www.creditosul.com Open in urlscan Pro
108.179.193.124 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://receitasninja.lt.acemlna.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZ3d3cuY3JlZGl0b3N1bC5jb20lMkZlLXJlc3RpdHVpY2FvLW...
Effective URL:
https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Submission: On July 03 via manual (July 3rd 2023, 10:05:40 pm UTC) from BR — Scanned from DE

Summary HTTP 233 Redirects Behaviour Indicators

Summary

This website contacted 45 IPs in 10 countries across 45 domains to perform 233 HTTP transactions. The main IP is 108.179.193.124, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is www.creditosul.com.
TLS certificate: Issued by R3 on May 17th 2023. Valid for: 3 months.

This is the only time www.creditosul.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	52.21.253.179 52.21.253.179	14618 (AMAZON-AES) (AMAZON-AES)
32	108.179.193.124 108.179.193.124	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
5	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
2	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 29	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
10	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:200... 2a04:4e42:200::485	54113 (FASTLY) (FASTLY)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700:10:... 2606:4700:10::ac43:266a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2600:9000:225... 2600:9000:2250:4000:a:e047:753:be1	() ()
5	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
1 7	2a00:1450:400... 2a00:1450:4001:803::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	141.95.98.65 141.95.98.65	16276 (OVH) (OVH)
1 2	34.120.107.143 34.120.107.143	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.7.13 178.250.7.13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2 4	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
5 26	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
2	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
3 3	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2 2	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
2	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
2 3	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
1	2600:1901:0:7... 2600:1901:0:76b9::	15169 (GOOGLE) (GOOGLE)
8	2606:4700:20:... 2606:4700:20::681a:bd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	34.91.62.186 34.91.62.186	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	213.155.156.164 213.155.156.164	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1 2	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	2600:9000:205... 2600:9000:2057:a000:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	104.75.89.75 104.75.89.75	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	2a05:d018:d29... 2a05:d018:d29:3601:3913:20ff:833f:762d	16509 (AMAZON-02) (AMAZON-02)
4 4	37.157.2.229 37.157.2.229	198622 (ADFORM) (ADFORM)
1	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
2 2	3.120.19.26 3.120.19.26	16509 (AMAZON-02) (AMAZON-02)
1 1	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
4 4	18.196.180.213 18.196.180.213	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:20:... 2606:4700:20::ac43:4a81	13335 (CLOUDFLAR...) (CLOUDFLARENET)
27	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 1	104.64.118.247 104.64.118.247	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6812:7e05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
233	45

1 52.21.253.179 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-21-253-179.compute-1.amazonaws.com

receitasninja.lt.acemlna.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 108.179.193.124 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 108-179-193-124.unifiedlayer.com

www.creditosul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

script.joinads.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:266a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:4000:a:e047:753:be1 (United States)

ASN- ()

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:803::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.98.65 (France)

ASN16276 (OVH, FR)
PTR: ns3216659.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.107.143 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 143.107.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:678:cb4:bbbb::11 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 172.217.18.2 (United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.197.193.217 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.190.78 (United Kingdom) 3 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.80.39.216 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.75.62.37 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.89.9.252 (London, United Kingdom) 2 redirects

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:76b9:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:20::681a:bd1 (United States)

ASN13335 (CLOUDFLARENET, US)

as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.91.62.186 (Groningen, Netherlands) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.62.91.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.164 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.1.9 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:a000:1b:5138:8a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.75.89.75 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-89-75.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3601:3913:20ff:833f:762d (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.2.229 (Denmark) 4 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

mts0.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.120.19.26 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-19-26.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.196.180.213 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-180-213.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4a81 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.64.118.247 (Prague, Czech Republic) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-64-118-247.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7e05 (United States)

ASN13335 (CLOUDFLARENET, US)

www.conrad.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
49	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 135 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 160	408 KB
39	doubleclick.net 6 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 216 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 cm.g.doubleclick.net — Cisco Umbrella Rank: 254	326 KB
32	creditosul.com www.creditosul.com	438 KB
27	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	850 B
17	gstatic.com fonts.gstatic.com www.gstatic.com	461 KB
10	ad4m.at as.ad4m.at — Cisco Umbrella Rank: 30069 ad4m.at — Cisco Umbrella Rank: 9754 assets.ad4m.at — Cisco Umbrella Rank: 41291	312 KB
10	facebook.net connect.facebook.net — Cisco Umbrella Rank: 173	1016 KB
9	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 113 www.google.com — Cisco Umbrella Rank: 10 mts0.google.com — Cisco Umbrella Rank: 4234	24 KB
5	criteo.com 2 redirects gum.criteo.com — Cisco Umbrella Rank: 405 mug.criteo.com — Cisco Umbrella Rank: 2102 dis.criteo.com — Cisco Umbrella Rank: 608	8 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 88	6 KB
4	bidswitch.net 4 redirects x.bidswitch.net — Cisco Umbrella Rank: 359	2 KB
4	adform.net 4 redirects c1.adform.net — Cisco Umbrella Rank: 633	3 KB
4	turn.com 2 redirects ad.turn.com — Cisco Umbrella Rank: 1067 r.turn.com — Cisco Umbrella Rank: 3947	2 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 205	224 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	274 KB
3	onetag-sys.com 2 redirects onetag-sys.com — Cisco Umbrella Rank: 857	824 B
3	yahoo.com 1 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 338 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 481	874 B
3	pubmatic.com 3 redirects image6.pubmatic.com — Cisco Umbrella Rank: 812	1 KB
3	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 1385 google-bidout-d.openx.net — Cisco Umbrella Rank: 1388	749 B
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 63 region1.google-analytics.com — Cisco Umbrella Rank: 1623	21 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 1044	2 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 893 s.tribalfusion.com — Cisco Umbrella Rank: 1946	1 KB
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1425	450 B
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 5037	647 B
2	simpli.fi 2 redirects um.simpli.fi — Cisco Umbrella Rank: 981	1 KB
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 422	955 B
2	casalemedia.com 2 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 485	2 KB
2	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 383	529 B
2	google.de www.google.de — Cisco Umbrella Rank: 4752	563 B
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 808 id5-sync.com — Cisco Umbrella Rank: 423	25 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 169 partner.googleadservices.com — Cisco Umbrella Rank: 1129	3 KB
2	wp.com stats.wp.com — Cisco Umbrella Rank: 2759 pixel.wp.com — Cisco Umbrella Rank: 2584	3 KB
2	joinads.me script.joinads.me — Cisco Umbrella Rank: 549203	2 KB
1	conrad.de www.conrad.de — Cisco Umbrella Rank: 72392	473 B
1	awin1.com 1 redirects www.awin1.com — Cisco Umbrella Rank: 16326	696 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 44074	607 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 796	544 B
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 2276	172 B
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 822	439 B
1	ad4mat.net prod-rtb.ad4mat.net — Cisco Umbrella Rank: 148578
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 1516	2 KB
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 568	13 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 1568	8 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 368	878 B
1	acemlna.com 1 redirects receitasninja.lt.acemlna.com	270 B
233	45

	Domain	Requested by
32	www.creditosul.com	www.creditosul.com
27	www.facebook.com	www.creditosul.com
26	cm.g.doubleclick.net	5 redirects www.creditosul.com 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
25	pagead2.googlesyndication.com	www.creditosul.com pagead2.googlesyndication.com 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com www.gstatic.com securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
19	tpc.googlesyndication.com	29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com www.creditosul.com securepubads.g.doubleclick.net tpc.googlesyndication.com
13	www.gstatic.com	29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com www.creditosul.com script.joinads.me
10	connect.facebook.net	www.creditosul.com connect.facebook.net
9	securepubads.g.doubleclick.net	www.creditosul.com securepubads.g.doubleclick.net
7	www.google.com	1 redirects www.creditosul.com 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com tpc.googlesyndication.com
5	29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	fonts.googleapis.com	www.creditosul.com 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
4	x.bidswitch.net	4 redirects
4	ad4m.at	as.ad4m.at ad4m.at
4	c1.adform.net	4 redirects
4	as.ad4m.at	29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com as.ad4m.at ad4m.at
4	www.googletagservices.com	29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com www.creditosul.com
4	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com www.googletagmanager.com
4	fonts.gstatic.com	fonts.googleapis.com
4	www.googletagmanager.com	www.creditosul.com www.googletagmanager.com
3	onetag-sys.com	2 redirects www.creditosul.com
3	image6.pubmatic.com	3 redirects
2	assets.ad4m.at	as.ad4m.at
2	pm.w55c.net	2 redirects
2	sync.teads.tv	1 redirects www.creditosul.com
2	dis.criteo.com	1 redirects www.creditosul.com
2	d5p.de17a.com	2 redirects
2	um.simpli.fi	2 redirects
2	ups.analytics.yahoo.com	29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
2	eb2.3lift.com	2 redirects
2	ssum-sec.casalemedia.com	2 redirects
2	match.adsrvr.org	29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
2	r.turn.com	29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
2	ad.turn.com	2 redirects
2	gum.criteo.com	1 redirects static.criteo.net
2	oajs.openx.net	1 redirects www.creditosul.com
2	www.google.de	www.creditosul.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	script.joinads.me	www.creditosul.com script.joinads.me
1	www.conrad.de	as.ad4m.at
1	www.awin1.com	1 redirects
1	gcm.ctnsnet.com	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	mts0.google.com	29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
1	pr-bh.ybp.yahoo.com	1 redirects
1	tr.blismedia.com	29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
1	s.tribalfusion.com	www.creditosul.com
1	a.tribalfusion.com	1 redirects
1	s.ad.smaato.net	1 redirects
1	prod-rtb.ad4mat.net	www.creditosul.com
1	google-bidout-d.openx.net	oa.openxcdn.net
1	mug.criteo.com	www.creditosul.com
1	id5-sync.com	cdn.id5-sync.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	region1.google-analytics.com	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
1	pixel.wp.com	www.creditosul.com
1	stats.wp.com	www.creditosul.com
1	receitasninja.lt.acemlna.com	1 redirects
233	64

This site contains no links.

