stage-cliente.spiral.com.br Open in urlscan Pro
179.191.182.65  Public Scan

15 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response stage-cliente.spiral.com.br/	548 KB 119 KB	2668ms 1271ms	Document text/html	179.191.182.65 Azion Technologie...
General Check archive.org Show headers Download Go to Full URL https://stage-cliente.spiral.com.br/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR), Reverse DNS Software nginx / Resource Hash 2bf117e2a97de1a48adef385e48c43113bc9aba49498d3bce53acc7df5aa16f3 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.spiral.com.br *.kalunga.com.br; connect-src 'self' *.spiral.com.br *.kalunga.com.br analytics.google.com stats.g.doubleclick.net www.google-analytics.com; script-src 'self' *.spiral.com.br 'unsafe-inline' 'unsafe-eval' *.kalunga.com.br www.googletagmanager.com www.google.com bat.bing.com www.google-analytics.com googleads.g.doubleclick.net www.gstatic.com device.clearsale.com.br openfpcdn.io www.googleadservices.com apis.google.com; style-src 'self' *.spiral.com.br 'unsafe-inline' *.kalunga.com.br; img-src 'self' *.spiral.com.br *.kalunga.com.br www.google.com.br www.google.com www.googletagmanager.com www.google-analytics.com ad.doubleclick.net googleads.g.doubleclick.net device.clearsale.com.br data:; font-src 'self' *.spiral.com.br *.kalunga.com.br; frame-src 'self' *.spiral.com.br *.kalunga.com.br td.doubleclick.net *.fls.doubleclick.net www.google.com www.youtube.com; media-src 'self' *.spiral.com.br *.kalunga.com.br; object-src 'none'; base-uri 'self' *.spiral.com.br; form-action 'self' *.spiral.com.br:*; Strict-Transport-Security max-age=31536000; includeSubdomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers DNT, X-Mx-ReqToken, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type access-control-allow-methods GET, PUT, POST, DELETE, PATCH, OPTIONS, HEAD access-control-allow-origin * app-id stage.spiral cache-control no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 content-encoding br content-language pt-BR, en-US content-length 119741 content-security-policy upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.spiral.com.br *.kalunga.com.br; connect-src 'self' *.spiral.com.br *.kalunga.com.br analytics.google.com stats.g.doubleclick.net www.google-analytics.com; script-src 'self' *.spiral.com.br 'unsafe-inline' 'unsafe-eval' *.kalunga.com.br www.googletagmanager.com www.google.com bat.bing.com www.google-analytics.com googleads.g.doubleclick.net www.gstatic.com device.clearsale.com.br openfpcdn.io www.googleadservices.com apis.google.com; style-src 'self' *.spiral.com.br 'unsafe-inline' *.kalunga.com.br; img-src 'self' *.spiral.com.br *.kalunga.com.br www.google.com.br www.google.com www.googletagmanager.com www.google-analytics.com ad.doubleclick.net googleads.g.doubleclick.net device.clearsale.com.br data:; font-src 'self' *.spiral.com.br *.kalunga.com.br; frame-src 'self' *.spiral.com.br *.kalunga.com.br td.doubleclick.net *.fls.doubleclick.net www.google.com www.youtube.com; media-src 'self' *.spiral.com.br *.kalunga.com.br; object-src 'none'; base-uri 'self' *.spiral.com.br; form-action 'self' *.spiral.com.br:*; content-type text/html; charset=utf-8 date Sat, 10 Aug 2024 08:13:32 GMT server nginx strict-transport-security max-age=31536000; includeSubdomains; preload vary Accept-Encoding, Cookie x-azion-edge-pop PCK x-azion-request-id 9fac1969426b1c0a99b60f9d68d1cb45-38e124df x-content-type-options nosniff x-frame-options SAMEORIGIN x-xss-protection 1; mode=block
GET H3	200	api.js Show response www.google.com/recaptcha/	1 KB 961 B	171ms 34ms	Script text/javascript	2a00:1450:4001:802::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js Requested by Host: stage-cliente.spiral.com.br URL: https://stage-cliente.spiral.com.br/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 92a18a0b4174aa36108cbb94d474cbd5b8cbce7351029592eb92b7b8ebc04736 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://stage-cliente.spiral.com.br/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sat, 10 Aug 2024 08:13:33 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 1; mode=block expires Sat, 10 Aug 2024 08:13:33 GMT
GET H2	200	vanilla_mask.js Show response stage-cliente.spiral.com.br/static/mask/	4 KB 3 KB	234ms 233ms	Script application/javascript	179.191.182.65 Azion Technologie...
