creditosaibamais.com Open in urlscan Pro
143.198.150.47 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://plantaocredito2.lt.acemlna.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZsaW5rLmNyZWRpdG9zYWliYW1haXMuY29tJTJGbCUyRjIxNT...
Effective URL:
https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Submission: On January 13 via manual (January 13th 2023, 1:36:14 pm UTC) from BR — Scanned from DE

Summary HTTP 238 Redirects Behaviour Indicators

Summary

This website contacted 49 IPs in 7 countries across 37 domains to perform 238 HTTP transactions. The main IP is 143.198.150.47, located in Santa Clara, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is creditosaibamais.com.
TLS certificate: Issued by R3 on December 30th 2022. Valid for: 3 months.

This is the only time creditosaibamais.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	54.175.213.158 54.175.213.158	14618 (AMAZON-AES) (AMAZON-AES)
1 1	137.184.92.206 137.184.92.206	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
35	143.198.150.47 143.198.150.47	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
6	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2	2a06:98c1:312... 2a06:98c1:3120::c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
40	2a00:1450:400... 2a00:1450:400d:80d::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:400d:806::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:915b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:925b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:2a69	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 15	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400d:80e::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
1	142.251.208.130 142.251.208.130	15169 (GOOGLE) (GOOGLE)
2 5	2a00:1450:400... 2a00:1450:400d:806::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:802::2002	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:802::200e	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:400d:807::2003	15169 (GOOGLE) (GOOGLE)
1 25	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700:10:... 2606:4700:10::ac43:266a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2600:9000:211... 2600:9000:211e:dc00:a:e047:752:5701	16509 (AMAZON-02) (AMAZON-02)
2 2	3.126.34.117 3.126.34.117	16509 (AMAZON-02) (AMAZON-02)
7 15	142.251.208.162 142.251.208.162	15169 (GOOGLE) (GOOGLE)
1 2	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
2 2	72.251.249.13 72.251.249.13	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1 1	51.75.86.98 51.75.86.98	16276 (OVH) (OVH)
2 2	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
2 2	52.29.44.102 52.29.44.102	16509 (AMAZON-02) (AMAZON-02)
1	141.95.98.65 141.95.98.65	16276 (OVH) (OVH)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	34.120.107.143 34.120.107.143	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3 5	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2 3	37.252.171.149 37.252.171.149	29990 (ASN-APPNEX) (ASN-APPNEX)
2	159.69.70.9 159.69.70.9	24940 (HETZNER-AS) (HETZNER-AS)
1 2	99.81.181.127 99.81.181.127	16509 (AMAZON-02) (AMAZON-02)
1 4	46.4.10.47 46.4.10.47	24940 (HETZNER-AS) (HETZNER-AS)
5	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
4	104.96.128.226 104.96.128.226	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	35.186.231.97 35.186.231.97	15169 (GOOGLE) (GOOGLE)
1	65.9.66.65 65.9.66.65	16509 (AMAZON-02) (AMAZON-02)
1	142.250.27.154 142.250.27.154	15169 (GOOGLE) (GOOGLE)
1	2600:9000:214... 2600:9000:214f:fa00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2600:1f13:800... 2600:1f13:800:7782:40bd:d2b7:80cf:ba3e	16509 (AMAZON-02) (AMAZON-02)
16	2a00:1450:400... 2a00:1450:4001:830::2006	15169 (GOOGLE) (GOOGLE)
2	142.251.39.2 142.251.39.2	15169 (GOOGLE) (GOOGLE)
1	18.197.240.141 18.197.240.141	16509 (AMAZON-02) (AMAZON-02)
238	49

1 54.175.213.158 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-175-213-158.compute-1.amazonaws.com

plantaocredito2.lt.acemlna.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 137.184.92.206 (Santa Clara, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: quiz.dmcleads.com

link.creditosaibamais.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 143.198.150.47 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

creditosaibamais.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3120::c (United States)

ASN13335 (CLOUDFLARENET, US)

script.joinads.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a00:1450:400d:80d::2002 (Ireland)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:806::2008 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:915b (United States)

ASN13335 (CLOUDFLARENET, US)

diffuser-cdn.app-us1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:925b (United States)

ASN13335 (CLOUDFLARENET, US)

prism.app-us1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2a69 (United States)

ASN13335 (CLOUDFLARENET, US)

trackcmp.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:80e::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.208.130 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s42-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:400d:806::2004 (Ireland) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:802::2002 (Ireland)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:802::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:400d:807::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:266a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211e:dc00:a:e047:752:5701 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.34.117 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-34-117.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 142.251.208.162 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: bud02s43-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.249.13 (Amsterdam, Netherlands) 2 redirects

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.75.86.98 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip98.ip-51-75-86.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.245.213 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.29.44.102 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-44-102.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.98.65 (France)

ASN16276 (OVH, FR)
PTR: ns3216659.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.107.143 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 143.107.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.80.39.216 (Canada) 3 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.171.149 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.69.70.9 (Nuremberg, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.9.70.69.159.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.81.181.127 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-99-81-181-127.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.4.10.47 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.47.10.4.46.clients.your-server.de

hal90002.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.96.128.226 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a104-96-128-226.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.231.97 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 97.231.186.35.bc.googleusercontent.com

impfr.tradedoubler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-65.fra56.r.cloudfront.net

img.tradedoubler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.27.154 (United States)

ASN15169 (GOOGLE, US)
PTR: ra-in-f154.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:fa00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1f13:800:7782:40bd:d2b7:80cf:ba3e (Boardman, United States)

ASN16509 (AMAZON-02, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.39.2 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s37-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.197.240.141 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-240-141.eu-central-1.compute.amazonaws.com

red.vtracy.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
70	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 108 ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 156	704 KB
41	doubleclick.net 8 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 190 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 216 bid.g.doubleclick.net — Cisco Umbrella Rank: 699 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 321	377 KB
36	creditosaibamais.com 1 redirects link.creditosaibamais.com creditosaibamais.com	1 MB
16	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 280	251 KB
13	gstatic.com fonts.gstatic.com www.gstatic.com	292 KB
8	google.com 2 redirects adservice.google.com — Cisco Umbrella Rank: 70 www.google.com — Cisco Umbrella Rank: 2	3 KB
7	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 799 static.adsafeprotected.com — Cisco Umbrella Rank: 633 dt.adsafeprotected.com — Cisco Umbrella Rank: 591	103 KB
7	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 2596 us-u.openx.net — Cisco Umbrella Rank: 420 google-bidout-d.openx.net — Cisco Umbrella Rank: 2546	1 KB
6	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 34179 hal90002.redintelligence.net — Cisco Umbrella Rank: 329705	25 KB
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	6 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 528	4 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 185	242 KB
5	google.de adservice.google.de — Cisco Umbrella Rank: 8470 www.google.de — Cisco Umbrella Rank: 5983	2 KB
4	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1223	688 B
4	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2439 www.google-analytics.com — Cisco Umbrella Rank: 22	21 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 41	264 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 207	3 KB
3	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 385 mug.criteo.com — Cisco Umbrella Rank: 2848	7 KB
2	tradedoubler.com 1 redirects impfr.tradedoubler.com — Cisco Umbrella Rank: 93664 img.tradedoubler.com — Cisco Umbrella Rank: 91440	1 KB
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 276	1 KB
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 333	961 B
2	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 595	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 728 s.tribalfusion.com — Cisco Umbrella Rank: 1773	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 689	2 KB
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 938 id5-sync.com — Cisco Umbrella Rank: 393	17 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 171 partner.googleadservices.com — Cisco Umbrella Rank: 813	2 KB
2	app-us1.com diffuser-cdn.app-us1.com — Cisco Umbrella Rank: 7479 prism.app-us1.com — Cisco Umbrella Rank: 7521	6 KB
2	joinads.me script.joinads.me — Cisco Umbrella Rank: 771050	2 KB
1	vtracy.de red.vtracy.de — Cisco Umbrella Rank: 150657	17 KB
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 691	339 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 554	541 B
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 2788	2 KB
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 637	13 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 2762	8 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 357	1 KB
1	trackcmp.net trackcmp.net — Cisco Umbrella Rank: 7475	315 B
1	acemlna.com 1 redirects plantaocredito2.lt.acemlna.com	203 B
238	37

	Domain	Requested by
40	pagead2.googlesyndication.com	creditosaibamais.com pagead2.googlesyndication.com securepubads.g.doubleclick.net googleads.g.doubleclick.net tpc.googlesyndication.com ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com www.googletagservices.com fw.adsafeprotected.com
35	creditosaibamais.com	creditosaibamais.com
25	tpc.googlesyndication.com	1 redirects securepubads.g.doubleclick.net googleads.g.doubleclick.net tpc.googlesyndication.com creditosaibamais.com ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
16	s0.2mdn.net	ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com creditosaibamais.com s0.2mdn.net
15	cm.g.doubleclick.net	7 redirects googleads.g.doubleclick.net
14	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com www.googletagmanager.com ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com creditosaibamais.com
9	www.gstatic.com	script.joinads.me googleads.g.doubleclick.net creditosaibamais.com ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
9	securepubads.g.doubleclick.net	creditosaibamais.com securepubads.g.doubleclick.net
6	fonts.googleapis.com	creditosaibamais.com googleads.g.doubleclick.net ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com hal90002.redintelligence.net
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	www.googletagservices.com	googleads.g.doubleclick.net creditosaibamais.com ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
5	www.google.com	2 redirects creditosaibamais.com googleads.g.doubleclick.net tpc.googlesyndication.com
5	ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	dt.adsafeprotected.com	ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
4	sync.teads.tv	googleads.g.doubleclick.net
4	us-u.openx.net	googleads.g.doubleclick.net
4	hal90002.redintelligence.net	1 redirects ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com hal90002.redintelligence.net
4	fonts.gstatic.com	fonts.googleapis.com
4	www.googletagmanager.com	creditosaibamais.com www.googletagmanager.com
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
3	adservice.google.de	securepubads.g.doubleclick.net pagead2.googlesyndication.com
2	googleads4.g.doubleclick.net	creditosaibamais.com
2	fw.adsafeprotected.com	1 redirects creditosaibamais.com
2	hal9000.redintelligence.net	ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com hal90002.redintelligence.net
2	oajs.openx.net	1 redirects
2	gum.criteo.com	1 redirects static.criteo.net
2	x.bidswitch.net	2 redirects
2	eb2.3lift.com	2 redirects
2	ap.lijit.com	2 redirects
2	pm.w55c.net	2 redirects
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	region1.google-analytics.com	www.googletagmanager.com
2	www.google.de	creditosaibamais.com
2	script.joinads.me	creditosaibamais.com script.joinads.me
1	red.vtracy.de	ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
1	static.adsafeprotected.com	ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
1	bid.g.doubleclick.net	ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
1	google-bidout-d.openx.net	oa.openxcdn.net
1	img.tradedoubler.com	ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
1	impfr.tradedoubler.com	1 redirects
1	mug.criteo.com
1	id5-sync.com	cdn.id5-sync.com
1	onetag-sys.com	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	s.tribalfusion.com
1	a.tribalfusion.com	1 redirects
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.googleadservices.com	www.googletagmanager.com
1	trackcmp.net	diffuser-cdn.app-us1.com
1	prism.app-us1.com	diffuser-cdn.app-us1.com
1	diffuser-cdn.app-us1.com	creditosaibamais.com
1	link.creditosaibamais.com	1 redirects
1	plantaocredito2.lt.acemlna.com	1 redirects
238	59

This site contains no links.

Subject Issuer	Validity	Valid
creditosaibamais.com R3	`2022-12-30` - `2023-03-30`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
*.joinads.me E1	`2022-12-22` - `2023-03-22`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
diffuser-cdn.app-us1.com R3	`2022-12-13` - `2023-03-13`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
app-us1.com Cloudflare Inc ECC CA-3	`2022-12-07` - `2023-12-06`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-09-25` - `2023-09-25`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
oa.openxcdn.net GTS CA 1D4	`2022-12-02` - `2023-03-02`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-13` - `2023-04-15`	3 months	crt.sh
cdn.prod.uidapi.com R3	`2022-11-29` - `2023-02-27`	3 months	crt.sh
*.id5-sync.com R3	`2022-11-09` - `2023-02-07`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-04` - `2023-03-31`	3 months	crt.sh
redintelligence.net R3	`2022-12-05` - `2023-03-05`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2022-04-28` - `2023-05-27`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
teads.tv R3	`2023-01-05` - `2023-04-05`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2022-08-06` - `2023-09-04`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2022-11-04` - `2023-12-03`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
vtracy.de Amazon	`2022-06-21` - `2023-07-19`	a year	crt.sh

This page contains 28 frames:

Primary Page: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Frame ID: 999591A622C0F469B80CAAAD0069DD81
Requests: 93 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230111/r20190131/zrt_lookup.html
Frame ID: 0541A083DCE10A560CF049B21A518E06
Requests: 1 HTTP requests in this frame

Frame: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: B0CE8DA7127821C6E7C84DFC44EFEF5A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3685392670532966&output=html&adk=1812271804&adf=3025194257&lmt=1673616968&plat=1%3A64%2C2%3A64%2C8%3A64%2C9%3A32776%2C11%3A64%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&plas=212x810_l%7C212x810_r&format=0x0&url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1673616967863&bpp=6&bdt=1446&idt=359&shv=r20230111&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D666be721e3470da3%3AT%3D1673616967%3AS%3DALNI_MaNWj45StniSqrp1zZ2LM7z6MQbsQ&gpic=UID%3D00000ba2078d5d7d%3AT%3D1673616967%3ART%3D1673616967%3AS%3DALNI_MZmrUZcrbyWPi0RUp_PTTT6w1_ouQ&nras=1&correlator=767833650634&frm=20&pv=2&ga_vid=1261674558.1673616968&ga_sid=1673616968&ga_hid=1692517812&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837&oid=2&pvsid=4231814181886711&tmod=411678226&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=375
Frame ID: 2574AEB10E84E61927CD93342B40BBC4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230111/r20110914/zrt_lookup.html?fsb=1
Frame ID: 6BAAFCE61E1DA7C0D7A53284A3A23FD6
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 34FC4489F684FFAB89CD51A1ECE5245C
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9168D09E79DABC1BDB3C6A4AA9E66A89
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 94EB1EA831A90ECE8FC3F3586C9FB8A2
Requests: 9 HTTP requests in this frame

Frame: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 3588080ECEA960C4F7A69EF893442631
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 5A1861FCBE3BF7BF50E1C107B998F0BF
Requests: 7 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=creditosaibamais.com
Frame ID: D448AF0246F6305F4103AF8AB4CF9CE8
Requests: 2 HTTP requests in this frame

Frame: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 5D12AB88E981FF92E501C0F9D701D2EE
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 5A49EE93EC0155309A33185E6708B4C5
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/JwRg8GnJRbSbwgtubA3x1Twn6jgCPCxSQn9TsX0K1wE.js
Frame ID: E53366808687DF26E2CDEA250DF3FC75
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjVmrvGATAB&v=APEucNXUNsWrtwGG0K4q5yw8YId4CFdi8RqL079Cu6XuS2RSy9c0wTzWDnB_KupdpBAzAVuC4TsjAS_TskP1RLa8oWKZMpekDTiq7Ks6GMoAf6Y0DhXYDRD2HZC0-sAxJJT6zZTsM1VmxbW5whrW-yz3bOalj06vT1rF88-uI03Y3UsYdzlbnnI
Frame ID: 9C73AC86512D118EBF5583C57087DA1F
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/JwRg8GnJRbSbwgtubA3x1Twn6jgCPCxSQn9TsX0K1wE.js
Frame ID: DD4318775F1C2B19C8AB71FFCA711078
Requests: 1 HTTP requests in this frame

Frame: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: C70CDCC233048ECEB13E255EA4F620E7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARiAhMnRATAB&v=APEucNXqlAC6bVQGUI6O5RzXq8IZd7lFDiYD5oo0Cy9J7zdAGy9sU_GPfnwdWnAVRzLjvAgeG09eAEJ5y8zKEKbmBm3BDwN6s7FJOu6zmUQQzcwNDCw9nfNNbRJVWSUJ9ShyFSm8HazU50d_P1E5NfQHvXdfVCXLDxeiDxCHgPBwU1QZmE4b3sg
Frame ID: 35D201D8CE8F90C794F45C8FE65F2C2F
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 949872BF24974FC98F9641A1F3C4A3A6
Requests: 20 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: ECA0C35A6E0DD14057F2D0DAF240D4E6
Requests: 3 HTTP requests in this frame

Frame: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: BB66DE6AC52720585490441DB79B1DE1
Requests: 20 HTTP requests in this frame

Frame: https://hal90002.redintelligence.net/request_content.php?s=64667800099976504445000012203002&a=0299db0d
Frame ID: 359F950B518530899344C4EC421EDBD9
Requests: 4 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 428A5E4A85DD385A53463CA92979C855
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLO_UBCb3VAYpLfp2wEwAQ&v=APEucNXYc-J1EDPxmpKIIS9eGCKB0bDzB9utHn6IR6fk1Qx2-GHoUCcSKeVU9RCPaObn17ebNKsy4yRgQ8iQv4PRKplws_mUwzEMrfjs2rvEWACc7fvN9e1ZSi1V4DGsTugE-i7QVbxrEHBNP2kdY_NsaND71qiZsfwFPV-lmz44espsZUa4gxs
Frame ID: 99CB2D0B351B1207DCEB6D969716C52C
Requests: 5 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 4BF284412C9B5EEAF7598D0E9ABC8A94
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5C5B2AC4EE9EAE50248A266AA5A281EE
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D8A825305DC00942E40A6A33DD24CC59
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/18402199775506297603/index.html
Frame ID: 05C0FC351E7A044A9EA53C5DB90CF75C
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

pis-disponivel – Saiba Mais

Page URL History Show full URLs

https://plantaocredito2.lt.acemlna.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZsaW5rLmNyZWRpdG9zYWliYW1haX... HTTP 302
https://link.creditosaibamais.com/l/2157 HTTP 302
https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_ema... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Elementor (Landing Page Builders) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href=(?:"|')[^"']*elementor/assets

Firebase (Databases) Expand

Overall confidence: 100%
Detected patterns

/firebasejs/([\d.]+)/firebase

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

238
Requests

91 %
HTTPS

53 %
IPv6

37
Domains

59
Subdomains

49
IPs

7
Countries

3538 kB
Transfer

7311 kB
Size

34
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://plantaocredito2.lt.acemlna.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZsaW5rLmNyZWRpdG9zYWliYW1haXMuY29tJTJGbCUyRjIxNTc=&sig=EbZ5zP3xQMW6HxdGMzXRPJhiCt75b4QkwbyY4M1pv6ut&iat=1673607681&a=%7C%7C91919644%7C%7C&account=plantaocredito2.activehosted.com&email=Yf3wqg7QVp9en0%2BpFHQJ5hwUnRnlmwiuCIJkd9A7F3A%3D&s=ba4d09927400f92c4029e215cb25f0a2&i=163A177A1A537 HTTP 302
https://link.creditosaibamais.com/l/2157 HTTP 302
https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 64

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10883628328/?random=1452285994&cv=11&fst=1673616967971&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&label=sgBQCMy6kYMYEKj628Uo&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&tiba=pis-disponivel%20%E2%80%93%20Saiba%20Mais&gtm_ee=1&auid=1509596727.1673616968&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=SF7BY4DxBo2qYuKkodAC&sscte=1&crd=&pscrd=Ek5DaEFJZ0otRW5nWVFuS0NBNmYtcDZLWVhFaVlBTG5heEtYbUx6MVhUU1pGVElzVWRlN1hWbk1kZzM4TXZjbm1pcUNTaEtTZGNKZDlqbkEaWkNoRUlnSi1FbmdZUXlKN2tzdVRCX2JuckFSSXVBTUF5UmlmTkhBZnFDU2laeTZvTnMweXJnd3RnZUFoSzRkVVZOUWhmUmRmREF1Z2QyYTlVWnFMYzRrdGI5Zw HTTP 302
https://www.google.com/pagead/1p-conversion/10883628328/?random=1452285994&cv=11&fst=1673616967971&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&label=sgBQCMy6kYMYEKj628Uo&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&tiba=pis-disponivel%20%E2%80%93%20Saiba%20Mais&gtm_ee=1&auid=1509596727.1673616968&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJZ0otRW5nWVFuS0NBNmYtcDZLWVhFaVlBTG5heEtYbUx6MVhUU1pGVElzVWRlN1hWbk1kZzM4TXZjbm1pcUNTaEtTZGNKZDlqbkEaWkNoRUlnSi1FbmdZUXlKN2tzdVRCX2JuckFSSXVBTUF5UmlmTkhBZnFDU2laeTZvTnMweXJnd3RnZUFoSzRkVVZOUWhmUmRmREF1Z2QyYTlVWnFMYzRrdGI5Zw&is_vtc=1&ocp_id=SF7BY4DxBo2qYuKkodAC&cid=CAQSKQDq26N9rtzIGsJmT3Ul_GWTPUBJMjJZOlRIT8Lnq7RqK2XOj1OeQ0K9IBM&random=1440218817 HTTP 302
https://www.google.de/pagead/1p-conversion/10883628328/?random=1452285994&cv=11&fst=1673616967971&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&label=sgBQCMy6kYMYEKj628Uo&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&tiba=pis-disponivel%20%E2%80%93%20Saiba%20Mais&gtm_ee=1&auid=1509596727.1673616968&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJZ0otRW5nWVFuS0NBNmYtcDZLWVhFaVlBTG5heEtYbUx6MVhUU1pGVElzVWRlN1hWbk1kZzM4TXZjbm1pcUNTaEtTZGNKZDlqbkEaWkNoRUlnSi1FbmdZUXlKN2tzdVRCX2JuckFSSXVBTUF5UmlmTkhBZnFDU2laeTZvTnMweXJnd3RnZUFoSzRkVVZOUWhmUmRmREF1Z2QyYTlVWnFMYzRrdGI5Zw&is_vtc=1&ocp_id=SF7BY4DxBo2qYuKkodAC&cid=CAQSKQDq26N9rtzIGsJmT3Ul_GWTPUBJMjJZOlRIT8Lnq7RqK2XOj1OeQ0K9IBM&random=1440218817&ipr=y&prhg=0

Request Chain 104

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEPXXTvYSdSip8cR3GJsDZm4&google_cver=1&google_push=AavPq0MTiEzWoan8utgcAAo14vUDGrQGhKG2IBogV_dkkcB1L5O-PN9rnp_mvpgRIzv6fAIHs5pErNxjLSczf4r9h1F3jRZw0Wmkw2I HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEPXXTvYSdSip8cR3GJsDZm4&google_cver=1&google_push=AavPq0MTiEzWoan8utgcAAo14vUDGrQGhKG2IBogV_dkkcB1L5O-PN9rnp_mvpgRIzv6fAIHs5pErNxjLSczf4r9h1F3jRZw0Wmkw2I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WU1QSjdoNnUxUGdrZTU1&google_gid=CAESEPXXTvYSdSip8cR3GJsDZm4&google_cver=1&google_push=AavPq0MTiEzWoan8utgcAAo14vUDGrQGhKG2IBogV_dkkcB1L5O-PN9rnp_mvpgRIzv6fAIHs5pErNxjLSczf4r9h1F3jRZw0Wmkw2I

Request Chain 105

https://a.tribalfusion.com/i.match?p=b6&u=CAESEKBgZs35l7yslrGhLNXrE4Q&google_cver=1&google_push=AavPq0Pt-0USzEXpkClx_QguHWs2J3ueYayKb61pU5ojN6hCrC2UETsC7tpWN5S-Ec2Ct0b-my1J1PVNedWozE17z_-FL8QrsSzrK_0&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAavPq0Pt-0USzEXpkClx_QguHWs2J3ueYayKb61pU5ojN6hCrC2UETsC7tpWN5S-Ec2Ct0b-my1J1PVNedWozE17z_-FL8QrsSzrK_0%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEKBgZs35l7yslrGhLNXrE4Q&google_cver=1&google_push=AavPq0Pt-0USzEXpkClx_QguHWs2J3ueYayKb61pU5ojN6hCrC2UETsC7tpWN5S-Ec2Ct0b-my1J1PVNedWozE17z_-FL8QrsSzrK_0&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAavPq0Pt-0USzEXpkClx_QguHWs2J3ueYayKb61pU5ojN6hCrC2UETsC7tpWN5S-Ec2Ct0b-my1J1PVNedWozE17z_-FL8QrsSzrK_0%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 106

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEDW07-lTaSsjp-8PS6eSqLs&google_cver=1&google_push=AavPq0O9v5rEWN7ag2W02yQmffosFrp7ACLvkr-uPsMApQ65NhDaiwj02_6sa9kJNnBl-E1P_Ofda4AP5eBuulg5HKTZ7DH2CDpEhA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEDW07-lTaSsjp-8PS6eSqLs&google_push=AavPq0O9v5rEWN7ag2W02yQmffosFrp7ACLvkr-uPsMApQ65NhDaiwj02_6sa9kJNnBl-E1P_Ofda4AP5eBuulg5HKTZ7DH2CDpEhA

Request Chain 107

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEPw8pN2_PVSP3QGvKpeT0EI&google_cver=1&google_push=AavPq0M8-PFPrVI4rADnX4HbfTjDPuEKPoN4yTba9rLM5DZey7qPNFVxRPlaCJnjY3LJgRm7yLyfpiONvzDJYs7nC0cKvNO7qll5krI HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEPw8pN2_PVSP3QGvKpeT0EI&google_cver=1&google_push=AavPq0M8-PFPrVI4rADnX4HbfTjDPuEKPoN4yTba9rLM5DZey7qPNFVxRPlaCJnjY3LJgRm7yLyfpiONvzDJYs7nC0cKvNO7qll5krI&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AavPq0M8-PFPrVI4rADnX4HbfTjDPuEKPoN4yTba9rLM5DZey7qPNFVxRPlaCJnjY3LJgRm7yLyfpiONvzDJYs7nC0cKvNO7qll5krI&google_hm=F-swqGZHSUxj5kkbRsaT6l9k

Request Chain 108

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEBC3Oks_SAtVbdWvnunnIuc&google_cver=1&google_push=AavPq0OjEwX4QtaR-nYcmaNf4Lk7VhT9PFbdbb6qJ_AHTEXFG8fkhOS6t_zwwVubzz9We-GQ4Cgq2dMspN9VI1N7fcFrLESvCoURND0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AavPq0OjEwX4QtaR-nYcmaNf4Lk7VhT9PFbdbb6qJ_AHTEXFG8fkhOS6t_zwwVubzz9We-GQ4Cgq2dMspN9VI1N7fcFrLESvCoURND0

Request Chain 109

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEH-sKQg3d8B2PDrUpQ7QFGs&google_cver=1&google_push=AavPq0MZ2u5xOkUF0mwpQUNJKbas5ExWKE3aoujiv00N-SUhRUjGs_b8YOkc_O-ceLW_4gZuPCkEMOuSw-WOGkB1lCy_6VWx45QpSQ HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AavPq0MZ2u5xOkUF0mwpQUNJKbas5ExWKE3aoujiv00N-SUhRUjGs_b8YOkc_O-ceLW_4gZuPCkEMOuSw-WOGkB1lCy_6VWx45QpSQ&google_gid=CAESEH-sKQg3d8B2PDrUpQ7QFGs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzY3OTc2ODg3NDg5NTM1NzYwMTA3Nw%3D%3D&google_push=AavPq0MZ2u5xOkUF0mwpQUNJKbas5ExWKE3aoujiv00N-SUhRUjGs_b8YOkc_O-ceLW_4gZuPCkEMOuSw-WOGkB1lCy_6VWx45QpSQ

Request Chain 110

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEK6_vzd0Dhnra9rFWHo96KQ&google_cver=1&google_push=AavPq0NLTHfxHzgRZJ8spqNTKvvviBu1gIQemLfx9EH_bll3evbo4IcZvUHTEVbQLhVcOVByMKS806lIu9108-cvYQQ4eF-rRQ3qGqGR HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEK6_vzd0Dhnra9rFWHo96KQ&google_cver=1&google_push=AavPq0NLTHfxHzgRZJ8spqNTKvvviBu1gIQemLfx9EH_bll3evbo4IcZvUHTEVbQLhVcOVByMKS806lIu9108-cvYQQ4eF-rRQ3qGqGR HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=4b2fa2d2-c1e8-45ba-8a68-91fefed6e3e5&%%GOOGLE_PUSH_PAIR%%

Request Chain 129

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDnj86ZywEQ9AMY9AMyCGN8MsJOAEwL HTTP 301
https://tpc.googlesyndication.com/simgad/4091503581208051288

Request Chain 131

https://oajs.openx.net/esp?url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&rid=esp&cc=1

Request Chain 132

https://gum.criteo.com/sid/json?origin=publishertagids&domain=creditosaibamais.com&sn=ChromeSyncframe&so=0&topUrl=creditosaibamais.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=wIAqCXw4TFptQU1nNndUaHVOZ2xCcmlCTjh1YnRvQzYwa25RSlE0c20wOFpHbWFJQUdTN3dacG0yNEdzMVorRjcwZ3JkRWc1NE45OVQ1M2FjRmNzSytjeGt6ak5WaGczYTlraERmczA3bVptOFI2Qm5Ec0Y3eEhKNjZ2aFZYdzZabDl2M2FLTC8rczZYNk82ZmFxQkREN2hKZmtKdDJ0dnVJQzd5alNjaHNrOTBCWVNvOHhmL2ttVlFGa2RQSlVQQXNmcCtBMnhvZmhuZzVlQlhZcXUvdnRzUEVwcEsxb0xvUTRFWkMwaVlpdy9wVnFSenQ5WEE5ekNNSERMaG5NQWdGOTBzS0tybVhEM3pQbTBEYndWNVlTVGdNQmF3M2dDenErVzgxNm1qM0xCY3BGZz18&cppv=2

Request Chain 142

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 148

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAEhNC8cjmHeBeJ73YzSQxo&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAEhNC8cjmHeBeJ73YzSQxo&google_cver=1&C=1

Request Chain 149

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y8FeSWk9jyt40anqkwQE3QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAEhNC8cjmHeBeJ73YzSQxo&google_cver=1

Request Chain 150

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEMS9EZskVqOT_pkTNTk2DsU&google_cver=1

Request Chain 151

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjE0MjEyNDkzNjA1NDgyMDUxMg%3D%3D

Request Chain 163

https://hal90002.redintelligence.net/request.php?zone=znhqi8lr1f8g&nw=20&renderingType=javascript&namespace=36ca91f55a&subid=&uid=b94cc262277bb3f2&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxHdASV7BY6TPB8Lg7gOcp6PwAqblvaBprZqcp8kP8C4QASCknZePAWCV4pCCoAfIAQmpAp-bbFKUM7I-qAMBqgSPAk_QiRDZyQ2blj1z8cBK5WUx2cEiZuPeyD1ffKiUVJZ_wGOKeAMww0bFxblMlP-r_4BvcxJ_OjRyZVpdpfbueMKPxVXp7SRuHhPnAdVJo5rHwS_zpXC6YxNwe7cLKbvuSXf1gsF15DTKsGJeQVv5PU7QBBGNbi_MS77x-JLjwwnTwwuKRc-lFVe19k5a_34OGZUrqnaX615JoAx-ZSkcrYAnvCLzFHOc2x3Cpz4HKpQ3WQcQAHiVLmbHowvGimLFj7JvCkzVeBknIV8-ZkamX0vt_Zjju1q9li9mbdo89Tli_YnSBhkPqLEJypkYLCam1oGRC-MRQNOZJ93_L34oFdWdF7NSm2KQ2nVwNsIo4fnABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggRCIDhgBAQARgdMgKqAjoCgECACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9XLUHuY68n23f_AB-gOPbKSVyzVs-VdkDZRwMpY7ZvYjcaJrK87WTzC2D8ZV5_sEdZeGSQAE4GAGVMt7yVFhHJX0QkgtHlhgBIBM%26sig%3DAOD64_1n4qwO_QOH-EsParXnRWv2fLr2mw%26client%3Dca-pub-4894209870857905%26dbm_c%3DAKAmf-CBZ5A5iZOuKbEfOCATS9KyLmtgzZXmckjAwDjm5-vl9ZTSmoCQhfCfCeoH-Q0UhcqCzX5Dpsxwc2lsDmdfFGdDxcGuaFVZkvdu1sZ63BeTI8x0exc6ZGfyitzz2RqRdYcBSlOM3hZsFDmr3NyLtwEprlanRSgJudhTPYMOEyPh0UDbNsM%26cry%3D1%26dbm_d%3DAKAmf-AtKvo2-twxOWkH6jSKvPrhuW4tWonl-rxIVUkZnAfbH8mOAq0oUNgD7BNsbjO2oD5I1yzLt9LPsmCtOJKl2Qy2azJdwvvLOgOI7Lr-Do1q6RzsFTpsWkE8shvs2jcmDbJFjuZs8aZzr1KBtmtO8KbxHeH7cZEwR68sJrA2N0Aun687Xf1I4Zhu4MBA3eC3hDUvfTCT1woNSUQH5qFZ5q8ok1w7OQSqmgU8tDQEjFtXEjEj7qjXVsQ9wuGEKXnp-7jMUqYAUJvv_v1xG-HJSAVInpA2foP0cg-MrEW_kW5QBENOXaaA-PMkGSajeZENVvhLb7PAgXNnqrcIbyqdGqG-_DZ5N5y8J7EzeNxXKxGktiXiySDTlGeAFlihmVb-AU6Afgo-gL6e_GdT4O25YpMEt5UG_ReggmDPLuFLFvTUvcjIQyrI2CqReQD7XSwv35I7aJrzB1vijNu3zD_ritUHc0f2zR5vvJBXg2Me_X4wcyQgp6WWUOanYYooPnJ3-AVANFX7OUJypA2yb9Y5PEuupCsDIRQIi3Qfb6_rUq42DmL9MvNFsig5-Awm16e_vzfQSHgfUtuyLq7oqeirLPrqXuZ2CZiBD7UqdX--GIiUgNIfbtpSpzJcxqfLTJ848v_00znerPy1PkoKdqjpaTrPazD0WQ%26adurl%3D&documentReferer=https%3A%2F%2Fcreditosaibamais.com%2F&ancestorOrigins=https%3A%2F%2Fcreditosaibamais.com&random=4402250838115&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 HTTP 302
https://hal90002.redintelligence.net/request.php?zone=znhqi8lr1f8g&nw=20&renderingType=javascript&namespace=36ca91f55a&subid=&uid=b94cc262277bb3f2&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxHdASV7BY6TPB8Lg7gOcp6PwAqblvaBprZqcp8kP8C4QASCknZePAWCV4pCCoAfIAQmpAp-bbFKUM7I-qAMBqgSPAk_QiRDZyQ2blj1z8cBK5WUx2cEiZuPeyD1ffKiUVJZ_wGOKeAMww0bFxblMlP-r_4BvcxJ_OjRyZVpdpfbueMKPxVXp7SRuHhPnAdVJo5rHwS_zpXC6YxNwe7cLKbvuSXf1gsF15DTKsGJeQVv5PU7QBBGNbi_MS77x-JLjwwnTwwuKRc-lFVe19k5a_34OGZUrqnaX615JoAx-ZSkcrYAnvCLzFHOc2x3Cpz4HKpQ3WQcQAHiVLmbHowvGimLFj7JvCkzVeBknIV8-ZkamX0vt_Zjju1q9li9mbdo89Tli_YnSBhkPqLEJypkYLCam1oGRC-MRQNOZJ93_L34oFdWdF7NSm2KQ2nVwNsIo4fnABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggRCIDhgBAQARgdMgKqAjoCgECACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9XLUHuY68n23f_AB-gOPbKSVyzVs-VdkDZRwMpY7ZvYjcaJrK87WTzC2D8ZV5_sEdZeGSQAE4GAGVMt7yVFhHJX0QkgtHlhgBIBM%26sig%3DAOD64_1n4qwO_QOH-EsParXnRWv2fLr2mw%26client%3Dca-pub-4894209870857905%26dbm_c%3DAKAmf-CBZ5A5iZOuKbEfOCATS9KyLmtgzZXmckjAwDjm5-vl9ZTSmoCQhfCfCeoH-Q0UhcqCzX5Dpsxwc2lsDmdfFGdDxcGuaFVZkvdu1sZ63BeTI8x0exc6ZGfyitzz2RqRdYcBSlOM3hZsFDmr3NyLtwEprlanRSgJudhTPYMOEyPh0UDbNsM%26cry%3D1%26dbm_d%3DAKAmf-AtKvo2-twxOWkH6jSKvPrhuW4tWonl-rxIVUkZnAfbH8mOAq0oUNgD7BNsbjO2oD5I1yzLt9LPsmCtOJKl2Qy2azJdwvvLOgOI7Lr-Do1q6RzsFTpsWkE8shvs2jcmDbJFjuZs8aZzr1KBtmtO8KbxHeH7cZEwR68sJrA2N0Aun687Xf1I4Zhu4MBA3eC3hDUvfTCT1woNSUQH5qFZ5q8ok1w7OQSqmgU8tDQEjFtXEjEj7qjXVsQ9wuGEKXnp-7jMUqYAUJvv_v1xG-HJSAVInpA2foP0cg-MrEW_kW5QBENOXaaA-PMkGSajeZENVvhLb7PAgXNnqrcIbyqdGqG-_DZ5N5y8J7EzeNxXKxGktiXiySDTlGeAFlihmVb-AU6Afgo-gL6e_GdT4O25YpMEt5UG_ReggmDPLuFLFvTUvcjIQyrI2CqReQD7XSwv35I7aJrzB1vijNu3zD_ritUHc0f2zR5vvJBXg2Me_X4wcyQgp6WWUOanYYooPnJ3-AVANFX7OUJypA2yb9Y5PEuupCsDIRQIi3Qfb6_rUq42DmL9MvNFsig5-Awm16e_vzfQSHgfUtuyLq7oqeirLPrqXuZ2CZiBD7UqdX--GIiUgNIfbtpSpzJcxqfLTJ848v_00znerPy1PkoKdqjpaTrPazD0WQ%26adurl%3D&documentReferer=https%3A%2F%2Fcreditosaibamais.com%2F&ancestorOrigins=https%3A%2F%2Fcreditosaibamais.com&random=4402250838115&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1

Request Chain 166

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECXtsJWJxr1cS4F6HXf9zYE&google_cver=1

Request Chain 168

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEOfFcmx4JMbfP-lzZ4KZew4&google_cver=1

Request Chain 175

https://impfr.tradedoubler.com/imp?type(inv)g(24495172)a(1565155)epi(64667800099976504445000012203002)393406436 HTTP 302
https://img.tradedoubler.com/images/inv.gif