Subject Issuer	Validity	Valid
creditosul.com R3	`2023-05-17` - `2023-08-15`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
joinads.me E1	`2023-06-17` - `2023-09-15`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-14` - `2023-12-15`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-04-12` - `2023-07-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-05-28` - `2023-08-26`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-07` - `2024-05-06`	a year	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-27` - `2023-08-27`	3 months	crt.sh
cdn.prod.uidapi.com R3	`2023-05-18` - `2023-08-16`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.id5-sync.com R3	`2023-04-18` - `2023-07-17`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-12` - `2023-08-10`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-02-21` - `2023-08-16`	6 months	crt.sh
prod-rtb.ad4mat.net GTS CA 1D4	`2023-06-04` - `2023-09-02`	3 months	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-06-09` - `2023-09-07`	3 months	crt.sh

This page contains 32 frames:

Primary Page: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Frame ID: C8419BCB3978C86E1009CD1FC15DB47F
Requests: 106 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230627/r20190131/zrt_lookup.html
Frame ID: E328707D149F77BCD7AFA56397830BCD
Requests: 1 HTTP requests in this frame

Frame: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 263FF796ADE2E03DB357455CED1D1EA3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9060780421721333&output=html&adk=1812271804&adf=3025194257&lmt=1688421932&plat=1%3A64%2C2%3A64%2C8%3A64%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688421932590&bpp=4&bdt=826&idt=326&shv=r20230627&mjsv=m202306230101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7987035050582&frm=20&pv=2&ga_vid=1209800818.1688421933&ga_sid=1688421933&ga_hid=1745806920&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759876%2C44759927%2C31075664%2C44772268%2C44788442&oid=2&pvsid=2425155733553059&tmod=1595575990&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=350
Frame ID: A2055F0912117EDFD01194BD511C97A5
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.creditosul.com
Frame ID: 59CF7C5A0D0BB6799DB2A5282D7A10F7
Requests: 2 HTTP requests in this frame

Frame: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 22EA66E46679173341FB934BD6607567
Requests: 9 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 58822EBA3F4288CE230C10F279F65FCF
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: BFD7BF95DED267590AE41014DC3F73E2
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js
Frame ID: 7D7F9F920BB5957CEC315D088C5221CC
Requests: 1 HTTP requests in this frame

Frame: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: D5C4D1C034CBEBF845F70D149B23A934
Requests: 5 HTTP requests in this frame

Frame: https://www.gstatic.com/mysidia/90cda0d4b2e9798013d5ae8e8588fe0b.js?tag=client_fast_engine_2019
Frame ID: 59348C59194E627967C6317E7C789816
Requests: 22 HTTP requests in this frame

Frame: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 892F5B811E8498823F17AE916AF74DF7
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E10BF847253B1A71766E843EB8A09945
Requests: 9 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1k21p8vjc5hny9nnrdrkn7jf6f16nahv5cbsmtfadk731e0te2avwt37vx2m5p0hx44ef1v62vr6zqp8sh22jrwh093z5stmbwt30gja8brzpr8srctkk8dfzp70q1n5h5f8jjpdhqs5w7cxehkrw6cr0gythk4br7zhc42pdwdtg92j0hva38d6fw6pxw8969pv1hscvrneg7rdzavpc2r4vtag3710dkfmdemy9qtm52gze3jq02wt3s8w69pa15668mwh2tp68sdd3pkapece8y7m754r0epqy0pxd2cgrh0shknygaadv0pmcxeb3fd8m3ncakg4ephs1y2a0znvw6gzck4c6d7v63h5s08fde0t04myy435egxf0d8sejh6d13jwfe0e387r1a5e3cfz9fgz32fjvnr3ykps2cedp8x&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCPDOiLkajZJziA-iI1PIPgr6j4A2Q4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi00ODk0MjA5ODcwODU3OTA1yAEJqQKO_Xp4wk2yPuACAKgDAcgDAqoExQJP0IJ0fddpS7zFZaIza_OQdEnPYBf5MW932R6vztTaqQnClvirOfbtKI5L1Q14pjV3fdR7xl146tNYyFojgC5jC0MxXVGeoZLv3CmmA5P0_tiumMZJz8kl3PFA8M6XRcMTNWJwa7Cq6xdrOmaNlaHCCpzqJxjo_YsP59MTJJvhLUF5g_Se29ZqsXfe54jUc84S6eQifkxhfdQjwSxWORhBOaykfFVkfrWIZYHjU838bsuoee1RqOlpfpBljwBR_XZcLfFLUHX6wg3oF_TqnHpu5FmYIMrY2ZA82TlStla0POfASGtvMBF_UTrqemxlwoPeCjS5kfSdXmen4DMwLHRBp3oqwvhdeFFujpqB5xzN9VADOT22JeRzC5tkoVepSGxW_wFk0P58WnzSR-PKJzykaTmFHPEQiKxj8fFymvpOf8GY9Sic4AQBgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2qt0_CC91gmiRUosfCEx91fB6KFA%26client%3Dca-pub-4894209870857905%26adurl%3D
Frame ID: C53F4A88D8B013C6BE044685DAEBF9EE
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: D2227766975485FF943BC0719FD43CDB
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js
Frame ID: D5B9F4EA2985C4BBA51FAA6F8EBE5DEF
Requests: 1 HTTP requests in this frame

Frame: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 6DE6D87635EEC623C538456557B16271
Requests: 18 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 7723D1E1DA6DC8687A7EF471224653D6
Requests: 9 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 5AE85EF8799BD04A86A0C42B5C7E9E09
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=14019&b=JBeszf5fZj9TBH6H7tptp5BaxSgTbWguA8&f=GjeTBfpf4BPhKHeHGtBCp5waZSYTeA9tY1&c=320&d=50&e=&g=5f4bae683061cabe3060da37aeb84003%2F13386214465822056641&i=21596&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688421934847&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwtrq9b941bteb87f4r3m9wytqe7sp7nenkq0arc9xdnwna7f7ev1e7q6envvr16see3pxzt7s3f1j1853zwbksm41w0s132s34dc8s3648dwxrgedrkt3mw02swp17fcxq0ye7bb3k6mwkdbkbf0cxcbgj0gswgr2x93w1ymnh0vc7apxn9g7wkpsw7st93x91vyf04zbs9tpr80y4rev79tes3qtezpvkwgzpjs6cw3kjc8sscdyrm43zpq7nqdxrcnphqz2gsenea300%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCPDOiLkajZJziA-iI1PIPgr6j4A2Q4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi00ODk0MjA5ODcwODU3OTA1yAEJqQKO_Xp4wk2yPuACAKgDAcgDAqoExQJP0IJ0fddpS7zFZaIza_OQdEnPYBf5MW932R6vztTaqQnClvirOfbtKI5L1Q14pjV3fdR7xl146tNYyFojgC5jC0MxXVGeoZLv3CmmA5P0_tiumMZJz8kl3PFA8M6XRcMTNWJwa7Cq6xdrOmaNlaHCCpzqJxjo_YsP59MTJJvhLUF5g_Se29ZqsXfe54jUc84S6eQifkxhfdQjwSxWORhBOaykfFVkfrWIZYHjU838bsuoee1RqOlpfpBljwBR_XZcLfFLUHX6wg3oF_TqnHpu5FmYIMrY2ZA82TlStla0POfASGtvMBF_UTrqemxlwoPeCjS5kfSdXmen4DMwLHRBp3oqwvhdeFFujpqB5xzN9VADOT22JeRzC5tkoVepSGxW_wFk0P58WnzSR-PKJzykaTmFHPEQiKxj8fFymvpOf8GY9Sic4AQBgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2qt0_CC91gmiRUosfCEx91fB6KFA%2526client%253Dca-pub-4894209870857905%2526adurl%253D&y=1&s=&z=0
Frame ID: B2041BB3140B1FB31B689EE72E8CB2A3
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js
Frame ID: 492F10AB9FDA7A4546BE97243C2FC80C
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 7F4C11320756618D63EA448F13B5A08D
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: FC765166F8BF397D852EC4AE3AB0BE1F
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 62614B95C58263E3CEF40657CCA9E0A1
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 0FFFD3217283088AF17BF08F562B02AF
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: DDBB9221B0C0962EABE9862F642E8A13
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 240C78F095AF3902141ACF3F73A7A416
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 3758F4D37403FFD6931729BFF6C9D911
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 560DEE109AD25B19EDE2272527D726A2
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 94850E2A6B9AE857987BB9190243DD22
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 091EC1404A7860B57B85A7638239696E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 25BB12045DA8FD3BCB5E334584EF17E4
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

e-restituição-ir-pix - Credito Sul

Page URL History Show full URLs

https://receitasninja.lt.acemlna.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZ3d3cuY3JlZGl0b3N1bC5jb20lMk... HTTP 302
https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_acti... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Firebase (Databases) Expand

Overall confidence: 100%
Detected patterns

/firebasejs/([\d.]+)/firebase

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

233
Requests

88 %
HTTPS

53 %
IPv6

45
Domains

64
Subdomains

45
IPs

10
Countries

3578 kB
Transfer

10454 kB
Size

40
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://receitasninja.lt.acemlna.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZ3d3cuY3JlZGl0b3N1bC5jb20lMkZlLXJlc3RpdHVpY2FvLWlyLXBpeCUyRiUzRnV0bV9zb3VyY2UlM0RhY3RpdmUlMjZ1dG1fbWVkaXVtJTNEZW1haWwlMjZ1dG1fY2FtcGFpZ24lM0QzX2FjdGl2ZV9lbWFpbF84NzY=&sig=Eh8enXGLpPdMWSkacsojg1LU8eYQvM24VrbfhgvkwLv6&iat=1688398361&a=%7C%7C254169999%7C%7C&account=receitasninja.activehosted.com&email=nLzlCVGSemDVXZsihTijHKVtfzkk5p%2BLDr0Pf8dE7266V7UdPzox6g%3D%3D%3AO3P7aAGWoA%2Bh%2BCRAf3Gg79Ye6QMzFKdi&s=9c5abcf148f2c227467e0666b5583868&i=1915A1913A1A6536 HTTP 302
https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 71