General Check archive.org Show headers Download Go to Full URL https://stage-cliente.spiral.com.br/static/mask/vanilla_mask.js Requested by Host: stage-cliente.spiral.com.br URL: https://stage-cliente.spiral.com.br/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR), Reverse DNS Software nginx / Resource Hash 81f35b1e88c5791e65ee7ee75ecf26957c5dd2fc105cf990b8c4d783f3e66240 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.spiral.com.br *.kalunga.com.br; connect-src 'self' *.spiral.com.br *.kalunga.com.br analytics.google.com stats.g.doubleclick.net www.google-analytics.com; script-src 'self' *.spiral.com.br 'unsafe-inline' 'unsafe-eval' *.kalunga.com.br www.googletagmanager.com www.google.com bat.bing.com www.google-analytics.com googleads.g.doubleclick.net www.gstatic.com device.clearsale.com.br openfpcdn.io www.googleadservices.com apis.google.com; style-src 'self' *.spiral.com.br 'unsafe-inline' *.kalunga.com.br; img-src 'self' *.spiral.com.br *.kalunga.com.br www.google.com.br www.google.com www.googletagmanager.com www.google-analytics.com ad.doubleclick.net googleads.g.doubleclick.net device.clearsale.com.br data:; font-src 'self' *.spiral.com.br *.kalunga.com.br; frame-src 'self' *.spiral.com.br *.kalunga.com.br td.doubleclick.net *.fls.doubleclick.net www.google.com www.youtube.com; media-src 'self' *.spiral.com.br *.kalunga.com.br; object-src 'none'; base-uri 'self' *.spiral.com.br; form-action 'self' *.spiral.com.br:*; Strict-Transport-Security max-age=31536000; includeSubdomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://stage-cliente.spiral.com.br/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sat, 10 Aug 2024 08:13:33 GMT content-encoding br x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubdomains; preload content-security-policy upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.spiral.com.br *.kalunga.com.br; connect-src 'self' *.spiral.com.br *.kalunga.com.br analytics.google.com stats.g.doubleclick.net www.google-analytics.com; script-src 'self' *.spiral.com.br 'unsafe-inline' 'unsafe-eval' *.kalunga.com.br www.googletagmanager.com www.google.com bat.bing.com www.google-analytics.com googleads.g.doubleclick.net www.gstatic.com device.clearsale.com.br openfpcdn.io www.googleadservices.com apis.google.com; style-src 'self' *.spiral.com.br 'unsafe-inline' *.kalunga.com.br; img-src 'self' *.spiral.com.br *.kalunga.com.br www.google.com.br www.google.com www.googletagmanager.com www.google-analytics.com ad.doubleclick.net googleads.g.doubleclick.net device.clearsale.com.br data:; font-src 'self' *.spiral.com.br *.kalunga.com.br; frame-src 'self' *.spiral.com.br *.kalunga.com.br td.doubleclick.net *.fls.doubleclick.net www.google.com www.youtube.com; media-src 'self' *.spiral.com.br *.kalunga.com.br; object-src 'none'; base-uri 'self' *.spiral.com.br; form-action 'self' *.spiral.com.br:*; app-id stage.spiral content-disposition inline; filename=vanilla_mask.js content-length 1518 x-xss-protection 1; mode=block x-azion-edge-pop PCK last-modified Wed, 14 Sep 2022 11:57:58 GMT server nginx etag "1663156678.0-3915-1557992807:br" x-frame-options SAMEORIGIN vary Accept-Encoding access-control-allow-methods GET, PUT, POST, DELETE, PATCH, OPTIONS, HEAD content-type application/javascript; charset=utf-8 access-control-allow-origin * content-language pt-BR, en-US cache-control no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 access-control-allow-credentials true x-azion-request-id 66578506840293b05e2ac63270f2beab-38e124df access-control-allow-headers DNT, X-Mx-ReqToken, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type
