www.creditsenligne.org Open in urlscan Pro
5.101.152.249 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.creditsenligne.org/
Submission: On March 29 via manual (March 29th 2022, 1:45:04 pm UTC) from FR — Scanned from FR

Summary HTTP 49 Redirects Behaviour Indicators

Summary

This website contacted 14 IPs in 3 countries across 11 domains to perform 49 HTTP transactions. The main IP is 5.101.152.249, located in Russian Federation and belongs to BEGET-AS, RU. The main domain is www.creditsenligne.org.

This is the only time www.creditsenligne.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Cetelem (Banking)

Domain & IP information

	IP Address	AS Autonomous System
16	5.101.152.249 5.101.152.249	198610 (BEGET-AS) (BEGET-AS)
8	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
2 3	88.212.201.204 88.212.201.204	39134 (UNITEDNET) (UNITEDNET)
7	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
49	14

16 5.101.152.249 (Russian Federation)

ASN198610 (BEGET-AS, RU)
PTR: m2.pinkman.beget.com

www.creditsenligne.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

themes.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 88.212.201.204 (Russian Federation) 2 redirects

ASN39134 (UNITEDNET, RU)
PTR: host204.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	creditsenligne.org www.creditsenligne.org	89 KB
15	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 118 tpc.googlesyndication.com — Cisco Umbrella Rank: 160	226 KB
6	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 61	38 KB
4	gstatic.com www.gstatic.com fonts.gstatic.com	48 KB
3	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 124 www.google.com — Cisco Umbrella Rank: 20	1 KB
3	yadro.ru 2 redirects counter.yadro.ru — Cisco Umbrella Rank: 5070	1 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 211	37 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 107	1 KB
1	google.fr adservice.google.fr — Cisco Umbrella Rank: 22707	792 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 908	651 B
1	googleusercontent.com themes.googleusercontent.com — Cisco Umbrella Rank: 13347	42 KB
49	11

	Domain	Requested by
16	www.creditsenligne.org	www.creditsenligne.org
8	pagead2.googlesyndication.com	www.creditsenligne.org pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
7	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
3	www.gstatic.com	googleads.g.doubleclick.net
3	counter.yadro.ru	2 redirects www.creditsenligne.org
2	www.google.com	1 redirects tpc.googlesyndication.com
1	fonts.gstatic.com	fonts.googleapis.com
1	www.googletagservices.com	googleads.g.doubleclick.net
1	fonts.googleapis.com	googleads.g.doubleclick.net
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.fr	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	themes.googleusercontent.com	www.creditsenligne.org
49	14

This site contains no links.

Subject Issuer	Validity	Valid
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.fr GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh

This page contains 8 frames:

Primary Page: http://www.creditsenligne.org/
Frame ID: C6CAD99484ACB2A904AC07797FD3196A
Requests: 26 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220324/r20190131/zrt_lookup.html
Frame ID: 6D725D48A33123046C1F04D515F4E414
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3312599976817765&output=html&h=280&slotname=2837852199&adk=2219945560&adf=3964536382&pi=t.ma~as.2837852199&w=990&fwrn=4&fwrnh=100&lmt=1648561500&rafmt=1&psa=0&format=990x280&url=http%3A%2F%2Fwww.creditsenligne.org%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1648561500538&bpp=4&bdt=391&idt=191&shv=r20220324&mjsv=m202203230101&ptt=9&saldr=aa&abxe=1&correlator=2066801083894&frm=20&pv=2&ga_vid=1586517485.1648561501&ga_sid=1648561501&ga_hid=895875061&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=305&ady=208&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31065858%2C31063246&oid=2&pvsid=3867226173524346&pem=654&tmod=923121776&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=mamwdLtZVX&p=http%3A//www.creditsenligne.org&dtd=204
Frame ID: 90C669793D181FF8F512B8FD934242FC
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3312599976817765&output=html&adk=1812271804&adf=3025194257&lmt=1648561500&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fwww.creditsenligne.org%2F&ea=0&pra=7&wgl=1&dt=1648561500551&bpp=1&bdt=404&idt=195&shv=r20220324&mjsv=m202203230101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280&nras=1&correlator=2066801083894&frm=20&pv=1&ga_vid=1586517485.1648561501&ga_sid=1648561501&ga_hid=895875061&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31065858%2C31063246&oid=2&pvsid=3867226173524346&pem=654&tmod=923121776&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=2&uci=a!2&fsb=1&dtd=199
Frame ID: C0F06C00AA49A75F8CDAC09355650B61
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 942D53A1638770D7EB7E7D22E42AE770
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/vukqqZMEwiKfO5iIQC2Qvig_P1EBwRi6HH-n7W3xhSE.js
Frame ID: ECC9370BC03D4846E933F6533B35C0F2
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: ADEFF5D2DDAB0B81F969A872CB5E47C8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B23FA6D3279DE4DBB7D8473F4854B8F5
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Credit en ligne rapide: consommation, voiture, immobilier, rachat de crédit, renouvelable