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10883628328/?random=829186489&cv=11&fst=1688421932641&bg=ffffff&guid=ON&async=1&gtm=45be36s0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&label=sgBQCMy6kYMYEKj628Uo&hn=www.googleadservices.com&frm=0&tiba=e-restitui%C3%A7%C3%A3o-ir-pix%20-%20Credito%20Sul&gtm_ee=1&auid=1371899226.1688421933&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=LEajZOCyMaqU7_UP5Y6byA4&sscte=1&crd=&pscrd=Ek9DaEVJOE9PSnBRWVE2OFdSOE8zdzJ0SGFBUkltQURMRFpQcUlMQXc2VmV2U1d0bkNrUjlxYzZqaDZwaGtES2JsX3V4V0U3VklValJnZ3dFGlpDaEVJOE9PSnBRWVFnTS1taGFYNGxLMjJBUkl1QURMWmpaMXBNcVhDTmw3T1ItT3dWaUkyN2xxT3NaQ3ZqRnVGaVVMSU5GSFpET19uanFEY0sxQW9fUDhhZXciEwjg-KTsxfP_AhUqyrsIHWXHBuk HTTP 302
https://www.google.com/pagead/1p-conversion/10883628328/?random=829186489&cv=11&fst=1688421932641&bg=ffffff&guid=ON&async=1&gtm=45be36s0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&label=sgBQCMy6kYMYEKj628Uo&hn=www.googleadservices.com&frm=0&tiba=e-restitui%C3%A7%C3%A3o-ir-pix%20-%20Credito%20Sul&gtm_ee=1&auid=1371899226.1688421933&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJOE9PSnBRWVE2OFdSOE8zdzJ0SGFBUkltQURMRFpQcUlMQXc2VmV2U1d0bkNrUjlxYzZqaDZwaGtES2JsX3V4V0U3VklValJnZ3dFGlpDaEVJOE9PSnBRWVFnTS1taGFYNGxLMjJBUkl1QURMWmpaMXBNcVhDTmw3T1ItT3dWaUkyN2xxT3NaQ3ZqRnVGaVVMSU5GSFpET19uanFEY0sxQW9fUDhhZXciEwjg-KTsxfP_AhUqyrsIHWXHBuk&is_vtc=1&ocp_id=LEajZOCyMaqU7_UP5Y6byA4&cid=CAQSKQBygQiDaktFAZLimHRnlyqYilTaZXu0Q_DK4q3sfrQz1wlR9zBxJ2d8&random=2481942465 HTTP 302
https://www.google.de/pagead/1p-conversion/10883628328/?random=829186489&cv=11&fst=1688421932641&bg=ffffff&guid=ON&async=1&gtm=45be36s0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&label=sgBQCMy6kYMYEKj628Uo&hn=www.googleadservices.com&frm=0&tiba=e-restitui%C3%A7%C3%A3o-ir-pix%20-%20Credito%20Sul&gtm_ee=1&auid=1371899226.1688421933&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJOE9PSnBRWVE2OFdSOE8zdzJ0SGFBUkltQURMRFpQcUlMQXc2VmV2U1d0bkNrUjlxYzZqaDZwaGtES2JsX3V4V0U3VklValJnZ3dFGlpDaEVJOE9PSnBRWVFnTS1taGFYNGxLMjJBUkl1QURMWmpaMXBNcVhDTmw3T1ItT3dWaUkyN2xxT3NaQ3ZqRnVGaVVMSU5GSFpET19uanFEY0sxQW9fUDhhZXciEwjg-KTsxfP_AhUqyrsIHWXHBuk&is_vtc=1&ocp_id=LEajZOCyMaqU7_UP5Y6byA4&cid=CAQSKQBygQiDaktFAZLimHRnlyqYilTaZXu0Q_DK4q3sfrQz1wlR9zBxJ2d8&random=2481942465&ipr=y

Request Chain 73

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rid=esp&cc=1

Request Chain 76

https://gum.criteo.com/sid/json?origin=publishertagids&domain=creditosul.com&sn=ChromeSyncframe&so=0&topUrl=www.creditosul.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=u7-VU3xqZS9xM1RyVUxmd3JKMk5qN2FFVFpnbnRYZVRLck5PTytmNENQZFl4WHhJejVyWVcyVEY5eGFpYUFxTmFWZ2xGSjVxZkFYempPTEdLQlJoZ0g4bmlFa29KTk5vRW5kTHRRQThtNlM4TFpKQUkxeVB6ZzV1MVB4MTNrWVVzdk5VV0hsU2QxZXU5R1JUU05ZcS9kWHgvQ2JFNnpsM2pKWHlsc2dIcEtaM1I4U2pIWmNSZ1NTQTBtZ2Zvc2RPV0lhRmNRejdJRzFoNWxFQkRXQWdlUkFPZzhIRjdRWkt5RHpZVlZ0MStFVE1IalBXbnRUeFZJZzBCMUtiNk5LdVBzdDI1SjlZMzIxZFNLdTYvSzNNcUNVWmExQT09fA&cppv=2

Request Chain 88

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEF7q55ubFW7wnv0uYyGL8Jo&google_cver=1&google_push=AaAOQGHd-45wQuffTqHHRCq68yEM_2TIzvMUwiDANgfA_agyBYLqr0NIZ3EOtvHEkDqj5PliPTMEIvpBpoi6OPqCAB4HVx6k7bkpbw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=OTEwNjY1Mjk4NTQzMjU1OTk2MQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEF7q55ubFW7wnv0uYyGL8Jo&google_cver=1

Request Chain 90

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENBvLILu-eX9qFYtNCZtr5E&google_cver=1&google_push=AaAOQGG9jjY7agMfSNlf5poAn0tjdqUTaqpz6mBffYLUE-nEigvMdgl7D-Or7BzmWPFx5V_oqd3pTzwiAk2tIha2cPi47Vookre2 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENBvLILu-eX9qFYtNCZtr5E&google_cver=1&google_push=AaAOQGG9jjY7agMfSNlf5poAn0tjdqUTaqpz6mBffYLUE-nEigvMdgl7D-Or7BzmWPFx5V_oqd3pTzwiAk2tIha2cPi47Vookre2&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=OZZl3TvvTgmcFvwdv8E1Jg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGG9jjY7agMfSNlf5poAn0tjdqUTaqpz6mBffYLUE-nEigvMdgl7D-Or7BzmWPFx5V_oqd3pTzwiAk2tIha2cPi47Vookre2

Request Chain 91

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEE-AehTdGYK8gERtvBBzwdw&google_cver=1&google_push=AaAOQGFacLlmcp03hsWPpVzppaoilYOUrtSYcUpOg1bfMnPcjDLdohsE_yYuTHdnKmMsSU6Y_QRDso7HeW_vt7_Eh6vlr3ZsBc16 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEE-AehTdGYK8gERtvBBzwdw&google_push=AaAOQGFacLlmcp03hsWPpVzppaoilYOUrtSYcUpOg1bfMnPcjDLdohsE_yYuTHdnKmMsSU6Y_QRDso7HeW_vt7_Eh6vlr3ZsBc16&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEE-AehTdGYK8gERtvBBzwdw&google_hm=ZKNGLVosudi0ZfkuNK4djQAAFGgAAAAB&google_nid=index&google_push=AaAOQGFacLlmcp03hsWPpVzppaoilYOUrtSYcUpOg1bfMnPcjDLdohsE_yYuTHdnKmMsSU6Y_QRDso7HeW_vt7_Eh6vlr3ZsBc16

Request Chain 92

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEHNkg4kPhd6xMFh9nC6yn14&google_cver=1&google_push=AaAOQGEQv20zj63N9JMpytEQu9lwKi9NQAAiRDG5EVeBfE5rmQpH73Mv-BqhvBJT50uaaHhVN-E2W3ZZqIHx2Hjj1g_e3YnfkD-- HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AaAOQGEQv20zj63N9JMpytEQu9lwKi9NQAAiRDG5EVeBfE5rmQpH73Mv-BqhvBJT50uaaHhVN-E2W3ZZqIHx2Hjj1g_e3YnfkD--&google_gid=CAESEHNkg4kPhd6xMFh9nC6yn14 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDExMDE3ODk2MTMzNjg4NTk0NTQzNg%3D%3D&google_push=AaAOQGEQv20zj63N9JMpytEQu9lwKi9NQAAiRDG5EVeBfE5rmQpH73Mv-BqhvBJT50uaaHhVN-E2W3ZZqIHx2Hjj1g_e3YnfkD--

Request Chain 94

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEFZTjIySwS1poeT3KKlNplc&google_cver=1&google_push=AaAOQGEk6NJj1YrzKRx7FJad8eul4AS02MCbE-CGI1HunN-Rb1tukkL0hX_Njf_vFXVID6DC5fZ3NpUTBr3E4pDXZ9zAqXQxRM6qdg4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGEk6NJj1YrzKRx7FJad8eul4AS02MCbE-CGI1HunN-Rb1tukkL0hX_Njf_vFXVID6DC5fZ3NpUTBr3E4pDXZ9zAqXQxRM6qdg4 HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 138

https://um.simpli.fi/gp_match?google_gid=CAESEKgzk682F-erxW2Lz1wtXU0&google_cver=1&google_push=AaAOQGGCuVJTh2PO-VTaqL1VVMG_lyi2tFH24DztkliLDnH9TfX99q7a96MpRGH4hxxy0VBtx6uVQckN9lKWBBsHPZESuZIdwlSR HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=854771F2AB5E4946B0222C8BF4CB5BC9&google_push=AaAOQGGCuVJTh2PO-VTaqL1VVMG_lyi2tFH24DztkliLDnH9TfX99q7a96MpRGH4hxxy0VBtx6uVQckN9lKWBBsHPZESuZIdwlSR