GET H2	200	recaptcha__de.js Show response www.gstatic.com/recaptcha/releases/_ZpyzC9NQw3gYt1GHTrnprhx/	534 KB 213 KB	184ms 21ms	Script text/javascript	2a00:1450:4001:82b::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/_ZpyzC9NQw3gYt1GHTrnprhx/recaptcha__de.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3e2c26febf7b51577d135dea6309dbbb01492c6e66dd157c3da5c7bdf293fc5f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://stage-cliente.spiral.com.br/ Origin https://stage-cliente.spiral.com.br User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sat, 10 Aug 2024 05:34:20 GMT content-encoding gzip x-content-type-options nosniff age 9553 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 217245 x-xss-protection 0 last-modified Tue, 06 Aug 2024 00:43:36 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Sun, 10 Aug 2025 05:34:20 GMT
GET H2	200	gtm.js Show response www.googletagmanager.com/	204 KB 71 KB	103ms 43ms	Script application/javascript	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-P3CNBM Requested by Host: stage-cliente.spiral.com.br URL: https://stage-cliente.spiral.com.br/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 66f72306d2ab955cb02e85b3fec4d6062030826b6e004a00d272b5f1d90c322e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://stage-cliente.spiral.com.br/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sat, 10 Aug 2024 08:13:33 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 72163 x-xss-protection 0 last-modified Sat, 10 Aug 2024 06:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Sat, 10 Aug 2024 08:13:33 GMT
GET H2	200	logo-spiral.svg img.kalunga.com.br/Responsivo/	2 KB 1 KB	842ms 609ms	Image image/svg+xml	2a02:26f0:e300::5f64:9208 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://img.kalunga.com.br/Responsivo/logo-spiral.svg Requested by Host: stage-cliente.spiral.com.br URL: https://stage-cliente.spiral.com.br/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:e300::5f64:9208 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Kalunga Resource Hash 15f38d08b1a3769d707069b784468a646cd93956679e48f8d2e894203f8f73ab Security Headers Name Value Strict-Transport-Security max-age=31536000 ; includeSubDomains Request headers Referer https://stage-cliente.spiral.com.br/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sat, 10 Aug 2024 08:13:34 GMT content-encoding gzip strict-transport-security max-age=31536000 ; includeSubDomains last-modified Wed, 14 Dec 2022 20:25:51 GMT etag "ec852942fafd91:0" x-powered-by Kalunga vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type image/svg+xml access-control-allow-origin * cache-control max-age=31386257 accept-ranges bytes access-control-allow-headers Content-Type, Authorization content-length 1061 expires Fri, 08 Aug 2025 14:37:51 GMT
POST H2	200	salvar-hub-spot stage-cliente.spiral.com.br/api/hub_spot/	20 B 0	240ms 238ms	Fetch application/json	179.191.182.65 Azion Technologie...