Request Chain 187

https://fw.adsafeprotected.com/rfw/bgd/1135760/65089104/xbbe/creative/adj?p=APEucNUmvv4pxUyVZEBURwh6Xzm0YkU-yVqLyUdxnUQLPE1hMkXY8qo&d=CokBAKAmf-CXx8qtSaE_gCY0yADDNelLa-MqLXiXQyR-enynXkiTt5p39tjrWBipcNYlwLS1ckyEMCOBLAZLGnSD1uYoVSKIjD5IhEjxzxYWuyItlra1Lib9qsiXBmZ3kStglqxQ63-wYTzUExUxL0slMUcGOQgQpA2DPdtyTuv8poG_LR5wQNmASvQS2RUAoCZ_4H9j9DDanY1Arefeb8kORN4aPFm3naO6DkP2SXtcolx_m1wueo1F_Ll9hP609KAgPB3Q8mWAQQ63A36htU8RbzrONyGxaq-DkpIu0krRGrhO_aXJ8wRdG6E9z24VQgMQ1R2DYEFhNkSpeePjLnnPamQWh8D6FkBP6yE7jUBSndlVXZoek4faV9TvJkjK9lMng9RCFV-ROwIhacI5TQPTvLfzOjuO7li1HB-ed-xHt2OnmGUz-rsSjUzunV7FhVcJw5Hk-nPfUyBqWZ0DixpYfv7OtGn-mij2jBZRCo9kWjfTfxcIDd1J7E6XCKTzYyzXURCimZy_k3LoNATgO4VrybrznvzBCgFK4aludQqHIl9e5Z3Uj3leFLfdnj_gAc5cw5RqNAb4ggPCN-h8VrQgc6EstszKevcet0eNKWqJAoGO85qhZNVCRHG2IrqjGiqAlY8GvP3rfMpYfj1F8PL9UshPJaYNk5n05YftBeLTNczuyMXbdlu4vs0RtjCU-qKKZtNbLEB9A9tXLgrzf9v5Q4_dHs_gsaPtJI2eCiUpuLWe7aQceA_VfE2ciYKBL_o8CvAfKt4cv5G2QGjkDsrjQjlA9mZtKjpSGi5as3Ni-quclZymvkgHoZrjNrvJSXMvJKQ9Pfx9iowjAAM5ee0q9j99Q33zpfT__1tgN-PyRiEI4VTGu-A-ilTDqSda8dvUnTGrPwNl4MwKtEPebOzwv0NREGZ5Aqjc9dVFtrHieanCJ7zKOaf-TZerroz6Z6R4jOdXJgs44YkBzIqfXaSqR43oRIGeGYu0ULkJsdlfB1YGbVAOyoo9TQsB4zIFhCbr4JWJm6r6Fm25xVXLzcot-FGVnOi59vlj-Tl7sOvLXHTAlHmURAlgkQlyTlipbUXdMKaCSmqlE3FaBUlXt2LfFMJa9lpS2Y7nQQIt1r4XTh3_o3-mlVws4cs-esZdpu270rxp2QS51TqBK4e38DFf_Qo27SKk_C1KrLkRjJkbBPiCEUNWv49DCDIb5AOnmIQo-6ecA2ccg5O__1Rm2FjDgHq3830Jfmpv79YfShxQwXZQJZ8PXcYS5zIuMCLh3WWPvtXuq2cAPXrsyZ3lUpUtz0Ch3cSQ7mPjbT65pGJryNjfdf7lFuE6udRVH3OsS5OFkhoh1e3XRnLsXQLSScNoEoAfeIqZ_lOGUC8Ofi7FEY8xgF6mc87Y3CO7mtWtbeh2QctxGp_vgYdTDhcKDGyXxg3RULICSXx_MljEdaG4ru3b_FHiQZGAc1xzIAvSgxIh3kTcEnoIG_l0JDoCKLzLJ2zRBMr4vQrUIy2fMTs_7OeFGmGuE3ocdDNWIDCmhDTZHMV1Hx-mz5Yqu9lveuH5b47o8nCIUhSoK9rcaOFT1dYC-1kAJgdw9g68-HucbLDu6EwJTpJz_CkVlTIJx2haYU0zyl-2iI52YgWtt2y1PKRZIPAQaUUm5JbneXl4nJPqpUSoaYHMXJK_4oduQzF1jHEe7HLEmUoIikBPrJbj9JO0eCOHw33-p0Fj25OH_0rB_8rMOSxwmrWUJ64e_sk7pinl2R1l8BcUNHBJC3U2zOQMvFBD13JXPbnGxayJ_tZLw_izNYrAyVytp2T-rPweg29WS84DJGeIoVkmtWn_ZORp01ns6RfK_xhqy2uhqz2ugRr6XI3k5Xfkjmn9MzTHhubwBIkQ8WV7rLF_yFDalU4xn78fJQc7bGJqUuOx-b9QnB8zvNdyf_VUzIX0p7OXktX2L8tHkMdyet24ATlazeK3mb48vRdTmhIwoo50GUl9IZ8RKEpB9YErF_hHoEZNmIj9i7M0nxBM_S8a7bqv1l7691FjLM0cseJeeNntYe8ko5nbEnml5Dqx5ZrSWeSxKkj_rrDTcbQMjB8LFvgn1ivx6F4Ou5MCD9G8yGo7x4Ebi_3MEpvLmOALXqC5JxAsEkQvRMpVzJSVxZsxlI4RzBy9g_k211VeACHvetJFvrKy5CpRlCkMaSs-d5gVQnG1jRQKuQirUw90LpkQR8eUV2w60I80GSTcRo0ublLNfK-NRnj9wNBKh99xd0PsqtFeukgF8Bu9hJd4Ps2ZYULHz3AZjT6VTC6xuDR3PSmOVdn14Twq5JwXaEm1FZtgINjhuUD9G5-9ZnMtaPwjoddKrawGcyBNLk8VSbnj8ENuRG84kEV8GOTPg0O-BM66drH6-XAMZyA_7tqvjSnwOsj-SuU3olrH8F-IFRqSMvgh-4sBek7HBaC7bAd24b0E7jLhFpDpPjI8XsoMu8yIOiyHoniu2Pb_KvcfhNEzywlxtbYgFaciKB-_9eJXoHcwiqWGuBA9THAoDKZKoqWl1cjcMEgvWb0sxrtrtukvtM6RflWSH2oCr6u6M3EuQalALAud2ZzR4hLizCeY3U1j1xVB8mnsx6-q1GYHeSPagz0pY8MI2rdCAuBARalH9KKGk9RYgzZmr2_Uw9qFhSzaorpyqditulRG4deCBy3R4i_y5rL8pnvhss8uI_nT6QAy-g7KjXx94nJ9gpcJlM2idoKe6xx6rSYF85PjtizkO9KMLCFHHNdv5pyfPg5YSXF0k4HosOvRFEPyXVVj2-u4gmSxHXCLtQkqkJ1pzYgSTXSDqUUHpE2AnWlbblsfVy-E3C6dfsGhqVuiQ4m6kQ5fYFRk8iThtcclGf556RJnYQ7EaIdmX40dECpzxS0wg0r1_etehMDbO3yVPU2w-fd9qUt1f2oexqFxDzDOTEIMZHYhY0G2g3XQuVYczLZaPw9BW-CRsfs_Vnupwqaqh3DB3MmLmEfK1OcgqncO0A8dSLRIIRtAqTvp7OFbTNLh5Q0MiaI0XKlZNWGHrRZmBpPdPbb7pJ1BWA_U2lt-0tjJaFL7_B-MRY1NQtIlJvTzW2Yz31NQ9jAT60jqXF4Y3yFa77217Rn-8NCyEm60Rny6FtUHrRdgVY9ztrSUeIAirEksTcTkf8emy7OEHVxqqzLxpZszjqvl-edvu8jT7URtR_HGhRoQMaRaK2fUbx7XthQoXTK9pxs1DcqoKsDoQQ7LHUfwm2Brh7hKqZPIo3QuTqmnHczjpQgJpZjfg8lfZSVDVq0lsDXqxTl-Qp9P2Lmkfd0NZGhgv2gIL64PbiIdIAhuni0G-PngdnMeKmmxImIKRSEEjfJzSGx6UHlboLjT-rXjJ3uvimPnAGnfENLkCpWdX0oIPZVIkcKZpu08NIHGHbxx3yeQokeAOo_mGjmPF5DOXLQuibql6tZzP3qdYK2lP3Ap4LO9YSfGXFPyN7Dan9g_umllMTDWKe-NSq9ruNRtIxw8GjywDTPut2uVhT9ZCuA0TYw_ccJmmAe0gG6PLr2jkklqoM20vmkdaB3fnguUJchcDMDhpAN3w3rhKcna5Z7pboxb4ZYCWTWiqF2YQeH8GUlHs0R34dO5B_Te2h6quirXSrtLHk51e71JCZj35FmHbz4RqcmRDyUd7HyB7BHjZwW73qZdkXfi42ICScQW74EM60AY7hIhC2SWlbdZjD9wE78PG9e7EU5qLVxW0N1orGheBOC7AQahQYg8bQeMkRjtHKNTKy7wXnBiLMWLl7rDVR_R8gPdwrHTc2m6jN5YWxP6jTUnOAhpiuBazXyXxP7xLgBcWTp1oBjrbAiIlwDQKqrlowYArxtB9xevnX4fFOp0NKujl1vDCmFqR2APe2khzPQ21xpTCAQSSwDq26N9gFhN-d_DP4DUfBxx7JCd8Gx4m_TlF726F2179OVWVMcQ_l0hFTwpwPRbZHTBXMIqC9Aodq-tF59RlprwRejRCZsRo469thgBIBNgAQ&ias_dspID=3&ias_campId=1008772806&ias_pubId=pub-4894209870857905&ias_chanId=1&ias_placementId=18137318546&bidurl=https://creditosaibamais.com/pis-disponivel/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iovvzKQTnAiCIFNgoSKeME&adsafe_url=https%3A%2F%2Fcreditosaibamais.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fcreditosaibamais.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=bed&adsafe_jsinfo=,id:ee5f2069-5dde-7c37-e338-c96df14e001a,c:1btMxg,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-5bd77c4f97-ptj2d,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:3,mot:0,app:0,maw:0,fm:tsPkfwi+11%7C12%7C13%7C141%7C142%7C15%7C1611%7C1612%7C17%7C181%7C182%7C183%7C191*.1135760-65089104%7C1911%7C1a1%7C1b,idMap:191*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:24,oid:3d65dbb6-9347-11ed-b7ea-62e9a01f3e07,v:19.8.377,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNUmvv4pxUyVZEBURwh6Xzm0YkU-yVqLyUdxnUQLPE1hMkXY8qo&d=CokBAKAmf-CXx8qtSaE_gCY0yADDNelLa-MqLXiXQyR-enynXkiTt5p39tjrWBipcNYlwLS1ckyEMCOBLAZLGnSD1uYoVSKIjD5IhEjxzxYWuyItlra1Lib9qsiXBmZ3kStglqxQ63-wYTzUExUxL0slMUcGOQgQpA2DPdtyTuv8poG_LR5wQNmASvQS2RUAoCZ_4H9j9DDanY1Arefeb8kORN4aPFm3naO6DkP2SXtcolx_m1wueo1F_Ll9hP609KAgPB3Q8mWAQQ63A36htU8RbzrONyGxaq-DkpIu0krRGrhO_aXJ8wRdG6E9z24VQgMQ1R2DYEFhNkSpeePjLnnPamQWh8D6FkBP6yE7jUBSndlVXZoek4faV9TvJkjK9lMng9RCFV-ROwIhacI5TQPTvLfzOjuO7li1HB-ed-xHt2OnmGUz-rsSjUzunV7FhVcJw5Hk-nPfUyBqWZ0DixpYfv7OtGn-mij2jBZRCo9kWjfTfxcIDd1J7E6XCKTzYyzXURCimZy_k3LoNATgO4VrybrznvzBCgFK4aludQqHIl9e5Z3Uj3leFLfdnj_gAc5cw5RqNAb4ggPCN-h8VrQgc6EstszKevcet0eNKWqJAoGO85qhZNVCRHG2IrqjGiqAlY8GvP3rfMpYfj1F8PL9UshPJaYNk5n05YftBeLTNczuyMXbdlu4vs0RtjCU-qKKZtNbLEB9A9tXLgrzf9v5Q4_dHs_gsaPtJI2eCiUpuLWe7aQceA_VfE2ciYKBL_o8CvAfKt4cv5G2QGjkDsrjQjlA9mZtKjpSGi5as3Ni-quclZymvkgHoZrjNrvJSXMvJKQ9Pfx9iowjAAM5ee0q9j99Q33zpfT__1tgN-PyRiEI4VTGu-A-ilTDqSda8dvUnTGrPwNl4MwKtEPebOzwv0NREGZ5Aqjc9dVFtrHieanCJ7zKOaf-TZerroz6Z6R4jOdXJgs44YkBzIqfXaSqR43oRIGeGYu0ULkJsdlfB1YGbVAOyoo9TQsB4zIFhCbr4JWJm6r6Fm25xVXLzcot-FGVnOi59vlj-Tl7sOvLXHTAlHmURAlgkQlyTlipbUXdMKaCSmqlE3FaBUlXt2LfFMJa9lpS2Y7nQQIt1r4XTh3_o3-mlVws4cs-esZdpu270rxp2QS51TqBK4e38DFf_Qo27SKk_C1KrLkRjJkbBPiCEUNWv49DCDIb5AOnmIQo-6ecA2ccg5O__1Rm2FjDgHq3830Jfmpv79YfShxQwXZQJZ8PXcYS5zIuMCLh3WWPvtXuq2cAPXrsyZ3lUpUtz0Ch3cSQ7mPjbT65pGJryNjfdf7lFuE6udRVH3OsS5OFkhoh1e3XRnLsXQLSScNoEoAfeIqZ_lOGUC8Ofi7FEY8xgF6mc87Y3CO7mtWtbeh2QctxGp_vgYdTDhcKDGyXxg3RULICSXx_MljEdaG4ru3b_FHiQZGAc1xzIAvSgxIh3kTcEnoIG_l0JDoCKLzLJ2zRBMr4vQrUIy2fMTs_7OeFGmGuE3ocdDNWIDCmhDTZHMV1Hx-mz5Yqu9lveuH5b47o8nCIUhSoK9rcaOFT1dYC-1kAJgdw9g68-HucbLDu6EwJTpJz_CkVlTIJx2haYU0zyl-2iI52YgWtt2y1PKRZIPAQaUUm5JbneXl4nJPqpUSoaYHMXJK_4oduQzF1jHEe7HLEmUoIikBPrJbj9JO0eCOHw33-p0Fj25OH_0rB_8rMOSxwmrWUJ64e_sk7pinl2R1l8BcUNHBJC3U2zOQMvFBD13JXPbnGxayJ_tZLw_izNYrAyVytp2T-rPweg29WS84DJGeIoVkmtWn_ZORp01ns6RfK_xhqy2uhqz2ugRr6XI3k5Xfkjmn9MzTHhubwBIkQ8WV7rLF_yFDalU4xn78fJQc7bGJqUuOx-b9QnB8zvNdyf_VUzIX0p7OXktX2L8tHkMdyet24ATlazeK3mb48vRdTmhIwoo50GUl9IZ8RKEpB9YErF_hHoEZNmIj9i7M0nxBM_S8a7bqv1l7691FjLM0cseJeeNntYe8ko5nbEnml5Dqx5ZrSWeSxKkj_rrDTcbQMjB8LFvgn1ivx6F4Ou5MCD9G8yGo7x4Ebi_3MEpvLmOALXqC5JxAsEkQvRMpVzJSVxZsxlI4RzBy9g_k211VeACHvetJFvrKy5CpRlCkMaSs-d5gVQnG1jRQKuQirUw90LpkQR8eUV2w60I80GSTcRo0ublLNfK-NRnj9wNBKh99xd0PsqtFeukgF8Bu9hJd4Ps2ZYULHz3AZjT6VTC6xuDR3PSmOVdn14Twq5JwXaEm1FZtgINjhuUD9G5-9ZnMtaPwjoddKrawGcyBNLk8VSbnj8ENuRG84kEV8GOTPg0O-BM66drH6-XAMZyA_7tqvjSnwOsj-SuU3olrH8F-IFRqSMvgh-4sBek7HBaC7bAd24b0E7jLhFpDpPjI8XsoMu8yIOiyHoniu2Pb_KvcfhNEzywlxtbYgFaciKB-_9eJXoHcwiqWGuBA9THAoDKZKoqWl1cjcMEgvWb0sxrtrtukvtM6RflWSH2oCr6u6M3EuQalALAud2ZzR4hLizCeY3U1j1xVB8mnsx6-q1GYHeSPagz0pY8MI2rdCAuBARalH9KKGk9RYgzZmr2_Uw9qFhSzaorpyqditulRG4deCBy3R4i_y5rL8pnvhss8uI_nT6QAy-g7KjXx94nJ9gpcJlM2idoKe6xx6rSYF85PjtizkO9KMLCFHHNdv5pyfPg5YSXF0k4HosOvRFEPyXVVj2-u4gmSxHXCLtQkqkJ1pzYgSTXSDqUUHpE2AnWlbblsfVy-E3C6dfsGhqVuiQ4m6kQ5fYFRk8iThtcclGf556RJnYQ7EaIdmX40dECpzxS0wg0r1_etehMDbO3yVPU2w-fd9qUt1f2oexqFxDzDOTEIMZHYhY0G2g3XQuVYczLZaPw9BW-CRsfs_Vnupwqaqh3DB3MmLmEfK1OcgqncO0A8dSLRIIRtAqTvp7OFbTNLh5Q0MiaI0XKlZNWGHrRZmBpPdPbb7pJ1BWA_U2lt-0tjJaFL7_B-MRY1NQtIlJvTzW2Yz31NQ9jAT60jqXF4Y3yFa77217Rn-8NCyEm60Rny6FtUHrRdgVY9ztrSUeIAirEksTcTkf8emy7OEHVxqqzLxpZszjqvl-edvu8jT7URtR_HGhRoQMaRaK2fUbx7XthQoXTK9pxs1DcqoKsDoQQ7LHUfwm2Brh7hKqZPIo3QuTqmnHczjpQgJpZjfg8lfZSVDVq0lsDXqxTl-Qp9P2Lmkfd0NZGhgv2gIL64PbiIdIAhuni0G-PngdnMeKmmxImIKRSEEjfJzSGx6UHlboLjT-rXjJ3uvimPnAGnfENLkCpWdX0oIPZVIkcKZpu08NIHGHbxx3yeQokeAOo_mGjmPF5DOXLQuibql6tZzP3qdYK2lP3Ap4LO9YSfGXFPyN7Dan9g_umllMTDWKe-NSq9ruNRtIxw8GjywDTPut2uVhT9ZCuA0TYw_ccJmmAe0gG6PLr2jkklqoM20vmkdaB3fnguUJchcDMDhpAN3w3rhKcna5Z7pboxb4ZYCWTWiqF2YQeH8GUlHs0R34dO5B_Te2h6quirXSrtLHk51e71JCZj35FmHbz4RqcmRDyUd7HyB7BHjZwW73qZdkXfi42ICScQW74EM60AY7hIhC2SWlbdZjD9wE78PG9e7EU5qLVxW0N1orGheBOC7AQahQYg8bQeMkRjtHKNTKy7wXnBiLMWLl7rDVR_R8gPdwrHTc2m6jN5YWxP6jTUnOAhpiuBazXyXxP7xLgBcWTp1oBjrbAiIlwDQKqrlowYArxtB9xevnX4fFOp0NKujl1vDCmFqR2APe2khzPQ21xpTCAQSSwDq26N9gFhN-d_DP4DUfBxx7JCd8Gx4m_TlF726F2179OVWVMcQ_l0hFTwpwPRbZHTBXMIqC9Aodq-tF59RlprwRejRCZsRo469thgBIBNgAQ

Request Chain 195

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECXtsJWJxr1cS4F6HXf9zYE&google_cver=1

Request Chain 197

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEOfFcmx4JMbfP-lzZ4KZew4&google_cver=1

238 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
creditosaibamais.com/pis-disponivel/
Redirect Chain

https://plantaocredito2.lt.acemlna.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZsaW5rLmNyZWRpdG9zYWliYW1haXMuY29tJTJGbCUyRjIxNTc=&sig=EbZ5zP3xQMW6HxdGMzXRPJhiCt75b4QkwbyY4M1pv6ut&iat=167360...
https://link.creditosaibamais.com/l/2157
https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

47 KB
13 KB

1020ms
587ms

Document
text/html

143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 4683578b8e594795727aa2db940e7c262e27b19d74b45664df93f863700c2310

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Fri, 13 Jan 2023 13:36:05 GMT
Link: <https://creditosaibamais.com/wp-json/>; rel="https://api.w.org/" <https://creditosaibamais.com/wp-json/wp/v2/pages/4466>; rel="alternate"; type="application/json" <https://creditosaibamais.com/?p=4466>; rel=shortlink
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked

Redirect headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Fri, 13 Jan 2023 13:36:05 GMT
Location: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked

GET
H/1.1 200
OK style.min.css
creditosaibamais.com/wp-includes/css/dist/block-library/ 81 KB
82 KB 167ms
165ms Stylesheet
text/css 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-includes/css/dist/block-library/style.min.css?ver=5.9.3
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:06 GMT
Last-Modified: Wed, 30 Mar 2022 11:30:25 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "62443f51-145db"
Content-Type: text/css
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 83419
Expires: Mon, 08 Jan 2024 13:36:06 GMT

GET
H/1.1 200
OK style-index.css
creditosaibamais.com/wp-content/plugins/activecampaign-subscription-forms/activecampaign-form-block/build/ 70 B
387 B 487ms
162ms Stylesheet
text/css 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/plugins/activecampaign-subscription-forms/activecampaign-form-block/build/style-index.css?ver=1642171375
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 55bd442d45ef481e3f0eb795894dd94f1a5e38f2a4847c2f49371010e1e013c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:06 GMT
Last-Modified: Fri, 14 Jan 2022 14:42:55 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "61e18bef-46"
Content-Type: text/css
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 70
Expires: Mon, 08 Jan 2024 13:36:06 GMT

GET
H/1.1 200
OK styles.css
creditosaibamais.com/wp-content/plugins/contact-form-7/includes/css/ 3 KB
3 KB 489ms
163ms Stylesheet
text/css 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.6
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:06 GMT
Last-Modified: Sun, 08 May 2022 23:34:42 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "62785392-aab"
Content-Type: text/css
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2731
Expires: Mon, 08 Jan 2024 13:36:06 GMT

GET
H2 200 css
fonts.googleapis.com/ 22 KB
2 KB 126ms
45ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C400i%2C600%2C600i%7CRoboto%3A300%2C400%2C400italic%2C500%2C500italic%2C700&ver=0.1.3

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cbe6c2139a7ee9ef7c256c7bb137b2e26eeb351c4c762b1be45d8a22d950f295

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 13 Jan 2023 13:36:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 13 Jan 2023 13:16:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 13 Jan 2023 13:36:06 GMT

GET
H/1.1 200
OK font-awesome.min.css
creditosaibamais.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 30 KB
31 KB 651ms
325ms Stylesheet
text/css 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: c4047043368afb4baf1aed25d358a5c2a333842a3b436b58491ab36aeee65b9d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:06 GMT
Last-Modified: Tue, 03 May 2022 20:23:31 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "62718f43-7917"
Content-Type: text/css
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 30999
Expires: Mon, 08 Jan 2024 13:36:06 GMT

GET
H/1.1 200
OK style.css
creditosaibamais.com/wp-content/themes/tema2/ 59 KB
60 KB 660ms
330ms Stylesheet
text/css 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/themes/tema2/style.css?ver=0.1.3
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 3199c60c8b2fce672c86cc24ba032d20cd2d43763ee33e5c4c281c99dbda31ae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:06 GMT
Last-Modified: Mon, 06 Dec 2021 00:12:41 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "61ad5579-edb7"
Content-Type: text/css
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 60855
Expires: Mon, 08 Jan 2024 13:36:06 GMT

GET
H/1.1 200
OK elementor-icons.min.css
creditosaibamais.com/wp-content/plugins/elementor/assets/lib/eicons/css/ 19 KB
19 KB 660ms
330ms Stylesheet
text/css 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.15.0
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: b651d87ef113cba0c8ec8a33bfdb694171effeba56b20be12e3c77fc15f6ae9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:06 GMT
Last-Modified: Tue, 03 May 2022 20:23:30 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "62718f42-4ab8"
Content-Type: text/css
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19128
Expires: Mon, 08 Jan 2024 13:36:06 GMT

GET
H/1.1 200
OK frontend-lite.min.css
creditosaibamais.com/wp-content/plugins/elementor/assets/css/ 105 KB
106 KB 810ms
323ms Stylesheet
text/css 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.6.5
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: b5e616193a9a5e9bbfe2bc8b0e984c3fa1b217dbffb16483cf36cdcbed0e33f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:06 GMT
Last-Modified: Tue, 03 May 2022 20:23:31 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "62718f43-1a592"
Content-Type: text/css
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 107922
Expires: Mon, 08 Jan 2024 13:36:06 GMT

GET
H/1.1 200
OK post-4.css
creditosaibamais.com/wp-content/uploads/sites/12/elementor/css/ 1 KB
2 KB 651ms
162ms Stylesheet
text/css 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/uploads/sites/12/elementor/css/post-4.css?ver=1652053573
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: f7537fe48313beaa83766e1d4ed1269684c06d6717a0a6e08f560f9f130420f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:06 GMT
Last-Modified: Sun, 08 May 2022 23:46:13 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "62785645-4e1"
Content-Type: text/css
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1249
Expires: Mon, 08 Jan 2024 13:36:06 GMT

GET
H/1.1 200
OK frontend.min.css
creditosaibamais.com/wp-content/plugins/elementor-pro/assets/css/ 206 KB
206 KB 660ms
165ms Stylesheet
text/css 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.0.10
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 1c8265dfea61fdbeb7770b27478fa751de4f9a0d8647867f98a0a47c00255842

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:06 GMT
Last-Modified: Wed, 20 Jan 2021 14:12:02 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60083a32-33812"
Content-Type: text/css
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 210962
Expires: Mon, 08 Jan 2024 13:36:06 GMT

GET
H/1.1 200
OK global.css
creditosaibamais.com/wp-content/uploads/sites/12/elementor/css/ 33 KB
33 KB 815ms
163ms Stylesheet
text/css 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/uploads/sites/12/elementor/css/global.css?ver=1652053574
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 2d9c137b6960ae5904b796eb09dcb46525fc0af84f687c85b2339b566931f437

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Sun, 08 May 2022 23:46:14 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "62785646-84ae"
Content-Type: text/css
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 33966
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H/1.1 200
OK post-4466.css
creditosaibamais.com/wp-content/uploads/sites/12/elementor/css/ 670 B
989 B 816ms
163ms Stylesheet
text/css 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/uploads/sites/12/elementor/css/post-4466.css?ver=1673529367
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 47aa4b4ea3e151b53fe4eb592bc0157afd53645c3d9ee3842cdd8b777a925d41

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Thu, 12 Jan 2023 13:16:07 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "63c00817-29e"
Content-Type: text/css
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 670
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H2 200 css
fonts.googleapis.com/ 42 KB
2 KB 125ms
46ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=5.9.3

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5dfdf00359b7743919a732ae8eb80536ff206faaf16a99fcdd3f967aca1f81e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 13 Jan 2023 13:36:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 13 Jan 2023 12:09:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 13 Jan 2023 13:36:06 GMT

GET
H/1.1 200
OK jquery.min.js Show response
creditosaibamais.com/wp-includes/js/jquery/ 87 KB
88 KB 827ms
165ms Script
application/javascript 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Wed, 10 Mar 2021 15:07:24 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "6048e0ac-15db1"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 89521
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H/1.1 200
OK jquery-migrate.min.js Show response
creditosaibamais.com/wp-includes/js/jquery/ 11 KB
11 KB 979ms
163ms Script
application/javascript 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Wed, 18 Nov 2020 09:06:06 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5fb4e3fe-2bd8"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11224
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H/1.1 200
OK classie.js Show response
creditosaibamais.com/wp-content/themes/tema2/assets/js/ 2 KB
2 KB 990ms
165ms Script
application/javascript 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/themes/tema2/assets/js/classie.js?ver=1
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 3b47c4996ccab3caa2140b473cbdaa5b98b9ea58c1936d51e6b565b0f57730ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Fri, 03 Dec 2021 20:21:23 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "61aa7c43-8a6"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2214
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 79 KB
27 KB 133ms
49ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

58d2ee67427a1eabc5002517ae856d546cb6a395a1b4ca8d22fad1d613fb98bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27540
x-xss-protection: 0
server: sffe
etag: "1450 / 398 of 1000 / last-modified: 1673611644"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 13 Jan 2023 13:36:07 GMT

GET
H2 200 push-notification.js Show response
script.joinads.me/ 1 KB
838 B 87ms
30ms Script
application/javascript 2a06:98c1:3120::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.joinads.me/push-notification.js
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39d0fd9943a1069718bb60c51587b8a2b7711d562766565fafd8ac6050e44cdb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:06 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 256522
cf-polished: origSize=1350
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 01 Apr 2021 12:59:38 GMT
server: cloudflare
etag: W/"6065c3ba-546"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bk8s%2BDPsaAEsvOS7hfUB8ackRQFngiFJs8HOr%2BjR7YBakMGJXtMvb2VbezPg9BX0XxzgwU9DwXDtK8RK02g6%2F7TP3NobwiZhqNJzR8kyoJUfHYmPrK9071MLD6gaWeya8F5PV5RlnodVGyvdJNacng%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31104000
cf-ray: 788e84d87c4092b1-FRA
expires: Fri, 05 Jan 2024 14:20:44 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
49 KB 215ms
98ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3685392670532966

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a86bc8aa4ba39403c3e9a769d2c551a7f5dda0eb6bd261e97fd623d3303067b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://creditosaibamais.com/
Origin: https://creditosaibamais.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49634
x-xss-protection: 0
server: cafe
etag: 1520021474471274420
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 13 Jan 2023 13:36:07 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 186 KB
68 KB 194ms
77ms Script
application/javascript 2a00:1450:400d:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10883628328

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ba44cde83ffdd8f5cabc83d7d2b226d1ea7eb5661d8870fe5476045e18e06fd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69283
x-xss-protection: 0
last-modified: Fri, 13 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 13 Jan 2023 13:36:07 GMT

GET
H/1.1 200
OK cropped-logo_200x200-3-1-1.png
creditosaibamais.com/wp-content/uploads/sites/12/2022/02/ 2 KB
2 KB 300ms
162ms Image
image/png 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creditosaibamais.com/wp-content/uploads/sites/12/2022/02/cropped-logo_200x200-3-1-1.png
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e5eb6c4e3ff1fd8123d9549308f4385872cf2512b528220d2604a7339c059962

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Thu, 10 Feb 2022 14:10:26 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "62051cd2-714"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1812
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H/1.1 200
OK site_tracking.js Show response
creditosaibamais.com/wp-content/plugins/activecampaign-subscription-forms/ 1 KB
2 KB 165ms
165ms Script
application/javascript 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/plugins/activecampaign-subscription-forms/site_tracking.js?ver=5.9.3
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 9a19938485ca7f6c582d3f78d17d9e443d26b260cac24c9dd9499f70b5d28390

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Fri, 14 Jan 2022 14:42:55 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "61e18bef-57b"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1403
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H/1.1 200
OK regenerator-runtime.min.js Show response
creditosaibamais.com/wp-includes/js/dist/vendor/ 6 KB
7 KB 162ms
162ms Script
application/javascript 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Mon, 15 Nov 2021 16:35:13 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "61928c41-195e"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6494
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H/1.1 200
OK wp-polyfill.min.js Show response
creditosaibamais.com/wp-includes/js/dist/vendor/ 19 KB
19 KB 167ms
167ms Script
application/javascript 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Mon, 15 Nov 2021 12:50:17 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "61925789-4b3d"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19261
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H/1.1 200
OK index.js Show response
creditosaibamais.com/wp-content/plugins/contact-form-7/includes/js/ 9 KB
10 KB 165ms
163ms Script
application/javascript 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.6
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 679e44f9b4bbbc2ad0c4000c1413fd3a88627d83f1cba8ebdac26f81bc7edb78

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Sun, 08 May 2022 23:34:42 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "62785392-25f8"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9720
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H/1.1 200
OK slick.js Show response
creditosaibamais.com/wp-content/themes/tema2/assets/js/ 87 KB
88 KB 166ms
163ms Script
application/javascript 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/themes/tema2/assets/js/slick.js?ver=0.1.3
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 1188460bd909dd436072c59c51e4599eda9e98d99eae9b554f49b38f37e9d7ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Fri, 03 Dec 2021 20:21:24 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "61aa7c44-15d39"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 89401
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H/1.1 200
OK sidebar-menu.js Show response
creditosaibamais.com/wp-content/themes/tema2/assets/js/ 4 KB
5 KB 167ms
165ms Script
application/javascript 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/themes/tema2/assets/js/sidebar-menu.js?ver=0.1.3
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 939d7a7d1e3d9ba01e872498508970299f9fb72c6f997b5cb108cf143801fab9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Fri, 03 Dec 2021 20:21:24 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "61aa7c44-10e0"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4320
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H/1.1 200
OK inview.js Show response
creditosaibamais.com/wp-content/themes/tema2/assets/js/ 6 KB
6 KB 165ms
164ms Script
application/javascript 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/themes/tema2/assets/js/inview.js?ver=0.1.3
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 7a9cf10205d9af79b873f6199a2a50c7ff8375b8d4613b8570d27f206163dacf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Fri, 03 Dec 2021 20:21:23 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "61aa7c43-1609"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5641
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H/1.1 200
OK themes.js Show response
creditosaibamais.com/wp-content/themes/tema2/assets/js/ 3 KB
3 KB 165ms
165ms Script
application/javascript 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/themes/tema2/assets/js/themes.js?ver=0.1.3
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 67279c322cc6b5c37ab83ad7b7a201507f5be3df340fec03f97f80feb793a4c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Fri, 03 Dec 2021 20:21:25 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "61aa7c45-af8"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2808
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H/1.1 200
OK webpack.runtime.min.js Show response
creditosaibamais.com/wp-content/plugins/elementor/assets/js/ 5 KB
5 KB 165ms
165ms Script
application/javascript 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.6.5
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: b6d39822e34f949768c8aa5d6c99e4cde5013f2221990bf58137e8e2913d4ba7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Tue, 03 May 2022 20:23:30 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "62718f42-1360"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4960
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H/1.1 200
OK frontend-modules.min.js Show response
creditosaibamais.com/wp-content/plugins/elementor/assets/js/ 14 KB
14 KB 162ms
162ms Script
application/javascript 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.6.5
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: eebb7c9b62d8028d702b547bcef97e776ada693cbafa64161471b1f96f5d0556

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Tue, 03 May 2022 20:23:30 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "62718f42-37c5"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14277
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H/1.1 200
OK jquery.sticky.min.js Show response
creditosaibamais.com/wp-content/plugins/elementor-pro/assets/lib/sticky/ 6 KB
7 KB 163ms
163ms Script
application/javascript 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.0.10
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: a48dea362116d7516a2cf97066a32758d353760ee02dbf900ddff86b02a16473

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Sun, 10 May 2020 13:09:58 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5eb7fd26-19c3"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6595
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H/1.1 200
OK frontend.min.js Show response
creditosaibamais.com/wp-content/plugins/elementor-pro/assets/js/ 184 KB
184 KB 163ms
162ms Script
application/javascript 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.0.10
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: f3971b50c2fef5d876fd6c9e71e3627e52a1b486c2d590756b352059319a6446

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Wed, 20 Jan 2021 14:12:02 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60083a32-2e01c"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 188444
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H/1.1 200
OK waypoints.min.js Show response
creditosaibamais.com/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
12 KB 165ms
164ms Script
application/javascript 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Tue, 03 May 2022 20:23:31 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "62718f43-2fa6"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12198
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H/1.1 200
OK core.min.js Show response
creditosaibamais.com/wp-includes/js/jquery/ui/ 20 KB
21 KB 165ms
165ms Script
application/javascript 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 9d7da1b980a95ff3d31d0bb8733cbabd1d210ec601d15a1aac2b67394a33191d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Thu, 03 Feb 2022 00:04:02 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "61fb1bf2-50ea"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20714
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H/1.1 200
OK frontend.min.js Show response
creditosaibamais.com/wp-content/plugins/elementor/assets/js/ 37 KB
37 KB 165ms
165ms Script
application/javascript 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.6.5
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: bccb715aeac8a50b19f527b17f3a1e86142e1b8ad8711c3195ce297696feb490

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Tue, 03 May 2022 20:23:30 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "62718f42-936d"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 37741
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 219 KB
77 KB 260ms
144ms Script
application/javascript 2a00:1450:400d:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3J8W9ZHFES

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0e36f53a8608923f566d77e1e90177aa3916a574812d77ac678050ca6352d94e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78447
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 13 Jan 2023 13:36:07 GMT

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
creditosaibamais.com/wp-includes/js/ 18 KB
18 KB 162ms
162ms Script
application/javascript 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:08 GMT
Last-Modified: Tue, 08 Jun 2021 22:15:12 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bfebf0-4705"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18181
Expires: Mon, 08 Jan 2024 13:36:08 GMT

GET
H2 200 diffuser.js Show response
diffuser-cdn.app-us1.com/diffuser/ 24 KB
6 KB 48ms
15ms Script
application/javascript 2606:4700::6811:915b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://diffuser-cdn.app-us1.com/diffuser/diffuser.js
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:915b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 15eb202865d1d835fae2eff61bb922fa91fb4064a1fb850ebadab1f190782648

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:07 GMT
content-encoding: gzip
via: 1.1 603f36cbe39a66d93949b80e7296dad4.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: DUS51-P1
age: 117
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 21 Oct 2021 17:42:06 GMT
server: cloudflare
etag: W/"4d482a43613d3966f353ec9d97452e0c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=300
cf-ray: 788e84df99c09a24-FRA
x-amz-cf-id: 3MRMzQVQ_bZUR_HlkJ5oeFdcBpJiS9e9rBdVqIKbqP3ek626XXnArw==

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 44 KB
44 KB 168ms
89ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C400i%2C600%2C600i%7CRoboto%3A300%2C400%2C400italic%2C500%2C500italic%2C700&ver=0.1.3#038;subset=latin%2Clatin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://creditosaibamais.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 18:50:24 GMT
x-content-type-options: nosniff
age: 326743
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Jan 2024 18:50:24 GMT

GET
H/1.1 200
OK fontawesome-webfont.woff2
creditosaibamais.com/wp-content/plugins/elementor/assets/lib/font-awesome/fonts/ 75 KB
76 KB 172ms
165ms Font
application/octet-stream 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/plugins/elementor/assets/lib/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://creditosaibamais.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0
Origin: https://creditosaibamais.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Tue, 03 May 2022 20:23:31 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "62718f43-12d68"
Content-Type: application/octet-stream
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 77160
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 107ms
36ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://creditosaibamais.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 19:42:15 GMT
x-content-type-options: nosniff
age: 64432
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 12 Jan 2024 19:42:15 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 116ms
45ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://creditosaibamais.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 16:44:52 GMT
x-content-type-options: nosniff
age: 334275
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Jan 2024 16:44:52 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 147ms
76ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://creditosaibamais.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 09:07:05 GMT
x-content-type-options: nosniff
age: 534542
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Jan 2024 09:07:05 GMT