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

49
Requests

61 %
HTTPS

77 %
IPv6

11
Domains

14
Subdomains

14
IPs

3
Countries

484 kB
Transfer

1191 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15

http://counter.yadro.ru/hit?t25.1;r;s1600*1200*24;uhttp%3A//www.creditsenligne.org/;0.8131800445250499 HTTP 302
https://counter.yadro.ru/hit?t25.1;r;s1600*1200*24;uhttp%3A//www.creditsenligne.org/;0.8131800445250499 HTTP 302
https://counter.yadro.ru/hit?q;t25.1;r;s1600*1200*24;uhttp%3A//www.creditsenligne.org/;0.8131800445250499

Request Chain 37

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

49 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.creditsenligne.org/ 25 KB
8 KB 796ms
105ms Document
text/html 5.101.152.249
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://www.creditsenligne.org/
Protocol: HTTP/1.1
Server: 5.101.152.249 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: m2.pinkman.beget.com
Software: nginx-reuseport/1.21.1 / PHP/5.6.40
Resource Hash: b7b300142c483a35c211c37193eefb447c48c8a528c5de28b899bf8698542d4b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: fr-FR,fr;q=0.9

Response headers

Server: nginx-reuseport/1.21.1
Date: Tue, 29 Mar 2022 13:45:00 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40
Status: 404 Not Found
Content-Encoding: gzip

GET
H/1.1 200
OK window.css
www.creditsenligne.org/css/ 87 KB
16 KB 75ms
74ms Stylesheet
text/css 5.101.152.249
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://www.creditsenligne.org/css/window.css
Requested by: Host: www.creditsenligne.org
URL: http://www.creditsenligne.org/
Protocol: HTTP/1.1
Server: 5.101.152.249 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: m2.pinkman.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 59fe7472b5a45bb5a8af7c641e2d76c6a22ffa894bc59cbb6689afdb5afd92ea

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 13:45:00 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2016 15:09:19 GMT
Server: nginx-reuseport/1.21.1
ETag: W/"5851609f-15a4a"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=604800
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Expires: Tue, 05 Apr 2022 13:45:00 GMT

GET
H/1.1 200
OK style.css
www.creditsenligne.org/css/ 15 KB
4 KB 139ms
70ms Stylesheet
text/css 5.101.152.249
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://www.creditsenligne.org/css/style.css
Requested by: Host: www.creditsenligne.org
URL: http://www.creditsenligne.org/
Protocol: HTTP/1.1
Server: 5.101.152.249 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: m2.pinkman.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: f2473d01c7ea9d767cc16bae25382066e6ac688b5cc5ed242e96e515882bfdb8

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 13:45:00 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2016 15:20:27 GMT
Server: nginx-reuseport/1.21.1
ETag: W/"5851633b-3a2b"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=604800
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Expires: Tue, 05 Apr 2022 13:45:00 GMT

GET
H/1.1 200
OK jquery-1.7.1.min.js Show response
www.creditsenligne.org/js/ 92 KB
33 KB 147ms
77ms Script
application/x-javascript 5.101.152.249
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://www.creditsenligne.org/js/jquery-1.7.1.min.js
Requested by: Host: www.creditsenligne.org
URL: http://www.creditsenligne.org/
Protocol: HTTP/1.1
Server: 5.101.152.249 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: m2.pinkman.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 13:45:00 GMT
Content-Encoding: gzip
Last-Modified: Sat, 23 Apr 2016 17:00:21 GMT
Server: nginx-reuseport/1.21.1
ETag: W/"571baa25-16eac"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=604800
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Expires: Tue, 05 Apr 2022 13:45:00 GMT

GET
H/1.1 200
OK script.js Show response
www.creditsenligne.org/js/ 2 KB
1 KB 140ms
70ms Script
application/x-javascript 5.101.152.249
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://www.creditsenligne.org/js/script.js
Requested by: Host: www.creditsenligne.org
URL: http://www.creditsenligne.org/
Protocol: HTTP/1.1
Server: 5.101.152.249 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: m2.pinkman.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 64f594ad257c270f002562e8513283a94c6e9190a77f5ee20a048c71a7597a76

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 13:45:00 GMT
Content-Encoding: gzip
Last-Modified: Sat, 23 Apr 2016 17:00:21 GMT
Server: nginx-reuseport/1.21.1
ETag: W/"571baa25-664"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=604800
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Expires: Tue, 05 Apr 2022 13:45:00 GMT

GET
H/1.1 200
OK adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 154 KB
53 KB 83ms
45ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.creditsenligne.org
URL: http://www.creditsenligne.org/

Protocol

HTTP/1.1

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e61cd7802111a0a46074b59080d3ce8d3497dd2257afe822994c8fdca9f6315e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Timing-Allow-Origin: *
Date: Tue, 29 Mar 2022 13:45:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 9343736663183875068
Vary: Accept-Encoding, Origin
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Type: text/javascript; charset=UTF-8
Content-Length: 53834
X-XSS-Protection: 0
Expires: Tue, 29 Mar 2022 13:45:00 GMT

GET
H/1.1 200
OK les-meilleurs-credits-et-prets.png
www.creditsenligne.org/images/ 3 KB
4 KB 70ms
70ms Image
image/png 5.101.152.249
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.creditsenligne.org/images/les-meilleurs-credits-et-prets.png
Requested by: Host: www.creditsenligne.org
URL: http://www.creditsenligne.org/
Protocol: HTTP/1.1
Server: 5.101.152.249 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: m2.pinkman.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: ff4850c6f4c205a0c1105bdbc1f622b5f01f7649c241d28163eda190ca12ef9b