General Check archive.org Show headers Download Go to Full URL https://stage-cliente.spiral.com.br/api/hub_spot/salvar-hub-spot Requested by Host: stage-cliente.spiral.com.br URL: https://stage-cliente.spiral.com.br/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR), Reverse DNS Software nginx / Resource Hash Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.spiral.com.br *.kalunga.com.br; connect-src 'self' *.spiral.com.br *.kalunga.com.br analytics.google.com stats.g.doubleclick.net www.google-analytics.com; script-src 'self' *.spiral.com.br 'unsafe-inline' 'unsafe-eval' *.kalunga.com.br www.googletagmanager.com www.google.com bat.bing.com www.google-analytics.com googleads.g.doubleclick.net www.gstatic.com device.clearsale.com.br openfpcdn.io www.googleadservices.com apis.google.com; style-src 'self' *.spiral.com.br 'unsafe-inline' *.kalunga.com.br; img-src 'self' *.spiral.com.br *.kalunga.com.br www.google.com.br www.google.com www.googletagmanager.com www.google-analytics.com ad.doubleclick.net googleads.g.doubleclick.net device.clearsale.com.br data:; font-src 'self' *.spiral.com.br *.kalunga.com.br; frame-src 'self' *.spiral.com.br *.kalunga.com.br td.doubleclick.net *.fls.doubleclick.net www.google.com www.youtube.com; media-src 'self' *.spiral.com.br *.kalunga.com.br; object-src 'none'; base-uri 'self' *.spiral.com.br; form-action 'self' *.spiral.com.br:*; Strict-Transport-Security max-age=31536000; includeSubdomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept application/json User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Referer https://stage-cliente.spiral.com.br/ authorization Basic Vm9jZSBuYW8gdmFpIGFjaGFyIG5hZGEgYXF1aQo= x-csrftoken IjVhNTY2OGVjM2U0Mjg4MjVlZGExZDM3OGY2ZmYxM2RlNDhhZWFjOWMi.ZrchLA.obOit48jLKcYwUXbKOA1AugpRcM content-type application/json Response headers date Sat, 10 Aug 2024 08:13:33 GMT strict-transport-security max-age=31536000; includeSubdomains; preload x-content-type-options nosniff content-security-policy upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.spiral.com.br *.kalunga.com.br; connect-src 'self' *.spiral.com.br *.kalunga.com.br analytics.google.com stats.g.doubleclick.net www.google-analytics.com; script-src 'self' *.spiral.com.br 'unsafe-inline' 'unsafe-eval' *.kalunga.com.br www.googletagmanager.com www.google.com bat.bing.com www.google-analytics.com googleads.g.doubleclick.net www.gstatic.com device.clearsale.com.br openfpcdn.io www.googleadservices.com apis.google.com; style-src 'self' *.spiral.com.br 'unsafe-inline' *.kalunga.com.br; img-src 'self' *.spiral.com.br *.kalunga.com.br www.google.com.br www.google.com www.googletagmanager.com www.google-analytics.com ad.doubleclick.net googleads.g.doubleclick.net device.clearsale.com.br data:; font-src 'self' *.spiral.com.br *.kalunga.com.br; frame-src 'self' *.spiral.com.br *.kalunga.com.br td.doubleclick.net *.fls.doubleclick.net www.google.com www.youtube.com; media-src 'self' *.spiral.com.br *.kalunga.com.br; object-src 'none'; base-uri 'self' *.spiral.com.br; form-action 'self' *.spiral.com.br:*; content-encoding gzip app-id stage.spiral x-xss-protection 1; mode=block x-azion-edge-pop PCK server nginx vary Accept-Encoding, Accept-Encoding, Cookie access-control-allow-methods GET, PUT, POST, DELETE, PATCH, OPTIONS, HEAD content-type application/json content-language pt-BR, en-US access-control-allow-origin * x-frame-options SAMEORIGIN access-control-allow-credentials true cache-control no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 x-azion-request-id fb895fed975d4e9afe8a34b3d888e6ce-38e124df access-control-allow-headers DNT, X-Mx-ReqToken, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type