GET
H/1.1 200
OK logo_200x200-3-1.png
creditosaibamais.com/wp-content/uploads/sites/12/2021/08/ 2 KB
2 KB 193ms
162ms Image
image/png 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creditosaibamais.com/wp-content/uploads/sites/12/2021/08/logo_200x200-3-1.png
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: d74858fa1bdb9c779a6b8a758993dc190aa1799b0c7c34e6d1d0555de0a9c5ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:07 GMT
Last-Modified: Wed, 11 Aug 2021 19:15:23 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "611421cb-823"
Content-Type: image/png
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2083
Expires: Mon, 08 Jan 2024 13:36:07 GMT

GET
H2 200 / Show response
prism.app-us1.com/ 248 B
462 B 206ms
166ms Script
application/javascript 2606:4700::6811:925b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prism.app-us1.com/?a=800525001&u=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163
Requested by: Host: diffuser-cdn.app-us1.com
URL: https://diffuser-cdn.app-us1.com/diffuser/diffuser.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:925b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.32
Resource Hash: 66bb8731526ca2f264a4ff3b68a2674f54d7e18420101a757bbf3857d1d45f69

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:07 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: PHP/7.4.32
content-type: application/javascript
cache-control: no-cache, private
x-envoy-upstream-service-time: 45
cf-ray: 788e84dffeb6910a-FRA

GET
H2 200 pubads_impl_2023010501.js Show response
securepubads.g.doubleclick.net/gpt/ 384 KB
130 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010501.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4274543e094ff39715b0b2f65cbfa69121de40baa152c9cf11b77454a05f8284

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 10:48:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10078
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132895
x-xss-protection: 0
last-modified: Thu, 05 Jan 2023 09:36:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 13 Jan 2024 10:48:09 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 602 B
320 B 143ms
71ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=creditosaibamais.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a920c72534b8a8c2c2dfc35e5779155ecde986a6155db7541ecdb143f0d22443

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 13 Jan 2023 13:36:07 GMT

GET
H2 200 t_prism_sitemessages.php Show response
trackcmp.net/ 0
315 B 178ms
137ms Script
text/javascript 2606:4700:4400::6812:2a69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trackcmp.net/t_prism_sitemessages.php?trackid=800525001&prismid=0d12afa2-c979-457e-a602-654b1bdede3e&url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163
Requested by: Host: diffuser-cdn.app-us1.com
URL: https://diffuser-cdn.app-us1.com/diffuser/diffuser.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2a69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.1.14
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:08 GMT
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: PHP/8.1.14
p3p: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
content-type: text/javascript;charset=UTF-8
cache-control: no-cache, private
x-envoy-upstream-service-time: 20
x-privacy-policy: You can find our privacy policy here: https://www.activecampaign.com/help/privacy-policy/
cf-ray: 788e84e14fb55c56-FRA
content-length: 0

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212050101/ 356 KB
117 KB 206ms
108ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3685392670532966&plah=creditosaibamais.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3685392670532966

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

30b414e63e540e7ccc4d1c2790f01d96d420452db53606a3de775fbdb7463197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119973
x-xss-protection: 0
server: cafe
etag: 13696131441240402094
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 13 Jan 2023 13:36:07 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230111/r20190131/ Frame 0541 10 KB
5 KB 122ms
40ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230111/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3685392670532966

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://creditosaibamais.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 52562
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 12 Jan 2023 23:00:05 GMT
etag: 10353107486223812946
expires: Thu, 26 Jan 2023 23:00:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 124ms
45ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=creditosaibamais.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 186ms
70ms Script
application/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=creditosaibamais.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 145 KB
42 KB 1255ms
1254ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4231814181886711&correlator=526932073217655&eid=31071519%2C31071523%2C31071603&output=ldjh&gdfp_req=1&vrg=2023010501&ptt=17&impl=fif&iu_parts=22526454507%2Ccreditosaibamais.com%2CCreditosaibamais_Interstitial_20230106&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=2&adks=3394202383&sfv=1-0-40&ists=1&fas=8&cust_params=id_post_wp%3D4466%26utm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&sc=1&cookie_enabled=1&abxe=1&dt=1673616967930&lmt=1673616967&dlt=1673616966417&idt=1473&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=1261674558.1673616968&ga_sid=1673616968&ga_hid=1692517812&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

19cafb8853fd14337b925f6f620ab4e3ed2f23890d03cb86a35934ba8bca4e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43313
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://creditosaibamais.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 45 KB
15 KB 1647ms
1646ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4231814181886711&correlator=526932073217655&eid=31071519%2C31071523%2C31071603&output=ldjh&gdfp_req=1&vrg=2023010501&ptt=17&impl=fif&iu_parts=22526454507%2Ccreditosaibamais.com%2CCreditosaibamais_Anchor_20230103&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=3&adks=34279657&sfv=1-0-40&ists=1&fas=2&cust_params=id_post_wp%3D4466%26utm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&sc=1&cookie_enabled=1&abxe=1&dt=1673616967934&lmt=1673616967&dlt=1673616966417&idt=1473&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=1261674558.1673616968&ga_sid=1673616968&ga_hid=1692517812&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c3e3b6cb4f96eff8b6467b5a3d78bb755e38175570bed48ee1027aea406ec75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14827
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://creditosaibamais.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 1 KB
518 B 231ms
230ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4231814181886711&correlator=526932073217655&eid=31071519%2C31071523%2C31071603&output=ldjh&gdfp_req=1&vrg=2023010501&ptt=17&impl=fif&iu_parts=22526454507%2Ccreditosaibamais.com%2CCreditosaibamais_Rewards_20230106&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=4&adks=959972807&sfv=1-0-40&ists=1&fas=11&rbvs=1&cust_params=id_post_wp%3D4466%26utm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&sc=1&cookie_enabled=1&abxe=1&dt=1673616967935&lmt=1673616967&dlt=1673616966417&idt=1473&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=1261674558.1673616968&ga_sid=1673616968&ga_hid=1692517812&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8988627f7ef2e1b08e31a4f94754df3efb0601ed58fde2ee5e0121d40ed59e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:08 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 488
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://creditosaibamais.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 19 KB
8 KB 1437ms
1437ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4231814181886711&correlator=526932073217655&eid=31071519%2C31071523%2C31071603&output=ldjh&gdfp_req=1&vrg=2023010501&ptt=17&impl=fif&iu_parts=22526454507%2Ccreditosaibamais.com%2CCreditosaibamais_Mobile_Fixed_20230106&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C320x100&ifi=5&adks=1746794222&sfv=1-0-40&cust_params=id_post_wp%3D4466%26utm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&sc=1&cookie_enabled=1&abxe=1&dt=1673616967936&lmt=1673616967&dlt=1673616966417&idt=1473&adxs=-12245933&adys=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=640&ohw=0&ga_vid=1261674558.1673616968&ga_sid=1673616968&ga_hid=1692517812&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea8e7f2662cdad99319e0494c9107d56d2adc56984a5576d2225dad9932dca12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8218
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://creditosaibamais.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B0CE 6 KB
3 KB 199ms
49ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://creditosaibamais.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 13 Jan 2023 13:36:08 GMT
expires: Sat, 13 Jan 2024 13:36:08 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads_2023010501.js Show response
securepubads.g.doubleclick.net/gpt/ 37 KB
14 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2023010501.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6ac622d38ff7386ff10f9d4fdf98898e1c1b08963329333177455579c8e0acc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 10 Jan 2023 19:26:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238184
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13848
x-xss-protection: 0
last-modified: Thu, 05 Jan 2023 09:36:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 10 Jan 2024 19:26:23 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10883628328/ 2 KB
1 KB 80ms
80ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10883628328/?random=1673616967959&cv=11&fst=1673616967959&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&tiba=pis-disponivel%20%E2%80%93%20Saiba%20Mais&auid=1509596727.1673616968&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10883628328

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fb600cdf5e6233f0fe2a06dac23c8005eec7958c5588ee4b58ac17f589bcba52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 943
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/10883628328/ 2 KB
2 KB 193ms
77ms Script
text/javascript 142.251.208.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/10883628328/?random=1673616967971&cv=11&fst=1673616967971&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&label=sgBQCMy6kYMYEKj628Uo&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&tiba=pis-disponivel%20%E2%80%93%20Saiba%20Mais&gtm_ee=1&auid=1509596727.1673616968&uaw=0&data=event%3Dconversion&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10883628328

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.208.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s42-in-f2.1e100.net

Software

cafe /

Resource Hash

f275fbe2269942626ca375796a97b1149ade4cf301b8811e4fe86b5e96359334

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 16 KB
7 KB 2036ms
2036ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4231814181886711&correlator=526932073217655&eid=31071519%2C31071523%2C31071603&output=ldjh&gdfp_req=1&vrg=2023010501&ptt=17&impl=fif&iu_parts=22526454507%2Ccreditosaibamais.com%2CCreditosaibamais_Content3&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C250x250%7C300x250%7C336x280&fluid=height&ifi=6&adks=1766104676&sfv=1-0-40&cust_params=id_post_wp%3D4466%26utm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&sc=1&cookie_enabled=1&abxe=1&dt=1673616967974&lmt=1673616967&dlt=1673616966417&idt=1473&adxs=240&adys=308&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&frm=20&vis=1&psz=486x0&msz=486x0&fws=4&ohw=1600&ga_vid=1261674558.1673616968&ga_sid=1673616968&ga_hid=1692517812&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ab132bd2320f278e4de443b40c25b201fa60610351fcbd6a23c905e8105ea07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6990
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://creditosaibamais.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/10883628328/ 42 B
548 B 188ms
74ms Image
image/gif 2a00:1450:400d:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10883628328/?random=1673616967959&cv=11&fst=1673614800000&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&tiba=pis-disponivel%20%E2%80%93%20Saiba%20Mais&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2317541406&rmt_tld=0&ipr=y

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:08 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/10883628328/ 42 B
548 B 128ms
50ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10883628328/?random=1673616967959&cv=11&fst=1673614800000&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&tiba=pis-disponivel%20%E2%80%93%20Saiba%20Mais&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2317541406&rmt_tld=1&ipr=y

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:08 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-conversion/10883628328/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10883628328/?random=1452285994&cv=11&fst=1673616967971&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&label=sgBQCMy6kYMYEKj6...
https://www.google.com/pagead/1p-conversion/10883628328/?random=1452285994&cv=11&fst=1673616967971&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&label=sgBQCMy6kYMYEKj628Uo&hn=www.googleads...
https://www.google.de/pagead/1p-conversion/10883628328/?random=1452285994&cv=11&fst=1673616967971&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&label=sgBQCMy6kYMYEKj628Uo&hn=www.googleadse...

42 B
108 B

53ms
53ms

Image
image/gif

2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/10883628328/?random=1452285994&cv=11&fst=1673616967971&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&label=sgBQCMy6kYMYEKj628Uo&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&tiba=pis-disponivel%20%E2%80%93%20Saiba%20Mais&gtm_ee=1&auid=1509596727.1673616968&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJZ0otRW5nWVFuS0NBNmYtcDZLWVhFaVlBTG5heEtYbUx6MVhUU1pGVElzVWRlN1hWbk1kZzM4TXZjbm1pcUNTaEtTZGNKZDlqbkEaWkNoRUlnSi1FbmdZUXlKN2tzdVRCX2JuckFSSXVBTUF5UmlmTkhBZnFDU2laeTZvTnMweXJnd3RnZUFoSzRkVVZOUWhmUmRmREF1Z2QyYTlVWnFMYzRrdGI5Zw&is_vtc=1&ocp_id=SF7BY4DxBo2qYuKkodAC&cid=CAQSKQDq26N9rtzIGsJmT3Ul_GWTPUBJMjJZOlRIT8Lnq7RqK2XOj1OeQ0K9IBM&random=1440218817&ipr=y&prhg=0

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:08 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:08 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/10883628328/?random=1452285994&cv=11&fst=1673616967971&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&label=sgBQCMy6kYMYEKj628Uo&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&tiba=pis-disponivel%20%E2%80%93%20Saiba%20Mais&gtm_ee=1&auid=1509596727.1673616968&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJZ0otRW5nWVFuS0NBNmYtcDZLWVhFaVlBTG5heEtYbUx6MVhUU1pGVElzVWRlN1hWbk1kZzM4TXZjbm1pcUNTaEtTZGNKZDlqbkEaWkNoRUlnSi1FbmdZUXlKN2tzdVRCX2JuckFSSXVBTUF5UmlmTkhBZnFDU2laeTZvTnMweXJnd3RnZUFoSzRkVVZOUWhmUmRmREF1Z2QyYTlVWnFMYzRrdGI5Zw&is_vtc=1&ocp_id=SF7BY4DxBo2qYuKkodAC&cid=CAQSKQDq26N9rtzIGsJmT3Ul_GWTPUBJMjJZOlRIT8Lnq7RqK2XOj1OeQ0K9IBM&random=1440218817&ipr=y&prhg=0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 224 B
653 B 184ms
69ms Script
text/javascript 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=creditosaibamais.com&callback=_gfp_s_&client=ca-pub-3685392670532966&cookie=ID%3D666be721e3470da3%3AT%3D1673616967%3AS%3DALNI_MaNWj45StniSqrp1zZ2LM7z6MQbsQ&gpic=UID%3D00000ba2078d5d7d%3AT%3D1673616967%3ART%3D1673616967%3AS%3DALNI_MZmrUZcrbyWPi0RUp_PTTT6w1_ouQ&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3685392670532966&plah=creditosaibamais.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

27d0e32056c8f455b6c150aebb6fc841b4839a60c5530dc2f3c111bab9957115

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 209
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 46ms
45ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=creditosaibamais.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 69ms
69ms Script
application/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=creditosaibamais.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2574 144 KB
41 KB 624ms
624ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3685392670532966&output=html&adk=1812271804&adf=3025194257&lmt=1673616968&plat=1%3A64%2C2%3A64%2C8%3A64%2C9%3A32776%2C11%3A64%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&plas=212x810_l%7C212x810_r&format=0x0&url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1673616967863&bpp=6&bdt=1446&idt=359&shv=r20230111&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D666be721e3470da3%3AT%3D1673616967%3AS%3DALNI_MaNWj45StniSqrp1zZ2LM7z6MQbsQ&gpic=UID%3D00000ba2078d5d7d%3AT%3D1673616967%3ART%3D1673616967%3AS%3DALNI_MZmrUZcrbyWPi0RUp_PTTT6w1_ouQ&nras=1&correlator=767833650634&frm=20&pv=2&ga_vid=1261674558.1673616968&ga_sid=1673616968&ga_hid=1692517812&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837&oid=2&pvsid=4231814181886711&tmod=411678226&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=375

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

198970b12d8e5b15e20404dfba81ae96b7debe76b03c70c758712a44475f54b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://creditosaibamais.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 42074
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Jan 2023 13:36:08 GMT
expires: Fri, 13 Jan 2023 13:36:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 216 KB
76 KB 81ms
81ms Script
application/javascript 2a00:1450:400d:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3J8W9ZHFES&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10883628328

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a68bf9c4aaff2bd7413c7e02fe5498d73cb3108ecdb08cc21b97c3f51462c1bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77337
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 13 Jan 2023 13:36:08 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 110 KB
43 KB 83ms
83ms Script
application/javascript 2a00:1450:400d:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-201994943-4&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3J8W9ZHFES

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9fe7fd0f52bf4649f15292d7271c9cda421be53ff10ad192fdc7d834f575964f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44216
x-xss-protection: 0
last-modified: Fri, 13 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 13 Jan 2023 13:36:08 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
349 B 236ms
36ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-3J8W9ZHFES&gtm=2oe1a1&_p=1692517812&cid=1261674558.1673616968&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1673616968&sct=1&seg=0&dl=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&dt=pis-disponivel%20%E2%80%93%20Saiba%20Mais&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3J8W9ZHFES
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://creditosaibamais.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK text-editor.289ae80d76f0c5abea44.bundle.min.js Show response
creditosaibamais.com/wp-content/plugins/elementor/assets/js/ 1 KB
2 KB 163ms
163ms Script
application/javascript 143.198.150.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://creditosaibamais.com/wp-content/plugins/elementor/assets/js/text-editor.289ae80d76f0c5abea44.bundle.min.js
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.6.5
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 143.198.150.47 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 72bdbb7030f7d820cfdf4c207d90135ba9dd456ee612dd01ae5147e7e24a16f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:08 GMT
Last-Modified: Tue, 03 May 2022 20:23:30 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "62718f42-54b"
Content-Type: application/javascript
Cache-Control: max-age=31104000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1355
Expires: Mon, 08 Jan 2024 13:36:08 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 164ms
46ms Script
text/javascript 2a00:1450:400d:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-201994943-4&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 13 Jan 2023 12:21:54 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 4454
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Fri, 13 Jan 2023 14:21:54 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
208 B 69ms
68ms XHR
text/plain 2a00:1450:400d:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1692517812&t=pageview&_s=1&dl=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&ul=en-us&de=UTF-8&dt=pis-disponivel%20%E2%80%93%20Saiba%20Mais&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=797839032&gjid=616722849&cid=1261674558.1673616968&tid=UA-201994943-4&_gid=1401335458.1673616969&_r=1&gtm=2ou1a1&z=1064068668

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://creditosaibamais.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://creditosaibamais.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 firebase-app.js Show response
www.gstatic.com/firebasejs/8.3.1/ 20 KB
7 KB 267ms
151ms Script
text/javascript 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.3.1/firebase-app.js

Requested by

Host: script.joinads.me
URL: https://script.joinads.me/push-notification.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0aade4473b4c7427f41a5b3aeacddf7a2e3532f2b7fece88a77644ec0e27d81a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 10 Jan 2023 22:33:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 226950
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6586
x-xss-protection: 0
last-modified: Thu, 18 Mar 2021 20:14:48 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 10 Jan 2024 22:33:39 GMT

GET
H2 200 firebase-analytics.js Show response
www.gstatic.com/firebasejs/8.3.1/ 35 KB
11 KB 253ms
137ms Script
text/javascript 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.3.1/firebase-analytics.js

Requested by

Host: script.joinads.me
URL: https://script.joinads.me/push-notification.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b5bda00a5ec63e26748b9f40cf1356b3823db279199d74813874255c748657d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 07:36:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 107995
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10746
x-xss-protection: 0
last-modified: Thu, 18 Mar 2021 20:14:43 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 12 Jan 2024 07:36:14 GMT

GET
H2 200 firebase-auth.js Show response
www.gstatic.com/firebasejs/8.3.1/ 173 KB
56 KB 217ms
101ms Script
text/javascript 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.3.1/firebase-auth.js

Requested by

Host: script.joinads.me
URL: https://script.joinads.me/push-notification.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0460dfa53507eb6b050b3035d367ab5ddd0d2c7ccb31fe7a68fc6ac1cfbb2c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 18:21:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 501251
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56866
x-xss-protection: 0
last-modified: Thu, 18 Mar 2021 20:14:55 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 07 Jan 2024 18:21:58 GMT

GET
H2 200 firebase-firestore.js Show response
www.gstatic.com/firebasejs/8.3.1/ 320 KB
89 KB 165ms
50ms Script
text/javascript 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.3.1/firebase-firestore.js

Requested by

Host: script.joinads.me
URL: https://script.joinads.me/push-notification.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d73b123cd2ef3afda65cb6e76579341b1bb1f27faddb0dfc54875e7a05b0114b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 18:35:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 500443
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 90517
x-xss-protection: 0
last-modified: Thu, 18 Mar 2021 20:14:48 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 07 Jan 2024 18:35:26 GMT

GET
H2 200 firebase-messaging.js Show response
www.gstatic.com/firebasejs/8.3.1/ 40 KB
11 KB 259ms
144ms Script
text/javascript 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.3.1/firebase-messaging.js

Requested by

Host: script.joinads.me
URL: https://script.joinads.me/push-notification.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5243470d2be31f9aaf768f030f06b894aad081801460b75f6b396aca06fd8dda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 10 Jan 2023 15:21:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 252909
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10884
x-xss-protection: 0
last-modified: Thu, 18 Mar 2021 20:14:56 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 10 Jan 2024 15:21:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 93ms
93ms XHR
application/json 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023010501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9290d74942a44dfff9436a1910299130efa64e05492a5292210205da5e02858b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10901
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212050101/ 150 KB
51 KB 128ms
128ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212050101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78a54504adb9e6f1447b6895ae3664e3f3d670b7370b862511b53adefdf9a920

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52348
x-xss-protection: 0
server: cafe
etag: 8180731878220486743
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 13 Jan 2023 13:36:08 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 135ms
55ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 13:36:09 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 45ms
44ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=creditosaibamais.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 70ms
70ms Script
application/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=creditosaibamais.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230111/r20110914/ Frame 6BAA 10 KB
4 KB 36ms
35ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230111/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://creditosaibamais.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 46769
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Jan 2023 00:36:40 GMT
etag: 10353107486223812946
expires: Fri, 27 Jan 2023 00:36:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 6BAA 4 KB
717 B 45ms
44ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 13 Jan 2023 13:36:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 13 Jan 2023 12:04:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 13 Jan 2023 13:36:09 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/ Frame 6BAA 2 KB
1 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 19:01:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66903
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Jan 2023 19:01:06 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230111/r20110914/ Frame 6BAA 22 KB
9 KB 37ms
35ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230111/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c5418bee2b5eb509379e5146161267420c90f21ef5824f64ca9f7396a8f51dba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 19:01:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66903
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8889
x-xss-protection: 0
server: cafe
etag: 3049769697470197148
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Jan 2023 19:01:06 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/ Frame 6BAA 3 KB
1 KB 51ms
49ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 12:43:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3175
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 27 Jan 2023 12:43:14 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/ Frame 6BAA 18 KB
7 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d6e49f1d85f57c06002816ffafcb8bfa08d8850c7358cb45b26b7a4f78f73fc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 19:01:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66903
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7538
x-xss-protection: 0
server: cafe
etag: 18140588555649875417
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Jan 2023 19:01:06 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 6BAA 0
0 69ms
67ms Image
text/html 2a00:1450:400d:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSuvULJaf_twSVaTEQmaTDWc4TNUZLTu-0YMVycK84nMGgvglou9WXBy-QiIHjVdkGXaNOXs9emXmcm5BmxMBDlhTDCcA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230111/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:806::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6BAA 157 KB
49 KB 156ms
59ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cff8c5b798dd1a69ce9460a203c10be59613887e25245f5c64916a51a1055d4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49309
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1673441803913192"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 13:36:09 GMT

GET
H2 200 3dc49c9b9e6a6b78323daad710439309.js Show response
www.gstatic.com/mysidia/ Frame 6BAA 33 KB
14 KB 85ms
84ms Script
text/javascript 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/3dc49c9b9e6a6b78323daad710439309.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2703ca1e7c3daeb0bf2ca00dca14c62a2f5af4977442edb034a796c74c8f3c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 01:56:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 214795
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14046
x-xss-protection: 0
last-modified: Wed, 11 Jan 2023 00:07:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 11 Apr 2023 01:56:14 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 34FC 13 KB
5 KB 36ms
35ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://creditosaibamais.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1301
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 13 Jan 2023 13:14:28 GMT
expires: Sat, 13 Jan 2024 13:14:28 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9168 783 B
955 B 70ms
70ms Document
text/html 2a00:1450:400d:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e2b12f1467b61656d9e6478de3cc9c5fdf090ee4bb78aadb57e3e5de549cc0b4

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-O6R2EVbbVKk_EVkN1QrZtg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://creditosaibamais.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-O6R2EVbbVKk_EVkN1QrZtg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 13 Jan 2023 13:36:09 GMT
expires: Fri, 13 Jan 2023 13:36:09 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 94EB 1 KB
643 B 47ms
47ms Document
text/html 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 22086
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Jan 2023 07:28:03 GMT
etag: 48472445140208031
expires: Sat, 14 Jan 2023 07:28:03 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 JwRg8GnJRbSbwgtubA3x1Twn6jgCPCxSQn9TsX0K1wE.js Show response
pagead2.googlesyndication.com/bg/ Frame 34FC 36 KB
16 KB 47ms
47ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/JwRg8GnJRbSbwgtubA3x1Twn6jgCPCxSQn9TsX0K1wE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

270460f069c945b49bc20b6e6c0df1d53c27ea38023c2c52427f53b17d0ad701

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 10:03:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 185559
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16089
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 11 Jan 2024 10:03:30 GMT

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
1 KB 54ms
23ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 16801
x-jsd-version: master
content-encoding: br
x-cache: MISS, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230064-FRA, cache-yyz4527-YYZ
x-jsd-version-type: branch
server: cloudflare
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GGkgtd4iDI08JQouEFBIvdVAu5uzmvvMkOIEyw7VGMsPWgiDrESHuWrxH%2BcTnX%2BqEf3O56Q%2FsDAQaSikrt3d4iSLu1tTOqQZSA6e5Y8aKuTcsX5an8%2FR7QcVDdKn%2FQFE%2BQDnplW2lL4QFuidj90%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 788e84e9efb69b67-FRA

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 135ms
29ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010501.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 06:43:18 GMT
content-encoding: gzip
age: 197571
x-guploader-uploadid: ADPycdu3Gw5FY_q4NTn97VXYnntJVtAX26caEl7o3n1xhH_sP1GWn03HtLzXWtmuhtpWhoyqDf_pa2Sc5NeIIOZROxkPyfq5tOA6
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Thu, 11 Jan 2024 06:43:18 GMT

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 58 KB
17 KB 45ms
14ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a97afd769b3d774563606be9e943789398af5a1bf3583c2bc9a81f99832aa2b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 24 Nov 2022 12:48:29 GMT
server: cloudflare
x-amz-request-id: 95H3938PGR2SVFRK
age: 2143
etag: W/"91dadf6b1eddd8d91a5cc2e3be5ea8cf"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 788e84e9eff02bdc-FRA
x-amz-id-2: sOAc/jJBvQTIXdN7eMBKpaLR3DRsu8CxcNG8Lxe+j9v8sGE+uzw9EJ7i847O3niGOGNuRSC6TY0=

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 39 KB
13 KB 54ms
19ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f066a6392f3732829e95d97ac2a3dfb7dc7d35fc88d71a4ef62ff8f70399326c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:09 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-9c1f"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 14 Jan 2023 13:36:09 GMT

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 2 KB
2 KB 97ms
7ms Script
text/javascript 2600:9000:211e:dc00:a:e047:752:5701
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010501.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:dc00:a:e047:752:5701 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 71fc1599035adc6bc34df2117b8631285905f97737ba730af28644ee6a0d8dde

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 00:57:43 GMT
Via: 1.1 3acba66e95e31977aee0842f44a6f08e.cloudfront.net (CloudFront)
Last-Modified: Thu, 22 Dec 2022 00:57:19 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-C2
Age: 45506
ETag: "aded621b17723f487b3c9d0e43cf2f94"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1859
X-Amz-Cf-Id: tUx-UxuONjAeEozb-jhgFQTUpqDKvwhL5mbebUzP_yWzKyxC-AoZGw==

GET
H2 200 container.html Show response
ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3588 6 KB
3 KB 38ms
37ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://creditosaibamais.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 13 Jan 2023 13:36:08 GMT
expires: Sat, 13 Jan 2024 13:36:08 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 94EB
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEPXXTvYSdSip8cR3GJsDZm4&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEPXXTvYSdSip8cR3GJsDZm4&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WU1QSjdoNnUxUGdrZTU1&google_gid=CAESEPXXTvYSdSip8cR3GJsDZm4&google_cver=1&google_push=AavPq0MTiEzWoan8utgcAAo14vUDGrQGhKG2IBogV_dkkcB...

170 B
232 B

68ms
65ms

Image
image/png

142.251.208.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WU1QSjdoNnUxUGdrZTU1&google_gid=CAESEPXXTvYSdSip8cR3GJsDZm4&google_cver=1&google_push=AavPq0MTiEzWoan8utgcAAo14vUDGrQGhKG2IBogV_dkkcB1L5O-PN9rnp_mvpgRIzv6fAIHs5pErNxjLSczf4r9h1F3jRZw0Wmkw2I

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230111/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

142.251.208.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s43-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 13 Jan 2023 13:36:08 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/595ea14#595ea1444a96c0bdac4aa333a73d7028cf966fc7 i-0202b4924c632485f@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WU1QSjdoNnUxUGdrZTU1&google_gid=CAESEPXXTvYSdSip8cR3GJsDZm4&google_cver=1&google_push=AavPq0MTiEzWoan8utgcAAo14vUDGrQGhKG2IBogV_dkkcB1L5O-PN9rnp_mvpgRIzv6fAIHs5pErNxjLSczf4r9h1F3jRZw0Wmkw2I
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 94EB
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEKBgZs35l7yslrGhLNXrE4Q&google_cver=1&google_push=AavPq0Pt-0USzEXpkClx_QguHWs2J3ueYayKb61pU5ojN6hCrC2UETsC7tpWN5S-Ec2Ct0b-my1J1PVNedWozE17z_-FL8QrsSzrK...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEKBgZs35l7yslrGhLNXrE4Q&google_cver=1&google_push=AavPq0Pt-0USzEXpkClx_QguHWs2J3ueYayKb61pU5ojN6hCrC2UETsC7tpWN5S-Ec2Ct0b-my1J1PVNedWozE17z_-FL8QrsSz...

43 B
414 B

219ms
201ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEKBgZs35l7yslrGhLNXrE4Q&google_cver=1&google_push=AavPq0Pt-0USzEXpkClx_QguHWs2J3ueYayKb61pU5ojN6hCrC2UETsC7tpWN5S-Ec2Ct0b-my1J1PVNedWozE17z_-FL8QrsSzrK_0&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAavPq0Pt-0USzEXpkClx_QguHWs2J3ueYayKb61pU5ojN6hCrC2UETsC7tpWN5S-Ec2Ct0b-my1J1PVNedWozE17z_-FL8QrsSzrK_0%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:09 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 788e84eb9dce2bdf-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:09 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 74
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEKBgZs35l7yslrGhLNXrE4Q&google_cver=1&google_push=AavPq0Pt-0USzEXpkClx_QguHWs2J3ueYayKb61pU5ojN6hCrC2UETsC7tpWN5S-Ec2Ct0b-my1J1PVNedWozE17z_-FL8QrsSzrK_0&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAavPq0Pt-0USzEXpkClx_QguHWs2J3ueYayKb61pU5ojN6hCrC2UETsC7tpWN5S-Ec2Ct0b-my1J1PVNedWozE17z_-FL8QrsSzrK_0%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 788e84ea2af22bdf-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 94EB
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEDW07-lTaSsjp-8PS6eSqLs&google_push=AavPq0O9v5rEWN7ag2W02yQmffosFrp7ACLvkr-uPsMApQ65NhDaiwj02_...

170 B
232 B

66ms
65ms

Image
image/png

142.251.208.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEDW07-lTaSsjp-8PS6eSqLs&google_push=AavPq0O9v5rEWN7ag2W02yQmffosFrp7ACLvkr-uPsMApQ65NhDaiwj02_6sa9kJNnBl-E1P_Ofda4AP5eBuulg5HKTZ7DH2CDpEhA

Protocol

Server

142.251.208.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s43-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-hhn-etou8220035-HHN
pragma: no-cache
date: Fri, 13 Jan 2023 13:36:09 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1673616969.335305,VS0,VE93
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEDW07-lTaSsjp-8PS6eSqLs&google_push=AavPq0O9v5rEWN7ag2W02yQmffosFrp7ACLvkr-uPsMApQ65NhDaiwj02_6sa9kJNnBl-E1P_Ofda4AP5eBuulg5HKTZ7DH2CDpEhA
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 94EB
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEPw8pN2_PVSP3QGvKpeT0EI&google_cver=1&google_push=AavPq0M8-PFPrVI4rADnX4HbfTjDPuEKPoN4yTba9rLM5DZey7qPNFVxRPlaCJnjY3LJgRm7yLyfpiONvzDJYs7nC...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEPw8pN2_PVSP3QGvKpeT0EI&google_cver=1&google_push=AavPq0M8-PFPrVI4rADnX4HbfTjDPuEKPoN4yTba9rLM5DZey7qPNFVxRPlaCJnjY3LJgRm7yLyfpiONvzDJYs7nC...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AavPq0M8-PFPrVI4rADnX4HbfTjDPuEKPoN4yTba9rLM5DZey7qPNFVxRPlaCJnjY3LJgRm7yLyfpiONvzDJYs7nC0cKvNO7qll5krI&google_hm=F-swqGZHSUxj5kkbRsa...

170 B
232 B

67ms
65ms

Image
image/png

142.251.208.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AavPq0M8-PFPrVI4rADnX4HbfTjDPuEKPoN4yTba9rLM5DZey7qPNFVxRPlaCJnjY3LJgRm7yLyfpiONvzDJYs7nC0cKvNO7qll5krI&google_hm=F-swqGZHSUxj5kkbRsaT6l9k

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230111/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

142.251.208.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s43-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 13 Jan 2023 13:36:09 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AavPq0M8-PFPrVI4rADnX4HbfTjDPuEKPoN4yTba9rLM5DZey7qPNFVxRPlaCJnjY3LJgRm7yLyfpiONvzDJYs7nC0cKvNO7qll5krI&google_hm=F-swqGZHSUxj5kkbRsaT6l9k
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 94EB
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEBC3Oks_SAtVbdWvnunnIuc&google_cver=1&google_push=AavPq0OjEwX4QtaR-nYcmaNf4Lk7VhT9PFbdbb6qJ_AHTEXFG8fkhOS6t_zwwVubzz9We-GQ4Cgq2dMspN9V...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AavPq0OjEwX4QtaR-nYcmaNf4Lk7VhT9PFbdbb6qJ_AHTEXFG8fkhOS6t_zwwVubzz9We-GQ4Cgq2dMspN9VI1N7fcFrLESvCoURND0

170 B
232 B

123ms
66ms

Image
image/png

142.251.208.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AavPq0OjEwX4QtaR-nYcmaNf4Lk7VhT9PFbdbb6qJ_AHTEXFG8fkhOS6t_zwwVubzz9We-GQ4Cgq2dMspN9VI1N7fcFrLESvCoURND0

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230111/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

142.251.208.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s43-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AavPq0OjEwX4QtaR-nYcmaNf4Lk7VhT9PFbdbb6qJ_AHTEXFG8fkhOS6t_zwwVubzz9We-GQ4Cgq2dMspN9VI1N7fcFrLESvCoURND0
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 94EB
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEH-sKQg3d8B2PDrUpQ7QFGs&google_cver=1&google_push=AavPq0MZ2u5xOkUF0mwpQUNJKbas5ExWKE3aoujiv00N-SUhRUjGs_b8YOkc_O-ceLW_4gZuPCkEMOuSw-WOGkB1lCy_6VWx45...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AavPq0MZ2u5xOkUF0mwpQUNJKbas5ExWKE3aoujiv00N-SUhRUjGs_b8YOkc_O-ceLW_4gZuPCkEMOuSw-WOGkB1lCy_6VWx45Q...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzY3OTc2ODg3NDg5NTM1NzYwMTA3Nw%3D%3D&google_push=AavPq0MZ2u5xOkUF0mwpQUNJKbas5ExWKE3aoujiv00N-SUhRUjGs_b8...

170 B
329 B

67ms
64ms

Image
image/png

142.251.208.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzY3OTc2ODg3NDg5NTM1NzYwMTA3Nw%3D%3D&google_push=AavPq0MZ2u5xOkUF0mwpQUNJKbas5ExWKE3aoujiv00N-SUhRUjGs_b8YOkc_O-ceLW_4gZuPCkEMOuSw-WOGkB1lCy_6VWx45QpSQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230111/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

142.251.208.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s43-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzY3OTc2ODg3NDg5NTM1NzYwMTA3Nw%3D%3D&google_push=AavPq0MZ2u5xOkUF0mwpQUNJKbas5ExWKE3aoujiv00N-SUhRUjGs_b8YOkc_O-ceLW_4gZuPCkEMOuSw-WOGkB1lCy_6VWx45QpSQ
date: Fri, 13 Jan 2023 13:36:09 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 94EB
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEK6_vzd0D...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEK6...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=4b2fa2d2-c1e8-45ba-8a68-91fefed6e3e5&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

65ms
65ms

Image
image/png

142.251.208.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=4b2fa2d2-c1e8-45ba-8a68-91fefed6e3e5&%%GOOGLE_PUSH_PAIR%%

Protocol

Server

142.251.208.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s43-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=4b2fa2d2-c1e8-45ba-8a68-91fefed6e3e5&%%GOOGLE_PUSH_PAIR%%
date: Fri, 13 Jan 2023 13:36:09 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 94EB 0
232 B 183ms
61ms Image
text/html 142.251.208.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KL_r4lWu49e1J1mc0ngL5UIjroqy3ovjdEn1PMJ8ovabyhVbkIMxgaysxmvWLxzdObFAiI0g

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.208.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s43-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:09 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9168 0
0 161ms
161ms Image
text/html 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2023010501&jk=4231814181886711&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

GET
H3 200 css2
fonts.googleapis.com/ Frame 3588 4 KB
636 B 47ms
47ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 13 Jan 2023 13:36:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 13 Jan 2023 12:15:08 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 13 Jan 2023 13:36:09 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 5A18 8 KB
895 B 51ms
50ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 13 Jan 2023 13:36:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 13 Jan 2023 12:46:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 13 Jan 2023 13:36:09 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/ Frame 5A18 2 KB
765 B 35ms
35ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 19:01:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66903
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Jan 2023 19:01:06 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230111/r20110914/ Frame 5A18 22 KB
9 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230111/r20110914/abg_lite_fy2021.js

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c5418bee2b5eb509379e5146161267420c90f21ef5824f64ca9f7396a8f51dba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 19:01:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66903
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8889
x-xss-protection: 0
server: cafe
etag: 3049769697470197148
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Jan 2023 19:01:06 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/ Frame 5A18 3 KB
1 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/window_focus_fy2021.js

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 12:43:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3175
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 27 Jan 2023 12:43:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/ Frame 5A18 18 KB
7 KB 37ms
35ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d6e49f1d85f57c06002816ffafcb8bfa08d8850c7358cb45b26b7a4f78f73fc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 19:01:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66903
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7538
x-xss-protection: 0
server: cafe
etag: 18140588555649875417
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Jan 2023 19:01:06 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5A18 157 KB
48 KB 51ms
50ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cff8c5b798dd1a69ce9460a203c10be59613887e25245f5c64916a51a1055d4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49309
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1673441803913192"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 13:36:09 GMT

GET
H3 200 3dc49c9b9e6a6b78323daad710439309.js Show response
www.gstatic.com/mysidia/ Frame 5A18 33 KB
14 KB 48ms
47ms Script
text/javascript 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/3dc49c9b9e6a6b78323daad710439309.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2703ca1e7c3daeb0bf2ca00dca14c62a2f5af4977442edb034a796c74c8f3c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 01:56:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 214795
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14046
x-xss-protection: 0
last-modified: Wed, 11 Jan 2023 00:07:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 11 Apr 2023 01:56:14 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230111/r20110914/elements/html/ Frame 3588 19 KB
8 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230111/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

daf99211008f6684b4aaa4daafa6832cf05ccd99f5910f48f6467a5c1ea08197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 19:40:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64547
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8191
x-xss-protection: 0
server: cafe
etag: 7335088802737092762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Jan 2023 19:40:22 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 3588 205 B
229 B 48ms
47ms Image
image/png 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:23:22 GMT
x-content-type-options: nosniff
age: 767
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 13 Jan 2024 13:23:22 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 3588 604 B
628 B 48ms
48ms Image
image/png 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:31:57 GMT
x-content-type-options: nosniff
age: 252
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 13 Jan 2024 13:31:57 GMT

GET
H/1.1 204 increment Show response
id5-sync.com/api/esp/ 0
329 B 38ms
8ms XHR
text/plain 141.95.98.65
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.65 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216659.ip-141-95-98.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://creditosaibamais.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://creditosaibamais.com
date: Fri, 13 Jan 2023 13:36:08 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame D448 15 KB
6 KB 49ms
17ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=creditosaibamais.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

aeb779d96af4bfa1b664c203d52fbd9ef573b84a31b34314668325fc784e1b13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://creditosaibamais.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 13 Jan 2023 13:36:08 GMT
server: Kestrel
server-processing-duration-in-ticks: 686959
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 container.html Show response
ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5D12 6 KB
3 KB 41ms
39ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://creditosaibamais.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 13 Jan 2023 13:36:08 GMT
expires: Sat, 13 Jan 2024 13:36:08 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 5A49 143 B
166 B 36ms
35ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 481
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Jan 2023 13:28:08 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 6BAA 287 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce

Request headers

Referer
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3

200

4091503581208051288
tpc.googlesyndication.com/simgad/ Frame 6BAA
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDnj86ZywEQ9AMY9AMyCGN8MsJOAEwL
https://tpc.googlesyndication.com/simgad/4091503581208051288

107 KB
107 KB

36ms
36ms

Image
image/png

2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4091503581208051288

Protocol

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fcab803c6d01082f69e5510655ca566241f3a4fd3ee7aa1506b1308e2d069ccb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 15:30:16 GMT
x-content-type-options: nosniff
age: 511553
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 109931
x-xss-protection: 0
last-modified: Wed, 23 Oct 2019 12:45:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 07 Jan 2024 15:30:16 GMT

Redirect headers

date: Thu, 12 Jan 2023 19:03:05 GMT
x-content-type-options: nosniff
server: cafe
age: 66784
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/4091503581208051288
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 11 Feb 2023 19:03:05 GMT

GET
DATA 200
OK truncated
/ Frame 6BAA 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f3e682b00124448bfafa2a13f9183fd781ac9db488c7095077d1453ed887b330

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&rid=esp&cc=1

85 B
203 B

146ms
145ms

Fetch
application/json

34.120.107.143
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&rid=esp&cc=1
Protocol: H2
Server: 34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 143.107.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: d4fa0d437cf223272affdfa1317ff53f2efe40a79f81de6ebd4ce8a5b8412b45

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:10 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-Sw/NctuiFbG/j++J00HCZpvg/GU"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://creditosaibamais.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Fri, 13 Jan 2023 13:36:09 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://creditosaibamais.com
location: /esp?url=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2

200

sid Show response
mug.criteo.com/ Frame D448
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=creditosaibamais.com&sn=ChromeSyncframe&so=0&topUrl=creditosaibamais.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=wIAqCXw4TFptQU1nNndUaHVOZ2xCcmlCTjh1YnRvQzYwa25RSlE0c20wOFpHbWFJQUdTN3dacG0yNEdzMVorRjcwZ3JkRWc1NE45OVQ1M2FjRmNzSytjeGt6ak5WaGczYTlraERmczA3bVptOFI2Qm5Ec0Y3eEhKNjZ2aF...

