation Secure Server CA		 2023-08-31 -
2024-06-04		 9 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2024-03-18 -
2024-06-10		 3 months crt.sh
popups.rdstation.com.br
R3		 2024-02-22 -
2024-05-22		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://blog.rhemaeducacao.com.br/
Frame ID: 8AD5ECB443493683C6A336B53CE5C83F
Requests: 46 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Blog Rhema Educação

Page URL History Show full URLs

  1. http://blog.rhemaeducacao.com.br/ HTTP 307
    https://blog.rhemaeducacao.com.br/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • select2(?:\.min|\.full)?\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

42
Requests

100 %
HTTPS

58 %
IPv6

11
Domains

13
Subdomains

13
IPs

5
Countries

2841 kB
Transfer

5413 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://blog.rhemaeducacao.com.br/ HTTP 307
    https://blog.rhemaeducacao.com.br/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

42 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
blog.rhemaeducacao.com.br/
Redirect Chain
  • http://blog.rhemaeducacao.com.br/
  • https://blog.rhemaeducacao.com.br/
133 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://blog.rhemaeducacao.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
189.1.169.3 São Paulo, Brazil, ASN262287 (Latitude.sh LTDA, BR),
Reverse DNS
mbr10.wpdash.com.br
Software
nginx / PHP/7.4.33 PleskLin
Resource Hash
f95d626df6ec43705da54dc09c131e5dba0ddf185e3974bb1e5547462f23ffe5

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 19 Apr 2024 01:58:45 GMT
last-modified
Sat, 13 Apr 2024 09:47:55 GMT
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/7.4.33 PleskLin

Redirect headers

Location
https://blog.rhemaeducacao.com.br/
Non-Authoritative-Reason
HttpsUpgrades
f9c92b4d1df7ac22a4537b2f396ae1b0.css
blog.rhemaeducacao.com.br/wp-content/cache/min/1/ 		1 MB
116 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.rhemaeducacao.com.br/wp-content/cache/min/1/f9c92b4d1df7ac22a4537b2f396ae1b0.css
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
189.1.169.3 São Paulo, Brazil, ASN262287 (Latitude.sh LTDA, BR),
Reverse DNS
mbr10.wpdash.com.br
Software
nginx /
Resource Hash
7aa4b9636027a047f1677a8d49b1a49db84f3433a1cd68ffa021d50da8418a6a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 01:58:46 GMT
content-encoding
br
last-modified
Tue, 08 Sep 2020 19:03:15 GMT
server
nginx
etag
W/"5f57d573-10d6cd"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=691200, public, must-revalidate, proxy-revalidate
expires
Sat, 27 Apr 2024 01:58:46 GMT
css
fonts.googleapis.com/ 		32 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Montserrat%3A400%2C700%2C900%7CIndie+Flower%3A400%2C700%2C900%7COpen+Sans%3A400%2C600%2C700%2C900%7CRoboto%3A400%2C500%2C700%2C900&display=swap&ver=10.3.6.1
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
79dc03fbd999b09a0b97824981813343370de9eb8e11448ba790e228f840db65
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Fri, 19 Apr 2024 01:58:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 19 Apr 2024 01:58:46 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 19 Apr 2024 01:58:46 GMT
jquery.min-3.7.0.js
blog.rhemaeducacao.com.br/wp-content/cache/busting/1/wp-includes/js/jquery/ 		85 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.rhemaeducacao.com.br/wp-content/cache/busting/1/wp-includes/js/jquery/jquery.min-3.7.0.js
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
189.1.169.3 São Paulo, Brazil, ASN262287 (Latitude.sh LTDA, BR),
Reverse DNS
mbr10.wpdash.com.br
Software
nginx /
Resource Hash
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 01:58:46 GMT
content-encoding
br
last-modified
Mon, 25 Sep 2023 14:54:41 GMT
server
nginx
etag
W/"65119f31-155ba"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=691200, public, must-revalidate, proxy-revalidate
expires
Sat, 27 Apr 2024 01:58:46 GMT
gtm-44263620205a94090e3b3d7fd79e716f.js
blog.rhemaeducacao.com.br/wp-content/cache/busting/1/ 		88 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.rhemaeducacao.com.br/wp-content/cache/busting/1/gtm-44263620205a94090e3b3d7fd79e716f.js
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
189.1.169.3 São Paulo, Brazil, ASN262287 (Latitude.sh LTDA, BR),
Reverse DNS
mbr10.wpdash.com.br
Software
nginx /
Resource Hash
e1c772cf98a3cd875e2464e8ee96df312e1465790a30349525c167321c0873d0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 01:58:46 GMT
content-encoding
br
last-modified
Tue, 08 Sep 2020 19:03:09 GMT
server
nginx
etag
W/"5f57d56d-1600e"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=691200, public, must-revalidate, proxy-revalidate
expires
Sat, 27 Apr 2024 01:58:46 GMT
47b533102e9cdf024627b6808ba3b85e.js
blog.rhemaeducacao.com.br/wp-content/cache/min/1/ 		547 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.rhemaeducacao.com.br/wp-content/cache/min/1/47b533102e9cdf024627b6808ba3b85e.js
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
189.1.169.3 São Paulo, Brazil, ASN262287 (Latitude.sh LTDA, BR),
Reverse DNS
mbr10.wpdash.com.br
Software
nginx /
Resource Hash
626f2d6cc24a69f0540fc1d5bba4a9b1a7fa927a9ad222515eab9816261b7c57