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 13:45:00 GMT
Last-Modified: Wed, 30 Nov 2016 17:00:34 GMT
Server: nginx-reuseport/1.21.1
ETag: "583f05b2-ce0"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 3296
Expires: Thu, 28 Apr 2022 13:45:00 GMT

GET
H/1.1 200
OK floabank.png
www.creditsenligne.org/foto/1/biblioteka/ 5 KB
5 KB 71ms
71ms Image
image/png 5.101.152.249
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.creditsenligne.org/foto/1/biblioteka/floabank.png
Requested by: Host: www.creditsenligne.org
URL: http://www.creditsenligne.org/
Protocol: HTTP/1.1
Server: 5.101.152.249 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: m2.pinkman.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: b8ad9bf69a25749260249773b32fa73bee5ff3fa3631b53af176d3902250e55d

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 13:45:00 GMT
Last-Modified: Mon, 23 Nov 2020 21:25:55 GMT
Server: nginx-reuseport/1.21.1
ETag: "5fbc28e3-12a6"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 4774
Expires: Thu, 28 Apr 2022 13:45:00 GMT

GET
H/1.1 200
OK cetelem.png
www.creditsenligne.org/foto/1/biblioteka/ 6 KB
6 KB 70ms
69ms Image
image/png 5.101.152.249
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.creditsenligne.org/foto/1/biblioteka/cetelem.png
Requested by: Host: www.creditsenligne.org
URL: http://www.creditsenligne.org/
Protocol: HTTP/1.1
Server: 5.101.152.249 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: m2.pinkman.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 297584023e77ca109c4b031456e441ed022300ee00d9f30bc1e1b61b2570bf0b

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 13:45:00 GMT
Last-Modified: Tue, 05 Feb 2019 11:49:56 GMT
Server: nginx-reuseport/1.21.1
ETag: "5c597864-16d3"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 5843
Expires: Thu, 28 Apr 2022 13:45:00 GMT

GET
H/1.1 200
OK ing-direct.png
www.creditsenligne.org/foto/1/biblioteka/ 2 KB
3 KB 69ms
69ms Image
image/png 5.101.152.249
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.creditsenligne.org/foto/1/biblioteka/ing-direct.png
Requested by: Host: www.creditsenligne.org
URL: http://www.creditsenligne.org/
Protocol: HTTP/1.1
Server: 5.101.152.249 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: m2.pinkman.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 68d1b1de5736a5fada9fca08f73ef75661968decea5d8b6da56419b7ad44eb32

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 13:45:00 GMT
Last-Modified: Mon, 19 Dec 2016 14:20:03 GMT
Server: nginx-reuseport/1.21.1
ETag: "5857ec93-983"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 2435
Expires: Thu, 28 Apr 2022 13:45:00 GMT

GET
H/1.1 200
OK credigo.png
www.creditsenligne.org/foto/1/biblioteka/ 2 KB
2 KB 140ms
69ms Image
image/png 5.101.152.249
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.creditsenligne.org/foto/1/biblioteka/credigo.png
Requested by: Host: www.creditsenligne.org
URL: http://www.creditsenligne.org/
Protocol: HTTP/1.1
Server: 5.101.152.249 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: m2.pinkman.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 5e9b1e4af32764b6a399d712e2f15d8df213b26aad3c85cf99bda636316e595c

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 13:45:00 GMT
Last-Modified: Thu, 01 Dec 2016 15:16:38 GMT
Server: nginx-reuseport/1.21.1
ETag: "58403ed6-865"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 2149
Expires: Thu, 28 Apr 2022 13:45:00 GMT

GET
H/1.1 200
OK sok.js Show response
www.creditsenligne.org/js/ 222 B
565 B 71ms
70ms Script
application/x-javascript 5.101.152.249
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://www.creditsenligne.org/js/sok.js
Requested by: Host: www.creditsenligne.org
URL: http://www.creditsenligne.org/
Protocol: HTTP/1.1
Server: 5.101.152.249 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: m2.pinkman.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: c11bf61eca6b222bb77769c4b8c267fc98db2ca17230e307bdb114e26aa208d0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 13:45:00 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Dec 2016 16:10:41 GMT
Server: nginx-reuseport/1.21.1
ETag: W/"58404b81-de"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=604800
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Expires: Tue, 05 Apr 2022 13:45:00 GMT

GET
H/1.1 200
OK border6.png
www.creditsenligne.org/images/ 280 B
624 B 140ms
70ms Image
image/png 5.101.152.249
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.creditsenligne.org/images/border6.png
Requested by: Host: www.creditsenligne.org
URL: http://www.creditsenligne.org/css/window.css
Protocol: HTTP/1.1
Server: 5.101.152.249 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: m2.pinkman.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 6aee12d38f3a52fa448e4d8bf0e08f15b09e49e1bf9f33f5b53ef27bd02c4d03

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/css/window.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 13:45:00 GMT
Last-Modified: Sat, 23 Apr 2016 17:00:11 GMT
Server: nginx-reuseport/1.21.1
ETag: "571baa1b-118"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 280
Expires: Thu, 28 Apr 2022 13:45:00 GMT