462 B
675 B

426ms
43ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=wIAqCXw4TFptQU1nNndUaHVOZ2xCcmlCTjh1YnRvQzYwa25RSlE0c20wOFpHbWFJQUdTN3dacG0yNEdzMVorRjcwZ3JkRWc1NE45OVQ1M2FjRmNzSytjeGt6ak5WaGczYTlraERmczA3bVptOFI2Qm5Ec0Y3eEhKNjZ2aFZYdzZabDl2M2FLTC8rczZYNk82ZmFxQkREN2hKZmtKdDJ0dnVJQzd5alNjaHNrOTBCWVNvOHhmL2ttVlFGa2RQSlVQQXNmcCtBMnhvZmhuZzVlQlhZcXUvdnRzUEVwcEsxb0xvUTRFWkMwaVlpdy9wVnFSenQ5WEE5ekNNSERMaG5NQWdGOTBzS0tybVhEM3pQbTBEYndWNVlTVGdNQmF3M2dDenErVzgxNm1qM0xCY3BGZz18&cppv=2

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

09e76c50bddea63acaa1af77c52f4d560286174769778d99817f8647f61a1e8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:09 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2234979
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:08 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=wIAqCXw4TFptQU1nNndUaHVOZ2xCcmlCTjh1YnRvQzYwa25RSlE0c20wOFpHbWFJQUdTN3dacG0yNEdzMVorRjcwZ3JkRWc1NE45OVQ1M2FjRmNzSytjeGt6ak5WaGczYTlraERmczA3bVptOFI2Qm5Ec0Y3eEhKNjZ2aFZYdzZabDl2M2FLTC8rczZYNk82ZmFxQkREN2hKZmtKdDJ0dnVJQzd5alNjaHNrOTBCWVNvOHhmL2ttVlFGa2RQSlVQQXNmcCtBMnhvZmhuZzVlQlhZcXUvdnRzUEVwcEsxb0xvUTRFWkMwaVlpdy9wVnFSenQ5WEE5ekNNSERMaG5NQWdGOTBzS0tybVhEM3pQbTBEYndWNVlTVGdNQmF3M2dDenErVzgxNm1qM0xCY3BGZz18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 621720
content-length: 0
expires: 0

GET
H3 200 JwRg8GnJRbSbwgtubA3x1Twn6jgCPCxSQn9TsX0K1wE.js Show response
pagead2.googlesyndication.com/bg/ Frame E533 36 KB
16 KB 50ms
49ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/JwRg8GnJRbSbwgtubA3x1Twn6jgCPCxSQn9TsX0K1wE.js

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

270460f069c945b49bc20b6e6c0df1d53c27ea38023c2c52427f53b17d0ad701

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 10:03:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 185559
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16089
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 11 Jan 2024 10:03:30 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 6BAA 0
18 B 80ms
79ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C8mqCSF7BY5fPEKqA1fAP5IW7qAz55OrFbYa_xbemDerN6KPpEhABIJv8nx5gleKQgqAHoAGwuqHXA8gBCakCn5tsUpQzsj6oAwHIA8sEqgT5AU_QuL4yTfwno_BfsyGIvUJ5BgZN-2m-nwkdEcYA98_Nf2P_1XaBQ23Wi3VxLkBrRacDOveF_9DbsiArkfbt5ZlLIdywE9-fAAQ0mnIIcTvHTVt8FG9Sh1EneNDzmwnRr18Fmo1Z_33r3-1mBDQrOkSFAzkOcO1i25Pihar9quBsA21SeFoTq-rSWIV9BGAhIqjVL7LIsVqpGbEV-GrJsk_wD29caCs00_CVybc9pku-gcxViocq0d0MnwWzRIjmP_TMB6AZPect5k--waWjrMgTwr9vnE4VPPe6tvo3-gM_Z4F8KTZsrs9oJvsFDzKbykxJTXXxQ8QctMAEyan95KIDkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB7_ZvWCoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAemvhvYBwDyBwQQypIB0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwzQFQGAFwGyFxwKGggAEhRwdWItMzY4NTM5MjY3MDUzMjk2NhgA&sigh=fHOspNqlQas&uach_m=[UACH]&cid=CAQSOwDq26N9NDtjL-Fk2bXY7GqYNy0GaO4qMXTRDoHs7El0UCx-kdq2Dt7EOySmyNB1OYjgXv-eoSrq0CXcGAEgEw&template_id=494&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230111/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 13 Jan 2023 13:36:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9C73 624 B
245 B 74ms
72ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjVmrvGATAB&v=APEucNXUNsWrtwGG0K4q5yw8YId4CFdi8RqL079Cu6XuS2RSy9c0wTzWDnB_KupdpBAzAVuC4TsjAS_TskP1RLa8oWKZMpekDTiq7Ks6GMoAf6Y0DhXYDRD2HZC0-sAxJJT6zZTsM1VmxbW5whrW-yz3bOalj06vT1rF88-uI03Y3UsYdzlbnnI

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Jan 2023 13:36:09 GMT
expires: Fri, 13 Jan 2023 13:36:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 5D12 76 KB
27 KB 125ms
124ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc54379b6288f5970da471f0f64ca15f8c9e3a3819a0950608a45b7479d5a11f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27384
x-xss-protection: 0
server: cafe
etag: 10506132538256102613
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 13 Jan 2023 13:36:09 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5D12 42 B
63 B 162ms
161ms Image
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A6JoooPo5pu9zvj_pOl5pgLOt9jOXOeBBkAQ_r0YuKDSqh_e2_N3l3asYbcW3uRavCcykdKtSZJm9W9eGnEr9oWFZqnEJ7QfDvOGexe6cg57Dns9s

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5D12 0
20 B 162ms
161ms Image
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=516160539099397823&x=1&ct=77

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/ Frame 5D12 3 KB
1 KB 94ms
93ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/window_focus_fy2021.js

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 12:43:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3175
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 27 Jan 2023 12:43:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/ Frame 5D12 18 KB
7 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d6e49f1d85f57c06002816ffafcb8bfa08d8850c7358cb45b26b7a4f78f73fc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 19:01:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66903
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7538
x-xss-protection: 0
server: cafe
etag: 18140588555649875417
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Jan 2023 19:01:06 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5D12 157 KB
48 KB 48ms
47ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cff8c5b798dd1a69ce9460a203c10be59613887e25245f5c64916a51a1055d4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49309
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1673441803913192"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 13:36:09 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 5A49
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

50ms
45ms

Document
text/html

2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Jan 2023 13:36:09 GMT
expires: Fri, 13 Jan 2023 13:36:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Jan 2023 13:36:09 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 JwRg8GnJRbSbwgtubA3x1Twn6jgCPCxSQn9TsX0K1wE.js Show response
pagead2.googlesyndication.com/bg/ Frame DD43 36 KB
16 KB 47ms
47ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/JwRg8GnJRbSbwgtubA3x1Twn6jgCPCxSQn9TsX0K1wE.js

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

270460f069c945b49bc20b6e6c0df1d53c27ea38023c2c52427f53b17d0ad701

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 10:03:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 185559
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16089
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 11 Jan 2024 10:03:30 GMT

GET
H3 200 container.html Show response
ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C70C 6 KB
3 KB 43ms
39ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://creditosaibamais.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 13 Jan 2023 13:36:08 GMT
expires: Sat, 13 Jan 2024 13:36:08 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5D12 0
20 B 162ms
162ms Ping
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8369644748832&version=m202209210101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5D12 0
20 B 161ms
161ms Ping
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8369644748832&version=m202209210101&ct=77&x=1&cor=516160539099397800

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5D12 15 KB
11 KB 77ms
76ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C7Nq-ksuu3sx3cKVcwiO4sJNcCw2J4I3jshQ8UGk-dFChi6_9OUAjGjxl7O0KkniE1Gydvcy7YzvqY6sNqX_HQk9v8HN0D2grr0Texgf7vo20gHzDsqInKU2Z-0xSJBM1D8oKlrg8KcS5Aen48Wz39zD4KXp_a9x6W6LzLACNHM03F8Po&cry=1&dbm_d=AKAmf-C6UV9bPhLKq6EAsyTX0fSWH3baxH2l1x32-2NoL5ZHTWYQmkOgzPQxpFSgaZWyHHKbSPpOBvNIz5JKeJ8uowQ7E2Rkgh5lVpd30R4qAXVSyieQzcVB1GkSRuNrmjrqFR3aEiZiDodcMjQRVegsUYGlnYzADmINdiegwoLxfWx5fXBf60HNkhVWHc2PH_SGNjfh0x3W7tW0FxyJKz1JZfBPmm-OBti3I5ZIjXiDhQFmrrASZp9kF8MIE3xIDoDGOkn_7Wzb4Ndxfw9bgIsG_prylpzhxInZicPCWTiyTSvN3oSvNq7WovpfQBQ8CgPfEQpPdXleUxj2xOxBfZFs1q81ay5vX1GrTNAdOsL-obiLAdJIKNo9MT-7U2snVX1fMjZEI1aE9zXS6Lg7kxSIQ89H4cIFeyLEXRiE09m2xSzc_oK8EgQh1dU9QXQSRhOV0IHlCNkTRrJkAaTa1n4rhODZ3BIMpvgikhDw5XtE7NjVPCvwmWdpViIM4ZkrpFV9Vth9Wvai1l9fT_pitqipPdlIa0op3AyYby-HLNjOc0f8GA51v7IuARaqWMiZqRwL3GThrk8XL1CblnAim4C7_dQhRt3hwfa69IdWwBK4LLSw63EtqA_xX-rPgRshBBnwx44peRpUim64AkmRvfdY4Y0j4jshD0spa-3PAtJPp1MCXwVaWy6SCyXwWz2Ihj9TjGIHBGIMO8EqrkFTi-rXtfIgi-S___70FFYk5JSBJGOmegX6SIelktg7mrXUMxDzHPvKMRbhcOBqF3y8mtS06CZRBOtvoe-yEaGB02LXYjSQB4oSPtWWVya1DloXUVWQ7HMKTASAjDMZOfsE6fMwDW2LK8LXraRTKNFbncKrNPc00pi9qlqLhPJbGB-4vUE9MVmSUWwTLwPQeHBt7yI2xTniRtxBMSmg0p4F_aUCVMjzRls_tOJphUtkN-6PJEKbeY2yLuuAZszrC_4n4bn3H6lAmQ8OIxw4qKtWhnWDRkFw6hkQLuALu19ea4s0Sfp4a7UPSsD18R6HwA6NL_F6r6NS29D0ycIIoDv0xDxTBG44BVD7QUm11kaXv8fKaz0C1UUDtTrzFsiYfrheaW2Zv93ZdNRwI3kD3MdXAMufKubZyyU8BLDue5F8KFyfci3L2CXgDZoIgGR6sO3TIsl37ziRQ8r51GklpDLhpR4JIsLqBHOqbMfLRCQ_XG95YHkYAWkxH_7Nplwebj9JrisKkhmpW1gslMNWlJOTpoykO10AvKUu8CFUWyBonTYUgzJEHnsKDOvfyyi7yo4IsVv3z5_Nem5WtIWnXc4bNuVzeQGWvR8FNKcq2pz6cJXSdD7Zyl5SoVuFIVEgCnHRe-Civ6fbRSogBTu5C4IKi6rLLfovZepKw0jzNggcC0zIapxZ7Vr_cHj6lpv0cmDA0R1mAHoDOzT_kgRjollu22KjZzFvDrN9JcTHr5Th89Qt1zayuRCrbTE_bni-_iQULbIeo9StrVUYJD-F8G8DguvX34ermTyrNxBX8G1RJd0RfRQEX6HFQCyFv9EvRfSX55qTxtFl0WBNzwmEJtiim4h6nYjxrpcmctAKyMoJEzuqwxUnxolkSzV_4nlP0BpVXcwHjkMYq5rcLkNvQ3OH7R38MSH-TCB7eTTSZBvJHYgKKXxjpPzfAKaFLm8yGclZch0xo8fRF1tXvoVPsp9FMn8eu_ollop9fsz3sdAGen5Q3RSonzZpoXVPu2Vg_yJx83zfpyFtV-ewK5VGvyWiXMJfqDTBqX5MU486H_P3qh3JDlk2O_MIOa9M8CiqwU45RQNu0brvFNi5ZUbYOBZU_dYjqozLCQfun8rPmQzeUx3b6TYrOfgPfedl447cZcc_9Mj00d__PzjCFF1it9xLIvF19JsdJjY9dFvPljFYFj8440Mtx1eSd71MBIBancAxQ6yMj4BrqIiVxu3BiwHAXDF_uVM2mLMcX7iEMMAoxgjjd1uCnyFCbSSY1lhFhkDpzXAanxtMIsIjzYkk5n_s5uUwe56D1ymmbxVsx-qsv-uH1YFO0ekqX83y8k7fbPpGKuE4QwySL1d3-zOyiwWNtZRIofi1WkXL7l5_YLHXlK74IjtMTLylnmFlOCu4tOX15ix5fyu3c1jU8S7UEcCZ28dYU-gRILW89tKaI7Rq3q9k7w5GtWNuK_LgZMa5S9RszytQL55-rlZeRk3exsnqLxke_xHpcYUk09ACW-jdPt8C8AGrzIrcmObCwZguXVr5PZrYgQV8lR2ypkx8WbxAvK1VhqdDPFpgv3HUUQMNqTZBzt0ziuMwC0rndSEo8-xIr3Pd5bw5szsq4bXylnt_Cds4MiTVtyySlF3gCMq-hPX9mVzANnzOxtac-zylmtcg-g5Yc68zbuX7wLEZtag1UgiltuTKdo84dQb8f3QqdtIYpc5lESy9bbaUYoxoKFZlMS3AFXkTifnmBBD4rJsS9ximKmnnBpWIsrCEwqQ_N9aqAJ-l0BLG3TkXypp20jj4Fvl0be8xBG_1KQeCkwc29f7VjWpMSiHrdYyYnFp748UsyNuzgv2iOda09-77WHGZfmgiqv3W3VpnapHTwvmnbQn78Da5yCjqXXwf8E8q2lTOXzYvvNPNs0i7B2khgj20QZMWI9v-wTKnnyl4wQw622h9NJbJfbnDiuEbGBc5aqCYChoQRwNNY5IAKU0Cd9HleyLVSB8mGEnEui6kdMVKfNmptN332P6vm-Wm7ffrIrB6gYPjQVkcofQd0t3JJBPuHixZ8Vfy_SO8xpcBpzsJXiuQrgW4cJPO-9FcHwiMd6oij6uxj19xcohs-ExT1Aid64c_yzfsD0_MiNQSDEtUKu1bOHH21oDsfebwTTr_98Db7_TOzAskUtPsm8BY037HPigrYmWVLIZKJOr49ZZoaj7YQierWfOxJ8HpArvu7Tw5MwE89OsDrXnRtGPIJ6HNQLKKiFG56ESlIleSJp5v00Wj0zFC2A0x9rV400yE-_T0h2tsbjWUgE6J8zfYgFk3MaqI9aEjHG8dMmqp_MkGs4xueGSG3ddS1L9ke4haZPBTuawOd42ZqJR-krsb6VUEDUWMXQAAtGDukxVbDLitQW4kgwbOAvkXKc6NbYH01XvJoSD_hUWNgxH0-w-FWhRSa-5nYnhCzTsvOPfQddYhvitGVn9SehvG1EAJVpodBYjtD0kp85HJsqedSXjdUdSjL9tO_GVrU4xuPNN-8rY0HhSLP6WL-vQmNXLe5vG9BBZGXpWI10RBIlXATvpBK_nxldHL7fxh--ERzttnA5XIxAdmy3n8R0Fec0L33eob0Zzd5K5oX9sjbMHgUYd8noYoxkjba2tGK_BjmFDvmNMJBS_s4jzN6Tjbe2QfKPV5EJZOhztocQmHYNEFXq3xHgzMdjOigojkTm0YXD1TFSHw_6bT3ozyEkVaQwblqgZSJg-UQqm_ErPTieXGwg831PP_g7SXvL0YkYSsz5_Tth7VZtA9Z4-y5TpJ2AiV22E8HMerooDPEowMBcoPT7RIDZ2U0RvzKDoEsg4fNwNmq9nKx24R2-s292MnOEIKrd9WhMJaCflZ-M0cHM1cDMlVzS9msMSgUwiQqQTWhU3fOb-Yo4N72Bj-G_wVgTVIK72FpBASeDSbZtiPnu63WqpD-csFSeeSBK3bKUJ3xWv7mfLasXLw5-wuxC7upwIT_ySs_XwBF3pTjCVrW-bcmIqMizJWxpvLdPS28kmaag&cid=CAQSSwDq26N9XLUHuY68n23f_AB-gOPbKSVyzVs-VdkDZRwMpY7ZvYjcaJrK87WTzC2D8ZV5_sEdZeGSQAE4GAGVMt7yVFhHJX0QkgtHlhgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fcreditosaibamais.com%2F&ds=l&xdt=1&iif=1&cor=516160539099397800&adk=2086295851&idt=135&cac=0&dtd=8

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fc78bc5b1642f5813e422a8fd249ab1931fb967af4138e94f16b91cc100c18ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11348
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9C73
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAEhNC8cjmHeBeJ73YzSQxo&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAEhNC8cjmHeBeJ73YzSQxo&google_cver=1&C=1

43 B
632 B

8ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAEhNC8cjmHeBeJ73YzSQxo&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjVmrvGATAB&v=APEucNXUNsWrtwGG0K4q5yw8YId4CFdi8RqL079Cu6XuS2RSy9c0wTzWDnB_KupdpBAzAVuC4TsjAS_TskP1RLa8oWKZMpekDTiq7Ks6GMoAf6Y0DhXYDRD2HZC0-sAxJJT6zZTsM1VmxbW5whrW-yz3bOalj06vT1rF88-uI03Y3UsYdzlbnnI
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jan 2023 13:36:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Fri, 13 Jan 2023 13:36:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEAEhNC8cjmHeBeJ73YzSQxo&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9C73
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y8FeSWk9jyt40anqkwQE3QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAEhNC8cjmHeBeJ73YzSQxo&google_cver=1

43 B
632 B

7ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAEhNC8cjmHeBeJ73YzSQxo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjVmrvGATAB&v=APEucNXUNsWrtwGG0K4q5yw8YId4CFdi8RqL079Cu6XuS2RSy9c0wTzWDnB_KupdpBAzAVuC4TsjAS_TskP1RLa8oWKZMpekDTiq7Ks6GMoAf6Y0DhXYDRD2HZC0-sAxJJT6zZTsM1VmxbW5whrW-yz3bOalj06vT1rF88-uI03Y3UsYdzlbnnI
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jan 2023 13:36:10 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAEhNC8cjmHeBeJ73YzSQxo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 9C73
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEMS9EZskVqOT_pkTNTk2DsU&google_cver=1

43 B
1 KB

9ms
9ms

Image
image/gif

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEMS9EZskVqOT_pkTNTk2DsU&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjVmrvGATAB&v=APEucNXUNsWrtwGG0K4q5yw8YId4CFdi8RqL079Cu6XuS2RSy9c0wTzWDnB_KupdpBAzAVuC4TsjAS_TskP1RLa8oWKZMpekDTiq7Ks6GMoAf6Y0DhXYDRD2HZC0-sAxJJT6zZTsM1VmxbW5whrW-yz3bOalj06vT1rF88-uI03Y3UsYdzlbnnI

Protocol

HTTP/1.1

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jan 2023 13:36:09 GMT
AN-X-Request-Uuid: 5a7028eb-4971-4fb7-9d0f-c42713530420
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 185.213.155.163; 185.213.155.163; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEMS9EZskVqOT_pkTNTk2DsU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9C73
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjE0MjEyNDkzNjA1NDgyMDUxMg%3D%3D

170 B
188 B

65ms
64ms

Image
image/png

142.251.208.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjE0MjEyNDkzNjA1NDgyMDUxMg%3D%3D

Requested by

Protocol

Server

142.251.208.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s43-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 13 Jan 2023 13:36:09 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.163; 185.213.155.163; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: acdf02e3-0673-4fec-b387-31da8ce6182b
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjE0MjEyNDkzNjA1NDgyMDUxMg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 5D12 41 KB
15 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C7Nq-ksuu3sx3cKVcwiO4sJNcCw2J4I3jshQ8UGk-dFChi6_9OUAjGjxl7O0KkniE1Gydvcy7YzvqY6sNqX_HQk9v8HN0D2grr0Texgf7vo20gHzDsqInKU2Z-0xSJBM1D8oKlrg8KcS5Aen48Wz39zD4KXp_a9x6W6LzLACNHM03F8Po&cry=1&dbm_d=AKAmf-C6UV9bPhLKq6EAsyTX0fSWH3baxH2l1x32-2NoL5ZHTWYQmkOgzPQxpFSgaZWyHHKbSPpOBvNIz5JKeJ8uowQ7E2Rkgh5lVpd30R4qAXVSyieQzcVB1GkSRuNrmjrqFR3aEiZiDodcMjQRVegsUYGlnYzADmINdiegwoLxfWx5fXBf60HNkhVWHc2PH_SGNjfh0x3W7tW0FxyJKz1JZfBPmm-OBti3I5ZIjXiDhQFmrrASZp9kF8MIE3xIDoDGOkn_7Wzb4Ndxfw9bgIsG_prylpzhxInZicPCWTiyTSvN3oSvNq7WovpfQBQ8CgPfEQpPdXleUxj2xOxBfZFs1q81ay5vX1GrTNAdOsL-obiLAdJIKNo9MT-7U2snVX1fMjZEI1aE9zXS6Lg7kxSIQ89H4cIFeyLEXRiE09m2xSzc_oK8EgQh1dU9QXQSRhOV0IHlCNkTRrJkAaTa1n4rhODZ3BIMpvgikhDw5XtE7NjVPCvwmWdpViIM4ZkrpFV9Vth9Wvai1l9fT_pitqipPdlIa0op3AyYby-HLNjOc0f8GA51v7IuARaqWMiZqRwL3GThrk8XL1CblnAim4C7_dQhRt3hwfa69IdWwBK4LLSw63EtqA_xX-rPgRshBBnwx44peRpUim64AkmRvfdY4Y0j4jshD0spa-3PAtJPp1MCXwVaWy6SCyXwWz2Ihj9TjGIHBGIMO8EqrkFTi-rXtfIgi-S___70FFYk5JSBJGOmegX6SIelktg7mrXUMxDzHPvKMRbhcOBqF3y8mtS06CZRBOtvoe-yEaGB02LXYjSQB4oSPtWWVya1DloXUVWQ7HMKTASAjDMZOfsE6fMwDW2LK8LXraRTKNFbncKrNPc00pi9qlqLhPJbGB-4vUE9MVmSUWwTLwPQeHBt7yI2xTniRtxBMSmg0p4F_aUCVMjzRls_tOJphUtkN-6PJEKbeY2yLuuAZszrC_4n4bn3H6lAmQ8OIxw4qKtWhnWDRkFw6hkQLuALu19ea4s0Sfp4a7UPSsD18R6HwA6NL_F6r6NS29D0ycIIoDv0xDxTBG44BVD7QUm11kaXv8fKaz0C1UUDtTrzFsiYfrheaW2Zv93ZdNRwI3kD3MdXAMufKubZyyU8BLDue5F8KFyfci3L2CXgDZoIgGR6sO3TIsl37ziRQ8r51GklpDLhpR4JIsLqBHOqbMfLRCQ_XG95YHkYAWkxH_7Nplwebj9JrisKkhmpW1gslMNWlJOTpoykO10AvKUu8CFUWyBonTYUgzJEHnsKDOvfyyi7yo4IsVv3z5_Nem5WtIWnXc4bNuVzeQGWvR8FNKcq2pz6cJXSdD7Zyl5SoVuFIVEgCnHRe-Civ6fbRSogBTu5C4IKi6rLLfovZepKw0jzNggcC0zIapxZ7Vr_cHj6lpv0cmDA0R1mAHoDOzT_kgRjollu22KjZzFvDrN9JcTHr5Th89Qt1zayuRCrbTE_bni-_iQULbIeo9StrVUYJD-F8G8DguvX34ermTyrNxBX8G1RJd0RfRQEX6HFQCyFv9EvRfSX55qTxtFl0WBNzwmEJtiim4h6nYjxrpcmctAKyMoJEzuqwxUnxolkSzV_4nlP0BpVXcwHjkMYq5rcLkNvQ3OH7R38MSH-TCB7eTTSZBvJHYgKKXxjpPzfAKaFLm8yGclZch0xo8fRF1tXvoVPsp9FMn8eu_ollop9fsz3sdAGen5Q3RSonzZpoXVPu2Vg_yJx83zfpyFtV-ewK5VGvyWiXMJfqDTBqX5MU486H_P3qh3JDlk2O_MIOa9M8CiqwU45RQNu0brvFNi5ZUbYOBZU_dYjqozLCQfun8rPmQzeUx3b6TYrOfgPfedl447cZcc_9Mj00d__PzjCFF1it9xLIvF19JsdJjY9dFvPljFYFj8440Mtx1eSd71MBIBancAxQ6yMj4BrqIiVxu3BiwHAXDF_uVM2mLMcX7iEMMAoxgjjd1uCnyFCbSSY1lhFhkDpzXAanxtMIsIjzYkk5n_s5uUwe56D1ymmbxVsx-qsv-uH1YFO0ekqX83y8k7fbPpGKuE4QwySL1d3-zOyiwWNtZRIofi1WkXL7l5_YLHXlK74IjtMTLylnmFlOCu4tOX15ix5fyu3c1jU8S7UEcCZ28dYU-gRILW89tKaI7Rq3q9k7w5GtWNuK_LgZMa5S9RszytQL55-rlZeRk3exsnqLxke_xHpcYUk09ACW-jdPt8C8AGrzIrcmObCwZguXVr5PZrYgQV8lR2ypkx8WbxAvK1VhqdDPFpgv3HUUQMNqTZBzt0ziuMwC0rndSEo8-xIr3Pd5bw5szsq4bXylnt_Cds4MiTVtyySlF3gCMq-hPX9mVzANnzOxtac-zylmtcg-g5Yc68zbuX7wLEZtag1UgiltuTKdo84dQb8f3QqdtIYpc5lESy9bbaUYoxoKFZlMS3AFXkTifnmBBD4rJsS9ximKmnnBpWIsrCEwqQ_N9aqAJ-l0BLG3TkXypp20jj4Fvl0be8xBG_1KQeCkwc29f7VjWpMSiHrdYyYnFp748UsyNuzgv2iOda09-77WHGZfmgiqv3W3VpnapHTwvmnbQn78Da5yCjqXXwf8E8q2lTOXzYvvNPNs0i7B2khgj20QZMWI9v-wTKnnyl4wQw622h9NJbJfbnDiuEbGBc5aqCYChoQRwNNY5IAKU0Cd9HleyLVSB8mGEnEui6kdMVKfNmptN332P6vm-Wm7ffrIrB6gYPjQVkcofQd0t3JJBPuHixZ8Vfy_SO8xpcBpzsJXiuQrgW4cJPO-9FcHwiMd6oij6uxj19xcohs-ExT1Aid64c_yzfsD0_MiNQSDEtUKu1bOHH21oDsfebwTTr_98Db7_TOzAskUtPsm8BY037HPigrYmWVLIZKJOr49ZZoaj7YQierWfOxJ8HpArvu7Tw5MwE89OsDrXnRtGPIJ6HNQLKKiFG56ESlIleSJp5v00Wj0zFC2A0x9rV400yE-_T0h2tsbjWUgE6J8zfYgFk3MaqI9aEjHG8dMmqp_MkGs4xueGSG3ddS1L9ke4haZPBTuawOd42ZqJR-krsb6VUEDUWMXQAAtGDukxVbDLitQW4kgwbOAvkXKc6NbYH01XvJoSD_hUWNgxH0-w-FWhRSa-5nYnhCzTsvOPfQddYhvitGVn9SehvG1EAJVpodBYjtD0kp85HJsqedSXjdUdSjL9tO_GVrU4xuPNN-8rY0HhSLP6WL-vQmNXLe5vG9BBZGXpWI10RBIlXATvpBK_nxldHL7fxh--ERzttnA5XIxAdmy3n8R0Fec0L33eob0Zzd5K5oX9sjbMHgUYd8noYoxkjba2tGK_BjmFDvmNMJBS_s4jzN6Tjbe2QfKPV5EJZOhztocQmHYNEFXq3xHgzMdjOigojkTm0YXD1TFSHw_6bT3ozyEkVaQwblqgZSJg-UQqm_ErPTieXGwg831PP_g7SXvL0YkYSsz5_Tth7VZtA9Z4-y5TpJ2AiV22E8HMerooDPEowMBcoPT7RIDZ2U0RvzKDoEsg4fNwNmq9nKx24R2-s292MnOEIKrd9WhMJaCflZ-M0cHM1cDMlVzS9msMSgUwiQqQTWhU3fOb-Yo4N72Bj-G_wVgTVIK72FpBASeDSbZtiPnu63WqpD-csFSeeSBK3bKUJ3xWv7mfLasXLw5-wuxC7upwIT_ySs_XwBF3pTjCVrW-bcmIqMizJWxpvLdPS28kmaag&cid=CAQSSwDq26N9XLUHuY68n23f_AB-gOPbKSVyzVs-VdkDZRwMpY7ZvYjcaJrK87WTzC2D8ZV5_sEdZeGSQAE4GAGVMt7yVFhHJX0QkgtHlhgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fcreditosaibamais.com%2F&ds=l&xdt=1&iif=1&cor=516160539099397800&adk=2086295851&idt=135&cac=0&dtd=8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:17:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80301
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 12 Jan 2024 15:17:48 GMT

GET
H/1.1 200
OK znhqi8lr1f8g Show response
hal9000.redintelligence.net/zone/ Frame 5D12 11 KB
4 KB 42ms
13ms Script
text/html 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/znhqi8lr1f8g?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxHdASV7BY6TPB8Lg7gOcp6PwAqblvaBprZqcp8kP8C4QASCknZePAWCV4pCCoAfIAQmpAp-bbFKUM7I-qAMBqgSPAk_QiRDZyQ2blj1z8cBK5WUx2cEiZuPeyD1ffKiUVJZ_wGOKeAMww0bFxblMlP-r_4BvcxJ_OjRyZVpdpfbueMKPxVXp7SRuHhPnAdVJo5rHwS_zpXC6YxNwe7cLKbvuSXf1gsF15DTKsGJeQVv5PU7QBBGNbi_MS77x-JLjwwnTwwuKRc-lFVe19k5a_34OGZUrqnaX615JoAx-ZSkcrYAnvCLzFHOc2x3Cpz4HKpQ3WQcQAHiVLmbHowvGimLFj7JvCkzVeBknIV8-ZkamX0vt_Zjju1q9li9mbdo89Tli_YnSBhkPqLEJypkYLCam1oGRC-MRQNOZJ93_L34oFdWdF7NSm2KQ2nVwNsIo4fnABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggRCIDhgBAQARgdMgKqAjoCgECACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9XLUHuY68n23f_AB-gOPbKSVyzVs-VdkDZRwMpY7ZvYjcaJrK87WTzC2D8ZV5_sEdZeGSQAE4GAGVMt7yVFhHJX0QkgtHlhgBIBM%26sig%3DAOD64_1n4qwO_QOH-EsParXnRWv2fLr2mw%26client%3Dca-pub-4894209870857905%26dbm_c%3DAKAmf-CBZ5A5iZOuKbEfOCATS9KyLmtgzZXmckjAwDjm5-vl9ZTSmoCQhfCfCeoH-Q0UhcqCzX5Dpsxwc2lsDmdfFGdDxcGuaFVZkvdu1sZ63BeTI8x0exc6ZGfyitzz2RqRdYcBSlOM3hZsFDmr3NyLtwEprlanRSgJudhTPYMOEyPh0UDbNsM%26cry%3D1%26dbm_d%3DAKAmf-AtKvo2-twxOWkH6jSKvPrhuW4tWonl-rxIVUkZnAfbH8mOAq0oUNgD7BNsbjO2oD5I1yzLt9LPsmCtOJKl2Qy2azJdwvvLOgOI7Lr-Do1q6RzsFTpsWkE8shvs2jcmDbJFjuZs8aZzr1KBtmtO8KbxHeH7cZEwR68sJrA2N0Aun687Xf1I4Zhu4MBA3eC3hDUvfTCT1woNSUQH5qFZ5q8ok1w7OQSqmgU8tDQEjFtXEjEj7qjXVsQ9wuGEKXnp-7jMUqYAUJvv_v1xG-HJSAVInpA2foP0cg-MrEW_kW5QBENOXaaA-PMkGSajeZENVvhLb7PAgXNnqrcIbyqdGqG-_DZ5N5y8J7EzeNxXKxGktiXiySDTlGeAFlihmVb-AU6Afgo-gL6e_GdT4O25YpMEt5UG_ReggmDPLuFLFvTUvcjIQyrI2CqReQD7XSwv35I7aJrzB1vijNu3zD_ritUHc0f2zR5vvJBXg2Me_X4wcyQgp6WWUOanYYooPnJ3-AVANFX7OUJypA2yb9Y5PEuupCsDIRQIi3Qfb6_rUq42DmL9MvNFsig5-Awm16e_vzfQSHgfUtuyLq7oqeirLPrqXuZ2CZiBD7UqdX--GIiUgNIfbtpSpzJcxqfLTJ848v_00znerPy1PkoKdqjpaTrPazD0WQ%26adurl%3D
Requested by: Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: a601a672354e0a26c253b6df20998ec398fd0008318f4e7f5c2f70244af1481d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:09 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4220
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 35D2 640 B
262 B 76ms
72ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARiAhMnRATAB&v=APEucNXqlAC6bVQGUI6O5RzXq8IZd7lFDiYD5oo0Cy9J7zdAGy9sU_GPfnwdWnAVRzLjvAgeG09eAEJ5y8zKEKbmBm3BDwN6s7FJOu6zmUQQzcwNDCw9nfNNbRJVWSUJ9ShyFSm8HazU50d_P1E5NfQHvXdfVCXLDxeiDxCHgPBwU1QZmE4b3sg

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Jan 2023 13:36:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 9498 76 KB
27 KB 125ms
124ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc54379b6288f5970da471f0f64ca15f8c9e3a3819a0950608a45b7479d5a11f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:10 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27384
x-xss-protection: 0
server: cafe
etag: 10506132538256102613
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 13 Jan 2023 13:36:10 GMT