Request Chain 140

https://d5p.de17a.com/cookies/google?google_gid=CAESEEQcv8o36jfJkApbCWVS_lA&google_cver=1&google_push=AaAOQGFvW81NIBTm6BZhm0T7VJm0QPE7Ltsnl_VuzCkNJHcK3ZM9TQTpTuz8lbOCUXlc4CnBXIIDnNd_wFRgCyySJSwFgr9jRsfk HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEEQcv8o36jfJkApbCWVS_lA&google_cver=1&google_push=AaAOQGFvW81NIBTm6BZhm0T7VJm0QPE7Ltsnl_VuzCkNJHcK3ZM9TQTpTuz8lbOCUXlc4CnBXIIDnNd_wFRgCyySJSwFgr9jRsfk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGFvW81NIBTm6BZhm0T7VJm0QPE7Ltsnl_VuzCkNJHcK3ZM9TQTpTuz8lbOCUXlc4CnBXIIDnNd_wFRgCyySJSwFgr9jRsfk

Request Chain 141

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESENRBsirll2f4iG4oajtjcg4&google_cver=1&google_push=AaAOQGEpYCX3A5Q9oRc3xmXukWabZwgd7FR1er9GaeMWeEQ49LLd_slgLgdMJDycrj59KvbagvSYzgLrfJzCSjVO0bMyJHzSob14fA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-ofXRIDxzG6HeWqgtYijagU3YzpS83e2SDZcjug&google_push=PUSH_DATA HTTP 302
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_error=5

Request Chain 142

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEBo9x7IHfbRPPL1vBoSxI1k&google_cver=1&google_push=AaAOQGHIaPCLFtn6Cvhyfoi5BSu1jcYJ59mquE0eG38UOzlhTx4T9_zxDY2C_yjrtITSWbYPcO-T1gABirr0sh5IbbNdQleefqsVtA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AaAOQGHIaPCLFtn6Cvhyfoi5BSu1jcYJ59mquE0eG38UOzlhTx4T9_zxDY2C_yjrtITSWbYPcO-T1gABirr0sh5IbbNdQleefqsVtA

Request Chain 144

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEKYC66_-2v08EIxsIGrHuVM&google_cver=1&google_push=AaAOQGEt027FyNZhibR37Fru7DESjwN36DsHdtWQGxRGBVsWnHvL3FYZAji6HvBm0aUcpN9BZeY1129OYeSgtqm1KEs3RVeowPI32Xo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AaAOQGEt027FyNZhibR37Fru7DESjwN36DsHdtWQGxRGBVsWnHvL3FYZAji6HvBm0aUcpN9BZeY1129OYeSgtqm1KEs3RVeowPI32Xo HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 148

https://a.tribalfusion.com/i.match?p=b6&u=CAESEDURibkYRxjAJ_noBBikj7c&google_cver=1&google_push=AaAOQGFa8CTVpfgXTSJ_JbcLxlNr-xGceb5ffRYAZNihupTVT-oD-6rm5HV-U936WUHYq1u0c2WlchQ4LNMXy5ZvKiTogs3SjA&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGFa8CTVpfgXTSJ_JbcLxlNr-xGceb5ffRYAZNihupTVT-oD-6rm5HV-U936WUHYq1u0c2WlchQ4LNMXy5ZvKiTogs3SjA%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDURibkYRxjAJ_noBBikj7c&google_cver=1&google_push=AaAOQGFa8CTVpfgXTSJ_JbcLxlNr-xGceb5ffRYAZNihupTVT-oD-6rm5HV-U936WUHYq1u0c2WlchQ4LNMXy5ZvKiTogs3SjA&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGFa8CTVpfgXTSJ_JbcLxlNr-xGceb5ffRYAZNihupTVT-oD-6rm5HV-U936WUHYq1u0c2WlchQ4LNMXy5ZvKiTogs3SjA%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 150

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHZ9KLdfD8QfhOiqq8MNmSc&google_cver=1&google_push=AaAOQGExGs_SEpDu54Lwr6OHj6Fy7YzH-F9S3zpYZH1EMXpPoEKvcfJHJtb4ksNe1-qMAuMHvpzR3MDWesy9eh2vBu37fMKEj-s HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGExGs_SEpDu54Lwr6OHj6Fy7YzH-F9S3zpYZH1EMXpPoEKvcfJHJtb4ksNe1-qMAuMHvpzR3MDWesy9eh2vBu37fMKEj-s&google_hm=eS1xTlVtMnpkRTJwRy5iRjFfaWtQbXZFbHBRajFERlBfeX5B

Request Chain 151

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDhBP-XekJ_E51NVjN94FoI&google_cver=1&google_push=AaAOQGGoYu62DhjfC6E_XWpjMvf8-PepeYk8W0-QpoPb4Wz8PKjeC7eR-oolWg2rVgGZo79LD0rBIqZndEZHgRpjMb7nDu-EPs4 HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEDhBP-XekJ_E51NVjN94FoI&google_cver=1&google_push=AaAOQGGoYu62DhjfC6E_XWpjMvf8-PepeYk8W0-QpoPb4Wz8PKjeC7eR-oolWg2rVgGZo79LD0rBIqZndEZHgRpjMb7nDu-EPs4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzQ0NzA2MzM0OTE2MDk1NjYyNQ&google_push=AaAOQGGoYu62DhjfC6E_XWpjMvf8-PepeYk8W0-QpoPb4Wz8PKjeC7eR-oolWg2rVgGZo79LD0rBIqZndEZHgRpjMb7nDu-EPs4

Request Chain 152

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDhBP-XekJ_E51NVjN94FoI&google_cver=1&google_push=AaAOQGFsxpi915bZtiNTe-gYn7pH6SR3qJpTXXYO4fas7muTwNa2hTabuqT9L0oZ-pcKvxAxc6UfMTIm2OQDbkGCC_HHdiO5mrg HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEDhBP-XekJ_E51NVjN94FoI&google_cver=1&google_push=AaAOQGFsxpi915bZtiNTe-gYn7pH6SR3qJpTXXYO4fas7muTwNa2hTabuqT9L0oZ-pcKvxAxc6UfMTIm2OQDbkGCC_HHdiO5mrg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDMxMDA2NjkxNjkxMTc0ODE2MQ&google_push=AaAOQGFsxpi915bZtiNTe-gYn7pH6SR3qJpTXXYO4fas7muTwNa2hTabuqT9L0oZ-pcKvxAxc6UfMTIm2OQDbkGCC_HHdiO5mrg

Request Chain 153

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIirHkW_EdB3hR6R601NrFw&google_cver=1&google_push=AaAOQGEJIk3f33GuImvPX0WolGRxyjPabxmulhu2sOL5HBin1sHm_A9VPLmSNaDquIgqs2DNeKHLCrgopKxJnDSqxQ9irT5toM8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=OZZl3TvvTgmcFvwdv8E1Jg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGEJIk3f33GuImvPX0WolGRxyjPabxmulhu2sOL5HBin1sHm_A9VPLmSNaDquIgqs2DNeKHLCrgopKxJnDSqxQ9irT5toM8

Request Chain 154

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEM6-DdwbaqZcawBwBEFTXl0&google_cver=1&google_push=AaAOQGGm04DoZtkNJWuggptW74EYceMoVXOLQVzGdFRIN99R2mxcKUbcGPLeiN3NT0JGjpMhQe4GyPmXt5sf-ac_LE2XyjVbJcA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGGm04DoZtkNJWuggptW74EYceMoVXOLQVzGdFRIN99R2mxcKUbcGPLeiN3NT0JGjpMhQe4GyPmXt5sf-ac_LE2XyjVbJcA

Request Chain 177

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEGNKOyB6gFG7CXt8NPYz5Kg&google_cver=1&google_push=AaAOQGF7SN6PtREuIgGgKguymUvVSgyzLXxTLtf73qQ_6b1Swgh6YKdlznrolV8X-fAofkTKo3txtPqEkAtTX3lcdHcoqWZpS4YaYA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=OTEwNjY1Mjk4NTQzMjU1OTk2MQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEGNKOyB6gFG7CXt8NPYz5Kg&google_cver=1

Request Chain 178

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHrrCuM75T6Nauaij0iagOM&google_cver=1&google_push=AaAOQGHZhrNu9BYubj4CA4kA25MfPNxHeh10HayWgOguAH4vkDfa0B8pJL7VpnzQGpVRJFcVwrl-FhhiWGTX7FFgDtWPtHFX1DGA0Q HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHrrCuM75T6Nauaij0iagOM&google_cver=1&google_push=AaAOQGHZhrNu9BYubj4CA4kA25MfPNxHeh10HayWgOguAH4vkDfa0B8pJL7VpnzQGpVRJFcVwrl-FhhiWGTX7FFgDtWPtHFX1DGA0Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=d2hrUEVRTDExUWdyRlE1&google_gid=CAESEHrrCuM75T6Nauaij0iagOM&google_cver=1&google_push=AaAOQGHZhrNu9BYubj4CA4kA25MfPNxHeh10HayWgOguAH4vkDfa0B8pJL7VpnzQGpVRJFcVwrl-FhhiWGTX7FFgDtWPtHFX1DGA0Q

Request Chain 179

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEIfI4qzfWtAUuMrjf1nsxfs&google_cver=1&google_push=AaAOQGFyr9PU72Asxq2pOBm-8CQxbRY44jftPYBIhwppm5pWxDCaubURlN8QTbgyuY7f4r4RJ7lKIbgFqmmBVqnyWd2YxnI0FJhKiw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEIfI4qzfWtAUuMrjf1nsxfs&google_push=AaAOQGFyr9PU72Asxq2pOBm-8CQxbRY44jftPYBIhwppm5pWxDCaubURlN8QTbgyuY7f4r4RJ7lKIbgFqmmBVqnyWd2YxnI0FJhKiw