GET
H/1.1 200
OK bgtr.png
www.creditsenligne.org/images/ 571 B
915 B 111ms
69ms Image
image/png 5.101.152.249
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.creditsenligne.org/images/bgtr.png
Requested by: Host: www.creditsenligne.org
URL: http://www.creditsenligne.org/css/window.css
Protocol: HTTP/1.1
Server: 5.101.152.249 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: m2.pinkman.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: c4c49f83dfb9805e2cbb5beee0dd74120da7ee8b01cf5c40b9c73a5af9cbc0ae

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/css/window.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 13:45:00 GMT
Last-Modified: Sat, 23 Apr 2016 17:00:11 GMT
Server: nginx-reuseport/1.21.1
ETag: "571baa1b-23b"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 571
Expires: Thu, 28 Apr 2022 13:45:00 GMT

GET
H/1.1 200
OK ok.png
www.creditsenligne.org/images/ 559 B
903 B 118ms
69ms Image
image/png 5.101.152.249
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.creditsenligne.org/images/ok.png
Requested by: Host: www.creditsenligne.org
URL: http://www.creditsenligne.org/css/style.css
Protocol: HTTP/1.1
Server: 5.101.152.249 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: m2.pinkman.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: c4d3498ce63b188a2fd57091563e6fa47fc588595e15e1a07095d45d3160020d

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 13:45:00 GMT
Last-Modified: Sat, 23 Apr 2016 17:00:11 GMT
Server: nginx-reuseport/1.21.1
ETag: "571baa1b-22f"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 559
Expires: Thu, 28 Apr 2022 13:45:00 GMT

GET
H/1.1 200
OK k3k702ZOKiLJc3WVjuplzBa1RVmPjeKy21_GQJaLlJI.woff
themes.googleusercontent.com/static/fonts/opensans/v6/ 42 KB
42 KB 49ms
25ms Font
font/woff 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://themes.googleusercontent.com/static/fonts/opensans/v6/k3k702ZOKiLJc3WVjuplzBa1RVmPjeKy21_GQJaLlJI.woff

Requested by

Host: www.creditsenligne.org
URL: http://www.creditsenligne.org/css/window.css

Protocol

HTTP/1.1

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dc99b2c95cc04c80e160d54063242bfd2809504e909a95c6f82d4eb466d4bdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.creditsenligne.org/
Origin: http://www.creditsenligne.org
Accept-Language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 01:08:51 GMT
X-Content-Type-Options: nosniff
Age: 45369
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 42660
X-XSS-Protection: 0
Last-Modified: Tue, 22 Oct 2019 18:15:00 GMT
Server: sffe
Vary: Accept-Encoding
Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
Content-Type: font/woff
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
Expires: Wed, 29 Mar 2023 01:08:51 GMT

GET
H/1.1

200
OK

hit
counter.yadro.ru/
Redirect Chain

http://counter.yadro.ru/hit?t25.1;r;s1600*1200*24;uhttp%3A//www.creditsenligne.org/;0.8131800445250499
https://counter.yadro.ru/hit?t25.1;r;s1600*1200*24;uhttp%3A//www.creditsenligne.org/;0.8131800445250499
https://counter.yadro.ru/hit?q;t25.1;r;s1600*1200*24;uhttp%3A//www.creditsenligne.org/;0.8131800445250499

98 B
583 B

59ms
59ms

Image
image/gif

88.212.201.204
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit?q;t25.1;r;s1600*1200*24;uhttp%3A//www.creditsenligne.org/;0.8131800445250499

Requested by

Host: www.creditsenligne.org
URL: http://www.creditsenligne.org/

Protocol

HTTP/1.1

Server

88.212.201.204 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host204.rax.ru

Software

nginx/1.17.9 /

Resource Hash

be84333975597c86b48fc19be37194f5bee64f84beea2895086ad9db886ceebc

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 29 Mar 2022 13:45:20 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Access-Control-Allow-Origin: *
Cache-control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 98
Expires: Sun, 28 Mar 2021 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 29 Mar 2022 13:45:20 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Location: https://counter.yadro.ru/hit?q;t25.1;r;s1600*1200*24;uhttp%3A//www.creditsenligne.org/;0.8131800445250499
Cache-control: no-cache
Connection: keep-alive
Content-Type: text/html
Content-Length: 32
Expires: Sun, 28 Mar 2021 21:00:00 GMT

GET
H/1.1 200
OK btn7.png
www.creditsenligne.org/images/ 2 KB
2 KB 97ms
69ms Image
image/png 5.101.152.249
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.creditsenligne.org/images/btn7.png
Requested by: Host: www.creditsenligne.org
URL: http://www.creditsenligne.org/css/window.css
Protocol: HTTP/1.1
Server: 5.101.152.249 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: m2.pinkman.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 77eab9a39348e669eb2d9946846d90bbddb03acd2b2822d7c022029ef51950c5

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/css/window.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 13:45:00 GMT
Last-Modified: Sat, 23 Apr 2016 17:00:11 GMT
Server: nginx-reuseport/1.21.1
ETag: "571baa1b-764"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 1892
Expires: Thu, 28 Apr 2022 13:45:00 GMT

GET
H/1.1 200
OK btn3.png
www.creditsenligne.org/images/ 2 KB
3 KB 97ms
69ms Image
image/png 5.101.152.249
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.creditsenligne.org/images/btn3.png
Requested by: Host: www.creditsenligne.org
URL: http://www.creditsenligne.org/css/window.css
Protocol: HTTP/1.1
Server: 5.101.152.249 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: m2.pinkman.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 206d1b6f84fe472bfda4d79df32522915c2c8058e590d72d6e7edc1c295db683