GET H3	200	anchor www.google.com/recaptcha/api2/ Frame 6484	0 0	113ms 85ms	Document text/html	2a00:1450:4001:802::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lef2c0ZAAAAAFR6Tst0RQ0yXFwsmNdDujPbgp72&co=aHR0cHM6Ly9zdGFnZS1jbGllbnRlLnNwaXJhbC5jb20uYnI6NDQz&hl=de&v=_ZpyzC9NQw3gYt1GHTrnprhx&size=invisible&cb=7vbatdpxzl1y Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/_ZpyzC9NQw3gYt1GHTrnprhx/recaptcha__de.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-Baur5-VjDf4JRl2sLy5LSA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://stage-cliente.spiral.com.br/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, no-store, max-age=0, must-revalidate content-encoding gzip content-security-policy script-src 'report-sample' 'nonce-Baur5-VjDf4JRl2sLy5LSA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-type text/html; charset=utf-8 cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin date Sat, 10 Aug 2024 08:13:33 GMT expires Mon, 01 Jan 1990 00:00:00 GMT pragma no-cache report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} server GSE x-content-type-options nosniff x-xss-protection 1; mode=block
GET H2	200	js Show response www.googletagmanager.com/gtag/	283 KB 97 KB	38ms 37ms	Script application/javascript	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-CH0B10LCZ8&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-P3CNBM Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash cbfe3e1c7edf9cc8bbc9009dfe1f6c41512f4f463675a8e2ab1f7b88c74fa188 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://stage-cliente.spiral.com.br/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sat, 10 Aug 2024 08:13:33 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 99444 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Sat, 10 Aug 2024 08:13:33 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 253 B	127ms 29ms	Ping text/plain	2a00:1450:400c:c07::9c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-CH0B10LCZ8&cid=1893120512.1723277614&gtm=45je4880v9123006744z86950808za200zb6950808&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0&tag_exp=0 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-CH0B10LCZ8&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://stage-cliente.spiral.com.br/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Sat, 10 Aug 2024 08:13:34 GMT server Golfe2 content-type text/plain access-control-allow-origin https://stage-cliente.spiral.com.br cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET		ga-audiences www.google.de/ads/	0 0
GET H2	200	favicon-32x32.png img.kalunga.com.br/spiral/	238 B 547 B	743ms 743ms	Other image/webp	2a02:26f0:e300::5f64:9208 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://img.kalunga.com.br/spiral/favicon-32x32.png Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:e300::5f64:9208 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Image Manager / Resource Hash 7f1dd084e3aa05e0e56962abf4eb518355ef0e907a80da257d953b8c9264cf40 Security Headers Name Value Strict-Transport-Security max-age=31536000 ; includeSubDomains Request headers Referer https://stage-cliente.spiral.com.br/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sat, 10 Aug 2024 08:13:35 GMT strict-transport-security max-age=31536000 ; includeSubDomains last-modified Thu, 08 Aug 2024 13:04:58 GMT server Akamai Image Manager x-serial 1089 etag "67c7d4f7769bd81:0" access-control-allow-methods GET, POST, OPTIONS content-type image/webp access-control-allow-origin * cache-control private, no-transform, max-age=31380632 access-control-allow-headers Content-Type, Authorization content-length 238 expires Fri, 08 Aug 2025 13:04:07 GMT