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 01:58:46 GMT
content-encoding
br
last-modified
Thu, 28 Sep 2023 20:16:52 GMT
server
nginx
etag
W/"6515df34-88b62"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=691200, public, must-revalidate, proxy-revalidate
expires
Sat, 27 Apr 2024 01:58:46 GMT
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		140 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ed0e4b4604fb8e4f9098ee174009b27431bf69b82afe4ad2b907cb6fa03d9294

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		117 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d2c9f518ec6a8748dd27703e15b4c4c1f44590cee03193fe9c542678c80c6b27

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
blog-rhema-fundo-6.jpg
blog.rhemaeducacao.com.br/wp-content/uploads/2017/10/ 		45 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.rhemaeducacao.com.br/wp-content/uploads/2017/10/blog-rhema-fundo-6.jpg
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
189.1.169.3 São Paulo, Brazil, ASN262287 (Latitude.sh LTDA, BR),
Reverse DNS
mbr10.wpdash.com.br
Software
nginx /
Resource Hash
2425643a5700851c24b5681d3576c3cb0641fd4422aa19f47f745a102c0d9ca3

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 01:58:46 GMT
last-modified
Fri, 21 Aug 2020 14:24:41 GMT
server
nginx
etag
"5f3fd929-b534"
content-type
image/jpeg
cache-control
max-age=691200, public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
46388
expires
Sat, 27 Apr 2024 01:58:46 GMT
truncated
/ 		121 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a4b423bd3e84385d2bb624a55cddfaafe863235df9791628cb4fc0a9472d3f76

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
read-more-bg.png
blog.rhemaeducacao.com.br/wp-content/plugins/td-composer/legacy/Newspaper/includes/demos/craft_ideas/images/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.rhemaeducacao.com.br/wp-content/plugins/td-composer/legacy/Newspaper/includes/demos/craft_ideas/images/read-more-bg.png
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/wp-content/cache/min/1/f9c92b4d1df7ac22a4537b2f396ae1b0.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
189.1.169.3 São Paulo, Brazil, ASN262287 (Latitude.sh LTDA, BR),
Reverse DNS
mbr10.wpdash.com.br
Software
nginx /
Resource Hash
174e16d359b12843085f252962a49388c47022bc79f9e72cbf151e67cbce2bd3

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/wp-content/cache/min/1/f9c92b4d1df7ac22a4537b2f396ae1b0.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 01:58:46 GMT
last-modified
Fri, 21 Aug 2020 14:55:02 GMT
server
nginx
etag
"5f3fe046-20e2"
content-type
image/png
cache-control
max-age=691200, public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
8418
expires
Sat, 27 Apr 2024 01:58:46 GMT
POS-2022-INSTITUCIONAL-BANNER-BLOG-325X325PX.jpg
blog.rhemaeducacao.com.br/wp-content/uploads/2022/04/ 		120 KB
121 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.rhemaeducacao.com.br/wp-content/uploads/2022/04/POS-2022-INSTITUCIONAL-BANNER-BLOG-325X325PX.jpg
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
189.1.169.3 São Paulo, Brazil, ASN262287 (Latitude.sh LTDA, BR),
Reverse DNS
mbr10.wpdash.com.br
Software
nginx /
Resource Hash
4ae9e11ea194f40ca59be3d0997f5419dc1f4238cdbd8d48976733f57cf2dd2a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 01:58:46 GMT
last-modified
Wed, 06 Apr 2022 18:07:33 GMT
server
nginx
etag
"624dd6e5-1e16d"
content-type
image/jpeg
cache-control
max-age=691200, public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
123245
expires
Sat, 27 Apr 2024 01:58:46 GMT
header-bg.png
blog.rhemaeducacao.com.br/wp-content/plugins/td-composer/legacy/Newspaper/includes/demos/craft_ideas/images/ 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.rhemaeducacao.com.br/wp-content/plugins/td-composer/legacy/Newspaper/includes/demos/craft_ideas/images/header-bg.png
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/wp-content/cache/min/1/f9c92b4d1df7ac22a4537b2f396ae1b0.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
189.1.169.3 São Paulo, Brazil, ASN262287 (Latitude.sh LTDA, BR),
Reverse DNS
mbr10.wpdash.com.br
Software
nginx /
Resource Hash
0a9dbd8090d5ff72816501090b4d0f5ac4336a9d684cd42bf26eb070b967f14a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/wp-content/cache/min/1/f9c92b4d1df7ac22a4537b2f396ae1b0.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 01:58:46 GMT
last-modified
Fri, 21 Aug 2020 14:55:02 GMT
server
nginx
etag
"5f3fe046-8283"
content-type
image/png
cache-control
max-age=691200, public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
33411
expires
Sat, 27 Apr 2024 01:58:46 GMT
newspaper.woff
blog.rhemaeducacao.com.br/wp-content/themes/Newspaper/images/icons/ 		122 KB
68 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://blog.rhemaeducacao.com.br/wp-content/themes/Newspaper/images/icons/newspaper.woff?19
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/wp-content/cache/min/1/f9c92b4d1df7ac22a4537b2f396ae1b0.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
189.1.169.3 São Paulo, Brazil, ASN262287 (Latitude.sh LTDA, BR),
Reverse DNS
mbr10.wpdash.com.br
Software
nginx /
Resource Hash
5bb258d73ecad75c45400527fb94b8f2ca96da8831e8056302711565cc9f2aa7