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/css/window.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 13:45:00 GMT
Last-Modified: Sat, 23 Apr 2016 17:00:11 GMT
Server: nginx-reuseport/1.21.1
ETag: "571baa1b-945"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=30
Content-Length: 2373
Expires: Thu, 28 Apr 2022 13:45:00 GMT

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203230101/ 296 KB
107 KB 113ms
57ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203230101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3312599976817765&plah=www.creditsenligne.org&bust=31065858

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ce5a84f9f01c6d84017cc43883cb3cdaa94618bc0d7987222290235cca76fe55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 13:45:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 109243
x-xss-protection: 0
server: cafe
etag: 8353202469613119753
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 29 Mar 2022 13:45:00 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220324/r20190131/ Frame 6D72 10 KB
5 KB 82ms
25ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220324/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4502
x-xss-protection: 0
date: Tue, 29 Mar 2022 11:23:19 GMT
expires: Tue, 12 Apr 2022 11:23:19 GMT
cache-control: public, max-age=1209600
age: 8501
etag: 4044455266028820542
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 222 B
651 B 115ms
35ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.creditsenligne.org&callback=_gfp_s_&client=ca-pub-3312599976817765

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203230101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3312599976817765&plah=www.creditsenligne.org&bust=31065858

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

77f8080a5353303c8d7b9422bb0379e7afb9057456b9570e22190ef13e743ab9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 13:45:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 207
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.fr/adsid/ 107 B
792 B 131ms
34ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=www.creditsenligne.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 13:45:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 96ms
33ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.creditsenligne.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 13:45:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 90C6 93 KB
33 KB 673ms
671ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3312599976817765&output=html&h=280&slotname=2837852199&adk=2219945560&adf=3964536382&pi=t.ma~as.2837852199&w=990&fwrn=4&fwrnh=100&lmt=1648561500&rafmt=1&psa=0&format=990x280&url=http%3A%2F%2Fwww.creditsenligne.org%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1648561500538&bpp=4&bdt=391&idt=191&shv=r20220324&mjsv=m202203230101&ptt=9&saldr=aa&abxe=1&correlator=2066801083894&frm=20&pv=2&ga_vid=1586517485.1648561501&ga_sid=1648561501&ga_hid=895875061&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=305&ady=208&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31065858%2C31063246&oid=2&pvsid=3867226173524346&pem=654&tmod=923121776&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=mamwdLtZVX&p=http%3A//www.creditsenligne.org&dtd=204

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2eb87d0adb55bff5e7123a376724324f3c3cc38b870431d7fe71bc34ded565f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 29 Mar 2022 13:45:01 GMT
server: cafe
content-length: 33161
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 29 Mar 2022 13:45:01 GMT
cache-control: private

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C0F0 0
179 B 115ms
114ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3312599976817765&output=html&adk=1812271804&adf=3025194257&lmt=1648561500&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fwww.creditsenligne.org%2F&ea=0&pra=7&wgl=1&dt=1648561500551&bpp=1&bdt=404&idt=195&shv=r20220324&mjsv=m202203230101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280&nras=1&correlator=2066801083894&frm=20&pv=1&ga_vid=1586517485.1648561501&ga_sid=1648561501&ga_hid=895875061&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31065858%2C31063246&oid=2&pvsid=3867226173524346&pem=654&tmod=923121776&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=2&uci=a!2&fsb=1&dtd=199

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 29 Mar 2022 13:45:00 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 29 Mar 2022 13:45:00 GMT
cache-control: private

GET
H2 200 583c04eba622323b1bc7d6fda2f57e1e.js Show response
www.gstatic.com/mysidia/ Frame 90C6 9 KB
4 KB 85ms
26ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/583c04eba622323b1bc7d6fda2f57e1e.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3312599976817765&output=html&h=280&slotname=2837852199&adk=2219945560&adf=3964536382&pi=t.ma~as.2837852199&w=990&fwrn=4&fwrnh=100&lmt=1648561500&rafmt=1&psa=0&format=990x280&url=http%3A%2F%2Fwww.creditsenligne.org%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1648561500538&bpp=4&bdt=391&idt=191&shv=r20220324&mjsv=m202203230101&ptt=9&saldr=aa&abxe=1&correlator=2066801083894&frm=20&pv=2&ga_vid=1586517485.1648561501&ga_sid=1648561501&ga_hid=895875061&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=305&ady=208&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31065858%2C31063246&oid=2&pvsid=3867226173524346&pem=654&tmod=923121776&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=mamwdLtZVX&p=http%3A//www.creditsenligne.org&dtd=204

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b968113e586107906911e61864086ba097b7b45cf857c0de3c4fd20963a90e61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 03:02:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38574
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3720
x-xss-protection: 0
last-modified: Thu, 24 Mar 2022 02:46:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 27 Jun 2022 03:02:07 GMT

GET
H2 200 d153763d065fc486a30a5318c8635961.js Show response
www.gstatic.com/mysidia/ Frame 90C6 8 KB
4 KB 87ms
28ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/d153763d065fc486a30a5318c8635961.js?tag=text/vanilla_highlight