GET
H2 200 adj Show response
fw.adsafeprotected.com/rjss/bgd/1135760/65089104/xbbe/creative/ Frame 9498 249 KB
76 KB 99ms
32ms Script
application/javascript 99.81.181.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bgd/1135760/65089104/xbbe/creative/adj?p=APEucNUmvv4pxUyVZEBURwh6Xzm0YkU-yVqLyUdxnUQLPE1hMkXY8qo&d=CokBAKAmf-CXx8qtSaE_gCY0yADDNelLa-MqLXiXQyR-enynXkiTt5p39tjrWBipcNYlwLS1ckyEMCOBLAZLGnSD1uYoVSKIjD5IhEjxzxYWuyItlra1Lib9qsiXBmZ3kStglqxQ63-wYTzUExUxL0slMUcGOQgQpA2DPdtyTuv8poG_LR5wQNmASvQS2RUAoCZ_4H9j9DDanY1Arefeb8kORN4aPFm3naO6DkP2SXtcolx_m1wueo1F_Ll9hP609KAgPB3Q8mWAQQ63A36htU8RbzrONyGxaq-DkpIu0krRGrhO_aXJ8wRdG6E9z24VQgMQ1R2DYEFhNkSpeePjLnnPamQWh8D6FkBP6yE7jUBSndlVXZoek4faV9TvJkjK9lMng9RCFV-ROwIhacI5TQPTvLfzOjuO7li1HB-ed-xHt2OnmGUz-rsSjUzunV7FhVcJw5Hk-nPfUyBqWZ0DixpYfv7OtGn-mij2jBZRCo9kWjfTfxcIDd1J7E6XCKTzYyzXURCimZy_k3LoNATgO4VrybrznvzBCgFK4aludQqHIl9e5Z3Uj3leFLfdnj_gAc5cw5RqNAb4ggPCN-h8VrQgc6EstszKevcet0eNKWqJAoGO85qhZNVCRHG2IrqjGiqAlY8GvP3rfMpYfj1F8PL9UshPJaYNk5n05YftBeLTNczuyMXbdlu4vs0RtjCU-qKKZtNbLEB9A9tXLgrzf9v5Q4_dHs_gsaPtJI2eCiUpuLWe7aQceA_VfE2ciYKBL_o8CvAfKt4cv5G2QGjkDsrjQjlA9mZtKjpSGi5as3Ni-quclZymvkgHoZrjNrvJSXMvJKQ9Pfx9iowjAAM5ee0q9j99Q33zpfT__1tgN-PyRiEI4VTGu-A-ilTDqSda8dvUnTGrPwNl4MwKtEPebOzwv0NREGZ5Aqjc9dVFtrHieanCJ7zKOaf-TZerroz6Z6R4jOdXJgs44YkBzIqfXaSqR43oRIGeGYu0ULkJsdlfB1YGbVAOyoo9TQsB4zIFhCbr4JWJm6r6Fm25xVXLzcot-FGVnOi59vlj-Tl7sOvLXHTAlHmURAlgkQlyTlipbUXdMKaCSmqlE3FaBUlXt2LfFMJa9lpS2Y7nQQIt1r4XTh3_o3-mlVws4cs-esZdpu270rxp2QS51TqBK4e38DFf_Qo27SKk_C1KrLkRjJkbBPiCEUNWv49DCDIb5AOnmIQo-6ecA2ccg5O__1Rm2FjDgHq3830Jfmpv79YfShxQwXZQJZ8PXcYS5zIuMCLh3WWPvtXuq2cAPXrsyZ3lUpUtz0Ch3cSQ7mPjbT65pGJryNjfdf7lFuE6udRVH3OsS5OFkhoh1e3XRnLsXQLSScNoEoAfeIqZ_lOGUC8Ofi7FEY8xgF6mc87Y3CO7mtWtbeh2QctxGp_vgYdTDhcKDGyXxg3RULICSXx_MljEdaG4ru3b_FHiQZGAc1xzIAvSgxIh3kTcEnoIG_l0JDoCKLzLJ2zRBMr4vQrUIy2fMTs_7OeFGmGuE3ocdDNWIDCmhDTZHMV1Hx-mz5Yqu9lveuH5b47o8nCIUhSoK9rcaOFT1dYC-1kAJgdw9g68-HucbLDu6EwJTpJz_CkVlTIJx2haYU0zyl-2iI52YgWtt2y1PKRZIPAQaUUm5JbneXl4nJPqpUSoaYHMXJK_4oduQzF1jHEe7HLEmUoIikBPrJbj9JO0eCOHw33-p0Fj25OH_0rB_8rMOSxwmrWUJ64e_sk7pinl2R1l8BcUNHBJC3U2zOQMvFBD13JXPbnGxayJ_tZLw_izNYrAyVytp2T-rPweg29WS84DJGeIoVkmtWn_ZORp01ns6RfK_xhqy2uhqz2ugRr6XI3k5Xfkjmn9MzTHhubwBIkQ8WV7rLF_yFDalU4xn78fJQc7bGJqUuOx-b9QnB8zvNdyf_VUzIX0p7OXktX2L8tHkMdyet24ATlazeK3mb48vRdTmhIwoo50GUl9IZ8RKEpB9YErF_hHoEZNmIj9i7M0nxBM_S8a7bqv1l7691FjLM0cseJeeNntYe8ko5nbEnml5Dqx5ZrSWeSxKkj_rrDTcbQMjB8LFvgn1ivx6F4Ou5MCD9G8yGo7x4Ebi_3MEpvLmOALXqC5JxAsEkQvRMpVzJSVxZsxlI4RzBy9g_k211VeACHvetJFvrKy5CpRlCkMaSs-d5gVQnG1jRQKuQirUw90LpkQR8eUV2w60I80GSTcRo0ublLNfK-NRnj9wNBKh99xd0PsqtFeukgF8Bu9hJd4Ps2ZYULHz3AZjT6VTC6xuDR3PSmOVdn14Twq5JwXaEm1FZtgINjhuUD9G5-9ZnMtaPwjoddKrawGcyBNLk8VSbnj8ENuRG84kEV8GOTPg0O-BM66drH6-XAMZyA_7tqvjSnwOsj-SuU3olrH8F-IFRqSMvgh-4sBek7HBaC7bAd24b0E7jLhFpDpPjI8XsoMu8yIOiyHoniu2Pb_KvcfhNEzywlxtbYgFaciKB-_9eJXoHcwiqWGuBA9THAoDKZKoqWl1cjcMEgvWb0sxrtrtukvtM6RflWSH2oCr6u6M3EuQalALAud2ZzR4hLizCeY3U1j1xVB8mnsx6-q1GYHeSPagz0pY8MI2rdCAuBARalH9KKGk9RYgzZmr2_Uw9qFhSzaorpyqditulRG4deCBy3R4i_y5rL8pnvhss8uI_nT6QAy-g7KjXx94nJ9gpcJlM2idoKe6xx6rSYF85PjtizkO9KMLCFHHNdv5pyfPg5YSXF0k4HosOvRFEPyXVVj2-u4gmSxHXCLtQkqkJ1pzYgSTXSDqUUHpE2AnWlbblsfVy-E3C6dfsGhqVuiQ4m6kQ5fYFRk8iThtcclGf556RJnYQ7EaIdmX40dECpzxS0wg0r1_etehMDbO3yVPU2w-fd9qUt1f2oexqFxDzDOTEIMZHYhY0G2g3XQuVYczLZaPw9BW-CRsfs_Vnupwqaqh3DB3MmLmEfK1OcgqncO0A8dSLRIIRtAqTvp7OFbTNLh5Q0MiaI0XKlZNWGHrRZmBpPdPbb7pJ1BWA_U2lt-0tjJaFL7_B-MRY1NQtIlJvTzW2Yz31NQ9jAT60jqXF4Y3yFa77217Rn-8NCyEm60Rny6FtUHrRdgVY9ztrSUeIAirEksTcTkf8emy7OEHVxqqzLxpZszjqvl-edvu8jT7URtR_HGhRoQMaRaK2fUbx7XthQoXTK9pxs1DcqoKsDoQQ7LHUfwm2Brh7hKqZPIo3QuTqmnHczjpQgJpZjfg8lfZSVDVq0lsDXqxTl-Qp9P2Lmkfd0NZGhgv2gIL64PbiIdIAhuni0G-PngdnMeKmmxImIKRSEEjfJzSGx6UHlboLjT-rXjJ3uvimPnAGnfENLkCpWdX0oIPZVIkcKZpu08NIHGHbxx3yeQokeAOo_mGjmPF5DOXLQuibql6tZzP3qdYK2lP3Ap4LO9YSfGXFPyN7Dan9g_umllMTDWKe-NSq9ruNRtIxw8GjywDTPut2uVhT9ZCuA0TYw_ccJmmAe0gG6PLr2jkklqoM20vmkdaB3fnguUJchcDMDhpAN3w3rhKcna5Z7pboxb4ZYCWTWiqF2YQeH8GUlHs0R34dO5B_Te2h6quirXSrtLHk51e71JCZj35FmHbz4RqcmRDyUd7HyB7BHjZwW73qZdkXfi42ICScQW74EM60AY7hIhC2SWlbdZjD9wE78PG9e7EU5qLVxW0N1orGheBOC7AQahQYg8bQeMkRjtHKNTKy7wXnBiLMWLl7rDVR_R8gPdwrHTc2m6jN5YWxP6jTUnOAhpiuBazXyXxP7xLgBcWTp1oBjrbAiIlwDQKqrlowYArxtB9xevnX4fFOp0NKujl1vDCmFqR2APe2khzPQ21xpTCAQSSwDq26N9gFhN-d_DP4DUfBxx7JCd8Gx4m_TlF726F2179OVWVMcQ_l0hFTwpwPRbZHTBXMIqC9Aodq-tF59RlprwRejRCZsRo469thgBIBNgAQ&ias_dspID=3&ias_campId=1008772806&ias_pubId=pub-4894209870857905&ias_chanId=1&ias_placementId=18137318546&bidurl=https://creditosaibamais.com/pis-disponivel/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iovvzKQTnAiCIFNgoSKeME
Requested by: Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.81.181.127 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-81-181-127.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: fdb5dbe983bea6021d034bf9bc12f07e95aff2211932627b80917f14678bec84

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/ Frame 9498 3 KB
1 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/window_focus_fy2021.js

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 12:43:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3175
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 27 Jan 2023 12:43:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/ Frame 9498 18 KB
7 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d6e49f1d85f57c06002816ffafcb8bfa08d8850c7358cb45b26b7a4f78f73fc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 19:01:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66903
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7538
x-xss-protection: 0
server: cafe
etag: 18140588555649875417
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Jan 2023 19:01:06 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9498 157 KB
48 KB 51ms
50ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cff8c5b798dd1a69ce9460a203c10be59613887e25245f5c64916a51a1055d4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49309
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1673441803913192"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 13:36:09 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9498 42 B
63 B 162ms
161ms Image
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B-DYwN4cN3ds3glQ71sIx-JiK4oGguuoOHJL9urflKZGEDxUDohemQF1maevHXhcQTl-HLOZqn_O6RPwz8oXPEH0r9Ri93iuU9N6LEHOuCZlL1jG8

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9498 0
20 B 162ms
161ms Image
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1396290486060888824&x=1&ct=76

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame ECA0 22 KB
8 KB 36ms
36ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 80301
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 12 Jan 2023 15:17:48 GMT
expires: Fri, 12 Jan 2024 15:17:48 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

request.php Show response
hal90002.redintelligence.net/ Frame 5D12
Redirect Chain

https://hal90002.redintelligence.net/request.php?zone=znhqi8lr1f8g&nw=20&renderingType=javascript&namespace=36ca91f55a&subid=&uid=b94cc262277bb3f2&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90002.redintelligence.net/request.php?zone=znhqi8lr1f8g&nw=20&renderingType=javascript&namespace=36ca91f55a&subid=&uid=b94cc262277bb3f2&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

2 KB
1 KB

106ms
83ms

Script
application/x-javascript

46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/request.php?zone=znhqi8lr1f8g&nw=20&renderingType=javascript&namespace=36ca91f55a&subid=&uid=b94cc262277bb3f2&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxHdASV7BY6TPB8Lg7gOcp6PwAqblvaBprZqcp8kP8C4QASCknZePAWCV4pCCoAfIAQmpAp-bbFKUM7I-qAMBqgSPAk_QiRDZyQ2blj1z8cBK5WUx2cEiZuPeyD1ffKiUVJZ_wGOKeAMww0bFxblMlP-r_4BvcxJ_OjRyZVpdpfbueMKPxVXp7SRuHhPnAdVJo5rHwS_zpXC6YxNwe7cLKbvuSXf1gsF15DTKsGJeQVv5PU7QBBGNbi_MS77x-JLjwwnTwwuKRc-lFVe19k5a_34OGZUrqnaX615JoAx-ZSkcrYAnvCLzFHOc2x3Cpz4HKpQ3WQcQAHiVLmbHowvGimLFj7JvCkzVeBknIV8-ZkamX0vt_Zjju1q9li9mbdo89Tli_YnSBhkPqLEJypkYLCam1oGRC-MRQNOZJ93_L34oFdWdF7NSm2KQ2nVwNsIo4fnABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggRCIDhgBAQARgdMgKqAjoCgECACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9XLUHuY68n23f_AB-gOPbKSVyzVs-VdkDZRwMpY7ZvYjcaJrK87WTzC2D8ZV5_sEdZeGSQAE4GAGVMt7yVFhHJX0QkgtHlhgBIBM%26sig%3DAOD64_1n4qwO_QOH-EsParXnRWv2fLr2mw%26client%3Dca-pub-4894209870857905%26dbm_c%3DAKAmf-CBZ5A5iZOuKbEfOCATS9KyLmtgzZXmckjAwDjm5-vl9ZTSmoCQhfCfCeoH-Q0UhcqCzX5Dpsxwc2lsDmdfFGdDxcGuaFVZkvdu1sZ63BeTI8x0exc6ZGfyitzz2RqRdYcBSlOM3hZsFDmr3NyLtwEprlanRSgJudhTPYMOEyPh0UDbNsM%26cry%3D1%26dbm_d%3DAKAmf-AtKvo2-twxOWkH6jSKvPrhuW4tWonl-rxIVUkZnAfbH8mOAq0oUNgD7BNsbjO2oD5I1yzLt9LPsmCtOJKl2Qy2azJdwvvLOgOI7Lr-Do1q6RzsFTpsWkE8shvs2jcmDbJFjuZs8aZzr1KBtmtO8KbxHeH7cZEwR68sJrA2N0Aun687Xf1I4Zhu4MBA3eC3hDUvfTCT1woNSUQH5qFZ5q8ok1w7OQSqmgU8tDQEjFtXEjEj7qjXVsQ9wuGEKXnp-7jMUqYAUJvv_v1xG-HJSAVInpA2foP0cg-MrEW_kW5QBENOXaaA-PMkGSajeZENVvhLb7PAgXNnqrcIbyqdGqG-_DZ5N5y8J7EzeNxXKxGktiXiySDTlGeAFlihmVb-AU6Afgo-gL6e_GdT4O25YpMEt5UG_ReggmDPLuFLFvTUvcjIQyrI2CqReQD7XSwv35I7aJrzB1vijNu3zD_ritUHc0f2zR5vvJBXg2Me_X4wcyQgp6WWUOanYYooPnJ3-AVANFX7OUJypA2yb9Y5PEuupCsDIRQIi3Qfb6_rUq42DmL9MvNFsig5-Awm16e_vzfQSHgfUtuyLq7oqeirLPrqXuZ2CZiBD7UqdX--GIiUgNIfbtpSpzJcxqfLTJ848v_00znerPy1PkoKdqjpaTrPazD0WQ%26adurl%3D&documentReferer=https%3A%2F%2Fcreditosaibamais.com%2F&ancestorOrigins=https%3A%2F%2Fcreditosaibamais.com&random=4402250838115&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Requested by: Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: ebe247394361a5211aea88c52bb8656d600db476adb931d07e49c2229aa41106

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 13 Jan 2023 13:36:10 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 64667800099976504445000012203002
Connection: close
Content-Length: 791
Expires: Fri, 13 Jan 2023 13:36:10 +0100

Redirect headers

Pragma: no-cache
Date: Fri, 13 Jan 2023 13:36:10 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=znhqi8lr1f8g&nw=20&renderingType=javascript&namespace=36ca91f55a&subid=&uid=b94cc262277bb3f2&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxHdASV7BY6TPB8Lg7gOcp6PwAqblvaBprZqcp8kP8C4QASCknZePAWCV4pCCoAfIAQmpAp-bbFKUM7I-qAMBqgSPAk_QiRDZyQ2blj1z8cBK5WUx2cEiZuPeyD1ffKiUVJZ_wGOKeAMww0bFxblMlP-r_4BvcxJ_OjRyZVpdpfbueMKPxVXp7SRuHhPnAdVJo5rHwS_zpXC6YxNwe7cLKbvuSXf1gsF15DTKsGJeQVv5PU7QBBGNbi_MS77x-JLjwwnTwwuKRc-lFVe19k5a_34OGZUrqnaX615JoAx-ZSkcrYAnvCLzFHOc2x3Cpz4HKpQ3WQcQAHiVLmbHowvGimLFj7JvCkzVeBknIV8-ZkamX0vt_Zjju1q9li9mbdo89Tli_YnSBhkPqLEJypkYLCam1oGRC-MRQNOZJ93_L34oFdWdF7NSm2KQ2nVwNsIo4fnABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggRCIDhgBAQARgdMgKqAjoCgECACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9XLUHuY68n23f_AB-gOPbKSVyzVs-VdkDZRwMpY7ZvYjcaJrK87WTzC2D8ZV5_sEdZeGSQAE4GAGVMt7yVFhHJX0QkgtHlhgBIBM%26sig%3DAOD64_1n4qwO_QOH-EsParXnRWv2fLr2mw%26client%3Dca-pub-4894209870857905%26dbm_c%3DAKAmf-CBZ5A5iZOuKbEfOCATS9KyLmtgzZXmckjAwDjm5-vl9ZTSmoCQhfCfCeoH-Q0UhcqCzX5Dpsxwc2lsDmdfFGdDxcGuaFVZkvdu1sZ63BeTI8x0exc6ZGfyitzz2RqRdYcBSlOM3hZsFDmr3NyLtwEprlanRSgJudhTPYMOEyPh0UDbNsM%26cry%3D1%26dbm_d%3DAKAmf-AtKvo2-twxOWkH6jSKvPrhuW4tWonl-rxIVUkZnAfbH8mOAq0oUNgD7BNsbjO2oD5I1yzLt9LPsmCtOJKl2Qy2azJdwvvLOgOI7Lr-Do1q6RzsFTpsWkE8shvs2jcmDbJFjuZs8aZzr1KBtmtO8KbxHeH7cZEwR68sJrA2N0Aun687Xf1I4Zhu4MBA3eC3hDUvfTCT1woNSUQH5qFZ5q8ok1w7OQSqmgU8tDQEjFtXEjEj7qjXVsQ9wuGEKXnp-7jMUqYAUJvv_v1xG-HJSAVInpA2foP0cg-MrEW_kW5QBENOXaaA-PMkGSajeZENVvhLb7PAgXNnqrcIbyqdGqG-_DZ5N5y8J7EzeNxXKxGktiXiySDTlGeAFlihmVb-AU6Afgo-gL6e_GdT4O25YpMEt5UG_ReggmDPLuFLFvTUvcjIQyrI2CqReQD7XSwv35I7aJrzB1vijNu3zD_ritUHc0f2zR5vvJBXg2Me_X4wcyQgp6WWUOanYYooPnJ3-AVANFX7OUJypA2yb9Y5PEuupCsDIRQIi3Qfb6_rUq42DmL9MvNFsig5-Awm16e_vzfQSHgfUtuyLq7oqeirLPrqXuZ2CZiBD7UqdX--GIiUgNIfbtpSpzJcxqfLTJ848v_00znerPy1PkoKdqjpaTrPazD0WQ%26adurl%3D&documentReferer=https%3A%2F%2Fcreditosaibamais.com%2F&ancestorOrigins=https%3A%2F%2Fcreditosaibamais.com&random=4402250838115&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Fri, 13 Jan 2023 13:36:10 +0100

GET
H3 200 container.html Show response
ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame BB66 6 KB
3 KB 38ms
38ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://creditosaibamais.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 13 Jan 2023 13:36:08 GMT
expires: Sat, 13 Jan 2024 13:36:08 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 JwRg8GnJRbSbwgtubA3x1Twn6jgCPCxSQn9TsX0K1wE.js Show response
pagead2.googlesyndication.com/bg/ Frame ECA0 36 KB
16 KB 48ms
47ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/JwRg8GnJRbSbwgtubA3x1Twn6jgCPCxSQn9TsX0K1wE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

270460f069c945b49bc20b6e6c0df1d53c27ea38023c2c52427f53b17d0ad701

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 10:03:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 185560
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16089
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 11 Jan 2024 10:03:30 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 35D2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECXtsJWJxr1cS4F6HXf9zYE&google_cver=1

43 B
273 B

510ms
40ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECXtsJWJxr1cS4F6HXf9zYE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARiAhMnRATAB&v=APEucNXqlAC6bVQGUI6O5RzXq8IZd7lFDiYD5oo0Cy9J7zdAGy9sU_GPfnwdWnAVRzLjvAgeG09eAEJ5y8zKEKbmBm3BDwN6s7FJOu6zmUQQzcwNDCw9nfNNbRJVWSUJ9ShyFSm8HazU50d_P1E5NfQHvXdfVCXLDxeiDxCHgPBwU1QZmE4b3sg
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECXtsJWJxr1cS4F6HXf9zYE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 35D2 43 B
145 B 581ms
45ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARiAhMnRATAB&v=APEucNXqlAC6bVQGUI6O5RzXq8IZd7lFDiYD5oo0Cy9J7zdAGy9sU_GPfnwdWnAVRzLjvAgeG09eAEJ5y8zKEKbmBm3BDwN6s7FJOu6zmUQQzcwNDCw9nfNNbRJVWSUJ9ShyFSm8HazU50d_P1E5NfQHvXdfVCXLDxeiDxCHgPBwU1QZmE4b3sg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 35D2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEOfFcmx4JMbfP-lzZ4KZew4&google_cver=1

23 B
172 B

529ms
59ms

Image
image/gif

104.96.128.226
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEOfFcmx4JMbfP-lzZ4KZew4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARiAhMnRATAB&v=APEucNXqlAC6bVQGUI6O5RzXq8IZd7lFDiYD5oo0Cy9J7zdAGy9sU_GPfnwdWnAVRzLjvAgeG09eAEJ5y8zKEKbmBm3BDwN6s7FJOu6zmUQQzcwNDCw9nfNNbRJVWSUJ9ShyFSm8HazU50d_P1E5NfQHvXdfVCXLDxeiDxCHgPBwU1QZmE4b3sg
Protocol: H2
Server: 104.96.128.226 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-96-128-226.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

expires: Fri, 13 Jan 2023 13:36:10 GMT
pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEOfFcmx4JMbfP-lzZ4KZew4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 35D2 23 B
172 B 598ms
63ms Image
image/gif 104.96.128.226
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARiAhMnRATAB&v=APEucNXqlAC6bVQGUI6O5RzXq8IZd7lFDiYD5oo0Cy9J7zdAGy9sU_GPfnwdWnAVRzLjvAgeG09eAEJ5y8zKEKbmBm3BDwN6s7FJOu6zmUQQzcwNDCw9nfNNbRJVWSUJ9ShyFSm8HazU50d_P1E5NfQHvXdfVCXLDxeiDxCHgPBwU1QZmE4b3sg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.96.128.226 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-96-128-226.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

expires: Fri, 13 Jan 2023 13:36:10 GMT
pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9498 0
20 B 161ms
161ms Ping
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4836582721072&version=m202209210101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9498 0
20 B 162ms
162ms Ping
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4836582721072&version=m202209210101&ct=76&x=1&cor=1396290486060888800

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9498 15 KB
11 KB 68ms
68ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A7h4kpOmuKIh_RyGlJHCNuIK9YCa8gZUyyGdCl_PZxIAbBcdTxJDbdrHlphFre9UcAamd0FL1kv7c7p_VEg23snXT_RN_5eBbb5FMZD1FUEMIdpWWZt1GQJk0Lx_-jrnTIxoha7yOunbwfEnf55R5RL9TF3Brj9aJnzuSIB0fTqvqVzUw&cry=1&dbm_d=AKAmf-C-RhEbFuDCSkXEiHb8wXDTCaUEJhB6fNh99dFyql981oLO5ZFmf2pZgEmkSt7V3by8IZqnvMPRvXXA7ZiaeA1GImLtovbVkTxGwj7wtN96QgRJiUK-6G1EEz9r8nuRaRDJo5ZNGvPV0edesVKpZlVozb1ys-Bnxz3KSoOkJlpLn6EY6bMieJfTbDqfO-YxXkDCsvjw6J9i7hrsGit76vOwK2MFfXEblnS09SU53w79pfr0OpqFj9NRbYgTpenUh_zIVz_kvzdDlg74Wxi2ZGfYFdrJpdN7qvgxGAwbS17IwVEUYAIhkBOvYr7r4fAWay7MSupBqS25Nl1AUB88QEzMO0dwEVSl1hOlV0Zw8szktRSaQq0E-KVGeCBbyxVRaDwso6qyY9AM9SVt4tG7k91wKIq3AH_1C6hcYQI_hfFlScY7j29aKGnt_n1JQD1RlCwK12fTWLVHHzsVAOI_2ttFI9-JFSsj_L3DtrC1j6SLV0BVNhlvG7xvxxzMBj7uxQorqy8Pax1gDxkRsoA9QX0avrbdGk1NlaAN9lFWNtOClE7dW_QoC012AbOgB5vheEAwLbgtADmRhHMTU2QztEkXw3chkR9bVKeXa31Zt64wSKeCaiZ1sL6hlCf0jtZDLnVMj08OGykoC0NIO3ovUoWQZ_fvO4JUzG9sVF1-9Qg9wYmikTCahl8HMj0wfa0aE2pFfGG23G2weNg9gyy-J_HKE-RxbuhyZErwK16soG9fukwvrgaUItfTDF6nTXExX5hYesUQM2Tk0usNUUKJMc9CN3CIHI_2vRkaaSc_OgUVAoDawyZyx92EB0k_574NHYJ6xnLD3IYk0nW78MdFUBzGGkx4A13gQs_ILmAdkqzyfKprwnHuHXIw7LioTPbj-bRnG-kGhUO2wLqyW12GnJlFjxyhZ5pyo0Q5LPer_35-MMFOKPnTXoXM5p8ogKxaj7vSJGY_cGvcg0hd6-p6Ll8E36w1M1LZnz0BIGX3yTPzj0WG-9f6X2jJ6m46tIiaPkTr8TfSjFSLM_FAJ7aHW1qdepQOqlDMXTVO7A4WDNntB1zegEhGTmeRfognNt7w9KoT0nUrzdiJSuK0fcBpiDKA-K6IVyuyvvuuM8HrmwlV4AczYIAVyHod_lzAGpuCAl5Hwi5TBFQ5lyqGE9iY7iP075Wu1_bB0Z-YYET7qVViy4bsLcjUqdba_eoo98PTlCIXDm2ZFm_Ef41dGePSFJ3g_14m6N3a4tT8bQt8gag2UbJuqbLmhGqN4ixZzwreHSTbMXk5wmJyNWN83eK7IBZMSKdxKTsbvuHVrmdyEdR3ycmInXeXrwODZ9pAg4u4vG4Umjg7tHC66x6swBX3AyMvSp29Ija2-93YKcaSsoUByKhsRiyyvpIyTIwOjaIPeJwI15HHjQVqPVCUVhhhomNppOGjTyR9_Bn4hI0diCop8s5JwNvhhspkfkgQUzsb8Af4ZCPCqpkJhycUyNDxU49LWFA2eV5vSj7Tg601-4KbyulfUAtKJ824lwvRspt3JcYpqEuarbf6BZWREFl-L_dvvM3lQWbW99EisGLQ5KSo1jkVJ6i4QyOn_VniMmxvNnM9lMZliz53c1rHad0k9NIqz7T7kXPBkXHosTLQJyR2ZJ4CSdRo78WPw83DOSmKmjyN64x18WmzbUddVniHqmt2Bz-jdg_nR13yn0Fozz00OnYuG9X832-bOAAwKomaO6KNGnCZRvh9DhBabX_HPZWF_bTZrpwOaZHJ_7gmgiFTEbgjT0hjQ9htEj5Om9wRXvw3Rqf8HEm0cEa1RzTG1qVW2Hzp3vLRgklUB4DYAYnRP0Kg2fii1KfvLV0odUnP1X8NpgVHyusIGe1OzWsrSEpuZP_Jt_y2anQZfCgP-2fQGz40_Jcr2_vUHfR788yuvrhAKdl03dYPUK1szqmWIlq_BgXM5s6mIjMOexLtxNP8I5ahmlGZ8N39th_2WtyfmvcLyr2P86M4T19IIii845_AnsBa7rmCDBzzGMlf3v6Z_xM8Gd1yKAR9NPy4g_ZAh0FxdUbgm37Hpq3EHHCusof_950pmMgqsn5S9ifZGZ9A1fBkrkgVD-bNuBSyaaiRe3jbKSO_g_N2Qb3vVGV-55pIkhQysFv9SYPcyOHeaGEcR0hojYIdB7QvR2AWl-U80iN65_qv67gt5qZGRGLKaCbt4ziX0EmIDkpTDGM4U0iyI3JBeJZOJqPtSt-QvM0Hpo-Y2CVksdZUAd3MB2j3UwInVGMhYQ2qYB6OqLAzl_FaD5YkZ8xR1f5dyXkomZKjY_wCY07DNggrU6E3H-hPzclN0DSuVFoji66N2LUgtMeC--_bpnlbkTumy_-VGoilTz5lt_YgCWGE0v6QqC187DBHkAYEAs6M5piAWPGiaF9VVWgBhVbPwunaZrlBKT5ZRy6wskMxj-J_6GUvmHfO1CoSVzOjGvHfcD9QypBuTrvu-2ITrqhtP7GRDtR9KTTJpoO8vpuhXmqcqzA8yGfBOZg4Dh799Ta0RmGe1H4kXDYYBeLjGkjBnnGEgnDN_A6kG2Dh6OZMp9o8vOJ8ILkZvbbAlbGc0P-nOi1HjUG2Xzq-XB72u2RkfVylYSizYGak0scMc8_W4LRLUgG8Awe6ucOuTj09CDjTTJwHbc8jA4KFlsZI78JVL3vdjAwr6q54J7mwAtyA5vXpl35QUsFWNX8kwnlj4OBGf8mmIWncebJ7BRc2zDB-Z3cKhxsNigj40i9FsBggUebkrfmiTsGSh4qwc9oJIYKD-Yxia_MVUAX7LYud5RDjXS06BNOL6h18rjqIT2_qVyez7aecXbBkAxf5fJgaPzeGzAUpprFQBKJmYAA0-oK9-kRdJwNz3YRr2Zb4INlDpp_cgSHB82BPzUzbXieUro1WT1VZvnBLlhfK7RAnNwPTqappuEECYSbiLWxPmyDZf0TPXJLybl4b6XreWUJTf71y6uOr7pr-ULhgvwkP_BbhjHZOZ8vfKYJia5qmfHkkZ0QqNRczW6AKKL5XLhelJRvPRw3aKeWaS3mAUuKbMcl3x29s665uBzaBdPZ2DPZNzmKYLlhizPe4NZ3zBIAxl-S9LFvGt1ver_HfksjImqIwmsBz0ot4UiJcoHWbwfhn&cid=CAQSSwDq26N9gFhN-d_DP4DUfBxx7JCd8Gx4m_TlF726F2179OVWVMcQ_l0hFTwpwPRbZHTBXMIqC9Aodq-tF59RlprwRejRCZsRo469thgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fcreditosaibamais.com%2F&ds=l&xdt=1&iif=1&cor=1396290486060888800&adk=2988274607&idt=134&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b14a289bb4b30985aa140342a95167075e997aba93e817028f6f3352de895c12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11344
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame ECA0 0
20 B 169ms
168ms Image
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BfKyqSV7BY_2pLKjnx_APqsS1-AkAAAAAOAHgBAI&bg=!AgGlAUXNAAYDMoyoIzI7ACkAdvg8WuAXgu-WnaS8qwydRDpREk2KxxP0FZA5-CaOZXaGW0Pcm2v0BgIAAABFUgAAAAJoAQeZAwWzaENNGC8BSvhHrbkN_wEHewJ77PSUTjf4GX9Dl0P240AIZw6VTQ1XfSdP5MUJVr0dSeQ9ufettJLtDeZMyepFDQH6G83eZCptWD51BNOYp5O97SSzP6nvf7V8DO7zSwvX54RiHPioOnMyrqb6y3eUeDAofxxeqe8iBVhU8Fyf7LX7E_iYGg9X5IYKqX3czvHwzhng46_3rkqigkAeNyUKFuGPLEq0Evzc8ohcgkxqxV1oqFHP55lBzBUVClVdtweGU5tpvt8YwFcR-kdDgszX1jdXcizLT0KldfDUVosrycQqBiaquRpFwFWyV3_VZXhq9ovsj7_QTUZVz-X5qjEjrgvvTZyMJKaXG-wP_GIIH_qe2f05xzrNP7i68C8aOrUUc3pJviuauTPUUlFYJtm9LatHa27lnV24sqItynwQH1vfb8cid52YrpuVUxQsp9sT0oIlND-_IC8JnMoQZOKkU4N0vYT2yQUsprD_syvL4svTZfnZNT5BLV16_C8LcXSZlXQJe-75Xu-X0r0_hCB9FXDwj3waNc25M_ASvh0_I981zpklMPrM2ds9esH_g00peEArG9mQ93_JRC0rZjEWAB-A_yIoSYV45bGCRYYdefCnvUcMU67HiLF77nL0NMe7d1mZ8Xg1-enAEiINb9CQvPjOk79WJqwXULAGz0pcd1Vv3dkux7X6cm2mYjZpLc1vbn6xv-t0km4rdUe3V_MlvkFQMG7lNPoI6UeyQ4B-0X2MAe_kLk2RFEDiEmOxLev4IcRkeqanirQGvsNZnmSDwpULKR-Q71emFc8NhwGDHsLqSf6E-bdXrJSCdUbarmG2HphnQHPKRpWiUxJE6vxdiNj-OjJQwOHkq0fnRBJ-KpHtgd_kKfj2GjzzOYt1lbkiQgtlIEXb6pYwj3GlG3tXY-c1D92YKsAScBWn8CmxqQM-VPBMiDCkxR84DxdbPvm_-RC1cBCQFD3wq_BHBn5HGfHhDLqLdadtIMZJoeU0rf37cPDJV7yW2yYNJ7zwqnzr4mnEeQ

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK request_content.php Show response
hal90002.redintelligence.net/ Frame 359F 6 KB
2 KB 34ms
12ms Document
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/request_content.php?s=64667800099976504445000012203002&a=0299db0d
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=znhqi8lr1f8g&nw=20&renderingType=javascript&namespace=36ca91f55a&subid=&uid=b94cc262277bb3f2&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxHdASV7BY6TPB8Lg7gOcp6PwAqblvaBprZqcp8kP8C4QASCknZePAWCV4pCCoAfIAQmpAp-bbFKUM7I-qAMBqgSPAk_QiRDZyQ2blj1z8cBK5WUx2cEiZuPeyD1ffKiUVJZ_wGOKeAMww0bFxblMlP-r_4BvcxJ_OjRyZVpdpfbueMKPxVXp7SRuHhPnAdVJo5rHwS_zpXC6YxNwe7cLKbvuSXf1gsF15DTKsGJeQVv5PU7QBBGNbi_MS77x-JLjwwnTwwuKRc-lFVe19k5a_34OGZUrqnaX615JoAx-ZSkcrYAnvCLzFHOc2x3Cpz4HKpQ3WQcQAHiVLmbHowvGimLFj7JvCkzVeBknIV8-ZkamX0vt_Zjju1q9li9mbdo89Tli_YnSBhkPqLEJypkYLCam1oGRC-MRQNOZJ93_L34oFdWdF7NSm2KQ2nVwNsIo4fnABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggRCIDhgBAQARgdMgKqAjoCgECACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9XLUHuY68n23f_AB-gOPbKSVyzVs-VdkDZRwMpY7ZvYjcaJrK87WTzC2D8ZV5_sEdZeGSQAE4GAGVMt7yVFhHJX0QkgtHlhgBIBM%26sig%3DAOD64_1n4qwO_QOH-EsParXnRWv2fLr2mw%26client%3Dca-pub-4894209870857905%26dbm_c%3DAKAmf-CBZ5A5iZOuKbEfOCATS9KyLmtgzZXmckjAwDjm5-vl9ZTSmoCQhfCfCeoH-Q0UhcqCzX5Dpsxwc2lsDmdfFGdDxcGuaFVZkvdu1sZ63BeTI8x0exc6ZGfyitzz2RqRdYcBSlOM3hZsFDmr3NyLtwEprlanRSgJudhTPYMOEyPh0UDbNsM%26cry%3D1%26dbm_d%3DAKAmf-AtKvo2-twxOWkH6jSKvPrhuW4tWonl-rxIVUkZnAfbH8mOAq0oUNgD7BNsbjO2oD5I1yzLt9LPsmCtOJKl2Qy2azJdwvvLOgOI7Lr-Do1q6RzsFTpsWkE8shvs2jcmDbJFjuZs8aZzr1KBtmtO8KbxHeH7cZEwR68sJrA2N0Aun687Xf1I4Zhu4MBA3eC3hDUvfTCT1woNSUQH5qFZ5q8ok1w7OQSqmgU8tDQEjFtXEjEj7qjXVsQ9wuGEKXnp-7jMUqYAUJvv_v1xG-HJSAVInpA2foP0cg-MrEW_kW5QBENOXaaA-PMkGSajeZENVvhLb7PAgXNnqrcIbyqdGqG-_DZ5N5y8J7EzeNxXKxGktiXiySDTlGeAFlihmVb-AU6Afgo-gL6e_GdT4O25YpMEt5UG_ReggmDPLuFLFvTUvcjIQyrI2CqReQD7XSwv35I7aJrzB1vijNu3zD_ritUHc0f2zR5vvJBXg2Me_X4wcyQgp6WWUOanYYooPnJ3-AVANFX7OUJypA2yb9Y5PEuupCsDIRQIi3Qfb6_rUq42DmL9MvNFsig5-Awm16e_vzfQSHgfUtuyLq7oqeirLPrqXuZ2CZiBD7UqdX--GIiUgNIfbtpSpzJcxqfLTJ848v_00znerPy1PkoKdqjpaTrPazD0WQ%26adurl%3D&documentReferer=https%3A%2F%2Fcreditosaibamais.com%2F&ancestorOrigins=https%3A%2F%2Fcreditosaibamais.com&random=4402250838115&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: 65ffa0484d19931e97716c1d13cfa0c56f7a2b9ac5c422fc857dc1680e12ad2f

Request headers

Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1849
Content-Type: text/html; charset=utf-8
Date: Fri, 13 Jan 2023 13:36:10 GMT
Expires: Fri, 13 Jan 2023 13:36:10 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

inv.gif
img.tradedoubler.com/images/ Frame 5D12
Redirect Chain

https://impfr.tradedoubler.com/imp?type(inv)g(24495172)a(1565155)epi(64667800099976504445000012203002)393406436
https://img.tradedoubler.com/images/inv.gif

43 B
670 B

41ms
7ms

Image
image/gif

65.9.66.65
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.tradedoubler.com/images/inv.gif

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

65.9.66.65 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-66-65.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 09 Jan 2023 04:43:54 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains
Via: 1.1 4162b603e4967e54c2386fa354705d6e.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA56-C1
Age: 377536
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 19 Nov 2004 15:35:04 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Accept-Ranges: bytes
X-Amz-Cf-Id: LXctrCnwLivtw1K2l97sEjvi2aXLVUvloftZ-_NCp33VC2-_t9IMGQ==