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/wp-content/cache/min/1/f9c92b4d1df7ac22a4537b2f396ae1b0.css
Origin
https://blog.rhemaeducacao.com.br
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 01:58:46 GMT
content-encoding
gzip
last-modified
Fri, 21 Aug 2020 14:54:48 GMT
server
nginx
etag
W/"5f3fe038-1e6b4"
vary
Accept-Encoding
content-type
font/woff
cache-control
max-age=691200, public, must-revalidate, proxy-revalidate
expires
Sat, 27 Apr 2024 01:58:46 GMT
fontawesome-webfont.woff2
blog.rhemaeducacao.com.br/wp-content/plugins/font-awesome-4-menus/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://blog.rhemaeducacao.com.br/wp-content/plugins/font-awesome-4-menus/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/wp-content/cache/min/1/f9c92b4d1df7ac22a4537b2f396ae1b0.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
189.1.169.3 São Paulo, Brazil, ASN262287 (Latitude.sh LTDA, BR),
Reverse DNS
mbr10.wpdash.com.br
Software
nginx /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/wp-content/cache/min/1/f9c92b4d1df7ac22a4537b2f396ae1b0.css
Origin
https://blog.rhemaeducacao.com.br
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 01:58:46 GMT
content-encoding
gzip
last-modified
Fri, 21 Aug 2020 14:24:41 GMT
server
nginx
etag
W/"5f3fd929-12d68"
vary
Accept-Encoding
content-type
font/woff2
cache-control
max-age=691200, public, must-revalidate, proxy-revalidate
expires
Sat, 27 Apr 2024 01:58:46 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat%3A400%2C700%2C900%7CIndie+Flower%3A400%2C700%2C900%7COpen+Sans%3A400%2C600%2C700%2C900%7CRoboto%3A400%2C500%2C700%2C900&display=swap&ver=10.3.6.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://blog.rhemaeducacao.com.br
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 13 Apr 2024 03:50:46 GMT
x-content-type-options
nosniff
age
511680
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 13 Apr 2025 03:50:46 GMT
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v26/ 		32 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat%3A400%2C700%2C900%7CIndie+Flower%3A400%2C700%2C900%7COpen+Sans%3A400%2C600%2C700%2C900%7CRoboto%3A400%2C500%2C700%2C900&display=swap&ver=10.3.6.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://blog.rhemaeducacao.com.br
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 17:34:04 GMT
x-content-type-options
nosniff
age
289482
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33092
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 22:51:58 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 15 Apr 2025 17:34:04 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat%3A400%2C700%2C900%7CIndie+Flower%3A400%2C700%2C900%7COpen+Sans%3A400%2C600%2C700%2C900%7CRoboto%3A400%2C500%2C700%2C900&display=swap&ver=10.3.6.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://blog.rhemaeducacao.com.br
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 18:30:08 GMT
x-content-type-options
nosniff
age
286118
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 15 Apr 2025 18:30:08 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 		47 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat%3A400%2C700%2C900%7CIndie+Flower%3A400%2C700%2C900%7COpen+Sans%3A400%2C600%2C700%2C900%7CRoboto%3A400%2C500%2C700%2C900&display=swap&ver=10.3.6.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://blog.rhemaeducacao.com.br
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 12 Apr 2024 22:45:56 GMT
x-content-type-options
nosniff
age
529970
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48236
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 12 Apr 2025 22:45:56 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat%3A400%2C700%2C900%7CIndie+Flower%3A400%2C700%2C900%7COpen+Sans%3A400%2C600%2C700%2C900%7CRoboto%3A400%2C500%2C700%2C900&display=swap&ver=10.3.6.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://blog.rhemaeducacao.com.br
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 13 Apr 2024 00:45:23 GMT
x-content-type-options
nosniff
age
522803
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 13 Apr 2025 00:45:23 GMT
ga-46d5133aa597565448fb056c07bff769.js
blog.rhemaeducacao.com.br/wp-content/cache/busting/google-tracking/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.rhemaeducacao.com.br/wp-content/cache/busting/google-tracking/ga-46d5133aa597565448fb056c07bff769.js
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/wp-content/cache/busting/1/gtm-44263620205a94090e3b3d7fd79e716f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
189.1.169.3 São Paulo, Brazil, ASN262287 (Latitude.sh LTDA, BR),
Reverse DNS
mbr10.wpdash.com.br
Software
nginx /
Resource Hash
1fbd06d98ff87713eb030669571c929ab75539f05252f04ae1df807c28b20e95

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 01:58:47 GMT
content-encoding
br
last-modified
Fri, 11 Sep 2020 14:51:06 GMT
server
nginx
etag
W/"5f5b8eda-b25b"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=691200, public, must-revalidate, proxy-revalidate
expires
Sat, 27 Apr 2024 01:58:47 GMT
lead-tracking.min.js
d335luupugsy2.cloudfront.net/js/lead-tracking/stable/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d335luupugsy2.cloudfront.net/js/lead-tracking/stable/lead-tracking.min.js
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/wp-content/cache/min/1/47b533102e9cdf024627b6808ba3b85e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.250.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-250-175.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
63dd9340bf7f1ac6a576e8a0d2467f9270158ff446de0158df6a3a57cb08f4df

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
VK74Y_629OBaxeWwwoiBIyYa.m4SxWD5
content-encoding
gzip
via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
date
Thu, 18 Apr 2024 03:47:00 GMT
last-modified
Mon, 17 Aug 2020 12:56:23 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
79907
etag
W/"361325c86c17ebc03ff0f4d88d267a83"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
2E_6JkBRmuenxate2T9Mio5R6G_VJavKD5p3Iep81oZc-Az3mRc3jQ==
traffic-source-cookie.min.js
d335luupugsy2.cloudfront.net/js/traffic-source-cookie/stable/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d335luupugsy2.cloudfront.net/js/traffic-source-cookie/stable/traffic-source-cookie.min.js
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/wp-content/cache/min/1/47b533102e9cdf024627b6808ba3b85e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.250.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-250-175.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f6d92be1f6d97a323320191dfed0c85aaa581ef050be1ae22e20a4ae007bcee5