Request Chain 180

https://um.simpli.fi/gp_match?google_gid=CAESEDsvORW1qM0R_zp_9bWt5-M&google_cver=1&google_push=AaAOQGGAeynGAGSct3ZZ5IP2qSQCSmOkbfQilat94p5w0e6vzk66bsFLLm4ImCkMOJfIBUXwrIx8fNb95caxvZ1ocna7Ln1tthYGfQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=854771F2AB5E4946B0222C8BF4CB5BC9&google_push=AaAOQGGAeynGAGSct3ZZ5IP2qSQCSmOkbfQilat94p5w0e6vzk66bsFLLm4ImCkMOJfIBUXwrIx8fNb95caxvZ1ocna7Ln1tthYGfQ

Request Chain 181

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEKMFXVtVW0TYb-tYnymftl8&google_cver=1&google_push=AaAOQGEod865to9GZO_8KvdP92FyC0VJheFY5xh06NqYhsNmLBy921Ro5wp341LHQDaWCxr89a0QHjitO6OBvpMwfYyaPNaL1PaF HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGEod865to9GZO_8KvdP92FyC0VJheFY5xh06NqYhsNmLBy921Ro5wp341LHQDaWCxr89a0QHjitO6OBvpMwfYyaPNaL1PaF&google_hm=NEEDiDPlTDC1iLbSJwoez4w

Request Chain 182

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEC_AruiE_COjQpP2OxSyGN4&google_cver=1&google_push=AaAOQGGKltpJfPkHco95gGDl6mONdx1c4KGxfjWZrxSxc8MQa7Lptg42RUF3ERRIdgb9MhIJ4VYGmrqDCi5xww5iyvZQHfRTXTMAjA HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEC_AruiE_COjQpP2OxSyGN4&google_cver=1&google_push=AaAOQGGKltpJfPkHco95gGDl6mONdx1c4KGxfjWZrxSxc8MQa7Lptg42RUF3ERRIdgb9MhIJ4VYGmrqDCi5xww5iyvZQHfRTXTMAjA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGGKltpJfPkHco95gGDl6mONdx1c4KGxfjWZrxSxc8MQa7Lptg42RUF3ERRIdgb9MhIJ4VYGmrqDCi5xww5iyvZQHfRTXTMAjA&google_hm=TEbLifbVR4qEABmBnlvvDw==

Request Chain 183

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEL_lv_As-7rKepRMiCUA91M&google_cver=1&google_push=AaAOQGHss626J2Ab77DzLTm7ieqZQUzYISO41X5GgZjqavr9Lf4G3WwYF_ycMusd2rL6R7JAbY3610SfArIpUlBkVi2LGXt9sLfrl9g HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEL_lv_As-7rKepRMiCUA91M&google_cver=1&google_push=AaAOQGHss626J2Ab77DzLTm7ieqZQUzYISO41X5GgZjqavr9Lf4G3WwYF_ycMusd2rL6R7JAbY3610SfArIpUlBkVi2LGXt9sLfrl9g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=4c46cb89-f6d5-478a-8400-19819e5bef0f&%%GOOGLE_PUSH_PAIR%%

Request Chain 212

https://www.awin1.com/cshow.php?s=2470185&v=11354&q=377129&r=412871&pv=1&pref3=oneidJBeszf5fZj9TBH6H7tptp5BaxSgTbWguA8oneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.conrad.de/ztpv.php?awc=11354_412871_1688421935_bc52a360-19ed-11ee-87f6-2265f034cf4c&insert=AW&&gdpr=0&gdpr_consent=

233 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.creditosul.com/e-restituicao-ir-pix/
Redirect Chain

https://receitasninja.lt.acemlna.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZ3d3cuY3JlZGl0b3N1bC5jb20lMkZlLXJlc3RpdHVpY2FvLWlyLXBpeCUyRiUzRnV0bV9zb3VyY2UlM0RhY3RpdmUlMjZ1dG1fbWVkaXVtJTNEZW...
https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

110 KB
19 KB

941ms
610ms

Document
text/html

108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: 3a2cd7671a664891ca906636eef8a27ead4655ac766a4a183ce789e6bcc8450b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 03 Jul 2023 22:05:31 GMT
link: <https://www.creditosul.com/wp-json/>; rel="https://api.w.org/", <https://www.creditosul.com/wp-json/wp/v2/pages/2565>; rel="alternate"; type="application/json", <https://www.creditosul.com/?p=2565>; rel=shortlink
server: Apache
vary: Accept-Encoding
x-litespeed-tag: 4f6_HTTP.200

Redirect headers

content-length: 0
content-type: application/json
date: Mon, 03 Jul 2023 22:05:30 GMT
location: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
x-amz-apigw-id: HgfmtGYNoAMFy6Q=
x-amzn-requestid: 634f7dda-7a53-4f09-a7b2-7dbcc5a88a73
x-amzn-trace-id: Root=1-64a3462a-5dd0a3cd6f4517ba1c011c10;Sampled=0;lineage=12ce62b2:0

GET
H2 200 main.min.css
www.creditosul.com/wp-content/themes/astra/assets/css/minified/ 39 KB
11 KB 156ms
151ms Stylesheet
text/css 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-content/themes/astra/assets/css/minified/main.min.css?ver=3.8.5
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: 2661bf7b0200e2fb896e87f63eb9b3ad0deb75e9e6b41d6daee5f05c1288a427

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Mon, 18 Jul 2022 21:40:16 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 11503

GET
H2 200 style.min.css
www.creditosul.com/wp-includes/css/dist/block-library/ 95 KB
18 KB 156ms
151ms Stylesheet
text/css 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-includes/css/dist/block-library/style.min.css?ver=6.2.2
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Wed, 29 Mar 2023 20:10:00 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/css

GET
H2 200 mediaelementplayer-legacy.min.css
www.creditosul.com/wp-includes/js/mediaelement/ 11 KB
3 KB 291ms
286ms Stylesheet
text/css 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 3239

GET
H2 200 wp-mediaelement.min.css
www.creditosul.com/wp-includes/js/mediaelement/ 4 KB
1 KB 292ms
287ms Stylesheet
text/css 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.2.2
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: 2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 1298

GET
H2 200 styles.css
www.creditosul.com/wp-content/plugins/contact-form-7/includes/css/ 3 KB
1 KB 562ms
557ms Stylesheet
text/css 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Mon, 18 Jul 2022 21:09:46 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 1010

GET
H2 200 contact-form-7-main.min.css
www.creditosul.com/wp-content/themes/astra/assets/css/minified/compatibility/ 850 B
447 B 562ms
557ms Stylesheet
text/css 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-content/themes/astra/assets/css/minified/compatibility/contact-form-7-main.min.css?ver=3.8.5
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: 41c7e05e604e0bc6b8814d00221eac3e3db342d996362a2cfa1cd057ad2c809b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Mon, 18 Jul 2022 21:40:16 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 415

GET
H2 200 elementor-icons.min.css
www.creditosul.com/wp-content/plugins/elementor/assets/lib/eicons/css/ 19 KB
4 KB 291ms
286ms Stylesheet
text/css 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.15.0
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: b651d87ef113cba0c8ec8a33bfdb694171effeba56b20be12e3c77fc15f6ae9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Mon, 18 Jul 2022 21:07:56 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 3978

GET
H2 200 frontend-lite.min.css
www.creditosul.com/wp-content/plugins/elementor/assets/css/ 105 KB
21 KB 292ms
288ms Stylesheet
text/css 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.6.7
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: ecf785fe496796d2e4b026d58de7ea89a471d19255b06b3fefc5576db5a69dbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Mon, 18 Jul 2022 21:07:56 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/css

GET
H2 200 post-5.css
www.creditosul.com/wp-content/uploads/elementor/css/ 1 KB
440 B 155ms
151ms Stylesheet
text/css 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-content/uploads/elementor/css/post-5.css?ver=1675105024
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: 0136d4cebbfb89c99c8bf6958d79d33e51b8dbe67abdb983e06308f940a982f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Mon, 30 Jan 2023 18:57:04 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 385

GET
H2 200 frontend.min.css
www.creditosul.com/wp-content/plugins/elementor-pro/assets/css/ 206 KB
34 KB 292ms
288ms Stylesheet
text/css 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.0.10
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: 1c8265dfea61fdbeb7770b27478fa751de4f9a0d8647867f98a0a47c00255842

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Mon, 18 Jul 2022 21:09:19 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/css

GET
H2 200 global.css
www.creditosul.com/wp-content/uploads/elementor/css/ 33 KB
3 KB 427ms
423ms Stylesheet
text/css 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-content/uploads/elementor/css/global.css?ver=1667494010
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: 2d9c137b6960ae5904b796eb09dcb46525fc0af84f687c85b2339b566931f437

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Thu, 03 Nov 2022 16:46:50 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 3473

GET
H2 200 post-2565.css
www.creditosul.com/wp-content/uploads/elementor/css/ 4 KB
1017 B 426ms
422ms Stylesheet
text/css 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-content/uploads/elementor/css/post-2565.css?ver=1687810702
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: c1bcde9fd8025d889e40a0a6080a4bc50f7537b7c901c81883cc05f8058475b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Mon, 26 Jun 2023 20:18:22 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 962

GET
H2 200 css
fonts.googleapis.com/ 44 KB
2 KB 164ms
50ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.2.2

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

af56f9a97ba9853d88e0dc672d67e32e3ff2f829df312625ef64a878f8632cf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 03 Jul 2023 20:10:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 03 Jul 2023 22:05:31 GMT

GET
H2 200 jetpack.css
www.creditosul.com/wp-content/plugins/jetpack/css/ 85 KB
23 KB 470ms
466ms Stylesheet
text/css 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-content/plugins/jetpack/css/jetpack.css?ver=11.7.2
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: 867db731598a60f3bcec5f74c3775d11d0acbfe1ebbc51db63231568f3226716

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Tue, 30 May 2023 20:10:29 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/css

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 75 KB
26 KB 286ms
154ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