GET H3	200	bframe www.google.com/recaptcha/api2/ Frame 972A	0 0	36ms 34ms	Document text/html	2a00:1450:4001:802::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/bframe?hl=de&v=_ZpyzC9NQw3gYt1GHTrnprhx&k=6Lef2c0ZAAAAAFR6Tst0RQ0yXFwsmNdDujPbgp72 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/_ZpyzC9NQw3gYt1GHTrnprhx/recaptcha__de.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-ya8us2hsxny_2kprEvge_g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://stage-cliente.spiral.com.br/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, no-store, max-age=0, must-revalidate content-encoding gzip content-security-policy script-src 'report-sample' 'nonce-ya8us2hsxny_2kprEvge_g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-type text/html; charset=utf-8 cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin date Sat, 10 Aug 2024 08:13:34 GMT expires Mon, 01 Jan 1990 00:00:00 GMT pragma no-cache report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} server GSE x-content-type-options nosniff x-xss-protection 1; mode=block

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

www.google.de

URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-CH0B10LCZ8&cid=1893120512.1723277614&gtm=45je4880v9123006744z86950808za200zb6950808&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0&tag_exp=0&tag_exp=0&z=726588979

107 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 string| csrf_token string| token_cod_site object| dataLayer object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client function| __awaiter function| setlocalStorage function| getCookie function| clearCookie function| ObterToken function| ObterTokenUtilities function| newGUID function| AtualizarCarrinhoAssinaturaTopo function| ObterUsuarioLogado function| StringEquals function| NumberEquals function| GetCpfj function| GetFilial function| AdicionarProdutosBasketLista function| push_datalayer_360_add_to_cart_comprejunto function| push_datalayer_360_add_to_wishlist function| ComprarComCompreJuntoCheckBox function| push_datalayer_360_add_to_cart function| push_datalayer_360_add_to_cart_comprejunto_sugestao function| AdicionarProdutosBasket function| AdicionarProdutosClickRetireBasket function| AdicionarProdutosBasketComGarantia function| Comprar function| ComprarCompreJunto function| CarregarImagensLazyLoad function| AlterarSequenciaHtmlFiltradoBuscaP function| filtrarBuscaAll function| montarPaginacao function| UpDown function| UpDownCallback function| validateEmail function| iconPlus function| ObterDataLayer360ProductImpression function| ObterDataLayer360CheckoutSteps function| push_datalayer_360_product_click function| push_datalayer_promo_click function| OpenModal function| OpenModalFooterHide function| OpenModalDinamicHeight function| OpenModalDinamicTitleButton function| OpenModalMessage function| OpenModalMessageHtml function| ShadowBoxOpenHTM function| ShadowBoxOpenURL function| CloseModal function| OpenModalDinamicTitleButtonMessage function| OpenModalMessageHideButton function| OpenModalURLHideButton function| OpenModalMainDialog function| OpenModalDentroDeOutraModal function| OpenModalPrint function| OpenModalPageMain function| ComprarComGarantia function| push_datalayer_360_ga_event function| setCookie function| RedirecionarSacola function| showLoading function| hideLoading function| getBoolean function| ValidarSenhaForteConformacaoSenha function| ValidarRegrasSenhaForte function| ValidarSenhaForte function| AtualizarCarrinhoTopoSite function| maskFone function| ReenviarPin function| RemoverEspacos function| stringDateAnoMesDiaIsValid function| AvisoLoginSitePrefeitura function| SalvarHubSpot