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
QfrmjXJN9imPm0CvR.Kk8uxg0RnubrVf
content-encoding
gzip
via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
date
Thu, 18 Apr 2024 20:44:45 GMT
last-modified
Mon, 09 Jan 2023 17:04:37 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
18843
x-amz-server-side-encryption
AES256
etag
W/"dae3ed517b23abad11d0bd6b79f24080"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
ktuYlnvgy1Jdvnl4evYyTubKdSW2pD1PF6yMZRwU-MKG25NNZT6h6Q==
newsletter-blog-a10f4c3caa24e5dbcc71
forms.rdstation.com.br/ 		36 KB
36 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.rdstation.com.br/newsletter-blog-a10f4c3caa24e5dbcc71
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/wp-content/cache/min/1/47b533102e9cdf024627b6808ba3b85e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.68.90.188 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
188.90.68.34.bc.googleusercontent.com
Software
/
Resource Hash
b9fe817d38281648791ef1eaeae6872501796d03adbeb7f6a5f8927c89e821e8
Security Headers
Name Value
Strict-Transport-Security max-age=7776000
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=7776000
date
Fri, 19 Apr 2024 01:58:47 GMT
referrer-policy
strict-origin-when-cross-origin
content-security-policy-report-only
upgrade-insecure-requests; default-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
x-frame-options
sameorigin
content-type
text/html
access-control-allow-origin
*
content-length
36823
fbevents.js
connect.facebook.net/en_US/ 		218 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/wp-content/cache/min/1/47b533102e9cdf024627b6808ba3b85e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
85f407912384186334577f65bf6bb88045bd96f5222d7c696cc71303d65c826a
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 19 Apr 2024 01:58:47 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57850
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=12, mss=1326, tbw=2773, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma
public
x-fb-debug
TmFtcfOd/vNBN09C0P43wC7PClJUvm5ZKePQO7uXo65f8WO9Xa1FbZVHWGVdgylbftGwd6TvQhWYjCf4IMUuqA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
1358771800812249
connect.facebook.net/signals/config/ 		66 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1358771800812249?v=2.9.154&r=stable&domain=blog.rhemaeducacao.com.br&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
afa587e3c624834f716da7d78a666f3e2ad4d3c0d29d63023636f3cc76ef08c2
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 19 Apr 2024 01:58:47 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=11, rtx=0, c=63, mss=1326, tbw=63211, tp=-1, tpl=-1, uplat=56, ullat=0
pragma
public
x-fb-debug
OAZbRyOUl9LFHFNLwQuoVvS5J/Jcy1UTqPQ7ACXPdltrK4jHtvhFSHcVficOXMjiZmZIgaTJ8l2xOIEbIGdnTA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
273 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1358771800812249&ev=PageView&dl=https%3A%2F%2Fblog.rhemaeducacao.com.br%2F&rl=&if=false&ts=1713491927360&cd[page_title]=Home&cd[post_type]=page&cd[post_id]=720&cd[plugin]=PixelYourSite&cd[user_role]=guest&cd[event_url]=blog.rhemaeducacao.com.br%2F&sw=1600&sh=1200&v=2.9.154&r=stable&a=dvpixelyoursite&ec=0&o=4126&fbp=fb.2.1713491927358.1318215749&cs_est=true&ler=empty&cdl=API_unavailable&it=1713491927284&coo=false&rqm=GET
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=6, rtx=0, c=10, mss=1326, tbw=2765, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 19 Apr 2024 01:58:47 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
blog-rhema-cabecalho-2020.jpg
blog.rhemaeducacao.com.br/wp-content/uploads/2020/11/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.rhemaeducacao.com.br/wp-content/uploads/2020/11/blog-rhema-cabecalho-2020.jpg
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
189.1.169.3 São Paulo, Brazil, ASN262287 (Latitude.sh LTDA, BR),
Reverse DNS
mbr10.wpdash.com.br
Software
nginx /
Resource Hash
cfa3bee80550c862d9ab98ebbaebdf75af137bdee9da88f8aa5efc5aaf3f3ec3