15fc476568c5c1919ef90dae9f6bce548c9f585d0f08a4136e6b6bda1c709cb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26078
x-xss-protection: 0
server: cafe
etag: 244 / 19541 / 31075787 / config-hash: 9368321761009417704
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 03 Jul 2023 22:05:32 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 191 KB
69 KB 149ms
53ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10883628328

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4ea1abdde849b92b49b1be554bed773d8cc45f2497ff42bf11b761e21b5dbf23

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70645
x-xss-protection: 0
last-modified: Mon, 03 Jul 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 03 Jul 2023 22:05:32 GMT

GET
H2 200 push-notification.js Show response
script.joinads.me/ 1 KB
821 B 156ms
42ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.joinads.me/push-notification.js
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39d0fd9943a1069718bb60c51587b8a2b7711d562766565fafd8ac6050e44cdb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 278804
cf-polished: origSize=1350
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 01 Apr 2021 12:59:38 GMT
server: cloudflare
etag: W/"6065c3ba-546"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f%2B8viogybs7yNm1h0DBbMj%2FwiiOEivHVgEfiinpAso5GrNodrx1gCvzbpqUA1mdntOWQvOghh0GUZBx%2F%2B7oAwrkwVjhQFAREx0JDj2eQISJxz4UzG60DCPAAtyaKbNYaC9mu5GsaAO3%2B5wzfithBHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31104000
cf-ray: 7e126e326d479bef-FRA
expires: Mon, 24 Jun 2024 16:38:47 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 140 KB
48 KB 179ms
91ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9060780421721333

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d2817724798e93de09aae1fdfe819bf8c6071ca93a306cd369969878b4fd5a2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.creditosul.com/
Origin: https://www.creditosul.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48944
x-xss-protection: 0
server: cafe
etag: 4116276943046997634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 03 Jul 2023 22:05:32 GMT

GET
H2 200 animations.min.css
www.creditosul.com/wp-content/plugins/elementor/assets/lib/animations/ 18 KB
3 KB 560ms
556ms Stylesheet
text/css 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.6.7
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Mon, 18 Jul 2022 21:07:56 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 2997

GET
H2 200 frontend.min.js Show response
www.creditosul.com/wp-content/themes/astra/assets/js/minified/ 16 KB
5 KB 430ms
427ms Script
application/javascript 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.8.5
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: 07b22178596c5c5ac3c9d568c7c86ab07960f1fb5ac0be88761eb3802df8905b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Mon, 18 Jul 2022 21:40:16 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 5573

GET
H2 200 wp-polyfill-inert.min.js Show response
www.creditosul.com/wp-includes/js/dist/vendor/ 8 KB
3 KB 428ms
425ms Script
application/javascript 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Wed, 29 Mar 2023 20:10:00 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 2977

GET
H2 200 regenerator-runtime.min.js Show response
www.creditosul.com/wp-includes/js/dist/vendor/ 6 KB
3 KB 431ms
427ms Script
application/javascript 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.11
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: 6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Wed, 29 Mar 2023 20:10:00 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 2726

GET
H2 200 wp-polyfill.min.js Show response
www.creditosul.com/wp-includes/js/dist/vendor/ 17 KB
7 KB 429ms
426ms Script
application/javascript 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: 1c1fef6e6b4f9832603850b9b6562e74d9a6a3700ba836efe88facc577121e8b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Wed, 02 Nov 2022 08:19:08 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 7621

GET
H2 200 index.js Show response
www.creditosul.com/wp-content/plugins/contact-form-7/includes/js/ 21 KB
8 KB 563ms
560ms Script
application/javascript 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: 7abd36a2f651330420d86187c125331d679408d1be7b6cd93efa64e08eaf80c7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Mon, 18 Jul 2022 21:09:46 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 7973

GET
H2 200 webpack.runtime.min.js Show response
www.creditosul.com/wp-content/plugins/elementor/assets/js/ 5 KB
2 KB 432ms
429ms Script
application/javascript 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.6.7
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: e31e1cfb470365c46c451ae94f3a5f9bac9df96a0f403f044f851228a5bf1667

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Mon, 18 Jul 2022 21:07:56 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 2315

GET
H2 200 jquery.min.js Show response
www.creditosul.com/wp-includes/js/jquery/ 88 KB
38 KB 434ms
431ms Script
application/javascript 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Wed, 29 Mar 2023 20:10:00 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 jquery-migrate.min.js Show response
www.creditosul.com/wp-includes/js/jquery/ 13 KB
5 KB 431ms
428ms Script
application/javascript 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: 9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:31 GMT
content-encoding: gzip
last-modified: Wed, 29 Mar 2023 20:10:00 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 5335

GET
H2 200 frontend-modules.min.js Show response
www.creditosul.com/wp-content/plugins/elementor/assets/js/ 14 KB
6 KB 431ms
429ms Script
application/javascript 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.6.7
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: 133f35fbfc23c0d8cf814176860427bd6a02da9278de3de662da11d9602d8582

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:32 GMT
content-encoding: gzip
last-modified: Mon, 18 Jul 2022 21:07:56 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 5798

GET
H2 200 jquery.sticky.min.js Show response
www.creditosul.com/wp-content/plugins/elementor-pro/assets/lib/sticky/ 6 KB
2 KB 432ms
429ms Script
application/javascript 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.0.10
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: a48dea362116d7516a2cf97066a32758d353760ee02dbf900ddff86b02a16473

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:32 GMT
content-encoding: gzip
last-modified: Mon, 18 Jul 2022 21:09:19 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 2153

GET
H2 200 frontend.min.js Show response
www.creditosul.com/wp-content/plugins/elementor-pro/assets/js/ 184 KB
66 KB 432ms
430ms Script
application/javascript 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.0.10
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: f3971b50c2fef5d876fd6c9e71e3627e52a1b486c2d590756b352059319a6446

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:32 GMT
content-encoding: gzip
last-modified: Mon, 18 Jul 2022 21:09:19 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 waypoints.min.js Show response
www.creditosul.com/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
4 KB 434ms
431ms Script
application/javascript 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: 214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:32 GMT
content-encoding: gzip
last-modified: Mon, 18 Jul 2022 21:07:56 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 3747

GET
H2 200 core.min.js Show response
www.creditosul.com/wp-includes/js/jquery/ui/ 21 KB
8 KB 433ms
430ms Script
application/javascript 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:32 GMT
content-encoding: gzip
last-modified: Wed, 29 Mar 2023 20:10:00 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 8343

GET
H2 200 frontend.min.js Show response
www.creditosul.com/wp-content/plugins/elementor/assets/js/ 37 KB
15 KB 434ms
432ms Script
application/javascript 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.6.7
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: e0f0d6d71e313ae3ee40517ae4df4806d42aacf7720c5c0220506c247796c4f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:32 GMT
content-encoding: gzip
last-modified: Mon, 18 Jul 2022 21:07:56 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 14837

GET
H2 200 e-202327.js Show response
stats.wp.com/ 7 KB
3 KB 127ms
31ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202327.js
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn
date: Mon, 03 Jul 2023 22:05:32 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/13576-1684461103136.7104
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 01 Jul 2024 11:39:33 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 175 KB
64 KB 211ms
115ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-201994943-9

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

100260c9bcb6d88ad77ce854969dc46bad3048f96ad127c24ab05715c8105936

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65308
x-xss-protection: 0
last-modified: Mon, 03 Jul 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 03 Jul 2023 22:05:32 GMT

GET
H2 200 wp-emoji-release.min.js Show response
www.creditosul.com/wp-includes/js/ 18 KB
5 KB 151ms
150ms Script
application/javascript 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.creditosul.com/wp-includes/js/wp-emoji-release.min.js?ver=6.2.2
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:32 GMT
content-encoding: gzip
last-modified: Wed, 29 Mar 2023 20:10:00 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 5344

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 171 KB
47 KB 110ms
33ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2da988427b34614d705adbf808e2e61d91f67bf147db9049e34c99b3624171e8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 03 Jul 2023 22:05:32 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 46863
x-xss-protection: 0
pragma: public
x-fb-debug: HyU4Nz+a64hDhIsQQrUPCTUsp431JzdpwIzB33hhQx4oLcQuuWVGwIfNOBqI5X4FujuMg4vLJECjkUkLVF854w==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 132ms
38ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.2.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.creditosul.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 02 Jul 2023 05:19:29 GMT
x-content-type-options: nosniff
age: 146763
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 01 Jul 2024 05:19:29 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 173ms
79ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.creditosul.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 18:58:23 GMT
x-content-type-options: nosniff
age: 184029
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 30 Jun 2024 18:58:23 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 134ms
47ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.creditosul.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 22:16:07 GMT
x-content-type-options: nosniff
age: 344965
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 28 Jun 2024 22:16:07 GMT

GET
H2 200 Linkedin-Banner-Executivo-Sofisticado-Creme-e-Turquesa-1-1024x307.jpg
www.creditosul.com/wp-content/uploads/2023/04/ 47 KB
47 KB 149ms
149ms Image
image/jpeg 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.creditosul.com/wp-content/uploads/2023/04/Linkedin-Banner-Executivo-Sofisticado-Creme-e-Turquesa-1-1024x307.jpg
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: becb4a032744398003d75428dec7b3d8bbbde666155c4353515a0d956a410b5a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:32 GMT
last-modified: Wed, 12 Apr 2023 12:19:06 GMT
server: Apache
accept-ranges: bytes
content-length: 48397
content-type: image/jpeg

GET
H2 200 Design-sem-nome-2023-02-27T142314.250-768x512.png
www.creditosul.com/wp-content/uploads/2023/02/ 69 KB
69 KB 150ms
149ms Image
image/png 108.179.193.124
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.creditosul.com/wp-content/uploads/2023/02/Design-sem-nome-2023-02-27T142314.250-768x512.png
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.124 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-124.unifiedlayer.com
Software: Apache /
Resource Hash: 69698827bf9a8f714565fccaf9b3de5d3e33c24ac2885bd30991fe980e833df8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:32 GMT
last-modified: Mon, 27 Feb 2023 17:27:23 GMT
server: Apache
accept-ranges: bytes
content-length: 70400
content-type: image/png