Redirect headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
via: 1.1 google
referrer-policy: origin
server: TXServerHttp
p3p: policyref="http://tracker.tradedoubler.com/w3c/p3p.xml",CP="NOI DSP COR NID CUR OUR NOR"
location: https://img.tradedoubler.com/images/inv.gif
access-control-allow-origin: *
content-type: text/html; charset=ISO-8859-1
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 248

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 428A 0
91 B 92ms
43ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://creditosaibamais.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Fri, 13 Jan 2023 13:36:10 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 170ms
169ms Image
text/html 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2023010501&jk=4231814181886711&bg=!VlWlVRHNAAYDMoyoIzI7ACkAdvg8WsdS2DuE1x96wI6g2R1V77Itm1lt1caKLkUEV2N12OeaSVpgFwIAAAFmUgAAAAJoAQcKAJMmC-Rk3plOrvT2Zzp-eQJc-C3dXHZnoJoUGOZB-wGzBT4TtEyOJ7tnAlUJYeF_HYv8Xf4e7CJsKiTo1hoQvCVBPNZylnZ0kbhClDFfrBdgPjQJsekAEPp2diodOlI1xMNaRkKkidf4vMgMUXPwwPl2PmIFOnOcT62FaR9YY8-h-prAk2N-W8ZlQeYlEKAq-oBBJmWZAqPPV-oI5KzheQFNut5RG7HerSEkn-NNKqmr47NottObYylibYi8ciSyexR8XVJOauI1cPs-kIO-V3Al-ABRpEvloHBBXtEsV6oxybzCLvCch13fmubbUpcqULYmh1jyyD4LN1AD5cl6dTwBaoPev0yd1bn5m7_bxJ33e526UyjTzRX1ZA9hyYLXWtIQPzbQ5fCULymy241Txw_VTNoHMCIA9A9XeKzmUgK8Jv161A4jxMlV_9zLWxMIhkWmYbSyJ8XZWQhKdIR2obh-zRI-8qI8euzAC1b2qp3g5p2D9fE-Yt8F0IG-6fQnkePx9R4ZDoZlvvu9wH9dTAstwXR-EZKDp1NIJd4zTMtCSNoCZQOPalkjxZnIQJMJyrPkSydeXk5cguOSz8-240olyBFd9sawDZ3wYYuY0hL_Agw_Uy7g4J9a3Q4ZFmOrD37Yi4SKp9yCXpc4TWAH4NbBv7guRSFCPlHkdam8OWg42sUqxkCoh8Mpy-pjKtjPVugzkKQf8P8fozGLTGig77AM_opd-XpjdvDS3y2ovSYVc8eVdvaHy-OF8d36IL8tLy6Gs02BAiCSrDfq7sgqiYJpyogLf3qxtw5dULJSX4E5-V-Uzs52agOBQg4CrZzTr8mOgf3LbINlujOp-wTLRy93W-9osvDxChuS528kNilMdXJSlQFK1-N-zz-La22pY32MxWqOmyfTUOaCvzlnhrLtUHw8oEanhnY_7L1-NlKW8to-XU5bhlTETNIyGSGEK-7C1kU1JiMrGJDMvV5SEtOxvQ65q2ZIyV6X_JaIj_qaQNzK3HmjSWqtdee4KXNKiGhBbxdyZrfuk6oep_WcSW_1jH3akBUCkfdZbgy9oox9LTG8eYsAkEefDK_YKoxg8dzLaMaUJYbLkDM
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6BAA 42 B
64 B 174ms
174ms Fetch
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsslMOfD78LXiTLhq70W97bZfxWmHtDgm4oeGPtT8UVwg3ZJ96dpd0NyNfX6MyW1ZfvG3JS4LwjrDhpNO2-Zq0TJlB9_UmTl-2lHqK6xe-KDe94PmHLe45jRkbh31SCCzQ4e0twAb3UU843Z9vd-eNO0NLZMeUw3lHe1&sai=AMfl-YSqHM2gGqlD0HrZaf7sTrPPBrHBXUbLdqYJdfT6BhlbTtHTleSAXaTfg7aGc5VXsDLUrsAdrWpIkiyxuzbeUFphDEB6knnPa6l67rnnbRAljVnxqqrTHtlpb1N0vg&sig=Cg0ArKJSzGrDfjo761aCEAE&cid=CAQSOwDq26N9NDtjL-Fk2bXY7GqYNy0GaO4qMXTRDoHs7El0UCx-kdq2Dt7EOySmyNB1OYjgXv-eoSrq0CXcGAEgEw&id=lidar2&mcvt=1001&p=0,0,500,180&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20230111&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1673616969070&rpt=362&met=mue&wmsd=0&pbe=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 99CB 640 B
265 B 74ms
72ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLO_UBCb3VAYpLfp2wEwAQ&v=APEucNXYc-J1EDPxmpKIIS9eGCKB0bDzB9utHn6IR6fk1Qx2-GHoUCcSKeVU9RCPaObn17ebNKsy4yRgQ8iQv4PRKplws_mUwzEMrfjs2rvEWACc7fvN9e1ZSi1V4DGsTugE-i7QVbxrEHBNP2kdY_NsaND71qiZsfwFPV-lmz44espsZUa4gxs

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Jan 2023 13:36:10 GMT
expires: Fri, 13 Jan 2023 13:36:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame BB66 76 KB
27 KB 107ms
106ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc54379b6288f5970da471f0f64ca15f8c9e3a3819a0950608a45b7479d5a11f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:10 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27384
x-xss-protection: 0
server: cafe
etag: 10506132538256102613
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 13 Jan 2023 13:36:10 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame BB66 42 B
63 B 163ms
162ms Image
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AnjXbXzTVJiNb3XtObsc4YXWq-C59xb656MUFlHSWBpcuK1bkmIdh41zcQDcNoDxgOrErIYB2bVOxtlbGCG-mJiMosH9AIu0njh8bC7NTf8cWn9Mw

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BB66 0
20 B 164ms
162ms Image
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=12250184780305849567&x=1&ct=76

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/ Frame BB66 3 KB
1 KB 37ms
35ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/window_focus_fy2021.js

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 12:43:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3176
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 27 Jan 2023 12:43:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/ Frame BB66 18 KB
7 KB 37ms
35ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230111/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d6e49f1d85f57c06002816ffafcb8bfa08d8850c7358cb45b26b7a4f78f73fc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 19:01:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66904
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7538
x-xss-protection: 0
server: cafe
etag: 18140588555649875417
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Jan 2023 19:01:06 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BB66 157 KB
48 KB 57ms
55ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cff8c5b798dd1a69ce9460a203c10be59613887e25245f5c64916a51a1055d4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49309
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1673441803913192"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 13:36:10 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9498 41 KB
15 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A7h4kpOmuKIh_RyGlJHCNuIK9YCa8gZUyyGdCl_PZxIAbBcdTxJDbdrHlphFre9UcAamd0FL1kv7c7p_VEg23snXT_RN_5eBbb5FMZD1FUEMIdpWWZt1GQJk0Lx_-jrnTIxoha7yOunbwfEnf55R5RL9TF3Brj9aJnzuSIB0fTqvqVzUw&cry=1&dbm_d=AKAmf-C-RhEbFuDCSkXEiHb8wXDTCaUEJhB6fNh99dFyql981oLO5ZFmf2pZgEmkSt7V3by8IZqnvMPRvXXA7ZiaeA1GImLtovbVkTxGwj7wtN96QgRJiUK-6G1EEz9r8nuRaRDJo5ZNGvPV0edesVKpZlVozb1ys-Bnxz3KSoOkJlpLn6EY6bMieJfTbDqfO-YxXkDCsvjw6J9i7hrsGit76vOwK2MFfXEblnS09SU53w79pfr0OpqFj9NRbYgTpenUh_zIVz_kvzdDlg74Wxi2ZGfYFdrJpdN7qvgxGAwbS17IwVEUYAIhkBOvYr7r4fAWay7MSupBqS25Nl1AUB88QEzMO0dwEVSl1hOlV0Zw8szktRSaQq0E-KVGeCBbyxVRaDwso6qyY9AM9SVt4tG7k91wKIq3AH_1C6hcYQI_hfFlScY7j29aKGnt_n1JQD1RlCwK12fTWLVHHzsVAOI_2ttFI9-JFSsj_L3DtrC1j6SLV0BVNhlvG7xvxxzMBj7uxQorqy8Pax1gDxkRsoA9QX0avrbdGk1NlaAN9lFWNtOClE7dW_QoC012AbOgB5vheEAwLbgtADmRhHMTU2QztEkXw3chkR9bVKeXa31Zt64wSKeCaiZ1sL6hlCf0jtZDLnVMj08OGykoC0NIO3ovUoWQZ_fvO4JUzG9sVF1-9Qg9wYmikTCahl8HMj0wfa0aE2pFfGG23G2weNg9gyy-J_HKE-RxbuhyZErwK16soG9fukwvrgaUItfTDF6nTXExX5hYesUQM2Tk0usNUUKJMc9CN3CIHI_2vRkaaSc_OgUVAoDawyZyx92EB0k_574NHYJ6xnLD3IYk0nW78MdFUBzGGkx4A13gQs_ILmAdkqzyfKprwnHuHXIw7LioTPbj-bRnG-kGhUO2wLqyW12GnJlFjxyhZ5pyo0Q5LPer_35-MMFOKPnTXoXM5p8ogKxaj7vSJGY_cGvcg0hd6-p6Ll8E36w1M1LZnz0BIGX3yTPzj0WG-9f6X2jJ6m46tIiaPkTr8TfSjFSLM_FAJ7aHW1qdepQOqlDMXTVO7A4WDNntB1zegEhGTmeRfognNt7w9KoT0nUrzdiJSuK0fcBpiDKA-K6IVyuyvvuuM8HrmwlV4AczYIAVyHod_lzAGpuCAl5Hwi5TBFQ5lyqGE9iY7iP075Wu1_bB0Z-YYET7qVViy4bsLcjUqdba_eoo98PTlCIXDm2ZFm_Ef41dGePSFJ3g_14m6N3a4tT8bQt8gag2UbJuqbLmhGqN4ixZzwreHSTbMXk5wmJyNWN83eK7IBZMSKdxKTsbvuHVrmdyEdR3ycmInXeXrwODZ9pAg4u4vG4Umjg7tHC66x6swBX3AyMvSp29Ija2-93YKcaSsoUByKhsRiyyvpIyTIwOjaIPeJwI15HHjQVqPVCUVhhhomNppOGjTyR9_Bn4hI0diCop8s5JwNvhhspkfkgQUzsb8Af4ZCPCqpkJhycUyNDxU49LWFA2eV5vSj7Tg601-4KbyulfUAtKJ824lwvRspt3JcYpqEuarbf6BZWREFl-L_dvvM3lQWbW99EisGLQ5KSo1jkVJ6i4QyOn_VniMmxvNnM9lMZliz53c1rHad0k9NIqz7T7kXPBkXHosTLQJyR2ZJ4CSdRo78WPw83DOSmKmjyN64x18WmzbUddVniHqmt2Bz-jdg_nR13yn0Fozz00OnYuG9X832-bOAAwKomaO6KNGnCZRvh9DhBabX_HPZWF_bTZrpwOaZHJ_7gmgiFTEbgjT0hjQ9htEj5Om9wRXvw3Rqf8HEm0cEa1RzTG1qVW2Hzp3vLRgklUB4DYAYnRP0Kg2fii1KfvLV0odUnP1X8NpgVHyusIGe1OzWsrSEpuZP_Jt_y2anQZfCgP-2fQGz40_Jcr2_vUHfR788yuvrhAKdl03dYPUK1szqmWIlq_BgXM5s6mIjMOexLtxNP8I5ahmlGZ8N39th_2WtyfmvcLyr2P86M4T19IIii845_AnsBa7rmCDBzzGMlf3v6Z_xM8Gd1yKAR9NPy4g_ZAh0FxdUbgm37Hpq3EHHCusof_950pmMgqsn5S9ifZGZ9A1fBkrkgVD-bNuBSyaaiRe3jbKSO_g_N2Qb3vVGV-55pIkhQysFv9SYPcyOHeaGEcR0hojYIdB7QvR2AWl-U80iN65_qv67gt5qZGRGLKaCbt4ziX0EmIDkpTDGM4U0iyI3JBeJZOJqPtSt-QvM0Hpo-Y2CVksdZUAd3MB2j3UwInVGMhYQ2qYB6OqLAzl_FaD5YkZ8xR1f5dyXkomZKjY_wCY07DNggrU6E3H-hPzclN0DSuVFoji66N2LUgtMeC--_bpnlbkTumy_-VGoilTz5lt_YgCWGE0v6QqC187DBHkAYEAs6M5piAWPGiaF9VVWgBhVbPwunaZrlBKT5ZRy6wskMxj-J_6GUvmHfO1CoSVzOjGvHfcD9QypBuTrvu-2ITrqhtP7GRDtR9KTTJpoO8vpuhXmqcqzA8yGfBOZg4Dh799Ta0RmGe1H4kXDYYBeLjGkjBnnGEgnDN_A6kG2Dh6OZMp9o8vOJ8ILkZvbbAlbGc0P-nOi1HjUG2Xzq-XB72u2RkfVylYSizYGak0scMc8_W4LRLUgG8Awe6ucOuTj09CDjTTJwHbc8jA4KFlsZI78JVL3vdjAwr6q54J7mwAtyA5vXpl35QUsFWNX8kwnlj4OBGf8mmIWncebJ7BRc2zDB-Z3cKhxsNigj40i9FsBggUebkrfmiTsGSh4qwc9oJIYKD-Yxia_MVUAX7LYud5RDjXS06BNOL6h18rjqIT2_qVyez7aecXbBkAxf5fJgaPzeGzAUpprFQBKJmYAA0-oK9-kRdJwNz3YRr2Zb4INlDpp_cgSHB82BPzUzbXieUro1WT1VZvnBLlhfK7RAnNwPTqappuEECYSbiLWxPmyDZf0TPXJLybl4b6XreWUJTf71y6uOr7pr-ULhgvwkP_BbhjHZOZ8vfKYJia5qmfHkkZ0QqNRczW6AKKL5XLhelJRvPRw3aKeWaS3mAUuKbMcl3x29s665uBzaBdPZ2DPZNzmKYLlhizPe4NZ3zBIAxl-S9LFvGt1ver_HfksjImqIwmsBz0ot4UiJcoHWbwfhn&cid=CAQSSwDq26N9gFhN-d_DP4DUfBxx7JCd8Gx4m_TlF726F2179OVWVMcQ_l0hFTwpwPRbZHTBXMIqC9Aodq-tF59RlprwRejRCZsRo469thgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fcreditosaibamais.com%2F&ds=l&xdt=1&iif=1&cor=1396290486060888800&adk=2988274607&idt=134&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:17:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80302
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 12 Jan 2024 15:17:48 GMT

GET
H2

200

adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame 9498
Redirect Chain

https://fw.adsafeprotected.com/rfw/bgd/1135760/65089104/xbbe/creative/adj?p=APEucNUmvv4pxUyVZEBURwh6Xzm0YkU-yVqLyUdxnUQLPE1hMkXY8qo&d=CokBAKAmf-CXx8qtSaE_gCY0yADDNelLa-MqLXiXQyR-enynXkiTt5p39tjrWBi...
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNUmvv4pxUyVZEBURwh6Xzm0YkU-yVqLyUdxnUQLPE1hMkXY8qo&d=CokBAKAmf-CXx8qtSaE_gCY0yADDNelLa-MqLXiXQyR-enynXkiTt5p39tjrWBipcNYlwLS1ckyEMCOBLAZLGnSD1...

53 KB
22 KB

105ms
56ms

Script
text/javascript

142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNUmvv4pxUyVZEBURwh6Xzm0YkU-yVqLyUdxnUQLPE1hMkXY8qo&d=CokBAKAmf-CXx8qtSaE_gCY0yADDNelLa-MqLXiXQyR-enynXkiTt5p39tjrWBipcNYlwLS1ckyEMCOBLAZLGnSD1uYoVSKIjD5IhEjxzxYWuyItlra1Lib9qsiXBmZ3kStglqxQ63-wYTzUExUxL0slMUcGOQgQpA2DPdtyTuv8poG_LR5wQNmASvQS2RUAoCZ_4H9j9DDanY1Arefeb8kORN4aPFm3naO6DkP2SXtcolx_m1wueo1F_Ll9hP609KAgPB3Q8mWAQQ63A36htU8RbzrONyGxaq-DkpIu0krRGrhO_aXJ8wRdG6E9z24VQgMQ1R2DYEFhNkSpeePjLnnPamQWh8D6FkBP6yE7jUBSndlVXZoek4faV9TvJkjK9lMng9RCFV-ROwIhacI5TQPTvLfzOjuO7li1HB-ed-xHt2OnmGUz-rsSjUzunV7FhVcJw5Hk-nPfUyBqWZ0DixpYfv7OtGn-mij2jBZRCo9kWjfTfxcIDd1J7E6XCKTzYyzXURCimZy_k3LoNATgO4VrybrznvzBCgFK4aludQqHIl9e5Z3Uj3leFLfdnj_gAc5cw5RqNAb4ggPCN-h8VrQgc6EstszKevcet0eNKWqJAoGO85qhZNVCRHG2IrqjGiqAlY8GvP3rfMpYfj1F8PL9UshPJaYNk5n05YftBeLTNczuyMXbdlu4vs0RtjCU-qKKZtNbLEB9A9tXLgrzf9v5Q4_dHs_gsaPtJI2eCiUpuLWe7aQceA_VfE2ciYKBL_o8CvAfKt4cv5G2QGjkDsrjQjlA9mZtKjpSGi5as3Ni-quclZymvkgHoZrjNrvJSXMvJKQ9Pfx9iowjAAM5ee0q9j99Q33zpfT__1tgN-PyRiEI4VTGu-A-ilTDqSda8dvUnTGrPwNl4MwKtEPebOzwv0NREGZ5Aqjc9dVFtrHieanCJ7zKOaf-TZerroz6Z6R4jOdXJgs44YkBzIqfXaSqR43oRIGeGYu0ULkJsdlfB1YGbVAOyoo9TQsB4zIFhCbr4JWJm6r6Fm25xVXLzcot-FGVnOi59vlj-Tl7sOvLXHTAlHmURAlgkQlyTlipbUXdMKaCSmqlE3FaBUlXt2LfFMJa9lpS2Y7nQQIt1r4XTh3_o3-mlVws4cs-esZdpu270rxp2QS51TqBK4e38DFf_Qo27SKk_C1KrLkRjJkbBPiCEUNWv49DCDIb5AOnmIQo-6ecA2ccg5O__1Rm2FjDgHq3830Jfmpv79YfShxQwXZQJZ8PXcYS5zIuMCLh3WWPvtXuq2cAPXrsyZ3lUpUtz0Ch3cSQ7mPjbT65pGJryNjfdf7lFuE6udRVH3OsS5OFkhoh1e3XRnLsXQLSScNoEoAfeIqZ_lOGUC8Ofi7FEY8xgF6mc87Y3CO7mtWtbeh2QctxGp_vgYdTDhcKDGyXxg3RULICSXx_MljEdaG4ru3b_FHiQZGAc1xzIAvSgxIh3kTcEnoIG_l0JDoCKLzLJ2zRBMr4vQrUIy2fMTs_7OeFGmGuE3ocdDNWIDCmhDTZHMV1Hx-mz5Yqu9lveuH5b47o8nCIUhSoK9rcaOFT1dYC-1kAJgdw9g68-HucbLDu6EwJTpJz_CkVlTIJx2haYU0zyl-2iI52YgWtt2y1PKRZIPAQaUUm5JbneXl4nJPqpUSoaYHMXJK_4oduQzF1jHEe7HLEmUoIikBPrJbj9JO0eCOHw33-p0Fj25OH_0rB_8rMOSxwmrWUJ64e_sk7pinl2R1l8BcUNHBJC3U2zOQMvFBD13JXPbnGxayJ_tZLw_izNYrAyVytp2T-rPweg29WS84DJGeIoVkmtWn_ZORp01ns6RfK_xhqy2uhqz2ugRr6XI3k5Xfkjmn9MzTHhubwBIkQ8WV7rLF_yFDalU4xn78fJQc7bGJqUuOx-b9QnB8zvNdyf_VUzIX0p7OXktX2L8tHkMdyet24ATlazeK3mb48vRdTmhIwoo50GUl9IZ8RKEpB9YErF_hHoEZNmIj9i7M0nxBM_S8a7bqv1l7691FjLM0cseJeeNntYe8ko5nbEnml5Dqx5ZrSWeSxKkj_rrDTcbQMjB8LFvgn1ivx6F4Ou5MCD9G8yGo7x4Ebi_3MEpvLmOALXqC5JxAsEkQvRMpVzJSVxZsxlI4RzBy9g_k211VeACHvetJFvrKy5CpRlCkMaSs-d5gVQnG1jRQKuQirUw90LpkQR8eUV2w60I80GSTcRo0ublLNfK-NRnj9wNBKh99xd0PsqtFeukgF8Bu9hJd4Ps2ZYULHz3AZjT6VTC6xuDR3PSmOVdn14Twq5JwXaEm1FZtgINjhuUD9G5-9ZnMtaPwjoddKrawGcyBNLk8VSbnj8ENuRG84kEV8GOTPg0O-BM66drH6-XAMZyA_7tqvjSnwOsj-SuU3olrH8F-IFRqSMvgh-4sBek7HBaC7bAd24b0E7jLhFpDpPjI8XsoMu8yIOiyHoniu2Pb_KvcfhNEzywlxtbYgFaciKB-_9eJXoHcwiqWGuBA9THAoDKZKoqWl1cjcMEgvWb0sxrtrtukvtM6RflWSH2oCr6u6M3EuQalALAud2ZzR4hLizCeY3U1j1xVB8mnsx6-q1GYHeSPagz0pY8MI2rdCAuBARalH9KKGk9RYgzZmr2_Uw9qFhSzaorpyqditulRG4deCBy3R4i_y5rL8pnvhss8uI_nT6QAy-g7KjXx94nJ9gpcJlM2idoKe6xx6rSYF85PjtizkO9KMLCFHHNdv5pyfPg5YSXF0k4HosOvRFEPyXVVj2-u4gmSxHXCLtQkqkJ1pzYgSTXSDqUUHpE2AnWlbblsfVy-E3C6dfsGhqVuiQ4m6kQ5fYFRk8iThtcclGf556RJnYQ7EaIdmX40dECpzxS0wg0r1_etehMDbO3yVPU2w-fd9qUt1f2oexqFxDzDOTEIMZHYhY0G2g3XQuVYczLZaPw9BW-CRsfs_Vnupwqaqh3DB3MmLmEfK1OcgqncO0A8dSLRIIRtAqTvp7OFbTNLh5Q0MiaI0XKlZNWGHrRZmBpPdPbb7pJ1BWA_U2lt-0tjJaFL7_B-MRY1NQtIlJvTzW2Yz31NQ9jAT60jqXF4Y3yFa77217Rn-8NCyEm60Rny6FtUHrRdgVY9ztrSUeIAirEksTcTkf8emy7OEHVxqqzLxpZszjqvl-edvu8jT7URtR_HGhRoQMaRaK2fUbx7XthQoXTK9pxs1DcqoKsDoQQ7LHUfwm2Brh7hKqZPIo3QuTqmnHczjpQgJpZjfg8lfZSVDVq0lsDXqxTl-Qp9P2Lmkfd0NZGhgv2gIL64PbiIdIAhuni0G-PngdnMeKmmxImIKRSEEjfJzSGx6UHlboLjT-rXjJ3uvimPnAGnfENLkCpWdX0oIPZVIkcKZpu08NIHGHbxx3yeQokeAOo_mGjmPF5DOXLQuibql6tZzP3qdYK2lP3Ap4LO9YSfGXFPyN7Dan9g_umllMTDWKe-NSq9ruNRtIxw8GjywDTPut2uVhT9ZCuA0TYw_ccJmmAe0gG6PLr2jkklqoM20vmkdaB3fnguUJchcDMDhpAN3w3rhKcna5Z7pboxb4ZYCWTWiqF2YQeH8GUlHs0R34dO5B_Te2h6quirXSrtLHk51e71JCZj35FmHbz4RqcmRDyUd7HyB7BHjZwW73qZdkXfi42ICScQW74EM60AY7hIhC2SWlbdZjD9wE78PG9e7EU5qLVxW0N1orGheBOC7AQahQYg8bQeMkRjtHKNTKy7wXnBiLMWLl7rDVR_R8gPdwrHTc2m6jN5YWxP6jTUnOAhpiuBazXyXxP7xLgBcWTp1oBjrbAiIlwDQKqrlowYArxtB9xevnX4fFOp0NKujl1vDCmFqR2APe2khzPQ21xpTCAQSSwDq26N9gFhN-d_DP4DUfBxx7JCd8Gx4m_TlF726F2179OVWVMcQ_l0hFTwpwPRbZHTBXMIqC9Aodq-tF59RlprwRejRCZsRo469thgBIBNgAQ

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

d43851a0d908b74efeec15b0506b65d920525f51fc1ac9a07035ff0c8ad65f37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21616
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
server: nginx
x-server-name: app02.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNUmvv4pxUyVZEBURwh6Xzm0YkU-yVqLyUdxnUQLPE1hMkXY8qo&d=CokBAKAmf-CXx8qtSaE_gCY0yADDNelLa-MqLXiXQyR-enynXkiTt5p39tjrWBipcNYlwLS1ckyEMCOBLAZLGnSD1uYoVSKIjD5IhEjxzxYWuyItlra1Lib9qsiXBmZ3kStglqxQ63-wYTzUExUxL0slMUcGOQgQpA2DPdtyTuv8poG_LR5wQNmASvQS2RUAoCZ_4H9j9DDanY1Arefeb8kORN4aPFm3naO6DkP2SXtcolx_m1wueo1F_Ll9hP609KAgPB3Q8mWAQQ63A36htU8RbzrONyGxaq-DkpIu0krRGrhO_aXJ8wRdG6E9z24VQgMQ1R2DYEFhNkSpeePjLnnPamQWh8D6FkBP6yE7jUBSndlVXZoek4faV9TvJkjK9lMng9RCFV-ROwIhacI5TQPTvLfzOjuO7li1HB-ed-xHt2OnmGUz-rsSjUzunV7FhVcJw5Hk-nPfUyBqWZ0DixpYfv7OtGn-mij2jBZRCo9kWjfTfxcIDd1J7E6XCKTzYyzXURCimZy_k3LoNATgO4VrybrznvzBCgFK4aludQqHIl9e5Z3Uj3leFLfdnj_gAc5cw5RqNAb4ggPCN-h8VrQgc6EstszKevcet0eNKWqJAoGO85qhZNVCRHG2IrqjGiqAlY8GvP3rfMpYfj1F8PL9UshPJaYNk5n05YftBeLTNczuyMXbdlu4vs0RtjCU-qKKZtNbLEB9A9tXLgrzf9v5Q4_dHs_gsaPtJI2eCiUpuLWe7aQceA_VfE2ciYKBL_o8CvAfKt4cv5G2QGjkDsrjQjlA9mZtKjpSGi5as3Ni-quclZymvkgHoZrjNrvJSXMvJKQ9Pfx9iowjAAM5ee0q9j99Q33zpfT__1tgN-PyRiEI4VTGu-A-ilTDqSda8dvUnTGrPwNl4MwKtEPebOzwv0NREGZ5Aqjc9dVFtrHieanCJ7zKOaf-TZerroz6Z6R4jOdXJgs44YkBzIqfXaSqR43oRIGeGYu0ULkJsdlfB1YGbVAOyoo9TQsB4zIFhCbr4JWJm6r6Fm25xVXLzcot-FGVnOi59vlj-Tl7sOvLXHTAlHmURAlgkQlyTlipbUXdMKaCSmqlE3FaBUlXt2LfFMJa9lpS2Y7nQQIt1r4XTh3_o3-mlVws4cs-esZdpu270rxp2QS51TqBK4e38DFf_Qo27SKk_C1KrLkRjJkbBPiCEUNWv49DCDIb5AOnmIQo-6ecA2ccg5O__1Rm2FjDgHq3830Jfmpv79YfShxQwXZQJZ8PXcYS5zIuMCLh3WWPvtXuq2cAPXrsyZ3lUpUtz0Ch3cSQ7mPjbT65pGJryNjfdf7lFuE6udRVH3OsS5OFkhoh1e3XRnLsXQLSScNoEoAfeIqZ_lOGUC8Ofi7FEY8xgF6mc87Y3CO7mtWtbeh2QctxGp_vgYdTDhcKDGyXxg3RULICSXx_MljEdaG4ru3b_FHiQZGAc1xzIAvSgxIh3kTcEnoIG_l0JDoCKLzLJ2zRBMr4vQrUIy2fMTs_7OeFGmGuE3ocdDNWIDCmhDTZHMV1Hx-mz5Yqu9lveuH5b47o8nCIUhSoK9rcaOFT1dYC-1kAJgdw9g68-HucbLDu6EwJTpJz_CkVlTIJx2haYU0zyl-2iI52YgWtt2y1PKRZIPAQaUUm5JbneXl4nJPqpUSoaYHMXJK_4oduQzF1jHEe7HLEmUoIikBPrJbj9JO0eCOHw33-p0Fj25OH_0rB_8rMOSxwmrWUJ64e_sk7pinl2R1l8BcUNHBJC3U2zOQMvFBD13JXPbnGxayJ_tZLw_izNYrAyVytp2T-rPweg29WS84DJGeIoVkmtWn_ZORp01ns6RfK_xhqy2uhqz2ugRr6XI3k5Xfkjmn9MzTHhubwBIkQ8WV7rLF_yFDalU4xn78fJQc7bGJqUuOx-b9QnB8zvNdyf_VUzIX0p7OXktX2L8tHkMdyet24ATlazeK3mb48vRdTmhIwoo50GUl9IZ8RKEpB9YErF_hHoEZNmIj9i7M0nxBM_S8a7bqv1l7691FjLM0cseJeeNntYe8ko5nbEnml5Dqx5ZrSWeSxKkj_rrDTcbQMjB8LFvgn1ivx6F4Ou5MCD9G8yGo7x4Ebi_3MEpvLmOALXqC5JxAsEkQvRMpVzJSVxZsxlI4RzBy9g_k211VeACHvetJFvrKy5CpRlCkMaSs-d5gVQnG1jRQKuQirUw90LpkQR8eUV2w60I80GSTcRo0ublLNfK-NRnj9wNBKh99xd0PsqtFeukgF8Bu9hJd4Ps2ZYULHz3AZjT6VTC6xuDR3PSmOVdn14Twq5JwXaEm1FZtgINjhuUD9G5-9ZnMtaPwjoddKrawGcyBNLk8VSbnj8ENuRG84kEV8GOTPg0O-BM66drH6-XAMZyA_7tqvjSnwOsj-SuU3olrH8F-IFRqSMvgh-4sBek7HBaC7bAd24b0E7jLhFpDpPjI8XsoMu8yIOiyHoniu2Pb_KvcfhNEzywlxtbYgFaciKB-_9eJXoHcwiqWGuBA9THAoDKZKoqWl1cjcMEgvWb0sxrtrtukvtM6RflWSH2oCr6u6M3EuQalALAud2ZzR4hLizCeY3U1j1xVB8mnsx6-q1GYHeSPagz0pY8MI2rdCAuBARalH9KKGk9RYgzZmr2_Uw9qFhSzaorpyqditulRG4deCBy3R4i_y5rL8pnvhss8uI_nT6QAy-g7KjXx94nJ9gpcJlM2idoKe6xx6rSYF85PjtizkO9KMLCFHHNdv5pyfPg5YSXF0k4HosOvRFEPyXVVj2-u4gmSxHXCLtQkqkJ1pzYgSTXSDqUUHpE2AnWlbblsfVy-E3C6dfsGhqVuiQ4m6kQ5fYFRk8iThtcclGf556RJnYQ7EaIdmX40dECpzxS0wg0r1_etehMDbO3yVPU2w-fd9qUt1f2oexqFxDzDOTEIMZHYhY0G2g3XQuVYczLZaPw9BW-CRsfs_Vnupwqaqh3DB3MmLmEfK1OcgqncO0A8dSLRIIRtAqTvp7OFbTNLh5Q0MiaI0XKlZNWGHrRZmBpPdPbb7pJ1BWA_U2lt-0tjJaFL7_B-MRY1NQtIlJvTzW2Yz31NQ9jAT60jqXF4Y3yFa77217Rn-8NCyEm60Rny6FtUHrRdgVY9ztrSUeIAirEksTcTkf8emy7OEHVxqqzLxpZszjqvl-edvu8jT7URtR_HGhRoQMaRaK2fUbx7XthQoXTK9pxs1DcqoKsDoQQ7LHUfwm2Brh7hKqZPIo3QuTqmnHczjpQgJpZjfg8lfZSVDVq0lsDXqxTl-Qp9P2Lmkfd0NZGhgv2gIL64PbiIdIAhuni0G-PngdnMeKmmxImIKRSEEjfJzSGx6UHlboLjT-rXjJ3uvimPnAGnfENLkCpWdX0oIPZVIkcKZpu08NIHGHbxx3yeQokeAOo_mGjmPF5DOXLQuibql6tZzP3qdYK2lP3Ap4LO9YSfGXFPyN7Dan9g_umllMTDWKe-NSq9ruNRtIxw8GjywDTPut2uVhT9ZCuA0TYw_ccJmmAe0gG6PLr2jkklqoM20vmkdaB3fnguUJchcDMDhpAN3w3rhKcna5Z7pboxb4ZYCWTWiqF2YQeH8GUlHs0R34dO5B_Te2h6quirXSrtLHk51e71JCZj35FmHbz4RqcmRDyUd7HyB7BHjZwW73qZdkXfi42ICScQW74EM60AY7hIhC2SWlbdZjD9wE78PG9e7EU5qLVxW0N1orGheBOC7AQahQYg8bQeMkRjtHKNTKy7wXnBiLMWLl7rDVR_R8gPdwrHTc2m6jN5YWxP6jTUnOAhpiuBazXyXxP7xLgBcWTp1oBjrbAiIlwDQKqrlowYArxtB9xevnX4fFOp0NKujl1vDCmFqR2APe2khzPQ21xpTCAQSSwDq26N9gFhN-d_DP4DUfBxx7JCd8Gx4m_TlF726F2179OVWVMcQ_l0hFTwpwPRbZHTBXMIqC9Aodq-tF59RlprwRejRCZsRo469thgBIBNgAQ
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 4BF2 91 KB
23 KB 52ms
8ms Script
application/javascript 2600:9000:214f:fa00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:fa00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 9842394
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: XzVBRui_dZo94YDQbjFDA-q-4zHoflNuxr7dxstnCX78PZtE7mjQYw==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9498 43 B
215 B 595ms
185ms Image
image/gif 2600:1f13:800:7782:40bd:d2b7:80cf:ba3e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=ee5f2069-5dde-7c37-e338-c96df14e001a&tv=%7Bc:1btMxH,pingTime:-3,time:51,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:24%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:51,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:23,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B45~0%5D,as:%5B45~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tsPkfwi+11%7C12%7C13%7C141%7C142%7C15%7C1611%7C1612%7C17%7C181%7C182%7C183%7C191*.1135760-65089104%7C1911%7C1a1%7C1b,idMap:191*,rmeas:1,rend:0,renddet:IMG.us,siq:25%7D&br=c
Requested by: Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:40bd:d2b7:80cf:ba3e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:11 GMT
server: nginx
x-server-name: dt15.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 css
fonts.googleapis.com/ Frame 359F 4 KB
651 B 47ms
47ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=64667800099976504445000012203002&a=0299db0d

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dfa1ecdb69b9ee93e87159bfcd4ad2b1248a7de0d6346fd42e0b600723ae7b6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 13 Jan 2023 13:36:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 13 Jan 2023 12:12:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 13 Jan 2023 13:36:10 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 359F 14 KB
14 KB 35ms
12ms Image
image/png 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/23333/creativesup/1200x627_Matthias.jpg
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=64667800099976504445000012203002&a=0299db0d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: caa6c487780af6d29c42e7ef1f372041c8a56deaa9b4ed4edf5b10ddd79d7483

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:10 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 13951
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9498 43 B
215 B 584ms
186ms Image
image/gif 2600:1f13:800:7782:40bd:d2b7:80cf:ba3e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=ee5f2069-5dde-7c37-e338-c96df14e001a&tv=%7Bc:1btMxR,pingTime:-6,time:61,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:61,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:23,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B55~0%5D,as:%5B55~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tsPkfwi+11%7C12%7C13%7C141%7C142%7C15%7C1611%7C1612%7C17%7C181%7C182%7C183%7C191*.1135760-65089104%7C1911%7C1a1%7C1b,idMap:191*,rmeas:1,rend:0,renddet:IMG.us,siq:25%7D&tpiLookup=ao:creditosaibamais.com*%2Cec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com*&br=c
Requested by: Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:40bd:d2b7:80cf:ba3e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:11 GMT
server: nginx
x-server-name: dt16.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9498 43 B
216 B 567ms
178ms Image
image/gif 2600:1f13:800:7782:40bd:d2b7:80cf:ba3e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=ee5f2069-5dde-7c37-e338-c96df14e001a&tv=%7Bc:1btMy2,pingTime:-2,time:72,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:641,beZ:643,mfA:644,cmA:646,inA:646,inZ:650,prA:650,prZ:660,si:666,poA:667,poZ:688,cmZ:688,mfZ:688,loA:702,loZ:706,ltA:713,ltZ:713%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:24%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:72,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:23,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B66~0%5D,as:%5B66~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tsPkfwi+11%7C12%7C13%7C141%7C142%7C15%7C1611%7C1612%7C17%7C181%7C182%7C183%7C191*.1135760-65089104%7C1911%7C1a1%7C1b,idMap:191*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:IMG.us,siq:25,sinceFw:46,readyFired:false%7D&br=c
Requested by: Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:40bd:d2b7:80cf:ba3e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:11 GMT
server: nginx
x-server-name: dt17.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5C5B 22 KB
8 KB 36ms
35ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 80302
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 12 Jan 2023 15:17:48 GMT
expires: Fri, 12 Jan 2024 15:17:48 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 99CB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECXtsJWJxr1cS4F6HXf9zYE&google_cver=1

43 B
61 B

39ms
38ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECXtsJWJxr1cS4F6HXf9zYE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLO_UBCb3VAYpLfp2wEwAQ&v=APEucNXYc-J1EDPxmpKIIS9eGCKB0bDzB9utHn6IR6fk1Qx2-GHoUCcSKeVU9RCPaObn17ebNKsy4yRgQ8iQv4PRKplws_mUwzEMrfjs2rvEWACc7fvN9e1ZSi1V4DGsTugE-i7QVbxrEHBNP2kdY_NsaND71qiZsfwFPV-lmz44espsZUa4gxs
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECXtsJWJxr1cS4F6HXf9zYE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 99CB 43 B
120 B 41ms
40ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLO_UBCb3VAYpLfp2wEwAQ&v=APEucNXYc-J1EDPxmpKIIS9eGCKB0bDzB9utHn6IR6fk1Qx2-GHoUCcSKeVU9RCPaObn17ebNKsy4yRgQ8iQv4PRKplws_mUwzEMrfjs2rvEWACc7fvN9e1ZSi1V4DGsTugE-i7QVbxrEHBNP2kdY_NsaND71qiZsfwFPV-lmz44espsZUa4gxs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 99CB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEOfFcmx4JMbfP-lzZ4KZew4&google_cver=1