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 01:58:47 GMT
last-modified
Wed, 04 Oct 2023 16:50:00 GMT
server
nginx
etag
"651d97b8-10c35e"
content-type
image/jpeg
cache-control
max-age=691200, public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
1098590
expires
Sat, 27 Apr 2024 01:58:47 GMT
collect
www.google-analytics.com/j/ 		2 B
320 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j85&a=585319453&t=pageview&_s=1&dl=https%3A%2F%2Fblog.rhemaeducacao.com.br%2F&ul=de-de&de=UTF-8&dt=Blog%20Rhema%20Educa%C3%A7%C3%A3o&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=359343953&gjid=39375468&cid=860413125.1713491927&tid=UA-76981942-2&_gid=523163084.1713491927&_r=1&gtm=2ou8q1&z=1049372368
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/wp-content/cache/busting/google-tracking/ga-46d5133aa597565448fb056c07bff769.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 19 Apr 2024 01:58:47 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.rhemaeducacao.com.br
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
send
pageview-notify.rdstation.com.br/ 		83 B
558 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pageview-notify.rdstation.com.br/send
Requested by
Host: d335luupugsy2.cloudfront.net
URL: https://d335luupugsy2.cloudfront.net/js/lead-tracking/stable/lead-tracking.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.223.116.65 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
65.116.223.35.bc.googleusercontent.com
Software
/
Resource Hash
9bb9353de44fbc1f11f56471f6773a84f28581b1895f26c2dae1d767fbb4e24a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Fri, 19 Apr 2024 01:58:47 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
access-control-max-age
1728000
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html;charset=utf-8
access-control-allow-origin
https://blog.rhemaeducacao.com.br
access-control-expose-headers
Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma
x-frame-options
SAMEORIGIN
access-control-allow-credentials
true
access-control-allow-headers
*, Content-Type, Accept, AUTHORIZATION, Cache-Control
content-length
83
x-xss-protection
1; mode=block
logo-grupo-rhema-icon-1.png
blog.rhemaeducacao.com.br/wp-content/uploads/2017/10/ 		18 KB
18 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.rhemaeducacao.com.br/wp-content/uploads/2017/10/logo-grupo-rhema-icon-1.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
189.1.169.3 São Paulo, Brazil, ASN262287 (Latitude.sh LTDA, BR),
Reverse DNS
mbr10.wpdash.com.br
Software
nginx /
Resource Hash
9bae233f0ac5fa714b765fc81ad4f778941259941a9fecbcc3482fa46b4168a4

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 01:58:47 GMT
last-modified
Fri, 21 Aug 2020 14:24:41 GMT
server
nginx
etag
"5f3fd929-486d"
content-type
image/png
cache-control
max-age=691200, public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
18541
expires
Sat, 27 Apr 2024 01:58:47 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
353 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j85&tid=UA-76981942-2&cid=860413125.1713491927&jid=359343953&gjid=39375468&_gid=523163084.1713491927&_u=IEBAAUAAAAAAAC~&z=1353789582
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/wp-content/cache/busting/google-tracking/ga-46d5133aa597565448fb056c07bff769.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Fri, 19 Apr 2024 01:58:47 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.rhemaeducacao.com.br
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
rdstation-popup.min.js
d335luupugsy2.cloudfront.net/js/rdstation-popups/bricks/ 		204 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d335luupugsy2.cloudfront.net/js/rdstation-popups/bricks/rdstation-popup.min.js?v=1
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/wp-content/cache/min/1/47b533102e9cdf024627b6808ba3b85e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.250.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-250-175.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
70be3f27403e0ab74c6b11fcd837997e5bca12b69449cf287823d18be663f87c

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 18:56:29 GMT
content-encoding
gzip
via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
x-amz-version-id
bXw_6DEbP4cvD1251Yhm.RnfFb6kzmD7
last-modified
Tue, 16 Apr 2024 18:56:23 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
25338
etag
"10b6883a771a55bcb6b5749d0515f172"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
accept-ranges
bytes
content-length
57363
x-amz-cf-id
r5O1VlRP6SAZkVhd7oywe5k85m-hbOxB00hJwjJQsrsL9mJb06P_hQ==
rd-js-integration.min.js
d335luupugsy2.cloudfront.net/js/integration/2.0.0/ 		30 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d335luupugsy2.cloudfront.net/js/integration/2.0.0/rd-js-integration.min.js?v=1
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/wp-content/cache/min/1/47b533102e9cdf024627b6808ba3b85e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.250.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-250-175.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f4aa9e3a976f20cd4babf17dcdd27e63335a70191d322432a6f6c868d73a5cfa

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
3dngmS.4H4nxkAQ1dQ4Zed.bkb2I4WUy
content-encoding
gzip
via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
date
Thu, 18 Apr 2024 04:31:54 GMT
x-amz-cf-pop
FRA60-P3
age
77213
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
9976
last-modified
Wed, 29 Mar 2023 14:01:04 GMT
server
AmazonS3
etag
"a101060a6ec593b54e9c4227f96e2695"
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400, must-revalidate
accept-ranges
bytes
x-amz-cf-id
FzBwLMACYYx95Xd7Qn7ShCdgpFuACKXS-l3x30rpvQR0Rja9L0wgWw==
show.json
popups.rdstation.com.br/popup/ 		35 KB
35 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://popups.rdstation.com.br/popup/show.json?account_id=663652&uniq=_9xw8jukgf&ref=aHR0cHM6Ly9ibG9nLnJoZW1hZWR1Y2FjYW8uY29tLmJyLw%3D%3D
Requested by
Host: d335luupugsy2.cloudfront.net
URL: https://d335luupugsy2.cloudfront.net/js/rdstation-popups/bricks/rdstation-popup.min.js?v=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.68.90.188 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
188.90.68.34.bc.googleusercontent.com
Software
/
Resource Hash
d29563fa950174fc5f6b4024bb6e8ae47cec9958fc5f81a68d52e9ebae3974ff
Security Headers
Name Value
Strict-Transport-Security max-age=7776000
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=7776000
date
Fri, 19 Apr 2024 01:58:48 GMT
referrer-policy
strict-origin-when-cross-origin
content-security-policy-report-only
upgrade-insecure-requests; default-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
x-frame-options
sameorigin
content-type
application/json
access-control-allow-origin
*
content-length
35819
logo-grupo-rhema-icon-150x150.png
blog.rhemaeducacao.com.br/wp-content/uploads/2017/10/ 		10 KB
10 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.rhemaeducacao.com.br/wp-content/uploads/2017/10/logo-grupo-rhema-icon-150x150.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
189.1.169.3 São Paulo, Brazil, ASN262287 (Latitude.sh LTDA, BR),
Reverse DNS
mbr10.wpdash.com.br
Software
nginx /
Resource Hash
6ab6b9cc636730d3ad12bb07749b6e46640ef0abad1bdea3a7223930cc3c3a53