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 43ms
29ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=215162132&post=2565&tz=-3&srv=www.creditosul.com&j=1%3A11.7.2&host=www.creditosul.com&ref=&fcp=2056&rand=0.1755834422976863
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 03 Jul 2023 22:05:32 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 1537353300119728 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 192ms
191ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1537353300119728?v=2.9.111&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e9d96de6ba659a2d25e1f09582373ba81250a2fbe672ec5e583568a031a08e98

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 03 Jul 2023 22:05:32 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: 94bToQrV2n0tpQoviGuz4jURTUvd9TBmzvk/8mEKflu2OBtmM47K1GxfleyXliONHbiOMm7Fs4rssQ/sbwSMrQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306230101/ 344 KB
118 KB 178ms
101ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9060780421721333&plah=www.creditosul.com&bust=31075664

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9060780421721333

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4e539500752069c624d4c1c9719b0cd75bf0e88923c78017e42ceb8e095596ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120898
x-xss-protection: 0
server: cafe
etag: 9597987923561657142
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 03 Jul 2023 22:05:32 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230627/r20190131/ Frame E328 10 KB
5 KB 125ms
39ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230627/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9060780421721333

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.creditosul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 16315
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4544
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 17:33:37 GMT
etag: 12368291122986407432
expires: Mon, 17 Jul 2023 17:33:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10883628328/ 3 KB
2 KB 138ms
84ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10883628328/?random=1688421932627&cv=11&fst=1688421932627&bg=ffffff&guid=ON&async=1&gtm=45be36s0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&hn=www.googleadservices.com&frm=0&tiba=e-restitui%C3%A7%C3%A3o-ir-pix%20-%20Credito%20Sul&auid=1371899226.1688421933&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10883628328

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dd3eea01c5f2cad96d8879a555421517c84ef286d4eb1336a57070b005953d45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1387
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/10883628328/ 3 KB
2 KB 181ms
50ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/10883628328/?random=1688421932641&cv=11&fst=1688421932641&bg=ffffff&guid=ON&async=1&gtm=45be36s0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&label=sgBQCMy6kYMYEKj628Uo&hn=www.googleadservices.com&frm=0&tiba=e-restitui%C3%A7%C3%A3o-ir-pix%20-%20Credito%20Sul&gtm_ee=1&auid=1371899226.1688421933&uamb=0&uaw=0&data=event%3Dconversion&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10883628328

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

cafe /

Resource Hash

1ac27f152e4feabe9215d391259336844d64f5c62149a7978634c1ab2c3b27d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1633
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 175 KB
64 KB 54ms
53ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-201994943-9&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10883628328

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d8149e00f11e583d2465a3ca5ac752c86e8b620095d2405178f5ff8e97e12d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65289
x-xss-protection: 0
last-modified: Mon, 03 Jul 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 03 Jul 2023 22:05:32 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 217 KB
77 KB 56ms
56ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-PTG7E1ZHWM&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-201994943-9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c3c8e9fb64ccd55d6a7b7ac277231e3a3f29710313d26a38b321ccaaffe4501d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79067
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 03 Jul 2023 22:05:32 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 131ms
40ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-201994943-9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 03 Jul 2023 20:35:22 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 5410
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 03 Jul 2023 22:35:22 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/ 392 KB
125 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8ab758e32437cf86d59e683d808940365c56bf6893f391a96d19e731b21bf154

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 16:36:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19756
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127514
x-xss-protection: 0
server: cafe
etag: 13498126467117012333
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 02 Jul 2024 16:36:16 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 120ms
39ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-PTG7E1ZHWM&gtm=45je36s0&_p=1745806920&cid=1209800818.1688421933&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&ngs=1&_s=1&sid=1688421932&sct=1&seg=0&dl=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&dt=e-restitui%C3%A7%C3%A3o-ir-pix%20-%20Credito%20Sul&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PTG7E1ZHWM&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:32 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.creditosul.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 1897808950573752 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 173ms
173ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1897808950573752?v=2.9.111&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

31eb4c2edea11284a2a954bbac401c86e16641731c5815f51190b584062d8f4e

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 03 Jul 2023 22:05:32 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: s2rGjgVdVyg+uKasAQ9LXQxoY9BapvurNFyqsbVqtGW6vgqNSv51hEWtrDc3ep0lJvnjSGu77bLHvxQxaVaSkg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 140ms
47ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.creditosul.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
878 B 107ms
32ms Script
application/javascript 2a04:4e42:200::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 03 Jul 2023 22:05:32 GMT
x-content-type-options: nosniff
content-encoding: br
age: 38744
x-jsd-version: master
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 439
x-served-by: cache-fra-eddf8230138-FRA
x-jsd-version-type: branch
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 145ms
38ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 16:21:58 GMT
content-encoding: gzip
age: 1230214
x-guploader-uploadid: ADPycdu0ofEeAAYzdW5Z96wZyLXgm23ax7D6-P-kRrnYYyzN40_lI7nGf6iRwNhdTCtUf4jMUk4Ic8OfTq9SQAz3Ia2XKw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Tue, 18 Jun 2024 16:21:58 GMT

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 102 KB
25 KB 124ms
43ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4924e12a30059184d9bd1c36294dcdf957f5f2da452209448b35a93aa785cca5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:32 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 22 Jun 2023 08:35:03 GMT
server: cloudflare
x-amz-request-id: M09PMNP1D3AXGAF2
age: 2137
etag: W/"9b8b8eb50e4814cbdc325ce477c96910"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 7e126e390c0d9b37-FRA
x-amz-id-2: 4+GCTn0e+urhSC1mnrZ5nFji83FLGV6QpKHfChg2O6uyl0MiSdHixRESP8fm/nBBJbHlCeCJIWY=

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
13 KB 149ms
74ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

20e74dbf3ee183f6fe1447dd7efef616905f78e10733e618dfd67f54c8a25ca8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:32 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 29 Jun 2023 05:28:55 GMT
server: nginx
etag: W/"649d1697-a980"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 04 Jul 2023 22:05:32 GMT

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 2 KB
2 KB 123ms
34ms Script
text/javascript 2600:9000:2250:4000:a:e047:753:be1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:4000:a:e047:753:be1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a695b8b12c7d88355d0b1b33d6c643a7913bcfbeae91553bd7560019188b1032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: null
Date: Mon, 03 Jul 2023 05:58:56 GMT
Via: 1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
Last-Modified: Thu, 04 May 2023 00:14:06 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P2
Age: 59537
x-amz-server-side-encryption: AES256
ETag: "4d5acbf33f4a0592ac0515db92fe88e6"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1858
X-Amz-Cf-Id: YPQ0ADzFJdY76BYn3eWec4ylKJgV4o6DhDVimq9JPe5NJOpShNxOWA==

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 195 KB
53 KB 1225ms
1224ms XHR
text/plain 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2425155733553059&correlator=2622643141613887&eid=31075787&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=22526454507%2Ccreditosul.com%2CCreditosul_Interstitial_20230624&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=2&adks=2158289795&sfv=1-0-40&ists=1&fas=8&cust_params=id_post_wp%3D2565%26utm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&sc=1&cookie_enabled=1&abxe=1&dt=1688421932867&lmt=1688421932&dlt=1688421931764&idt=1052&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=1209800818.1688421933&ga_sid=1688421933&ga_hid=1745806920&ga_fc=true&a3p=EhsKDGlkNS1zeW5jLmNvbRi4vqjukTFIAFICCGQSGQoKcHViY2lkLm9yZxi4vqjukTFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Yub6o7pExSABSAghkEhQKBW9wZW54GLi-qO6RMUgAUgIIZBIZCgp1aWRhcGkuY29tGLm-qO6RMUgAUgIIZA..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a83422b4a702bf55d780c3dc7f89e1a34c8d6b34cb5284503f573520eece166

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:34 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54257
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.creditosul.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 133 KB
42 KB 446ms
446ms XHR
text/plain 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2425155733553059&correlator=2622643141613887&eid=31075787&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=22526454507%2Ccreditosul.com%2CCreditosul_Anchor_20230624&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=3&adks=2726792104&sfv=1-0-40&ists=1&fas=2&cust_params=id_post_wp%3D2565%26utm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&sc=1&cookie_enabled=1&abxe=1&dt=1688421932876&lmt=1688421932&dlt=1688421931764&idt=1052&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=1209800818.1688421933&ga_sid=1688421933&ga_hid=1745806920&ga_fc=true&a3p=EhsKDGlkNS1zeW5jLmNvbRi4vqjukTFIAFICCGQSGQoKcHViY2lkLm9yZxi4vqjukTFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Yub6o7pExSABSAghkEhQKBW9wZW54GLi-qO6RMUgAUgIIZBIZCgp1aWRhcGkuY29tGLm-qO6RMUgAUgIIZA..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb89dd9e15012aaf7793589dac9047e4cd7a6ca775cef044ece7f23217acb7b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:33 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42486
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.creditosul.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 142 KB
43 KB 1668ms
1668ms XHR
text/plain 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2425155733553059&correlator=2622643141613887&eid=31075787&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=22526454507%2Ccreditosul.com%2CCreditosul_Content1_20230624&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=250x250%7C300x250%7C336x280&ifi=4&adks=3506845074&sfv=1-0-40&cust_params=id_post_wp%3D2565%26utm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&sc=1&cookie_enabled=1&abxe=1&dt=1688421932880&lmt=1688421932&dlt=1688421931764&idt=1052&adxs=675&adys=665&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&frm=20&vis=1&psz=1120x0&msz=1120x0&fws=4&ohw=1600&ga_vid=1209800818.1688421933&ga_sid=1688421933&ga_hid=1745806920&ga_fc=true&a3p=EhsKDGlkNS1zeW5jLmNvbRi4vqjukTFIAFICCGQSGQoKcHViY2lkLm9yZxi4vqjukTFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Yub6o7pExSABSAghkEhQKBW9wZW54GLi-qO6RMUgAUgIIZBIZCgp1aWRhcGkuY29tGLm-qO6RMUgAUgIIZA..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