23 B
172 B

72ms
71ms

Image
image/gif

104.96.128.226
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEOfFcmx4JMbfP-lzZ4KZew4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLO_UBCb3VAYpLfp2wEwAQ&v=APEucNXYc-J1EDPxmpKIIS9eGCKB0bDzB9utHn6IR6fk1Qx2-GHoUCcSKeVU9RCPaObn17ebNKsy4yRgQ8iQv4PRKplws_mUwzEMrfjs2rvEWACc7fvN9e1ZSi1V4DGsTugE-i7QVbxrEHBNP2kdY_NsaND71qiZsfwFPV-lmz44espsZUa4gxs
Protocol: H2
Server: 104.96.128.226 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-96-128-226.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

expires: Fri, 13 Jan 2023 13:36:10 GMT
pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEOfFcmx4JMbfP-lzZ4KZew4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 99CB 23 B
172 B 61ms
61ms Image
image/gif 104.96.128.226
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLO_UBCb3VAYpLfp2wEwAQ&v=APEucNXYc-J1EDPxmpKIIS9eGCKB0bDzB9utHn6IR6fk1Qx2-GHoUCcSKeVU9RCPaObn17ebNKsy4yRgQ8iQv4PRKplws_mUwzEMrfjs2rvEWACc7fvN9e1ZSi1V4DGsTugE-i7QVbxrEHBNP2kdY_NsaND71qiZsfwFPV-lmz44espsZUa4gxs
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.96.128.226 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-96-128-226.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

expires: Fri, 13 Jan 2023 13:36:10 GMT
pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

GET
H/1.1 200
OK viewability Show response
hal90002.redintelligence.net/ Frame 359F 0
150 B 44ms
22ms Script
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/viewability?s=64667800099976504445000012203002&a=8a6146bc&vb=m
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=64667800099976504445000012203002&a=0299db0d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/request_content.php?s=64667800099976504445000012203002&a=0299db0d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:10 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BB66 0
20 B 164ms
163ms Ping
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6975423589790&version=m202209210101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BB66 0
20 B 163ms
163ms Ping
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6975423589790&version=m202209210101&ct=76&x=1&cor=12250184780305850000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame BB66 82 KB
35 KB 77ms
77ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CoLallnElgylOqIrM_9ldjNog4nF_KHTQxfIpe5HqN_4I5-bAloZSSDO59CELm6gR1Z-9zxxeNsy1qS0lRZlnAlPi1LA&cry=1&dbm_d=AKAmf-CNsqS-SOb6sAknN5x2FSIiegzZO_BFA_PUx-dsJf4zUYsL7cLC_RowlNwzhwSNFQ7HG7fdVyLfn24R_wy8hqeDRGKLxOF42Ooi5_tXkue7_Fd7a-e6sqY3lU1o8tpmnbHLTkQtX-eK1sr4dWB6GWqJiiZmZKekx2gdxiGetveXbIeGSX5XWDKeudzeyGIxNGBAWUbGxpzFWp0-PpErhJDPsxoW0n4osov_VPlnQmbPwrQRBY38LarB5KT07XtbUwkdg7ZFH2Q3jOsCIBPTw7vxvpQupB69QX0MquJh8GNdGifFSGR_34vWMdh2mmDFao_Bc9DmOb5wsqw1wEPOycNWhpTOqS936nKCTnBcZWf0YA_4spaltjHdXSG3yr6VXajBBJ7mage5hkUQ66KPPh-nZ0LQgUe94EPTPhwwCAurx7lX8dXgf3xKINoHGYXB2CSZoJrT2JEprMYjAAs4W24msVsm_APAuyKYaee0WPqrfhuTleSgq6VWCDuhVS2-VcjUGU9BqXzBHga0BpHyb935-D9Mgx-2bSjwuF8BMD0Lkgg4KnODmUT6e-jUx58zgx1F6XtAKet8eJySG4csaLO14Qy3ZzWZ7zIODyWftR-HBdCuYXr3EelL8VUO_cNwdfhnHohd51SZ95bQDEgZwWXFKsOAPOTsWqRPCAFSioew0AoFK8RqQ4JMwlIkMZ0ssEPKPt-Yb2TBiRKqiBCvTwLAHFTzb6EmbVRHYbtnpwabDtf2xVS-XhhfLsnTw4YyLwY-QNvrKvssbY3oZrNV4j314PsSMK-cX15ffuX3EBldaHVfo1uac0VPeFITzvE3odkIO64MNumxgGEs7HABOAdX3moAAArR7C3AnORIT1xi6T0L3MFvjdtpvkm5CoRKAuLqJbbk8RMcY_gN1hPbi2itaKR8hbJAIJMk1KBfrCPKoTQdDwVuxkfNDlKSYBp4d-pRGT17JPq7oCBs7hOsjPXktVblKamB5luoUoWdcPLaRupZiC5gatCh3KQ6VsOl6qypF3XoBtMeWCROYY2Bx-RRpw3qy9X0LzZhmdCUAOy1bdbBX1SWLHu1Huj8tEf-XxPt9YvcXxuNOpJbnrXCDcXDkb3bMYnq6HO_nvS0LyHvKVsdrb94V-_aJuBGELxg3eHOy1L9aVIdgT7Q5oD_2Lpx79OWwrK6o2IeHLus7Z2EKhK_vpjU01HhoQLJyqiulEtIty56LqLDdO3ajy9BYmcLJ5zJCxmFLNztlzk5OSsKzahPARWcyqN1gC7WQBO4FpSFNSV02tNH_BaMKrRzm8pzdIew3zMErclrbvVExitvYvnf2cDRyIRoVIA0faqsr0Q3TNPBNVbZXQ7MYbVQ_Mp2jMChc_tkmVqlFdqu9awt549Fk4pUrdH23kOCENgba_M1f1TGUQmyvHp3_yqKifoSZ93p8ABkNQpn34O1ReJoycSeH2I6N_72Vj0qu6M1NQkQMVTk3Bhn4P25DU02ZTfwCCncA_H6z52wFC4r69tg7GbTF9sGm1a403j_A_30ME7DQaTntZU3tulhC4eqqJTSxoEA-Xpo8O5OXNPHbinHzVPjbkasZzLDz-Hcl5kBxZUS0Je0Jwp4MocOLmuvdb9tBX2fQWQ_E6JxgBnAcaDEu50jaNNpctRWnnal3kPCY-vejmnbuL34w6FmstJQNWH5XOUBWsZjllaU4g-2E2LDf0ijzD8Hw6_WIVJAt7eQ5FOjIynldDIev_CFgp9d5Q4YGwEx-nYIML38GjbyJ68WfT5u3uZgBlU2dLYJaLNkKqA5dRE3EceUTw1thuDeBOHUYKGOlIKz4vE57mq8XjMhUUzOWxiKbUOQe7fqnvej05R8n2s_P2PExxJRc0ypAk2oEaXeJck3Tc2S9VJID2-3WwN_TSAp8dWOjtIv0aVpdJWunYfjAcrA5xnhAxRrgMVPw4YlJPLZPTvfVj9R3Iw0HiGjQDN0zyH7Uj-UnwdkcFQpwsIoLfOE7ecG4oNxoEp7DUptBQxanDlnVKB8IGBYpZ09sj9PSCre9N5r5CepUiSN0uzSWTXJtONC8RdCBaEvoVvg6dC7IYfYTpne08tKwdreuIMtBXzvITX1RcBS4TgpK0uAy4yHtUlgGHpwIEHkuUBVHRvPVbZfMeBU6MP0P72gL4C4-qiARFwo8ySFrlFkjiaI5iYkJylbgd5PwW_zUR_BXukHdTzpOtCJdhobx9kseU_vJMVW4Am6xWFPWKHMYwmS1BJq6KYtNiZ-xgWJYuqSX47Y0YTdK7kF7Yd2WyecokFu-oWJ_AwZxZyrHZOpso0qHALgiEn_t-ukJOMGRr8P8SIMAlKsnNQNo9c_4Q8H-ov18xnTvDw79oPv9ypWySGt95ygsMPmF9lvJ-cfEPbSrRde5Bn6GB9CLzeCh1VgsooMDAMchHJ98XjX8pyjiV4P29LyYfQtQnYN4hjrU-cs3T1POkqG7KL3ZXwWHUB9ywWLXUOkxF1C7kQRU9m2aJMIPE41OVXaff0QvV0_Zny3sasjVwBhMes_SUP7Xn3QA5THhOzPhv25ycctt269MCMLChvMkXO29G51t7_tW0HuEvmbmwb-0jHPOje82KTOfLKXy7IS498lOUlcBi8TDEYxfleiZLLV93ETQsKlqsQWgehyb2JeVRpkEbVK7vtiDBa7rlvn0YkpUq6vB27vy7gSs2ruMypPTXkZsu-LhNTFR4VqUqE8mTv-oZ43g2xHukZ0e-vLzwxznEWhYwJceek2ziQ88tPkVUwqD2ppGy478osFDSSa25_euJVmF-lsgxDlFhKb6GlMf_ai9dPcyCJ3HjpJnstvAOJA6ReFgndWMRtr12FmoAooTbnVikOQIHSmNiJNJXD-wpm1BpFo4xsplkIntYhlAihfgxV9IA9SaoQaUGjnMWgMrkOPdiis2JV9zTglukC1HjnHf071ArlAlxuj5jcEZayOErA3FD3AS5j4GZlN7Z6IxDfdDO-HyGUVxkOVZAw6eDU2fkJwUaG5x4Qg9NbeyqM7pFIt4icJcH_r4Y-JqV51xqv_Nsgwlk1YYYPG8re_gLa4mokoJdflaIZrHRgXxG-DM84iNtBn49Y75qIaCkBfxr4zzaooOoo6HHPUhM3MGqIOm7hW1wBaLHfFreCeZmkc3O7W33ashXpGg1EsOH9cD5f54N4HOYZg3DXFEHPuFBRAqU7QXDK2_MRYZfx7qAnCMP18Z_gz3x9w7GVEu1zQ_QdWnJ0uBUeZRhZ6cfJ7qnv6sK8geUgObXmNOQFBSqgufJHzys_XJOkoyljo70i8aRyKhyLY87ztPyiXm9SxLxJwlAiDoDc6lmr6KTQHbFMSy7NByPTAQ1nuYnerRro9_8KDxyy_bZLWnipVDS64eieNedMghEF51FKi8ERJFQESdLqAqydfRXrBCjzqxk_bdNXl9Mz-O0xOvliA_rnCMmOaf_ZC6s_EQvk74fJyrMXbt9lVriEOxmwMpHYBrSlQX2tiFcFO5jz0BYl8JlW4a0eL8dTeanQByoswYqa4JZNh-xWQ0djvzg&cid=CAQSSwDq26N9e6FHkDll9Kxvt_vbyPu0K7lJ3mXkB5_fk-l_BI3lziWuOXVfGWh_ttBTwMkqogb6UMoCQiwtmT59Ryy0J-WDuOJ_3vx2KBgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fcreditosaibamais.com%2F&ds=l&xdt=1&iif=1&cor=12250184780305850000&adk=3944675600&idt=113&cac=0&dtd=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8766e02ad2c9ac72885bec761c6034ea3917c8bd6844a4acbb111876efeaea44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35346
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 JwRg8GnJRbSbwgtubA3x1Twn6jgCPCxSQn9TsX0K1wE.js Show response
pagead2.googlesyndication.com/bg/ Frame 5C5B 36 KB
16 KB 47ms
47ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/JwRg8GnJRbSbwgtubA3x1Twn6jgCPCxSQn9TsX0K1wE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

270460f069c945b49bc20b6e6c0df1d53c27ea38023c2c52427f53b17d0ad701

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 10:03:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 185560
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16089
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 11 Jan 2024 10:03:30 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230111/r20110914/ Frame 9498 28 KB
11 KB 49ms
48ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230111/r20110914/abg_lite.js

Requested by

Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/1135760/65089104/xbbe/creative/adj?p=APEucNUmvv4pxUyVZEBURwh6Xzm0YkU-yVqLyUdxnUQLPE1hMkXY8qo&d=CokBAKAmf-CXx8qtSaE_gCY0yADDNelLa-MqLXiXQyR-enynXkiTt5p39tjrWBipcNYlwLS1ckyEMCOBLAZLGnSD1uYoVSKIjD5IhEjxzxYWuyItlra1Lib9qsiXBmZ3kStglqxQ63-wYTzUExUxL0slMUcGOQgQpA2DPdtyTuv8poG_LR5wQNmASvQS2RUAoCZ_4H9j9DDanY1Arefeb8kORN4aPFm3naO6DkP2SXtcolx_m1wueo1F_Ll9hP609KAgPB3Q8mWAQQ63A36htU8RbzrONyGxaq-DkpIu0krRGrhO_aXJ8wRdG6E9z24VQgMQ1R2DYEFhNkSpeePjLnnPamQWh8D6FkBP6yE7jUBSndlVXZoek4faV9TvJkjK9lMng9RCFV-ROwIhacI5TQPTvLfzOjuO7li1HB-ed-xHt2OnmGUz-rsSjUzunV7FhVcJw5Hk-nPfUyBqWZ0DixpYfv7OtGn-mij2jBZRCo9kWjfTfxcIDd1J7E6XCKTzYyzXURCimZy_k3LoNATgO4VrybrznvzBCgFK4aludQqHIl9e5Z3Uj3leFLfdnj_gAc5cw5RqNAb4ggPCN-h8VrQgc6EstszKevcet0eNKWqJAoGO85qhZNVCRHG2IrqjGiqAlY8GvP3rfMpYfj1F8PL9UshPJaYNk5n05YftBeLTNczuyMXbdlu4vs0RtjCU-qKKZtNbLEB9A9tXLgrzf9v5Q4_dHs_gsaPtJI2eCiUpuLWe7aQceA_VfE2ciYKBL_o8CvAfKt4cv5G2QGjkDsrjQjlA9mZtKjpSGi5as3Ni-quclZymvkgHoZrjNrvJSXMvJKQ9Pfx9iowjAAM5ee0q9j99Q33zpfT__1tgN-PyRiEI4VTGu-A-ilTDqSda8dvUnTGrPwNl4MwKtEPebOzwv0NREGZ5Aqjc9dVFtrHieanCJ7zKOaf-TZerroz6Z6R4jOdXJgs44YkBzIqfXaSqR43oRIGeGYu0ULkJsdlfB1YGbVAOyoo9TQsB4zIFhCbr4JWJm6r6Fm25xVXLzcot-FGVnOi59vlj-Tl7sOvLXHTAlHmURAlgkQlyTlipbUXdMKaCSmqlE3FaBUlXt2LfFMJa9lpS2Y7nQQIt1r4XTh3_o3-mlVws4cs-esZdpu270rxp2QS51TqBK4e38DFf_Qo27SKk_C1KrLkRjJkbBPiCEUNWv49DCDIb5AOnmIQo-6ecA2ccg5O__1Rm2FjDgHq3830Jfmpv79YfShxQwXZQJZ8PXcYS5zIuMCLh3WWPvtXuq2cAPXrsyZ3lUpUtz0Ch3cSQ7mPjbT65pGJryNjfdf7lFuE6udRVH3OsS5OFkhoh1e3XRnLsXQLSScNoEoAfeIqZ_lOGUC8Ofi7FEY8xgF6mc87Y3CO7mtWtbeh2QctxGp_vgYdTDhcKDGyXxg3RULICSXx_MljEdaG4ru3b_FHiQZGAc1xzIAvSgxIh3kTcEnoIG_l0JDoCKLzLJ2zRBMr4vQrUIy2fMTs_7OeFGmGuE3ocdDNWIDCmhDTZHMV1Hx-mz5Yqu9lveuH5b47o8nCIUhSoK9rcaOFT1dYC-1kAJgdw9g68-HucbLDu6EwJTpJz_CkVlTIJx2haYU0zyl-2iI52YgWtt2y1PKRZIPAQaUUm5JbneXl4nJPqpUSoaYHMXJK_4oduQzF1jHEe7HLEmUoIikBPrJbj9JO0eCOHw33-p0Fj25OH_0rB_8rMOSxwmrWUJ64e_sk7pinl2R1l8BcUNHBJC3U2zOQMvFBD13JXPbnGxayJ_tZLw_izNYrAyVytp2T-rPweg29WS84DJGeIoVkmtWn_ZORp01ns6RfK_xhqy2uhqz2ugRr6XI3k5Xfkjmn9MzTHhubwBIkQ8WV7rLF_yFDalU4xn78fJQc7bGJqUuOx-b9QnB8zvNdyf_VUzIX0p7OXktX2L8tHkMdyet24ATlazeK3mb48vRdTmhIwoo50GUl9IZ8RKEpB9YErF_hHoEZNmIj9i7M0nxBM_S8a7bqv1l7691FjLM0cseJeeNntYe8ko5nbEnml5Dqx5ZrSWeSxKkj_rrDTcbQMjB8LFvgn1ivx6F4Ou5MCD9G8yGo7x4Ebi_3MEpvLmOALXqC5JxAsEkQvRMpVzJSVxZsxlI4RzBy9g_k211VeACHvetJFvrKy5CpRlCkMaSs-d5gVQnG1jRQKuQirUw90LpkQR8eUV2w60I80GSTcRo0ublLNfK-NRnj9wNBKh99xd0PsqtFeukgF8Bu9hJd4Ps2ZYULHz3AZjT6VTC6xuDR3PSmOVdn14Twq5JwXaEm1FZtgINjhuUD9G5-9ZnMtaPwjoddKrawGcyBNLk8VSbnj8ENuRG84kEV8GOTPg0O-BM66drH6-XAMZyA_7tqvjSnwOsj-SuU3olrH8F-IFRqSMvgh-4sBek7HBaC7bAd24b0E7jLhFpDpPjI8XsoMu8yIOiyHoniu2Pb_KvcfhNEzywlxtbYgFaciKB-_9eJXoHcwiqWGuBA9THAoDKZKoqWl1cjcMEgvWb0sxrtrtukvtM6RflWSH2oCr6u6M3EuQalALAud2ZzR4hLizCeY3U1j1xVB8mnsx6-q1GYHeSPagz0pY8MI2rdCAuBARalH9KKGk9RYgzZmr2_Uw9qFhSzaorpyqditulRG4deCBy3R4i_y5rL8pnvhss8uI_nT6QAy-g7KjXx94nJ9gpcJlM2idoKe6xx6rSYF85PjtizkO9KMLCFHHNdv5pyfPg5YSXF0k4HosOvRFEPyXVVj2-u4gmSxHXCLtQkqkJ1pzYgSTXSDqUUHpE2AnWlbblsfVy-E3C6dfsGhqVuiQ4m6kQ5fYFRk8iThtcclGf556RJnYQ7EaIdmX40dECpzxS0wg0r1_etehMDbO3yVPU2w-fd9qUt1f2oexqFxDzDOTEIMZHYhY0G2g3XQuVYczLZaPw9BW-CRsfs_Vnupwqaqh3DB3MmLmEfK1OcgqncO0A8dSLRIIRtAqTvp7OFbTNLh5Q0MiaI0XKlZNWGHrRZmBpPdPbb7pJ1BWA_U2lt-0tjJaFL7_B-MRY1NQtIlJvTzW2Yz31NQ9jAT60jqXF4Y3yFa77217Rn-8NCyEm60Rny6FtUHrRdgVY9ztrSUeIAirEksTcTkf8emy7OEHVxqqzLxpZszjqvl-edvu8jT7URtR_HGhRoQMaRaK2fUbx7XthQoXTK9pxs1DcqoKsDoQQ7LHUfwm2Brh7hKqZPIo3QuTqmnHczjpQgJpZjfg8lfZSVDVq0lsDXqxTl-Qp9P2Lmkfd0NZGhgv2gIL64PbiIdIAhuni0G-PngdnMeKmmxImIKRSEEjfJzSGx6UHlboLjT-rXjJ3uvimPnAGnfENLkCpWdX0oIPZVIkcKZpu08NIHGHbxx3yeQokeAOo_mGjmPF5DOXLQuibql6tZzP3qdYK2lP3Ap4LO9YSfGXFPyN7Dan9g_umllMTDWKe-NSq9ruNRtIxw8GjywDTPut2uVhT9ZCuA0TYw_ccJmmAe0gG6PLr2jkklqoM20vmkdaB3fnguUJchcDMDhpAN3w3rhKcna5Z7pboxb4ZYCWTWiqF2YQeH8GUlHs0R34dO5B_Te2h6quirXSrtLHk51e71JCZj35FmHbz4RqcmRDyUd7HyB7BHjZwW73qZdkXfi42ICScQW74EM60AY7hIhC2SWlbdZjD9wE78PG9e7EU5qLVxW0N1orGheBOC7AQahQYg8bQeMkRjtHKNTKy7wXnBiLMWLl7rDVR_R8gPdwrHTc2m6jN5YWxP6jTUnOAhpiuBazXyXxP7xLgBcWTp1oBjrbAiIlwDQKqrlowYArxtB9xevnX4fFOp0NKujl1vDCmFqR2APe2khzPQ21xpTCAQSSwDq26N9gFhN-d_DP4DUfBxx7JCd8Gx4m_TlF726F2179OVWVMcQ_l0hFTwpwPRbZHTBXMIqC9Aodq-tF59RlprwRejRCZsRo469thgBIBNgAQ&ias_dspID=3&ias_campId=1008772806&ias_pubId=pub-4894209870857905&ias_chanId=1&ias_placementId=18137318546&bidurl=https://creditosaibamais.com/pis-disponivel/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iovvzKQTnAiCIFNgoSKeME&adsafe_url=https%3A%2F%2Fcreditosaibamais.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fcreditosaibamais.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=bed&adsafe_jsinfo=,id:ee5f2069-5dde-7c37-e338-c96df14e001a,c:1btMxg,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-5bd77c4f97-ptj2d,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:3,mot:0,app:0,maw:0,fm:tsPkfwi+11%7C12%7C13%7C141%7C142%7C15%7C1611%7C1612%7C17%7C181%7C182%7C183%7C191*.1135760-65089104%7C1911%7C1a1%7C1b,idMap:191*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:24,oid:3d65dbb6-9347-11ed-b7ea-62e9a01f3e07,v:19.8.377,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a800c59c07101ac9e787ae10eb5d6a7124dd006d97db2ceae985a85488062556

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 23:40:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50121
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10849
x-xss-protection: 0
server: cafe
etag: 12554467027428251666
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Jan 2023 23:40:49 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230111/r20110914/elements/html/ Frame 9498 8 KB
3 KB 47ms
47ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230111/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 20:28:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61659
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Jan 2023 20:28:31 GMT

GET
H2 200 7192351980783987775
s0.2mdn.net/simgad/ Frame 9498 86 KB
87 KB 138ms
36ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7192351980783987775

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f748c3c04943d255e6ab77797c7807049ca509599abf09a3f849ace2965476c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 13:25:48 GMT
x-content-type-options: nosniff
age: 432622
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 88553
x-xss-protection: 0
last-modified: Thu, 18 Aug 2022 08:15:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 13:25:48 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame BB66 106 KB
38 KB 134ms
37ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
Origin: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 09:14:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15712
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 14 Jan 2023 09:14:18 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230111/r20110914/elements/html/ Frame BB66 8 KB
3 KB 47ms
47ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230111/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CoLallnElgylOqIrM_9ldjNog4nF_KHTQxfIpe5HqN_4I5-bAloZSSDO59CELm6gR1Z-9zxxeNsy1qS0lRZlnAlPi1LA&cry=1&dbm_d=AKAmf-CNsqS-SOb6sAknN5x2FSIiegzZO_BFA_PUx-dsJf4zUYsL7cLC_RowlNwzhwSNFQ7HG7fdVyLfn24R_wy8hqeDRGKLxOF42Ooi5_tXkue7_Fd7a-e6sqY3lU1o8tpmnbHLTkQtX-eK1sr4dWB6GWqJiiZmZKekx2gdxiGetveXbIeGSX5XWDKeudzeyGIxNGBAWUbGxpzFWp0-PpErhJDPsxoW0n4osov_VPlnQmbPwrQRBY38LarB5KT07XtbUwkdg7ZFH2Q3jOsCIBPTw7vxvpQupB69QX0MquJh8GNdGifFSGR_34vWMdh2mmDFao_Bc9DmOb5wsqw1wEPOycNWhpTOqS936nKCTnBcZWf0YA_4spaltjHdXSG3yr6VXajBBJ7mage5hkUQ66KPPh-nZ0LQgUe94EPTPhwwCAurx7lX8dXgf3xKINoHGYXB2CSZoJrT2JEprMYjAAs4W24msVsm_APAuyKYaee0WPqrfhuTleSgq6VWCDuhVS2-VcjUGU9BqXzBHga0BpHyb935-D9Mgx-2bSjwuF8BMD0Lkgg4KnODmUT6e-jUx58zgx1F6XtAKet8eJySG4csaLO14Qy3ZzWZ7zIODyWftR-HBdCuYXr3EelL8VUO_cNwdfhnHohd51SZ95bQDEgZwWXFKsOAPOTsWqRPCAFSioew0AoFK8RqQ4JMwlIkMZ0ssEPKPt-Yb2TBiRKqiBCvTwLAHFTzb6EmbVRHYbtnpwabDtf2xVS-XhhfLsnTw4YyLwY-QNvrKvssbY3oZrNV4j314PsSMK-cX15ffuX3EBldaHVfo1uac0VPeFITzvE3odkIO64MNumxgGEs7HABOAdX3moAAArR7C3AnORIT1xi6T0L3MFvjdtpvkm5CoRKAuLqJbbk8RMcY_gN1hPbi2itaKR8hbJAIJMk1KBfrCPKoTQdDwVuxkfNDlKSYBp4d-pRGT17JPq7oCBs7hOsjPXktVblKamB5luoUoWdcPLaRupZiC5gatCh3KQ6VsOl6qypF3XoBtMeWCROYY2Bx-RRpw3qy9X0LzZhmdCUAOy1bdbBX1SWLHu1Huj8tEf-XxPt9YvcXxuNOpJbnrXCDcXDkb3bMYnq6HO_nvS0LyHvKVsdrb94V-_aJuBGELxg3eHOy1L9aVIdgT7Q5oD_2Lpx79OWwrK6o2IeHLus7Z2EKhK_vpjU01HhoQLJyqiulEtIty56LqLDdO3ajy9BYmcLJ5zJCxmFLNztlzk5OSsKzahPARWcyqN1gC7WQBO4FpSFNSV02tNH_BaMKrRzm8pzdIew3zMErclrbvVExitvYvnf2cDRyIRoVIA0faqsr0Q3TNPBNVbZXQ7MYbVQ_Mp2jMChc_tkmVqlFdqu9awt549Fk4pUrdH23kOCENgba_M1f1TGUQmyvHp3_yqKifoSZ93p8ABkNQpn34O1ReJoycSeH2I6N_72Vj0qu6M1NQkQMVTk3Bhn4P25DU02ZTfwCCncA_H6z52wFC4r69tg7GbTF9sGm1a403j_A_30ME7DQaTntZU3tulhC4eqqJTSxoEA-Xpo8O5OXNPHbinHzVPjbkasZzLDz-Hcl5kBxZUS0Je0Jwp4MocOLmuvdb9tBX2fQWQ_E6JxgBnAcaDEu50jaNNpctRWnnal3kPCY-vejmnbuL34w6FmstJQNWH5XOUBWsZjllaU4g-2E2LDf0ijzD8Hw6_WIVJAt7eQ5FOjIynldDIev_CFgp9d5Q4YGwEx-nYIML38GjbyJ68WfT5u3uZgBlU2dLYJaLNkKqA5dRE3EceUTw1thuDeBOHUYKGOlIKz4vE57mq8XjMhUUzOWxiKbUOQe7fqnvej05R8n2s_P2PExxJRc0ypAk2oEaXeJck3Tc2S9VJID2-3WwN_TSAp8dWOjtIv0aVpdJWunYfjAcrA5xnhAxRrgMVPw4YlJPLZPTvfVj9R3Iw0HiGjQDN0zyH7Uj-UnwdkcFQpwsIoLfOE7ecG4oNxoEp7DUptBQxanDlnVKB8IGBYpZ09sj9PSCre9N5r5CepUiSN0uzSWTXJtONC8RdCBaEvoVvg6dC7IYfYTpne08tKwdreuIMtBXzvITX1RcBS4TgpK0uAy4yHtUlgGHpwIEHkuUBVHRvPVbZfMeBU6MP0P72gL4C4-qiARFwo8ySFrlFkjiaI5iYkJylbgd5PwW_zUR_BXukHdTzpOtCJdhobx9kseU_vJMVW4Am6xWFPWKHMYwmS1BJq6KYtNiZ-xgWJYuqSX47Y0YTdK7kF7Yd2WyecokFu-oWJ_AwZxZyrHZOpso0qHALgiEn_t-ukJOMGRr8P8SIMAlKsnNQNo9c_4Q8H-ov18xnTvDw79oPv9ypWySGt95ygsMPmF9lvJ-cfEPbSrRde5Bn6GB9CLzeCh1VgsooMDAMchHJ98XjX8pyjiV4P29LyYfQtQnYN4hjrU-cs3T1POkqG7KL3ZXwWHUB9ywWLXUOkxF1C7kQRU9m2aJMIPE41OVXaff0QvV0_Zny3sasjVwBhMes_SUP7Xn3QA5THhOzPhv25ycctt269MCMLChvMkXO29G51t7_tW0HuEvmbmwb-0jHPOje82KTOfLKXy7IS498lOUlcBi8TDEYxfleiZLLV93ETQsKlqsQWgehyb2JeVRpkEbVK7vtiDBa7rlvn0YkpUq6vB27vy7gSs2ruMypPTXkZsu-LhNTFR4VqUqE8mTv-oZ43g2xHukZ0e-vLzwxznEWhYwJceek2ziQ88tPkVUwqD2ppGy478osFDSSa25_euJVmF-lsgxDlFhKb6GlMf_ai9dPcyCJ3HjpJnstvAOJA6ReFgndWMRtr12FmoAooTbnVikOQIHSmNiJNJXD-wpm1BpFo4xsplkIntYhlAihfgxV9IA9SaoQaUGjnMWgMrkOPdiis2JV9zTglukC1HjnHf071ArlAlxuj5jcEZayOErA3FD3AS5j4GZlN7Z6IxDfdDO-HyGUVxkOVZAw6eDU2fkJwUaG5x4Qg9NbeyqM7pFIt4icJcH_r4Y-JqV51xqv_Nsgwlk1YYYPG8re_gLa4mokoJdflaIZrHRgXxG-DM84iNtBn49Y75qIaCkBfxr4zzaooOoo6HHPUhM3MGqIOm7hW1wBaLHfFreCeZmkc3O7W33ashXpGg1EsOH9cD5f54N4HOYZg3DXFEHPuFBRAqU7QXDK2_MRYZfx7qAnCMP18Z_gz3x9w7GVEu1zQ_QdWnJ0uBUeZRhZ6cfJ7qnv6sK8geUgObXmNOQFBSqgufJHzys_XJOkoyljo70i8aRyKhyLY87ztPyiXm9SxLxJwlAiDoDc6lmr6KTQHbFMSy7NByPTAQ1nuYnerRro9_8KDxyy_bZLWnipVDS64eieNedMghEF51FKi8ERJFQESdLqAqydfRXrBCjzqxk_bdNXl9Mz-O0xOvliA_rnCMmOaf_ZC6s_EQvk74fJyrMXbt9lVriEOxmwMpHYBrSlQX2tiFcFO5jz0BYl8JlW4a0eL8dTeanQByoswYqa4JZNh-xWQ0djvzg&cid=CAQSSwDq26N9e6FHkDll9Kxvt_vbyPu0K7lJ3mXkB5_fk-l_BI3lziWuOXVfGWh_ttBTwMkqogb6UMoCQiwtmT59Ryy0J-WDuOJ_3vx2KBgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fcreditosaibamais.com%2F&ds=l&xdt=1&iif=1&cor=12250184780305850000&adk=3944675600&idt=113&cac=0&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 20:28:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61659
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Jan 2023 20:28:31 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230111/r20110914/ Frame BB66 28 KB
11 KB 47ms
46ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230111/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a800c59c07101ac9e787ae10eb5d6a7124dd006d97db2ceae985a85488062556

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 23:40:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50121
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10849
x-xss-protection: 0
server: cafe
etag: 12554467027428251666
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Jan 2023 23:40:49 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5C5B 0
20 B 168ms
168ms Image
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BTgwLSl7BY5CYB4ba3gPxgZKIBwAAAAA4AeAEAg&bg=!Li2lLWnNAAYDMoyoIzI7ACkAdvg8WjzwAvPGiybx0fntu4wC6kZjHuLaXyZGMr1emxcx7o-lSHeH3AIAAABeUgAAAARoAQeZAzvCYhTh31iqxQENHt1hCt34sSoOeFRFlNlZ39SeerdpguIZ26pfH7hL_-TjtIJMXUyRih8hnnFpYbeOMdVGU-b-9wA1Q9f4aqCLvGtTlj9Zy-vVdNp2jPlyHDjH2ejpJAKeQL2yNtsvslIoz73Ua-CFUpHx4Icxy_pNfSh0g5YWy-Gy4iNpkljL_jXISNwYyAh0P1dOXVn-B6cF0BoqCh9ITdoS7R1v6KaC1Gzj1h_aPjE1JzwqqlLE9AYUVXTv8U3FalWNCqIxZdIiwjuX6i0Jq0eBY2zaLr9K6pVXttH3kovELrsh-4gdCKAy36cxIdDpngzRa25Wi1h8YJ3Rlza89lFkTyr1_Og-fJE1sYZI4LcL-hkgj8IpIa8HT0OTRdAwrIYB4rGsSQHYwsm1Cc9tEW_wmEpE7E1aeEOSSPVvmwMDzFB1fivzaMEVJgJeeH0xXzgl8KEVhURhhOdf4S0CLBjhLN_aroFfsIU7l2-KglOjDaKXvXeN7ootDRRy8m0kNsLIyplatgiVDEAiqZl4h8NAuwL2TuXCwbAtF3qa_0-A-36rK9B9q1QDGbwOV5UT8potgR-sLAPKDUF0jiJYWYO7-w7U1JDnMRBRjFGvSoJiJUBqQLksaHaj_0pJ4gw-zMjgRKMrEdIPhyUSKjtbtktv_ha9Yyr2FHD96lpiilmD0XGVsm7Axwxsx_DYJTcNgGNDdPigLdH9C1WuSP8Z-Zg83U1fT6CDQEH9PVpiodWweg7q8tF0lNGQWmrJZ2_vysPiK6cLJhbJ37EWBCnWmLir2cDJCUrAViY9PM_fkJ9WcHT4jyWyjpsc8AF96Q8Ngg6ZNobKTOVYJJsmN7uTSSnFe_O5JcT6qUr_J3JWyiuu-EwmW3Y3xMn5SYVN_tn_U8BJuaMsT0iUYmnMxpRikA9LLDdarsoGNZCe9BCeeJi3ExWGtOJcX3i6gnac4SbKDl6T1P1twOt3BmCBW12pl2Lzog0AgoXaEzE2srFIcMhNwiqLI9NBEFXqT3dQZZa54A4-X5ep5yjc-kalQkEti828KdiKEfykIXxpd6Tyu5MBECQsGvr5LtttI3tgICqL08AUsJl_gA_Bgg

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 script-push.js Show response
script.joinads.me/ 1 KB
1 KB 32ms
31ms Script
application/javascript 2a06:98c1:3120::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.joinads.me/script-push.js
Requested by: Host: script.joinads.me
URL: https://script.joinads.me/push-notification.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3cb238c7630ba8bd60ede523b57d4b3619086b3c54c04297662d2fddc65c6c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 256500
cf-polished: origSize=1468
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 01 Apr 2021 12:59:37 GMT
server: cloudflare
etag: W/"6065c3b9-5bc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OqLwa41V7NCNY7yq9%2F6Ki6qRtwUOuRNzcFimWBZsaxvwDcYveJYbog8cOHCiCQ9yHDuZlsfkoJOlQCubo3jccgRV4S8oWCuyCrf4aQd%2FqoNsoRNDVpQWFugZ2P93VmhgPrK0hk2Y2MPHkAskPvYBqw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31104000
cf-ray: 788e84f42efd92b1-FRA
expires: Fri, 05 Jan 2024 14:21:10 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame BB66 41 KB
15 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:17:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80302
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 12 Jan 2024 15:17:48 GMT

GET
DATA 200
OK truncated
/ Frame BB66 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56bbe8e9de97124ac618480af6a15c0ef1b3ad3cc225f200804d51f3c8270590

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9498 43 B
215 B 212ms
186ms Image
image/gif 2600:1f13:800:7782:40bd:d2b7:80cf:ba3e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=ee5f2069-5dde-7c37-e338-c96df14e001a&tv=%7Bc:1btMDS,pingTime:-10,time:434,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTA5LjAuNTQxNC43NCBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1673616971023%7C%7Cde3c8b561e4fcbd788c07d1629a7eca1%7C%7C8e7a3195fc7d943b14e55b6c8e00d314%7C%7C3eab08cfa0d4f233313b70c94d2b2828%7C%7Ced4e7b5f54cfe80542d4713c4fbff1fd%7C%7Ca1eb3876f3da5a1ad90d98d5b48c41b4%7C%7C61619c0f24fc7aac17e08e32981db3d3%7C%7C1a86a024512a80fcfda62a9d5e1218a9%7C%7C1663701684%7D
Requested by: Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:40bd:d2b7:80cf:ba3e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:11 GMT
server: nginx
x-server-name: dt18.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D8A8 22 KB
8 KB 36ms
35ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 80303
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 12 Jan 2023 15:17:48 GMT
expires: Fri, 12 Jan 2024 15:17:48 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 index.html Show response
s0.2mdn.net/sadbundle/18402199775506297603/ Frame 05C0 4 KB
1 KB 36ms
36ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/18402199775506297603/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e496c8df709faf2c11072ebc4df3106b369d3d914b065d5e806745193950527