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 01:58:47 GMT
last-modified
Fri, 21 Aug 2020 14:24:41 GMT
server
nginx
etag
"5f3fd929-2715"
content-type
image/png
cache-control
max-age=691200, public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
10005
expires
Sat, 27 Apr 2024 01:58:47 GMT
css
fonts.googleapis.com/ 		33 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Bitter|Cabin|Crimson+Text|Droid+Sans|Droid+Serif|Lato|Lobster|Montserrat|Old+Standard+TT|Open+Sans|Oswald|Pacifico|Playfair+Display|PT+Sans|Raleway|Rubik|Source+Sans+Pro|Ubuntu|Roboto
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/wp-content/cache/min/1/47b533102e9cdf024627b6808ba3b85e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
67c7ca02627651328137f634d3d44a353758eda1187ffc7265cdb8e794bca5e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Fri, 19 Apr 2024 01:58:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 19 Apr 2024 00:03:56 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 19 Apr 2024 01:58:47 GMT
select2.min.css
cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/ 		14 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/select2.min.css
Requested by
Host: client
URL: about:client
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
939b4f5c505097e74e93c3a6a82b69b516bb6d160d449bafb37edb72ab260c1d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 01:58:47 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1220237
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
2295
last-modified
Mon, 04 May 2020 16:16:11 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fcb-38aa"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lxJ6gso7g42kKPm8D18Tra25P3Gywm4Nl3tlAjuPyv%2B4CPnW0N8KF%2FkVojfkii6uUWeOx0mYT0kmTMW7mYgcDj1VCTNZsCKdsJOscsByVHf4JMMi0fJ96NW%2BSzppNdQ2jocwFXQe"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
87694aa4fa019b67-FRA
expires
Wed, 09 Apr 2025 01:58:47 GMT
select2.min.js
cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/ 		65 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/select2.min.js
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/wp-content/cache/min/1/47b533102e9cdf024627b6808ba3b85e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f3cd9162638b743c8bf4d939bcfd1dc256f2e97231e13b5cff600502a78a10e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 01:58:47 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
261752
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
15507
last-modified
Mon, 04 May 2020 16:16:11 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fcb-10424"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rjRIgK%2FH%2FsvhsXgBO4Fg%2Ff%2BIoy5ugR5xAS5kWG5l2HddJJ5snBG62IICgD2oA8r5p7X6rM7KX3k8MtO6QfQVoA0GS85UHBnrDKT6Mqf0LAU8NXWN1yGQH2X%2BqoVcv0%2FULnnBZvcG"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
87694aa4fa009b67-FRA
expires
Wed, 09 Apr 2025 01:58:47 GMT
memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v40/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Bitter|Cabin|Crimson+Text|Droid+Sans|Droid+Serif|Lato|Lobster|Montserrat|Old+Standard+TT|Open+Sans|Oswald|Pacifico|Playfair+Display|PT+Sans|Raleway|Rubik|Source+Sans+Pro|Ubuntu|Roboto
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://blog.rhemaeducacao.com.br
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 13 Apr 2024 12:31:52 GMT
x-content-type-options
nosniff
age
480415
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18668
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:00:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 13 Apr 2025 12:31:52 GMT
JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
fonts.gstatic.com/s/montserrat/v26/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Bitter|Cabin|Crimson+Text|Droid+Sans|Droid+Serif|Lato|Lobster|Montserrat|Old+Standard+TT|Open+Sans|Oswald|Pacifico|Playfair+Display|PT+Sans|Raleway|Rubik|Source+Sans+Pro|Ubuntu|Roboto
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4b5816bbfc52587979139951355fe4048da02ce60e40cef8e4a1efb6cd396281
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://blog.rhemaeducacao.com.br
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 17 Apr 2024 05:32:59 GMT
x-content-type-options
nosniff
age
159948
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14940
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 22:46:07 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 17 Apr 2025 05:32:59 GMT
js
www.googletagmanager.com/gtag/ 		293 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-QT1VL5GJ22
Requested by
Host: d335luupugsy2.cloudfront.net
URL: https://d335luupugsy2.cloudfront.net/js/rdstation-popups/bricks/rdstation-popup.min.js?v=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0b4f8a76c835fb66f62b87fe4edc6628ac0b7db9af22ec4406cb4ce31d7b628e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 01:58:48 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
100411
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 19 Apr 2024 01:58:48 GMT
js
www.googletagmanager.com/gtag/ 		293 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-QT1VL5GJ22&l=dataLayer&cx=c
Requested by
Host: blog.rhemaeducacao.com.br
URL: https://blog.rhemaeducacao.com.br/wp-content/cache/busting/1/gtm-44263620205a94090e3b3d7fd79e716f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c702da3f381d0ad209252525002b4ce6dda804f128657225d086a6177f6d0d0f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 01:58:48 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
100414
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 19 Apr 2024 01:58:48 GMT
$x3feoqwpyqm
d335luupugsy2.cloudfront.net/cms/files/663652/1691682572/ 		450 KB
451 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d335luupugsy2.cloudfront.net/cms/files/663652/1691682572/$x3feoqwpyqm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.250.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-250-175.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d83a5c86b5aca652c5633c26c1bffcbbe758ef362f03673ff0d4af3ee41a38fc