function| hasError function| showErrorWithoutForm function| removeErrorWithoutForm function| ValidarCampoObrigatorio function| Validar_Campos_Obrigatorios function| showError function| removeError function| validar function| $ function| jQuery number| uidEvent object| bootstrap function| VMasker function| MostraMaisOpcoes function| clientValidationLogin function| clientValidationLoginPin function| clientValidationAcesso function| callbackRecaptchaLogin function| callbackRecaptchaAcesso function| callbackRecaptchaPin function| EsqueciMinhaSenha function| clientValidationLoginEsqueciMinhaSenha function| callbackRecaptchaAlterarSenha object| closure_lm_321357 object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.google.com/recaptcha	1970-01-21 03:00:29	Name: _GRECAPTCHA Value: 09ABJXHI8YI-9fBzgA5P03Kep7S-PI28yeHXQkOQPJ0JVzi1V4BlDhFyWZYAl_zU87PDkZ5tRHExRIhPbVc6_btoU
			.spiral.com.br/	1970-01-20 23:24:18	Name: CookieID_OPS Value: 6ef2a034-56f0-11ef-ae99-baa2b77b3b41
			.spiral.com.br/	1969-12-31 23:59:59	Name: LojaSpiral Value: eyJjc3JmX3Rva2VuIjoiNWE1NjY4ZWMzZTQyODgyNWVkYTFkMzc4ZjZmZjEzZGU0OGFlYWM5YyJ9.ZrchLA.QlhwJMOIZDnwBA2wqFI8xlC8yUA
			stage-cliente.spiral.com.br/	1969-12-31 23:59:59	Name: s-cookie Value: 4178319276.20480.0000
			stage-cliente.spiral.com.br/	1970-01-21 07:26:53	Name: jsfingerprintck Value: RmluZ2VyUHJpbnQsa2V5OiBTdGFydCwgdmFsdWU6IEZpbmdlclByaW50LGtleTogdXNlckFnZW50LCB2YWx1ZTogTW96aWxsYSUyRjUuMCUyMChYMTElM0IlMjBMaW51eCUyMHg4Nl82NCklMjBBcHBsZVdlYktpdCUyRjUzNy4zNiUyMChLSFRNTCUyQyUyMGxpa2UlMjBHZWNrbyklMjBDaHJvbWUlMkYxMjcuMC4wLjAlMjBTYWZhcmklMkY1MzcuMzYsa2V5OiBhcHBOYW1lLCB2YWx1ZTogTmV0c2NhcGUsa2V5OiBhcHBDb2RlTmFtZSwgdmFsdWU6IE1vemlsbGEsa2V5OiBhcHBWZXJzaW9uLCB2YWx1ZTogNS4wJTIwKFgxMSUzQiUyMExpbnV4JTIweDg2XzY0KSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwKEtIVE1MJTJDJTIwbGlrZSUyMEdlY2tvKSUyMENocm9tZSUyRjEyNy4wLjAuMCUyMFNhZmFyaSUyRjUzNy4zNixrZXk6IGxhbmd1YWdlLCB2YWx1ZTogZGUtREUsa2V5OiBjb29raWVFbmFibGVkLCB2YWx1ZTogdHJ1ZSxrZXk6IHBsYXRmb3JtLCB2YWx1ZTogTGludXglMjB4ODZfNjQsa2V5OiBvbkxpbmUsIHZhbHVlOiB0cnVlLGtleTogdmVuZG9yLCB2YWx1ZTogR29vZ2xlJTIwSW5jLixrZXk6IHByb2R1Y3QsIHZhbHVlOiBHZWNrbyxrZXk6IHByb2R1Y3RTdWIsIHZhbHVlOiAyMDAzMDEwNw==
			.spiral.com.br/	1970-01-21 08:17:17	Name: _ga_CH0B10LCZ8 Value: GS1.1.1723277614.1.0.1723277614.60.0.0
			.spiral.com.br/	1970-01-21 08:17:17	Name: _ga Value: GA1.1.1893120512.1723277614

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-CH0B10LCZ8&l=dataLayer&cx=c(Line 196) Message: Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-CH0B10LCZ8&gtm=45je4880v9123006744z86950808za200zb6950808&_p=1723277613593&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=1893120512.1723277614&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1723277614&sct=1&seg=0&dl=https%3A%2F%2Fstage-cliente.spiral.com.br%2F&dt=Loja%20Spiral%20Brasil&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3635' because it violates the following Content Security Policy directive: "connect-src 'self' *.spiral.com.br *.kalunga.com.br analytics.google.com stats.g.doubleclick.net www.google-analytics.com".
javascript	error	URL: https://www.googletagmanager.com/gtag/js?id=G-CH0B10LCZ8&l=dataLayer&cx=c(Line 196) Message: Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-CH0B10LCZ8&gtm=45je4880v9123006744z86950808za200zb6950808&_p=1723277613593&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=1893120512.1723277614&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1723277614&sct=1&seg=0&dl=https%3A%2F%2Fstage-cliente.spiral.com.br%2F&dt=Loja%20Spiral%20Brasil&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3635' because it violates the document's Content Security Policy.