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae3a15a3e9733515bb33d29c4820b33c0bcaf30a522fd034ea68d104939901d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 19:34:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65440
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3697
x-xss-protection: 0
last-modified: Thu, 24 Mar 2022 02:46:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 26 Jun 2022 19:34:21 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 90C6 8 KB
1 KB 92ms
34ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 29 Mar 2022 12:13:54 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 29 Mar 2022 13:45:01 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 29 Mar 2022 13:45:01 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/ Frame 90C6 2 KB
904 B 59ms
24ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 13:28:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1020
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 13:28:01 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220324/r20110914/ Frame 90C6 19 KB
8 KB 86ms
24ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220324/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 13:43:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7871
x-xss-protection: 0
server: cafe
etag: 7397949449432438406
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 13:43:32 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/ Frame 90C6 2 KB
1 KB 58ms
24ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 13:41:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 198
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 13:41:43 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/ Frame 90C6 15 KB
6 KB 80ms
26ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 13:41:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 209
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 13:41:32 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 90C6 119 KB
37 KB 108ms
35ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 13:45:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 13:45:01 GMT

GET
H3 200 c5c2d0ec538305d3144caccb9e9ba20c.js Show response
www.gstatic.com/mysidia/ Frame 90C6 28 KB
12 KB 57ms
24ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/c5c2d0ec538305d3144caccb9e9ba20c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

56b292bab6c777111694aa0bffda487c3108b1e83091ea8471e316272f9d1aff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 11:21:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 267808
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11812
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 03:00:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 24 Jun 2022 11:21:33 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 90C6 0
0 55ms
55ms Fetch
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CalZtXA1DYt_tL4mT3gP-_a7wCanst_to_9zppKcN0vWKkIMPEAEg-oG6GGD7AaAB_e290QPIAQGpArDO0PjXhLI-qAMByAPDBKoExgFP0Kct0RRU3g9VwLjBaWOOc1VU2FImII-1lnOLthOGBaQw0rbr8GMhjd7bBUQ0ujq50XnkY4cIZ-wCUXHmu8oPBvJHAjXqR-Q7xG5vlHvQmMKYJe97dRZC1k0-tzsa4FcM9Nup8mxP6oSsC0QJ_1BJvucMLF1aHRDv0NX5f7a3GoCF9hS2w0fB8DxnlwHtLf7ujnlXi4TKmjq4FCBSdc5GCrZBFIDt_5t3mV13hSELY-YK6egb9GbF-5nFAcnyCmMS1vTRYLnABIO5stPSA5IFBAgEGAGSBQQIBRgEoAZmgAfrkcIuqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwUQkOfHAtIICQiA4YAQEAEYH4AKAcgLAdgTDYgUAdAVAYAXAbIXHAoaCAASFHB1Yi0zMzEyNTk5OTc2ODE3NzY1GAA&sigh=fHU5iPd2_kw&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3312599976817765&output=html&h=280&slotname=2837852199&adk=2219945560&adf=3964536382&pi=t.ma~as.2837852199&w=990&fwrn=4&fwrnh=100&lmt=1648561500&rafmt=1&psa=0&format=990x280&url=http%3A%2F%2Fwww.creditsenligne.org%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1648561500538&bpp=4&bdt=391&idt=191&shv=r20220324&mjsv=m202203230101&ptt=9&saldr=aa&abxe=1&correlator=2066801083894&frm=20&pv=2&ga_vid=1586517485.1648561501&ga_sid=1648561501&ga_hid=895875061&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=305&ady=208&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31065858%2C31063246&oid=2&pvsid=3867226173524346&pem=654&tmod=923121776&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=mamwdLtZVX&p=http%3A//www.creditsenligne.org&dtd=204
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 29 Mar 2022 13:45:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 29 Mar 2022 13:45:01 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 942D 143 B
163 B 25ms
24ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3312599976817765&output=html&h=280&slotname=2837852199&adk=2219945560&adf=3964536382&pi=t.ma~as.2837852199&w=990&fwrn=4&fwrnh=100&lmt=1648561500&rafmt=1&psa=0&format=990x280&url=http%3A%2F%2Fwww.creditsenligne.org%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1648561500538&bpp=4&bdt=391&idt=191&shv=r20220324&mjsv=m202203230101&ptt=9&saldr=aa&abxe=1&correlator=2066801083894&frm=20&pv=2&ga_vid=1586517485.1648561501&ga_sid=1648561501&ga_hid=895875061&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=305&ady=208&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31065858%2C31063246&oid=2&pvsid=3867226173524346&pem=654&tmod=923121776&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=mamwdLtZVX&p=http%3A//www.creditsenligne.org&dtd=204

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Tue, 29 Mar 2022 13:05:33 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 2368
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 90C6 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c0f5c3189a0b799c6518530b8524f7688ba1ad0eb6751707e054214479a38bcc

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 942D
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

88ms
87ms

Document
text/html

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 29 Mar 2022 13:45:01 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 29 Mar 2022 13:45:01 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 29 Mar 2022 13:45:01 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v42/ Frame 90C6 28 KB
28 KB 83ms
26ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v42/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a67d07f733785876b3192826e76f537e2b9dc0be172ce52c773d30d65f712a07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 22:46:42 GMT
x-content-type-options: nosniff
age: 572299
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28328
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 21:57:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Mar 2023 22:46:42 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 79ms
46ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220324&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4fe4965a0072cea406fc86939d866a93bb1251c3439506d3f693b1fdb08ad063