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 331928
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1310
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 09 Jan 2023 17:24:03 GMT
expires: Tue, 09 Jan 2024 17:24:03 GMT
last-modified: Wed, 07 Dec 2022 10:02:08 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame BB66 0
0 220ms
91ms Fetch
image/gif 142.251.39.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss_a2KB44jPX1Iyb5gswSpKwx4qdkJvKF7eiLliFNg79x6oIB7GRPoTab1MXmtsvVEKs3Y01iacGrJJbdjBRRYaAWeFuB4F6KkE4LY85dSo2fR4a8Lg-RLfJP0suBwLsazada3RjL9Oy-NiVC8TxhekFEy1cdbtvx7KV-iNgcsSYgkyIUTklvkWHLkr_xwyiy2J0vC4Ezku0ZfKoL3VC888UvVwA0fRnWF2molz_qf5FH1RIPajRymqr8E4pPZ7dClMOOY8Oe-2-58HKdMGcfN93O1LherHrd5Uo-685xhwEQjMMaQeye3WoiiqSVEYK6Z5ojjbkPLcaQ-ynQrWt0yYIdSO3Sz-MoO_CEc22jX6eAOjz2O4UFYH4uhjz8LwyO1p_MqWcBAUDo9BlJOHcMhsVjbSpxyt9urAStdgGXJAP1oRJvJMI0polbZx7LZ5EPqKgWgBDj5bpkW1119fNiRjIes_QLMjL041Ci7PC9Rm6qxqxusweTYYhDC_j2TGy_asf5zCDcn3uDU9sBk0qdS0JXqVDvsCWNTRqbhShd1S0s4tscCFpZBYmV5aQtipoar7oADzWU3T9sJo9yIFb3ybPgj_LR7JUhMkoAEBz3DiHdZETDRio64qKHPDjEW3FpqCYywEYGUzd1Jj5QPAo8EVDsyhFLLav3BQJ35L511ABr1bX48d4hoy8UbmvE5dDzLFpKwSWYe2zum3SRqDrA63l4mazEy9n23nU9plCcexJS8LLpOS5JeMHGrtkwXP5JJhOVjX4ySHwQPIRQP9U6eF_C1izwQke68HYXiuMNtQS4NfGMoQsOSpgCjrNBzZ5UnbODPkWf5KpMU4HDYo6v8EojDOtLYcu5x9xkKzGirOzyBDRRkhSrAmsigDUNLKOQQfjwUdWjPsDFNCTYrL6YVdOQ-4jrO5ZpMA6ZPZsoAkFSeB-u_zz6pG4EPmXLyJIRM3Y1KiGlpkf6wFhnopDRtxGO6eVDhyFJeOhVtuBAZAvKJ6mcVyUg2QfhuGsN0810RlSh0eCRixN-QkXJ7wU4A0SZAkfcTjqCGMS8yznzIf65r8pfMzr_J9zTEm-nkNSj2yGqQPSyykDLL2iRzy4IWqhPfIkOxb2-lPzFogsPstfWp5f0BZN7nKv7wOe372Bfb3KskJO95v5uR06bWr0SBc_T-C3e5ivZgH_S1Qy2Iilzv0Lt5RxmnclKKecPPFZuOgSk03xpuMDZ3Xf8O1sNH9IaBdJ4qEmwh002pfuRVxtdkgiGSiZpPkL9lk5KDoXA&sai=AMfl-YT6LeL4fQ3ytxtIMQARVVI_0KJvD1yExEHSC5HK5XWEwJx0GTJSJ9uab5QwHkrTFVWCHCFA8iqBRxbw5LlixAHhkspohKNSJyWTl3ulxsbOGnT2grewaGOOeLOaZCcvWlQ5hMUowWNSxqi7lu2uwlNwGPKYbv7r3TlpqSegVcZEjfLhxIt_72J_CRW4IZVtXCPqjKlqm8A9A-nToy_-5ef4p8hiLOxxFquUHVwVJR5Y0Sx1QIvjrQi5bs0x-6l6jt175tqtYYP5-Zf65llQKgefEobuGC0o9SblxjM&sig=Cg0ArKJSzF6gdaAiQS2mEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=218&cbvp=1&cstd=215&cisv=r20230111.42149&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.39.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s37-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 13 Jan 2023 13:36:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 13 Jan 2023 13:36:11 GMT

GET
H/1.1 200
OK tag.tr
red.vtracy.de/ Frame BB66 17 KB
17 KB 71ms
15ms Image
text/javascript 18.197.240.141
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://red.vtracy.de/tag.tr?tr_adid=k29065961_s3021957_p354299913_c183743940&tr_mid=0&tr_sync=true&tr_uid1=DC&t=694823241&gdpr_consent=&gdpr=
Requested by: Host: ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
URL: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.240.141 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-240-141.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Fri, 13 Jan 2023 13:36:11 GMT
Server: Apache
Connection: keep-alive
Content-Length: 17000
Content-Type: text/javascript;charset=UTF-8

GET
H3 200 JwRg8GnJRbSbwgtubA3x1Twn6jgCPCxSQn9TsX0K1wE.js Show response
pagead2.googlesyndication.com/bg/ Frame D8A8 36 KB
16 KB 51ms
50ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/JwRg8GnJRbSbwgtubA3x1Twn6jgCPCxSQn9TsX0K1wE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

270460f069c945b49bc20b6e6c0df1d53c27ea38023c2c52427f53b17d0ad701

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 10:03:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 185561
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16089
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 11 Jan 2024 10:03:30 GMT

GET
H2 200 style.css
s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/ Frame 05C0 1 KB
526 B 36ms
35ms Stylesheet
text/css 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18402199775506297603/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49cbd009a40e971c1c6a4d40b5ec17c8d214721dade6e60f4e0c3d36298ca958

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18402199775506297603/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 17:24:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 331928
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 452
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 10:02:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 09 Jan 2024 17:24:03 GMT

GET
H2 200 tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 05C0 105 KB
35 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18402199775506297603/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18402199775506297603/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35824
x-xss-protection: 0
last-modified: Fri, 09 Oct 2015 14:01:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 13 Jan 2023 13:36:11 GMT

GET
H2 200 main.js Show response
s0.2mdn.net/sadbundle/18402199775506297603/javascripts/ Frame 05C0 2 KB
659 B 36ms
36ms Script
application/x-javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/18402199775506297603/javascripts/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18402199775506297603/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a9445ab24b50fc0945fd327d2f78da39c09571d8a103c4eb946e655b4a33e73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18402199775506297603/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 17:24:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 331928
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 574
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 10:02:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 09 Jan 2024 17:24:03 GMT

GET
H3 200 bg.jpg
s0.2mdn.net/sadbundle/18402199775506297603/images/ Frame 05C0 50 KB
50 KB 37ms
36ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18402199775506297603/images/bg.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97ee1ee60b05506f81c50fa17e768fdd653bae5750328129be0a71e40e7b8c37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 17:24:03 GMT
x-content-type-options: nosniff
age: 331928
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50833
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 10:02:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 09 Jan 2024 17:24:03 GMT

GET
H3 200 logo.png
s0.2mdn.net/sadbundle/18402199775506297603/images/ Frame 05C0 3 KB
3 KB 41ms
38ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18402199775506297603/images/logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14ea53201f2569bb352a4bfa01fb0a82fb1db9dd9828ae77d7221e40e5b5bb20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 17:24:03 GMT
x-content-type-options: nosniff
age: 331928
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3387
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 10:02:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 09 Jan 2024 17:24:03 GMT

GET
H3 200 layer.jpg
s0.2mdn.net/sadbundle/18402199775506297603/images/ Frame 05C0 2 KB
2 KB 55ms
52ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18402199775506297603/images/layer.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f1970784ecd196f4be187a329efd6c9cc1cd091d0b9cdc0d7876333aebb8a85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 17:24:03 GMT
x-content-type-options: nosniff
age: 331928
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2115
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 10:02:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 09 Jan 2024 17:24:03 GMT

GET
H3 200 push01a.png
s0.2mdn.net/sadbundle/18402199775506297603/images/ Frame 05C0 2 KB
2 KB 55ms
52ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18402199775506297603/images/push01a.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3c9b2b18240b181a21ba0eaa3d3770c1432444d1c0332904eea5a871daa7138

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 17:24:03 GMT
x-content-type-options: nosniff
age: 331928
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1664
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 10:02:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 09 Jan 2024 17:24:03 GMT

GET
H3 200 push01b.png
s0.2mdn.net/sadbundle/18402199775506297603/images/ Frame 05C0 3 KB
3 KB 51ms
48ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18402199775506297603/images/push01b.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9da3696f109e5729da0c6c20124ec49f9e8ed7dc39f6744ff81c1230c4a189e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 17:24:03 GMT
x-content-type-options: nosniff
age: 331928
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2564
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 10:02:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 09 Jan 2024 17:24:03 GMT

GET
H3 200 push02.png
s0.2mdn.net/sadbundle/18402199775506297603/images/ Frame 05C0 2 KB
2 KB 50ms
47ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18402199775506297603/images/push02.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ed95f5118b1582b90e655bad2af954904677d9e630a2dade8ef4b1a2d548307

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 17:24:03 GMT
x-content-type-options: nosniff
age: 331928
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1641
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 10:02:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 09 Jan 2024 17:24:03 GMT

GET
H3 200 stoerer.png
s0.2mdn.net/sadbundle/18402199775506297603/images/ Frame 05C0 9 KB
9 KB 42ms
40ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18402199775506297603/images/stoerer.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

083c62be96044cfd0fae3888aca6fd4e87686e1334e99de7703545dbc9461ad1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 17:24:03 GMT
x-content-type-options: nosniff
age: 331928
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8956
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 10:02:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 09 Jan 2024 17:24:03 GMT

GET
H3 200 stoerer2.png
s0.2mdn.net/sadbundle/18402199775506297603/images/ Frame 05C0 3 KB
3 KB 55ms
53ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18402199775506297603/images/stoerer2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebd60eb21d467fd8be75e1ec6fbd0cd7bfb154c612fbaaf3808346b4bbacfade

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 17:24:03 GMT
x-content-type-options: nosniff
age: 331928
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3462
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 10:02:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 09 Jan 2024 17:24:03 GMT

GET
H3 200 product.png
s0.2mdn.net/sadbundle/18402199775506297603/images/ Frame 05C0 14 KB
14 KB 60ms
57ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18402199775506297603/images/product.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc8d4f0307cb7b2d1ddd75494c0feaedb06225b7fb2d3b9e87740a4fcce80e43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 17:24:03 GMT
x-content-type-options: nosniff
age: 331928
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13983
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 10:02:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 09 Jan 2024 17:24:03 GMT

GET
H3 200 cta.png
s0.2mdn.net/sadbundle/18402199775506297603/images/ Frame 05C0 2 KB
2 KB 57ms
55ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18402199775506297603/images/cta.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

73b9c61568b437763c1552c67d4516ed7014a4c5277af7bc6f104a1009a62e5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18402199775506297603/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 17:24:03 GMT
x-content-type-options: nosniff
age: 331928
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1782
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 10:02:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 09 Jan 2024 17:24:03 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame BB66 0
0 84ms
83ms Fetch
image/gif 142.251.39.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss_a2KB44jPX1Iyb5gswSpKwx4qdkJvKF7eiLliFNg79x6oIB7GRPoTab1MXmtsvVEKs3Y01iacGrJJbdjBRRYaAWeFuB4F6KkE4LY85dSo2fR4a8Lg-RLfJP0suBwLsazada3RjL9Oy-NiVC8TxhekFEy1cdbtvx7KV-iNgcsSYgkyIUTklvkWHLkr_xwyiy2J0vC4Ezku0ZfKoL3VC888UvVwA0fRnWF2molz_qf5FH1RIPajRymqr8E4pPZ7dClMOOY8Oe-2-58HKdMGcfN93O1LherHrd5Uo-685xhwEQjMMaQeye3WoiiqSVEYK6Z5ojjbkPLcaQ-ynQrWt0yYIdSO3Sz-MoO_CEc22jX6eAOjz2O4UFYH4uhjz8LwyO1p_MqWcBAUDo9BlJOHcMhsVjbSpxyt9urAStdgGXJAP1oRJvJMI0polbZx7LZ5EPqKgWgBDj5bpkW1119fNiRjIes_QLMjL041Ci7PC9Rm6qxqxusweTYYhDC_j2TGy_asf5zCDcn3uDU9sBk0qdS0JXqVDvsCWNTRqbhShd1S0s4tscCFpZBYmV5aQtipoar7oADzWU3T9sJo9yIFb3ybPgj_LR7JUhMkoAEBz3DiHdZETDRio64qKHPDjEW3FpqCYywEYGUzd1Jj5QPAo8EVDsyhFLLav3BQJ35L511ABr1bX48d4hoy8UbmvE5dDzLFpKwSWYe2zum3SRqDrA63l4mazEy9n23nU9plCcexJS8LLpOS5JeMHGrtkwXP5JJhOVjX4ySHwQPIRQP9U6eF_C1izwQke68HYXiuMNtQS4NfGMoQsOSpgCjrNBzZ5UnbODPkWf5KpMU4HDYo6v8EojDOtLYcu5x9xkKzGirOzyBDRRkhSrAmsigDUNLKOQQfjwUdWjPsDFNCTYrL6YVdOQ-4jrO5ZpMA6ZPZsoAkFSeB-u_zz6pG4EPmXLyJIRM3Y1KiGlpkf6wFhnopDRtxGO6eVDhyFJeOhVtuBAZAvKJ6mcVyUg2QfhuGsN0810RlSh0eCRixN-QkXJ7wU4A0SZAkfcTjqCGMS8yznzIf65r8pfMzr_J9zTEm-nkNSj2yGqQPSyykDLL2iRzy4IWqhPfIkOxb2-lPzFogsPstfWp5f0BZN7nKv7wOe372Bfb3KskJO95v5uR06bWr0SBc_T-C3e5ivZgH_S1Qy2Iilzv0Lt5RxmnclKKecPPFZuOgSk03xpuMDZ3Xf8O1sNH9IaBdJ4qEmwh002pfuRVxtdkgiGSiZpPkL9lk5KDoXA&sai=AMfl-YT6LeL4fQ3ytxtIMQARVVI_0KJvD1yExEHSC5HK5XWEwJx0GTJSJ9uab5QwHkrTFVWCHCFA8iqBRxbw5LlixAHhkspohKNSJyWTl3ulxsbOGnT2grewaGOOeLOaZCcvWlQ5hMUowWNSxqi7lu2uwlNwGPKYbv7r3TlpqSegVcZEjfLhxIt_72J_CRW4IZVtXCPqjKlqm8A9A-nToy_-5ef4p8hiLOxxFquUHVwVJR5Y0Sx1QIvjrQi5bs0x-6l6jt175tqtYYP5-Zf65llQKgefEobuGC0o9SblxjM&sig=Cg0ArKJSzF6gdaAiQS2mEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=424&vt=11&dtpt=206&dett=3&cstd=215&cisv=r20230111.42149&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: creditosaibamais.com
URL: https://creditosaibamais.com/pis-disponivel/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.39.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s37-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 13 Jan 2023 13:36:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 13 Jan 2023 13:36:11 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D8A8 0
20 B 168ms
168ms Image
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B6ymeSl7BY6G3LIzf-gbYtq-4BwAAAAA4AeAEAg&bg=!Pj2lPXnNAAYDMoyoIzI7ACkAdvg8Why2Scn4ODGzcqVrUUlBLJxdIJ9QIsbEJVixfdylxgJgA_jK1QIAAAB9UgAAAANoAQeZAu42UjFD8cWIBWYDhe8RD0r6zjKLd1h_5ftwUT-S0NGeZhJR9FcLPeqp8sguu_0NFq9cRL9gztGfKCx86aPFWBOXmPeGzDAsaAHE8otr0SrucMjcm-pFi8xtm0uqqfREl4LTowTiUgZpEP7gbPrJyExIFDiZXp6T4XCpi6DymrvxsUH0Ig7UY0iafhJ5sThPr0pjUzRXRToAmNSWwrZwFeBjVNI8_KQNMu1znoBbTd9046CMwlH3raot8WLFi6sYWyRDp7c0m14dKx9m9tOJOCv0TR3oOta_jpvmcMf8ArSvQ--fxh6cKn_jVHX5QX1xUp-kxg5jIrSc_OkyHLeK06WikAPRz_1FdQzO6DnB6L9-GaMc4zoSLnu_g3YoC3mP6X3sB0vbvG4jGaDoaWqlYWo70y21eGN5B4UW9KgAuzW1rMb4AVOgjS1II96tGk6J0kM8XAgCKca0jszZpctk2h-iSWQSLmPLK1afbYtU13zGw_OYsSRwq2EpzEV4-PSbg9E7AJB-aJVoYXna6UP5WME3F2g47mtiNn_NzqU622O2Xz_69k2mbSXKWmNHw_WUifnNEm_Ki5JNdfXGzrtm3mSOCWulIzslG53A4DNvkaA_U1LynaslvNJCe-vv-0K9-FCBl4OmJ9NexgV4bBT91JkjYzOze0SET6quwYMWVmoJIKtdyDsPnH_qeOtNKlpLh1cCNY_tIjCqQ-eOmAtMbnsUpEYb5rP0-9TiqGsoeSm6TVHYvmLqJl2Z-9MXgQ_vPZbmnUk_-x_7y6jf8tnxJPZgYW4zwKERN5buK1KSGlTb0SxvsPiwdOCTBUVQZXGCqg-mgsHYgaF0illwvJOQAbpLQgQE_OLCXDu1uELH0xtpsf_nXaRZtXyKzYfxOIWRBDCtZYMH6ZIIpQd_CJ2basFsAcFMNYfTrQ9t8twaIQmjve_rRqzL-BEqvsW_r66X1MtwlJoekSAtYz2DEJz8bDiuvjrbKv69FzxL3jnFjG4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5D12 0
20 B 161ms
161ms Ping
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8369644748832&version=m202209210101&ct=77&x=1&cor=516160539099397800

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BB66 42 B
64 B 168ms
168ms Fetch
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvGVrx82tJlTjNbgfWnFpTzEg6BEHDlqDXAiEwJSiXcBVJ8yB4CABdVBnNL31BC0x71s_6sySewIhL2E18_19Z74v6anbNNdChv4UDCqsWEa3P3Vy-jwJVAxIxs0R3UfN3b286gdw&sai=AMfl-YSq8RZuurWkhRStDco65H7laCFIUL17sWjfY7qRxz1QROYWPUJw9IdviRtvbuuNYaPqp76PTg1az23V50K9LTa3wLZ844c-XeiF03P0RVtsAbagOuJJ--TijDhpB8LBYqWlJAMD39J5gS3VIq0&sig=Cg0ArKJSzOG2pmcf2Lk0EAE&cid=CAQSSwDq26N9e6FHkDll9Kxvt_vbyPu0K7lJ3mXkB5_fk-l_BI3lziWuOXVfGWh_ttBTwMkqogb6UMoCQiwtmT59Ryy0J-WDuOJ_3vx2KBgBIBM&id=lidar2&mcvt=1000&p=308,240,558,540&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230111&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1766104676&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1673616970034&rpt=922&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BB66 0
20 B 161ms
161ms Ping
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6975423589790&version=m202209210101&ct=76&x=1&cor=12250184780305850000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9498 0
20 B 162ms
162ms Ping
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4836582721072&version=m202209210101&ct=76&x=1&cor=1396290486060888800

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 36ms
35ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-3J8W9ZHFES&gtm=2oe1a1&_p=1692517812&cid=1261674558.1673616968&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1673616968&sct=1&seg=0&dl=https%3A%2F%2Fcreditosaibamais.com%2Fpis-disponivel%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_163&dt=pis-disponivel%20%E2%80%93%20Saiba%20Mais&en=scroll&epn.percent_scrolled=90&_et=23
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3J8W9ZHFES
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://creditosaibamais.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Jan 2023 13:36:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://creditosaibamais.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

106 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

34 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
prism.app-us1.com/	1970-01-20 09:36:48	Name: prism_800525001 Value: 0d12afa2-c979-457e-a602-654b1bdede3e
.creditosaibamais.com/	1970-01-20 09:36:48	Name: prism_800525001 Value: 0d12afa2-c979-457e-a602-654b1bdede3e
.creditosaibamais.com/	1970-01-20 11:03:12	Name: _gcl_au Value: 1.1.1509596727.1673616968
.creditosaibamais.com/	1970-01-20 18:29:36	Name: _ga_3J8W9ZHFES Value: GS1.1.1673616968.1.0.1673616968.0.0.0
.doubleclick.net/	1970-01-20 18:15:12	Name: IDE Value: AHWqTUnCDeCRVp1S4xevW71ZLgDI94HONB68Aj1Lh2kdTW6qYK9EjRkDJqxw4xVupNo
.creditosaibamais.com/	1970-01-20 18:29:36	Name: _ga Value: GA1.2.1261674558.1673616968
.creditosaibamais.com/	1970-01-20 08:55:03	Name: _gid Value: GA1.2.1401335458.1673616969
.creditosaibamais.com/	1970-01-20 08:53:37	Name: _gat_gtag_UA_201994943_4 Value: 1
.lijit.com/	1970-01-20 17:39:12	Name: ljt_reader Value: F-swqGZHSUxj5kkbRsaT6l9k
.w55c.net/	1970-01-20 18:23:51	Name: wfivefivec Value: YMPJ7h6u1Pgke55
.3lift.com/	1970-01-20 11:03:12	Name: tluid Value: 3679768874895357601077
.w55c.net/	1970-01-20 09:36:48	Name: matchgoogle Value: 5
.criteo.com/	1970-01-20 18:15:12	Name: uid Value: 7b5cb154-8b08-45c0-bce1-a14105338ab1
.everesttech.net/	1970-01-20 17:39:12	Name: everest_g_v2 Value: g_surferid~Y8FeSQAADfKEDQAe
.bidswitch.net/	1970-01-20 17:39:12	Name: tuuid Value: 4b2fa2d2-c1e8-45ba-8a68-91fefed6e3e5
.bidswitch.net/	1970-01-20 17:39:12	Name: c Value: 1673616969
.bidswitch.net/	1970-01-20 17:39:12	Name: tuuid_lu Value: 1673616969
.tribalfusion.com/	1970-01-20 11:03:12	Name: ANON_ID Value: aNnseFyg6AarA7u8QGNu9DjeTFn3496W2mUrdNLTdQ73JwSX0ZcQHelcfrybSZcZdl40bxBZca5Byy5aeCh0ARMj
.adnxs.com/	1970-01-20 11:03:12	Name: uuid2 Value: 6142124936054820512
.doubleclick.net/	1970-01-20 08:53:40	Name: DSID Value: NO_DATA
.creditosaibamais.com/	1970-01-20 18:15:12	Name: cto_bundle Value: Qu_RJF92WjYzamhpVVlnbmN3TnB6cDloOGNYSFFQTzFSZ1clMkJSdENoWnhrblhxTmZyJTJGSHJBZSUyQkltbHMwN2s4SkZpdXREdmJhS1lnTU5TaXNPdkc1Tm5FNjlVSjcweDJ4bjg0T0VVQnRFdmtQelhTdWwlMkZEbTlqMHVnQUdxYyUyRkk1dk9CSWluUThoMm5wTG1XMVN6VElwNnlYTG9vY2Z6ZktpTHVlaHdxNSUyQmY0UlhMRDAlM0Q
.casalemedia.com/	1970-01-20 11:03:12	Name: CMPS Value: 3295
.casalemedia.com/	1970-01-20 11:03:12	Name: CMPRO Value: 3295
.adnxs.com/	1970-01-20 11:03:12	Name: anj Value: dTM7k!M41.D>6NRF']wIg2C'!FDj4K!@wnfH8K6pQK`!5=E<L5?%K@k`?][6)77l8>!wh75ehyl[96R@<hn2ju5)I%nugO%v4VB%nn++).G<
.casalemedia.com/	1970-01-20 17:39:12	Name: CMID Value: Y8FeSWk9jyt40anqkwQE3gAA
.creditosaibamais.com/	1970-01-20 18:15:12	Name: __gads Value: ID=38cdc1e2e39349e2:T=1673616967:S=ALNI_MZ1KIt19c5DRBT5bugi4YE4hGL-cw
.creditosaibamais.com/	1970-01-20 18:15:12	Name: __gpi Value: UID=00000ba205f31c19:T=1673616967:RT=1673616967:S=ALNI_MYcNmcQ1speOHxKU_yR7s2Fm7cRcQ
.openx.net/	1970-01-20 17:39:12	Name: i Value: 1edbb1ce-8f92-4b4e-8b15-d3d5bd2aaad2\|1673616969
.redintelligence.net/	1970-01-20 11:03:12	Name: 8lcfmzhxc8d6_uid Value: 8e149880662e9b04
.tradedoubler.com/	1970-01-20 17:39:12	Name: BT Value: 1z11zzy4zvhMrjzddvGcp5zzGx1y2x1yIx1y3x1yJx1yKx1y5x1y6x1y8x1yAx1yBx1yDx1z9yddvGcp5
.tradedoubler.com/	1970-01-20 17:39:12	Name: PI Value: 1z11z1zy4z29pEZqz7ab3y1y21FmOy1FRDyyy7WPTyvUky2K6sFJyyEg2UDktBjeM_W9EEhvweXdqw3CO2bwWrd552QH%7ajOG32Y%7aS4b543gmtcy
.tradedoubler.com/	1970-01-20 17:39:12	Name: UI Value: 1z11zzy4z2VZjTVztbDyO2ca
.vtracy.de/	1970-01-20 11:03:09	Name: tr_id Value: vi-da09a129-12b8-4f19-96ec-998714463563
.vtracy.de/	1970-01-20 11:03:09	Name: tr_dt Value: 2023-01-13+14%3A36%3A11

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230111/r20110914/zrt_lookup.html?fsb=1#RS-1-&adk=1812271804&client=ca-pub-3685392670532966&fa=4&ifi=7&uci=a!7&btvi=1&xpc=aqmKkBMUrF&p=https%3A//creditosaibamais.com Message: The resource https://fonts.googleapis.com/css?family=Roboto%3A400%2C500 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
adservice.google.com
adservice.google.de
ap.lijit.com
bid.g.doubleclick.net
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
cm.g.doubleclick.net
creditosaibamais.com
diffuser-cdn.app-us1.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
eb2.3lift.com
ec6eb25c6e5205e97ed7fbd4b4e04ace.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hal9000.redintelligence.net
hal90002.redintelligence.net
ib.adnxs.com
id5-sync.com
img.tradedoubler.com
impfr.tradedoubler.com
link.creditosaibamais.com
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
plantaocredito2.lt.acemlna.com
pm.w55c.net
prism.app-us1.com
red.vtracy.de
region1.google-analytics.com
s.tribalfusion.com
s0.2mdn.net
script.joinads.me
securepubads.g.doubleclick.net
static.adsafeprotected.com
static.criteo.net
sync-tm.everesttech.net
sync.teads.tv
tpc.googlesyndication.com
trackcmp.net
us-u.openx.net
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
104.96.128.226
13.248.245.213
137.184.92.206
141.95.98.65
142.250.27.154
142.251.208.130
142.251.208.162
142.251.39.2
143.198.150.47
151.101.2.49
159.69.70.9
178.250.0.157
18.197.240.141
185.80.39.216
2001:4860:4802:32::36
2600:1f13:800:7782:40bd:d2b7:80cf:ba3e
2600:9000:211e:dc00:a:e047:752:5701
2600:9000:214f:fa00:8:48e:53c0:93a1
2606:4700:10::ac43:266a
2606:4700:4400::6812:2a69
2606:4700::6810:5714
2606:4700::6811:915b
2606:4700::6811:925b
2606:4700::6812:18ad
2a00:1450:4001:801::2001
2a00:1450:4001:806::200a
2a00:1450:4001:80e::2002
2a00:1450:4001:811::2002
2a00:1450:4001:813::2001
2a00:1450:4001:827::2003
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::2003
2a00:1450:4001:830::2006
2a00:1450:4001:831::2002
2a00:1450:400d:802::2002
2a00:1450:400d:802::200e
2a00:1450:400d:806::2004
2a00:1450:400d:806::2008
2a00:1450:400d:807::2003
2a00:1450:400d:80d::2002
2a00:1450:400d:80e::2002
2a02:2638:1::3
2a02:2638::1c
2a06:98c1:3120::c
3.126.34.117
34.102.146.192
34.120.107.143
35.186.231.97
35.244.159.8
37.252.171.149
46.4.10.47
51.75.86.98
52.29.44.102
54.175.213.158
65.9.66.65
72.251.249.13
99.81.181.127
001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
083c62be96044cfd0fae3888aca6fd4e87686e1334e99de7703545dbc9461ad1
09e76c50bddea63acaa1af77c52f4d560286174769778d99817f8647f61a1e8a
0aade4473b4c7427f41a5b3aeacddf7a2e3532f2b7fece88a77644ec0e27d81a
0ab132bd2320f278e4de443b40c25b201fa60610351fcbd6a23c905e8105ea07
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e36f53a8608923f566d77e1e90177aa3916a574812d77ac678050ca6352d94e
0e496c8df709faf2c11072ebc4df3106b369d3d914b065d5e806745193950527
0ed95f5118b1582b90e655bad2af954904677d9e630a2dade8ef4b1a2d548307
0f1970784ecd196f4be187a329efd6c9cc1cd091d0b9cdc0d7876333aebb8a85
1188460bd909dd436072c59c51e4599eda9e98d99eae9b554f49b38f37e9d7ed
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
14ea53201f2569bb352a4bfa01fb0a82fb1db9dd9828ae77d7221e40e5b5bb20
15eb202865d1d835fae2eff61bb922fa91fb4064a1fb850ebadab1f190782648
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
198970b12d8e5b15e20404dfba81ae96b7debe76b03c70c758712a44475f54b6
19cafb8853fd14337b925f6f620ab4e3ed2f23890d03cb86a35934ba8bca4e34
1c8265dfea61fdbeb7770b27478fa751de4f9a0d8647867f98a0a47c00255842
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
270460f069c945b49bc20b6e6c0df1d53c27ea38023c2c52427f53b17d0ad701
27d0e32056c8f455b6c150aebb6fc841b4839a60c5530dc2f3c111bab9957115
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2d9c137b6960ae5904b796eb09dcb46525fc0af84f687c85b2339b566931f437
30b414e63e540e7ccc4d1c2790f01d96d420452db53606a3de775fbdb7463197
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3199c60c8b2fce672c86cc24ba032d20cd2d43763ee33e5c4c281c99dbda31ae
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
39d0fd9943a1069718bb60c51587b8a2b7711d562766565fafd8ac6050e44cdb
3b47c4996ccab3caa2140b473cbdaa5b98b9ea58c1936d51e6b565b0f57730ff
3c3e3b6cb4f96eff8b6467b5a3d78bb755e38175570bed48ee1027aea406ec75
4274543e094ff39715b0b2f65cbfa69121de40baa152c9cf11b77454a05f8284
4683578b8e594795727aa2db940e7c262e27b19d74b45664df93f863700c2310
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2
47aa4b4ea3e151b53fe4eb592bc0157afd53645c3d9ee3842cdd8b777a925d41
49cbd009a40e971c1c6a4d40b5ec17c8d214721dade6e60f4e0c3d36298ca958
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5243470d2be31f9aaf768f030f06b894aad081801460b75f6b396aca06fd8dda
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55bd442d45ef481e3f0eb795894dd94f1a5e38f2a4847c2f49371010e1e013c2
56bbe8e9de97124ac618480af6a15c0ef1b3ad3cc225f200804d51f3c8270590
58d2ee67427a1eabc5002517ae856d546cb6a395a1b4ca8d22fad1d613fb98bb
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5dfdf00359b7743919a732ae8eb80536ff206faaf16a99fcdd3f967aca1f81e7
605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65ffa0484d19931e97716c1d13cfa0c56f7a2b9ac5c422fc857dc1680e12ad2f
66bb8731526ca2f264a4ff3b68a2674f54d7e18420101a757bbf3857d1d45f69
67279c322cc6b5c37ab83ad7b7a201507f5be3df340fec03f97f80feb793a4c5
679e44f9b4bbbc2ad0c4000c1413fd3a88627d83f1cba8ebdac26f81bc7edb78
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
71fc1599035adc6bc34df2117b8631285905f97737ba730af28644ee6a0d8dde
72bdbb7030f7d820cfdf4c207d90135ba9dd456ee612dd01ae5147e7e24a16f9
73b9c61568b437763c1552c67d4516ed7014a4c5277af7bc6f104a1009a62e5f
78a54504adb9e6f1447b6895ae3664e3f3d670b7370b862511b53adefdf9a920
7a9cf10205d9af79b873f6199a2a50c7ff8375b8d4613b8570d27f206163dacf
8766e02ad2c9ac72885bec761c6034ea3917c8bd6844a4acbb111876efeaea44
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
8988627f7ef2e1b08e31a4f94754df3efb0601ed58fde2ee5e0121d40ed59e01
9290d74942a44dfff9436a1910299130efa64e05492a5292210205da5e02858b
939d7a7d1e3d9ba01e872498508970299f9fb72c6f997b5cb108cf143801fab9
97ee1ee60b05506f81c50fa17e768fdd653bae5750328129be0a71e40e7b8c37
9a19938485ca7f6c582d3f78d17d9e443d26b260cac24c9dd9499f70b5d28390
9a9445ab24b50fc0945fd327d2f78da39c09571d8a103c4eb946e655b4a33e73
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9d7da1b980a95ff3d31d0bb8733cbabd1d210ec601d15a1aac2b67394a33191d
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
9da3696f109e5729da0c6c20124ec49f9e8ed7dc39f6744ff81c1230c4a189e0
9fe7fd0f52bf4649f15292d7271c9cda421be53ff10ad192fdc7d834f575964f
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a2703ca1e7c3daeb0bf2ca00dca14c62a2f5af4977442edb034a796c74c8f3c1
a3c9b2b18240b181a21ba0eaa3d3770c1432444d1c0332904eea5a871daa7138
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd
a48dea362116d7516a2cf97066a32758d353760ee02dbf900ddff86b02a16473
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a601a672354e0a26c253b6df20998ec398fd0008318f4e7f5c2f70244af1481d
a68bf9c4aaff2bd7413c7e02fe5498d73cb3108ecdb08cc21b97c3f51462c1bd
a6ac622d38ff7386ff10f9d4fdf98898e1c1b08963329333177455579c8e0acc
a800c59c07101ac9e787ae10eb5d6a7124dd006d97db2ceae985a85488062556
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
a86bc8aa4ba39403c3e9a769d2c551a7f5dda0eb6bd261e97fd623d3303067b6
a920c72534b8a8c2c2dfc35e5779155ecde986a6155db7541ecdb143f0d22443
a97afd769b3d774563606be9e943789398af5a1bf3583c2bc9a81f99832aa2b2
aeb779d96af4bfa1b664c203d52fbd9ef573b84a31b34314668325fc784e1b13
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b14a289bb4b30985aa140342a95167075e997aba93e817028f6f3352de895c12
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b5bda00a5ec63e26748b9f40cf1356b3823db279199d74813874255c748657d2
b5e616193a9a5e9bbfe2bc8b0e984c3fa1b217dbffb16483cf36cdcbed0e33f1
b651d87ef113cba0c8ec8a33bfdb694171effeba56b20be12e3c77fc15f6ae9f
b6d39822e34f949768c8aa5d6c99e4cde5013f2221990bf58137e8e2913d4ba7
ba44cde83ffdd8f5cabc83d7d2b226d1ea7eb5661d8870fe5476045e18e06fd1
bc54379b6288f5970da471f0f64ca15f8c9e3a3819a0950608a45b7479d5a11f
bccb715aeac8a50b19f527b17f3a1e86142e1b8ad8711c3195ce297696feb490
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c4047043368afb4baf1aed25d358a5c2a333842a3b436b58491ab36aeee65b9d
c5418bee2b5eb509379e5146161267420c90f21ef5824f64ca9f7396a8f51dba
caa6c487780af6d29c42e7ef1f372041c8a56deaa9b4ed4edf5b10ddd79d7483
cbe6c2139a7ee9ef7c256c7bb137b2e26eeb351c4c762b1be45d8a22d950f295
cc8d4f0307cb7b2d1ddd75494c0feaedb06225b7fb2d3b9e87740a4fcce80e43
cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a
cff8c5b798dd1a69ce9460a203c10be59613887e25245f5c64916a51a1055d4c
d0460dfa53507eb6b050b3035d367ab5ddd0d2c7ccb31fe7a68fc6ac1cfbb2c2
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d43851a0d908b74efeec15b0506b65d920525f51fc1ac9a07035ff0c8ad65f37
d4fa0d437cf223272affdfa1317ff53f2efe40a79f81de6ebd4ce8a5b8412b45
d6e49f1d85f57c06002816ffafcb8bfa08d8850c7358cb45b26b7a4f78f73fc4
d73b123cd2ef3afda65cb6e76579341b1bb1f27faddb0dfc54875e7a05b0114b
d74858fa1bdb9c779a6b8a758993dc190aa1799b0c7c34e6d1d0555de0a9c5ba
daf99211008f6684b4aaa4daafa6832cf05ccd99f5910f48f6467a5c1ea08197
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
dfa1ecdb69b9ee93e87159bfcd4ad2b1248a7de0d6346fd42e0b600723ae7b6b
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c
e2b12f1467b61656d9e6478de3cc9c5fdf090ee4bb78aadb57e3e5de549cc0b4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3cb238c7630ba8bd60ede523b57d4b3619086b3c54c04297662d2fddc65c6c4
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e5eb6c4e3ff1fd8123d9549308f4385872cf2512b528220d2604a7339c059962
ea8e7f2662cdad99319e0494c9107d56d2adc56984a5576d2225dad9932dca12
ebd60eb21d467fd8be75e1ec6fbd0cd7bfb154c612fbaaf3808346b4bbacfade
ebe247394361a5211aea88c52bb8656d600db476adb931d07e49c2229aa41106
eebb7c9b62d8028d702b547bcef97e776ada693cbafa64161471b1f96f5d0556
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f066a6392f3732829e95d97ac2a3dfb7dc7d35fc88d71a4ef62ff8f70399326c
f275fbe2269942626ca375796a97b1149ade4cf301b8811e4fe86b5e96359334
f3971b50c2fef5d876fd6c9e71e3627e52a1b486c2d590756b352059319a6446
f3e682b00124448bfafa2a13f9183fd781ac9db488c7095077d1453ed887b330
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f748c3c04943d255e6ab77797c7807049ca509599abf09a3f849ace2965476c9
f7537fe48313beaa83766e1d4ed1269684c06d6717a0a6e08f560f9f130420f5
fb600cdf5e6233f0fe2a06dac23c8005eec7958c5588ee4b58ac17f589bcba52
fc78bc5b1642f5813e422a8fd249ab1931fb967af4138e94f16b91cc100c18ca
fcab803c6d01082f69e5510655ca566241f3a4fd3ee7aa1506b1308e2d069ccb
fdb5dbe983bea6021d034bf9bc12f07e95aff2211932627b80917f14678bec84

creditosaibamais.com Open in urlscan Pro 143.198.150.47 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

238 Requests

91 %HTTPS

53 %IPv6

37 Domains

59 Subdomains

49 IPs

7 Countries

3538 kBTransfer

7311 kBSize

34 Cookies

0 Outgoing links

Page URL History

Redirected requests

238 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

creditosaibamais.com Open in urlscan Pro
143.198.150.47 Public Scan

Screenshot
Live screenshot

Full Image

238
Requests

91 %
HTTPS

53 %
IPv6

37
Domains

59
Subdomains

49
IPs

7
Countries

3538 kB
Transfer

7311 kB
Size

34
Cookies

238 HTTP transactions
3 data transactions