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 01:58:50 GMT
x-amz-version-id
iOUAI1_hpsXtjtQfT3oRd2U6gsybcv55
via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
last-modified
Thu, 10 Aug 2023 15:55:46 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
etag
"e846670e08293dea81e43ecbc0cba4d8"
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
461079
x-amz-cf-id
sUgFJ95wXCyl9dglmBvxEXGGRUdidVKlyFgTavT2aTteftu7Leforw==
collect
www.google-analytics.com/ 		35 B
132 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j85&a=585319453&t=event&ni=1&_s=2&dl=https%3A%2F%2Fblog.rhemaeducacao.com.br%2F&ul=de-de&de=UTF-8&dt=Blog%20Rhema%20Educa%C3%A7%C3%A3o&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RD%20Forms&ea=Viewed&el=newsletter-blog-a10f4c3caa24e5dbcc71&_u=KHBAAUABAAAAAC~&jid=&gjid=&cid=860413125.1713491927&tid=UA-76981942-2&_gid=523163084.1713491927&z=871787735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.rhemaeducacao.com.br/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 18 Apr 2024 13:46:14 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
43958
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

148 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 undefined| $ function| jQuery object| pysOptions object| tdb_globals object| tdwGlobal object| tdBlocksArray function| tdBlock object| tdLocalCache object| td_viewport_interval_list string| td_animation_stack_effect boolean| tds_animation_stack string| td_animation_stack_specific_selectors string| td_animation_stack_general_selectors string| tds_general_modal_image string| tdc_is_installed string| td_ajax_url string| td_get_template_directory_uri string| tds_snap_menu string| tds_logo_on_sticky string| tds_header_style string| td_please_wait string| td_email_user_pass_incorrect string| td_email_user_incorrect string| td_email_incorrect string| tds_more_articles_on_post_enable string| tds_more_articles_on_post_time_to_wait number| tds_more_articles_on_post_pages_distance_from_top string| tds_theme_color_site_wide string| tds_smart_sidebar string| tdThemeName string| td_magnific_popup_translation_tPrev string| td_magnific_popup_translation_tNext string| td_magnific_popup_translation_tCounter string| td_magnific_popup_translation_ajax_tError string| td_magnific_popup_translation_image_tError string| tdBlockNonce object| tdDateNamesI18n string| td_ad_background_click_link string| td_ad_background_click_target function| gtag object| dataLayer object| block_tdi_16_090 object| block_tdi_27_ccc object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| pys_generate_token function| getBundlePriceOnSingleProduct function| getPixelBySlag function| getUrlParameter object| RDStation object| RDCookieControl function| dispatchEvents function| fireEvents object| tdbAutoload object| tdAnalytics object| tdDetect object| tdViewport object| tdMenu object| tdUtil object| tdAffix function| td_smart_list_dropdown object| td_more_articles_box undefined| td_resize_timer_id function| td_done_resizing function| td_resize_videos function| td_mobile_menu function| td_mobile_menu_toogle function| td_retina function| td_read_site_cookie function| td_set_cookies_life boolean| tdIsScrollingAnimation boolean| td_mouse_wheel_or_touch_moved boolean| td_scroll_to_top_is_visible function| td_events_scroll_scroll_to_top function| td_post_template_6_title function| td_smart_lists_magnific_popup function| td_get_document_width function| td_get_document_height function| td_comments_form_validation function| td_scroll_to_class function| td_helper_scroll_to_class undefined| tdLoadingBox undefined| tdAjaxSearch undefined| tdModalImageLastEl undefined| tdBlocks undefined| tdLogin undefined| tdLoginMob undefined| tdDemoMenu undefined| tdTrendingNow undefined| td_history undefined| tdSmartSidebar undefined| tdInfiniteLoader undefined| Froogaloop undefined| tdCustomEvents undefined| tdEvents undefined| tdHeader undefined| tdAjaxCount undefined| tdYoutubePlayers undefined| tdVimeoPlayers function| td_resize_smartlist_slides function| td_resize_smartlist_sliders_and_update function| td_resize_normal_slide function| td_resize_normal_slide_and_update undefined| tdPullDown undefined| td_fps undefined| tdAnimationScroll undefined| tdHomepageFull undefined| tdBackstr undefined| tdShowVideo undefined| tdAnimationStack function| td_compute_parallax_background function| td_compute_backstretch_item undefined| td_backstretch_items undefined| tdAjaxLoop undefined| tdWeather undefined| tdAnimationSprite function| td_date_i18n undefined| tdSocialSharing function| tdModalImage undefined| tdAjaxVideoModal undefined| tdConfirm undefined| eventHub undefined| tdbMenu undefined| tdbMenuItemPullDown undefined| tdbSearch function| Cookies object| pys boolean| RDStationTrackingCodeChecker function| compareVersion object| GRecaptcha function| RDStationAutofill function| RDStationForms object| lazySizes function| _ function| fbq function| _fbq object| LeadTracking object| TrafficSourceCookie object| gaplugins object| gaGlobal object| gaData object| RdstationFormsIntegration object| RdstationPopup object| credentials object| Select2