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 13:45:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10755
x-xss-protection: 0

GET
H3 200 vukqqZMEwiKfO5iIQC2Qvig_P1EBwRi6HH-n7W3xhSE.js Show response
pagead2.googlesyndication.com/bg/ Frame ECC9 35 KB
13 KB 58ms
25ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vukqqZMEwiKfO5iIQC2Qvig_P1EBwRi6HH-n7W3xhSE.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bee92aa99304c2229f3b9888402d90be283f3f5101c118ba1c7fa7ed6df18521

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 12:29:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4509
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13603
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 29 Mar 2023 12:29:52 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 70ms
70ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 13:45:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 13:45:02 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame ADEF 13 KB
5 KB 25ms
25ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Mar 2022 13:27:14 GMT
expires: Wed, 29 Mar 2023 13:27:14 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 1068
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B23F 783 B
535 B 68ms
33ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

db6468ab959eb563df70a740d62625d1430a60712f383e10e677fe73fa30ecb0

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fm7TvJWbQdLQ9RVBVlvIig' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 29 Mar 2022 13:45:02 GMT
date: Tue, 29 Mar 2022 13:45:02 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-fm7TvJWbQdLQ9RVBVlvIig' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 vukqqZMEwiKfO5iIQC2Qvig_P1EBwRi6HH-n7W3xhSE.js Show response
pagead2.googlesyndication.com/bg/ Frame ADEF 35 KB
13 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vukqqZMEwiKfO5iIQC2Qvig_P1EBwRi6HH-n7W3xhSE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bee92aa99304c2229f3b9888402d90be283f3f5101c118ba1c7fa7ed6df18521

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 12:29:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4510
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13603
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 29 Mar 2023 12:29:52 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B23F 0
0 62ms
62ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220324&jk=3867226173524346&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame ADEF 0
9 B 24ms
24ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?3rLR4w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 13:45:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 64ms
64ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220324&jk=3867226173524346&bg=!TE-lTwvNAAbzJazn0yU7ACkAdvg8Wu8Mh5kvV48W9PUob9aQTFTOqADnGSRL33LSYX9qlEpyRV225wIAAABSUgAAAAJoAQeZAuPJbpxAkfXBB9jKyatLuIVTF1lSPy2ogDT2GLNURXF41E6n2B7B332dRjBTyaLpAIF1DRCU4-Tok2eY3MUmof8zmt8PZbMZoR4_km7dGw_qkjf2eY2UDdXQQuhxJAsnk4VLEUSiaX0HXKX7qcXo5Av31xTcFtNm9Pw9-KrJfdZGxuUIqcHLsDJuNfdcmsSJORdeUJBlBykI5_thKnGp3QYps3T1TSpJrGEH0K8we6sSFMYFKyGrRIOe_vhA6DT4tWF9oaVcNrgn_qKIl-utGZSUioyK1ZDyC3MEbqaSXszgfdOhicvcQ7o-qL6xbYW83Lrdhs60kFW0ecIcVPP412UFX4UG6zPiIDsAclWs4RKyWM-uPxAL4ERquHH-lS-qamiXId_alKADVdcrpYFxm8E3qmVSfrBlmcMRqLUM-jopS4yH7diVSAQURcdqHQXgq2TFdrOTPuLpqNeyXlnkoiuHfD8yfV2MVL1DtkrE1j2kVo6RVxb8t-vcjrQdtZvfUIIWe1QAK6Vy2v6QxuJDA_GNjCZBHG-CtYwWtnmd_t9kS3H--vg8_BZiCqCRuTLTy3o-RVs5M06IywA5kf-V99MIbWyqp5OIAoI4XHG10gZ1WUspqA6rOknxeG-Fhf_09SkTJPuQZgMGua43uvMawYnnfz_MLSTu2SSkqVU6cfMnD5LvqRWUoWxhyswq0CxH2Di3bxMPqlRFpj_VVq1gY-Pk7rYfAY-UHrGasgMJQwOInG3_5pWgvQttYH-cZjXeEUlh_Z6vE-KUNk1DZyjI6Vptju1YWrrl0BvoNG9xEbtLnLR_-0FFvm6ut6sIIiGdHZO5giUxWAgoN4CgliEFri0jUIPktB_tAuT2ygMamT9fQUztPsPeg6kKfg5jGUrgnu-Zb9pKEi5RsIxeVxhr9B79MdBDP3Bokc0ISlViLdG5RFuEWrhT-Fq2DQvRQzBNf-k20ceIgjM70hqBW6D18yYHB0My

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: http://www.creditsenligne.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 13:45:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 90C6 42 B
64 B 65ms
64ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssrpGyEo4-RZ8yUz7J20L3XjbtAsTgVCo4IHv8BoC0n3KEYCzUkgnQJRMAYgNJyratNjE7t4F5e5TA-vei9etfEG-XLcCp_iO7HgORkpX7CRVevz6DPRA&sai=AMfl-YTA1Inl2p-bwkiL7dDNprp7-Qla0OmtEjuumdJ_8p6r7Tep6FfZw3ANxeJT8-MRA6WqAAOtVRWR0Jip&sig=Cg0ArKJSzBcXZL5V4-9iEAE&id=lidar2&mcvt=1000&p=0,0,280,990&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220323&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2219945560&rs=2&la=1&cr=0&vs=4&r=v&rst=1648561500743&rpt=1146&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 13:45:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Cetelem (Banking)