security	error	URL: https://stage-cliente.spiral.com.br/ Message: Refused to load the image 'https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-CH0B10LCZ8&cid=1893120512.1723277614&gtm=45je4880v9123006744z86950808za200zb6950808&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0&tag_exp=0&tag_exp=0&z=726588979' because it violates the following Content Security Policy directive: "img-src 'self' *.spiral.com.br *.kalunga.com.br www.google.com.br www.google.com www.googletagmanager.com www.google-analytics.com ad.doubleclick.net googleads.g.doubleclick.net device.clearsale.com.br data:".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-CH0B10LCZ8&l=dataLayer&cx=c(Line 196) Message: Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-CH0B10LCZ8&gtm=45je4880v9123006744za200zb6950808&_p=1723277613593&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=1893120512.1723277614&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=2&sid=1723277614&sct=1&seg=0&dl=https%3A%2F%2Fstage-cliente.spiral.com.br%2F&dt=Loja%20Spiral%20Brasil&en=user_engagement&_et=4640&tfd=8276' because it violates the following Content Security Policy directive: "connect-src 'self' *.spiral.com.br *.kalunga.com.br analytics.google.com stats.g.doubleclick.net www.google-analytics.com".
javascript	error	URL: https://www.googletagmanager.com/gtag/js?id=G-CH0B10LCZ8&l=dataLayer&cx=c(Line 196) Message: Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-CH0B10LCZ8&gtm=45je4880v9123006744za200zb6950808&_p=1723277613593&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=1893120512.1723277614&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=2&sid=1723277614&sct=1&seg=0&dl=https%3A%2F%2Fstage-cliente.spiral.com.br%2F&dt=Loja%20Spiral%20Brasil&en=user_engagement&_et=4640&tfd=8276' because it violates the document's Content Security Policy.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.spiral.com.br *.kalunga.com.br; connect-src 'self' *.spiral.com.br *.kalunga.com.br analytics.google.com stats.g.doubleclick.net www.google-analytics.com; script-src 'self' *.spiral.com.br 'unsafe-inline' 'unsafe-eval' *.kalunga.com.br www.googletagmanager.com www.google.com bat.bing.com www.google-analytics.com googleads.g.doubleclick.net www.gstatic.com device.clearsale.com.br openfpcdn.io www.googleadservices.com apis.google.com; style-src 'self' *.spiral.com.br 'unsafe-inline' *.kalunga.com.br; img-src 'self' *.spiral.com.br *.kalunga.com.br www.google.com.br www.google.com www.googletagmanager.com www.google-analytics.com ad.doubleclick.net googleads.g.doubleclick.net device.clearsale.com.br data:; font-src 'self' *.spiral.com.br *.kalunga.com.br; frame-src 'self' *.spiral.com.br *.kalunga.com.br td.doubleclick.net *.fls.doubleclick.net www.google.com www.youtube.com; media-src 'self' *.spiral.com.br *.kalunga.com.br; object-src 'none'; base-uri 'self' *.spiral.com.br; form-action 'self' *.spiral.com.br:*;
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

img.kalunga.com.br
stage-cliente.spiral.com.br
stats.g.doubleclick.net
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.google.de
179.191.182.65
2a00:1450:4001:802::2004
2a00:1450:4001:827::2008
2a00:1450:4001:82b::2003
2a00:1450:400c:c07::9c
2a02:26f0:e300::5f64:9208
15f38d08b1a3769d707069b784468a646cd93956679e48f8d2e894203f8f73ab
2bf117e2a97de1a48adef385e48c43113bc9aba49498d3bce53acc7df5aa16f3
3e2c26febf7b51577d135dea6309dbbb01492c6e66dd157c3da5c7bdf293fc5f
66f72306d2ab955cb02e85b3fec4d6062030826b6e004a00d272b5f1d90c322e
7f1dd084e3aa05e0e56962abf4eb518355ef0e907a80da257d953b8c9264cf40
81f35b1e88c5791e65ee7ee75ecf26957c5dd2fc105cf990b8c4d783f3e66240
92a18a0b4174aa36108cbb94d474cbd5b8cbce7351029592eb92b7b8ebc04736
cbfe3e1c7edf9cc8bbc9009dfe1f6c41512f4f463675a8e2ab1f7b88c74fa188
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855