11 Cookies

Domain/Path Name / Value
blog.rhemaeducacao.com.br/ Name: pys_session_limit
Value: true
blog.rhemaeducacao.com.br/ Name: pys_start_session
Value: true
blog.rhemaeducacao.com.br/ Name: pys_first_visit
Value: true
blog.rhemaeducacao.com.br/ Name: pysTrafficSource
Value: direct
blog.rhemaeducacao.com.br/ Name: pys_landing_page
Value: https://blog.rhemaeducacao.com.br/
blog.rhemaeducacao.com.br/ Name: last_pysTrafficSource
Value: direct
blog.rhemaeducacao.com.br/ Name: last_pys_landing_page
Value: https://blog.rhemaeducacao.com.br/
.rhemaeducacao.com.br/ Name: _fbp
Value: fb.2.1713491927358.1318215749
.rhemaeducacao.com.br/ Name: _ga
Value: GA1.3.860413125.1713491927
.rhemaeducacao.com.br/ Name: _gid
Value: GA1.3.523163084.1713491927
.rhemaeducacao.com.br/ Name: _gat_gtag_UA_76981942_2
Value: 1

4 Console Messages

Source Level URL
Text
recommendation verbose URL: https://blog.rhemaeducacao.com.br/
Message:
[DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o
recommendation verbose URL: https://blog.rhemaeducacao.com.br/
Message:
[DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o
other warning URL: https://connect.facebook.net/signals/config/1358771800812249?v=2.9.154&r=stable&domain=blog.rhemaeducacao.com.br&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 107)
Message:
Unrecognized feature: 'attribution-reporting'.
network error URL: https://pageview-notify.rdstation.com.br/send
Message:
Failed to load resource: the server responded with a status of 400 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blog.rhemaeducacao.com.br
cdnjs.cloudflare.com
connect.facebook.net
d335luupugsy2.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
forms.rdstation.com.br
pageview-notify.rdstation.com.br
popups.rdstation.com.br
stats.g.doubleclick.net
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
104.17.24.14
189.1.169.3
2a00:1450:4001:813::200e
2a00:1450:4001:81c::2003
2a00:1450:4001:81d::200a
2a00:1450:4001:82f::2008
2a00:1450:400c:c00::9a
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
34.68.90.188
35.223.116.65
52.222.250.175
0a9dbd8090d5ff72816501090b4d0f5ac4336a9d684cd42bf26eb070b967f14a
0b4f8a76c835fb66f62b87fe4edc6628ac0b7db9af22ec4406cb4ce31d7b628e
174e16d359b12843085f252962a49388c47022bc79f9e72cbf151e67cbce2bd3
1f3cd9162638b743c8bf4d939bcfd1dc256f2e97231e13b5cff600502a78a10e
1fbd06d98ff87713eb030669571c929ab75539f05252f04ae1df807c28b20e95
2425643a5700851c24b5681d3576c3cb0641fd4422aa19f47f745a102c0d9ca3
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
4ae9e11ea194f40ca59be3d0997f5419dc1f4238cdbd8d48976733f57cf2dd2a
4b5816bbfc52587979139951355fe4048da02ce60e40cef8e4a1efb6cd396281
5bb258d73ecad75c45400527fb94b8f2ca96da8831e8056302711565cc9f2aa7
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
626f2d6cc24a69f0540fc1d5bba4a9b1a7fa927a9ad222515eab9816261b7c57
63dd9340bf7f1ac6a576e8a0d2467f9270158ff446de0158df6a3a57cb08f4df
67c7ca02627651328137f634d3d44a353758eda1187ffc7265cdb8e794bca5e5
6ab6b9cc636730d3ad12bb07749b6e46640ef0abad1bdea3a7223930cc3c3a53
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
70be3f27403e0ab74c6b11fcd837997e5bca12b69449cf287823d18be663f87c
79dc03fbd999b09a0b97824981813343370de9eb8e11448ba790e228f840db65
7aa4b9636027a047f1677a8d49b1a49db84f3433a1cd68ffa021d50da8418a6a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85f407912384186334577f65bf6bb88045bd96f5222d7c696cc71303d65c826a
939b4f5c505097e74e93c3a6a82b69b516bb6d160d449bafb37edb72ab260c1d
9bae233f0ac5fa714b765fc81ad4f778941259941a9fecbcc3482fa46b4168a4
9bb9353de44fbc1f11f56471f6773a84f28581b1895f26c2dae1d767fbb4e24a
a4b423bd3e84385d2bb624a55cddfaafe863235df9791628cb4fc0a9472d3f76
afa587e3c624834f716da7d78a666f3e2ad4d3c0d29d63023636f3cc76ef08c2
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b9fe817d38281648791ef1eaeae6872501796d03adbeb7f6a5f8927c89e821e8
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
c702da3f381d0ad209252525002b4ce6dda804f128657225d086a6177f6d0d0f
cfa3bee80550c862d9ab98ebbaebdf75af137bdee9da88f8aa5efc5aaf3f3ec3
d29563fa950174fc5f6b4024bb6e8ae47cec9958fc5f81a68d52e9ebae3974ff
d2c9f518ec6a8748dd27703e15b4c4c1f44590cee03193fe9c542678c80c6b27
d83a5c86b5aca652c5633c26c1bffcbbe758ef362f03673ff0d4af3ee41a38fc
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e1c772cf98a3cd875e2464e8ee96df312e1465790a30349525c167321c0873d0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
ed0e4b4604fb8e4f9098ee174009b27431bf69b82afe4ad2b907cb6fa03d9294
f4aa9e3a976f20cd4babf17dcdd27e63335a70191d322432a6f6c868d73a5cfa
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6d92be1f6d97a323320191dfed0c85aaa581ef050be1ae22e20a4ae007bcee5
f95d626df6ec43705da54dc09c131e5dba0ddf185e3974bb1e5547462f23ffe5