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.yadro.ru/	1970-01-20 10:40:37	Name: FTID Value: 1YGmrm3vorOI1YGmrm002Pbh
.creditsenligne.org/	1970-01-20 11:17:37	Name: __gads Value: ID=ca3e17797f84cea8-22a5b3e967cd00f9:T=1648561500:RT=1648561500:S=ALNI_MYZyvbqOEDq84m4kMuTiA5zj90jYQ
.yadro.ru/	1970-01-20 10:40:37	Name: VID Value: 3WbDll3ByzOI1YGmrm002PfA
.doubleclick.net/	1970-01-20 11:17:37	Name: IDE Value: AHWqTUnrSlUWI5S4aGiIHr61O6QGa8pUFt_dV3Kr78d0Ix-sg-WIE8P0orPh5nrRd0Y
.doubleclick.net/	1970-01-20 01:56:05	Name: DSID Value: NO_DATA

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.fr
counter.yadro.ru
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
partner.googleadservices.com
themes.googleusercontent.com
tpc.googlesyndication.com
www.creditsenligne.org
www.google.com
www.googletagservices.com
www.gstatic.com
142.250.186.98
2a00:1450:4001:803::2002
2a00:1450:4001:808::2003
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:811::200a
2a00:1450:4001:828::2003
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2004
2a00:1450:4001:830::2001
2a00:1450:4001:831::2001
5.101.152.249
88.212.201.204
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726
206d1b6f84fe472bfda4d79df32522915c2c8058e590d72d6e7edc1c295db683
297584023e77ca109c4b031456e441ed022300ee00d9f30bc1e1b61b2570bf0b
2eb87d0adb55bff5e7123a376724324f3c3cc38b870431d7fe71bc34ded565f2
30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff
4fe4965a0072cea406fc86939d866a93bb1251c3439506d3f693b1fdb08ad063
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56b292bab6c777111694aa0bffda487c3108b1e83091ea8471e316272f9d1aff
59fe7472b5a45bb5a8af7c641e2d76c6a22ffa894bc59cbb6689afdb5afd92ea
5e9b1e4af32764b6a399d712e2f15d8df213b26aad3c85cf99bda636316e595c
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
64f594ad257c270f002562e8513283a94c6e9190a77f5ee20a048c71a7597a76
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
68d1b1de5736a5fada9fca08f73ef75661968decea5d8b6da56419b7ad44eb32
6aee12d38f3a52fa448e4d8bf0e08f15b09e49e1bf9f33f5b53ef27bd02c4d03
77eab9a39348e669eb2d9946846d90bbddb03acd2b2822d7c022029ef51950c5
77f8080a5353303c8d7b9422bb0379e7afb9057456b9570e22190ef13e743ab9
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a67d07f733785876b3192826e76f537e2b9dc0be172ce52c773d30d65f712a07
ae3a15a3e9733515bb33d29c4820b33c0bcaf30a522fd034ea68d104939901d3
b7b300142c483a35c211c37193eefb447c48c8a528c5de28b899bf8698542d4b
b8ad9bf69a25749260249773b32fa73bee5ff3fa3631b53af176d3902250e55d
b968113e586107906911e61864086ba097b7b45cf857c0de3c4fd20963a90e61
be84333975597c86b48fc19be37194f5bee64f84beea2895086ad9db886ceebc
bee92aa99304c2229f3b9888402d90be283f3f5101c118ba1c7fa7ed6df18521
c0f5c3189a0b799c6518530b8524f7688ba1ad0eb6751707e054214479a38bcc
c11bf61eca6b222bb77769c4b8c267fc98db2ca17230e307bdb114e26aa208d0
c4c49f83dfb9805e2cbb5beee0dd74120da7ee8b01cf5c40b9c73a5af9cbc0ae
c4d3498ce63b188a2fd57091563e6fa47fc588595e15e1a07095d45d3160020d
ce5a84f9f01c6d84017cc43883cb3cdaa94618bc0d7987222290235cca76fe55
d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3
db6468ab959eb563df70a740d62625d1430a60712f383e10e677fe73fa30ecb0
dc99b2c95cc04c80e160d54063242bfd2809504e909a95c6f82d4eb466d4bdb9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e61cd7802111a0a46074b59080d3ce8d3497dd2257afe822994c8fdca9f6315e
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2473d01c7ea9d767cc16bae25382066e6ac688b5cc5ed242e96e515882bfdb8
ff4850c6f4c205a0c1105bdbc1f622b5f01f7649c241d28163eda190ca12ef9b

www.creditsenligne.org Open in urlscan Pro 5.101.152.249 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

49 Requests

61 %HTTPS

77 %IPv6

11 Domains

14 Subdomains

14 IPs

3 Countries

484 kBTransfer

1191 kBSize

5 Cookies

0 Outgoing links

Redirected requests

49 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.creditsenligne.org Open in urlscan Pro
5.101.152.249 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

49
Requests

61 %
HTTPS

77 %
IPv6

11
Domains

14
Subdomains

14
IPs

3
Countries

484 kB
Transfer

1191 kB
Size

5
Cookies

49 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!