424819e46bf5c64acc9eb22fd6c9820b102101a9dcc57e42452955c19195fb17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:34 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43946
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.creditosul.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 34 KB
14 KB 1392ms
1392ms XHR
text/plain 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2425155733553059&correlator=2622643141613887&eid=31075787&output=ldjh&gdfp_req=1&vrg=202306280101&ptt=17&impl=fif&iu_parts=22526454507%2Ccreditosul.com%2CCreditosul_MOBILE_Fixed_20230624&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C320x90&ifi=5&adks=1425431298&sfv=1-0-40&cust_params=id_post_wp%3D2565%26utm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&sc=1&cookie_enabled=1&abxe=1&dt=1688421932883&lmt=1688421932&dlt=1688421931764&idt=1052&adxs=-12245933&adys=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=644&ohw=1600&ga_vid=1209800818.1688421933&ga_sid=1688421933&ga_hid=1745806920&ga_fc=true&a3p=EhsKDGlkNS1zeW5jLmNvbRi4vqjukTFIAFICCGQSGQoKcHViY2lkLm9yZxi4vqjukTFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Yub6o7pExSABSAghkEhQKBW9wZW54GLi-qO6RMUgAUgIIZBIZCgp1aWRhcGkuY29tGLm-qO6RMUgAUgIIZA..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41581282cd194744acc9836375924585ed25e3a4145e0e9f57fee9f5075abee2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:34 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14484
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.creditosul.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 263F 6 KB
3 KB 177ms
44ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.creditosul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 22:05:33 GMT
expires: Tue, 02 Jul 2024 22:05:33 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/ 37 KB
13 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl_page_level_ads.js?cb=31075787

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7d6256c00ec47909aed0ff141dc3ade34b82dc1eaa57922edaa443409d0f768a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 11:36:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 37750
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13151
x-xss-protection: 0
server: cafe
etag: 13663737688922070526
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 02 Jul 2024 11:36:22 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/10883628328/ 42 B
455 B 157ms
49ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10883628328/?random=1688421932627&cv=11&fst=1688421600000&bg=ffffff&guid=ON&async=1&gtm=45be36s0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&frm=0&tiba=e-restitui%C3%A7%C3%A3o-ir-pix%20-%20Credito%20Sul&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1854729995&rmt_tld=0&ipr=y

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:33 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/10883628328/ 42 B
455 B 150ms
50ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10883628328/?random=1688421932627&cv=11&fst=1688421600000&bg=ffffff&guid=ON&async=1&gtm=45be36s0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&frm=0&tiba=e-restitui%C3%A7%C3%A3o-ir-pix%20-%20Credito%20Sul&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1854729995&rmt_tld=1&ipr=y

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:33 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
208 B 47ms
45ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1745806920&t=pageview&_s=1&dl=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&ul=en-us&de=UTF-8&dt=e-restitui%C3%A7%C3%A3o-ir-pix%20-%20Credito%20Sul&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=331678342&gjid=1204305381&cid=1209800818.1688421933&tid=UA-201994943-9&_gid=614841432.1688421933&_r=1&gtm=457e36s0&jsscut=1&z=187751118

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.creditosul.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.creditosul.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 395 B
603 B 131ms
47ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.creditosul.com&callback=_gfp_s_&client=ca-pub-9060780421721333

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9060780421721333&plah=www.creditosul.com&bust=31075664

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c09ba41f54d13e6b804a0f82560af624c4cb246b15e3ad005d63799b2952dc3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 252
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A205 0
20 B 350ms
350ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9060780421721333&output=html&adk=1812271804&adf=3025194257&lmt=1688421932&plat=1%3A64%2C2%3A64%2C8%3A64%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688421932590&bpp=4&bdt=826&idt=326&shv=r20230627&mjsv=m202306230101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7987035050582&frm=20&pv=2&ga_vid=1209800818.1688421933&ga_sid=1688421933&ga_hid=1745806920&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759876%2C44759927%2C31075664%2C44772268%2C44788442&oid=2&pvsid=2425155733553059&tmod=1595575990&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=350

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.creditosul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 22:05:33 GMT
expires: Mon, 03 Jul 2023 22:05:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

/
www.google.de/pagead/1p-conversion/10883628328/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10883628328/?random=829186489&cv=11&fst=1688421932641&bg=ffffff&guid=ON&async=1&gtm=45be36s0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww...
https://www.google.com/pagead/1p-conversion/10883628328/?random=829186489&cv=11&fst=1688421932641&bg=ffffff&guid=ON&async=1&gtm=45be36s0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.creditosul.com%2Fe-r...
https://www.google.de/pagead/1p-conversion/10883628328/?random=829186489&cv=11&fst=1688421932641&bg=ffffff&guid=ON&async=1&gtm=45be36s0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.creditosul.com%2Fe-re...

42 B
108 B

52ms
51ms

Image
image/gif

2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/10883628328/?random=829186489&cv=11&fst=1688421932641&bg=ffffff&guid=ON&async=1&gtm=45be36s0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&label=sgBQCMy6kYMYEKj628Uo&hn=www.googleadservices.com&frm=0&tiba=e-restitui%C3%A7%C3%A3o-ir-pix%20-%20Credito%20Sul&gtm_ee=1&auid=1371899226.1688421933&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJOE9PSnBRWVE2OFdSOE8zdzJ0SGFBUkltQURMRFpQcUlMQXc2VmV2U1d0bkNrUjlxYzZqaDZwaGtES2JsX3V4V0U3VklValJnZ3dFGlpDaEVJOE9PSnBRWVFnTS1taGFYNGxLMjJBUkl1QURMWmpaMXBNcVhDTmw3T1ItT3dWaUkyN2xxT3NaQ3ZqRnVGaVVMSU5GSFpET19uanFEY0sxQW9fUDhhZXciEwjg-KTsxfP_AhUqyrsIHWXHBuk&is_vtc=1&ocp_id=LEajZOCyMaqU7_UP5Y6byA4&cid=CAQSKQBygQiDaktFAZLimHRnlyqYilTaZXu0Q_DK4q3sfrQz1wlR9zBxJ2d8&random=2481942465&ipr=y

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:33 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:33 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/10883628328/?random=829186489&cv=11&fst=1688421932641&bg=ffffff&guid=ON&async=1&gtm=45be36s0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&label=sgBQCMy6kYMYEKj628Uo&hn=www.googleadservices.com&frm=0&tiba=e-restitui%C3%A7%C3%A3o-ir-pix%20-%20Credito%20Sul&gtm_ee=1&auid=1371899226.1688421933&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJOE9PSnBRWVE2OFdSOE8zdzJ0SGFBUkltQURMRFpQcUlMQXc2VmV2U1d0bkNrUjlxYzZqaDZwaGtES2JsX3V4V0U3VklValJnZ3dFGlpDaEVJOE9PSnBRWVFnTS1taGFYNGxLMjJBUkl1QURMWmpaMXBNcVhDTmw3T1ItT3dWaUkyN2xxT3NaQ3ZqRnVGaVVMSU5GSFpET19uanFEY0sxQW9fUDhhZXciEwjg-KTsxfP_AhUqyrsIHWXHBuk&is_vtc=1&ocp_id=LEajZOCyMaqU7_UP5Y6byA4&cid=CAQSKQBygQiDaktFAZLimHRnlyqYilTaZXu0Q_DK4q3sfrQz1wlR9zBxJ2d8&random=2481942465&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204 increment Show response
id5-sync.com/api/esp/ 0
327 B 129ms
37ms XHR
text/plain 141.95.98.65
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.65 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216659.ip-141-95-98.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.creditosul.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.creditosul.com
date: Mon, 03 Jul 2023 22:05:32 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rid=esp&cc=1

85 B
202 B

139ms
139ms

Fetch
application/json

34.120.107.143
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rid=esp&cc=1
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Server: 34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 143.107.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: 7faee9bc543f6badd0b9efb172e0637cb8cfbd3bd786b056d2390f085d75ecc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:33 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-VciYDvyk0w5m1dh6waJcsejBpuk"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.creditosul.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Mon, 03 Jul 2023 22:05:33 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://www.creditosul.com
location: /esp?url=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 59CF 15 KB
6 KB 175ms
40ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.creditosul.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

42b9a15f9b6a86e0bca2678c6a6679ed2e73777ca55d893012e685275249f702

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.creditosul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 22:05:32 GMT
server: Kestrel
server-processing-duration-in-ticks: 290435
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 1417078182161683 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 168ms
167ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1417078182161683?v=2.9.111&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c6ea3b67b8bc4dd15db55c0ec71ea8a32ceafbdd9f48386b056c2463f9d657bb

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 03 Jul 2023 22:05:33 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: q4ahQPEJ4L8KFxiM9lAwMo8/7s+VVZydN32cxuOOK82r9p6SatBS29CGJI7ZEA6++HOzri/k0G9u/iVc5ZOuRA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 59CF
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=creditosul.com&sn=ChromeSyncframe&so=0&topUrl=www.creditosul.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=u7-VU3xqZS9xM1RyVUxmd3JKMk5qN2FFVFpnbnRYZVRLck5PTytmNENQZFl4WHhJejVyWVcyVEY5eGFpYUFxTmFWZ2xGSjVxZkFYempPTEdLQlJoZ0g4bmlFa29KTk5vRW5kTHRRQThtNlM4TFpKQUkxeVB6ZzV1MVB4MT...

422 B
666 B

188ms
43ms

Fetch
application/json

178.250.7.13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=u7-VU3xqZS9xM1RyVUxmd3JKMk5qN2FFVFpnbnRYZVRLck5PTytmNENQZFl4WHhJejVyWVcyVEY5eGFpYUFxTmFWZ2xGSjVxZkFYempPTEdLQlJoZ0g4bmlFa29KTk5vRW5kTHRRQThtNlM4TFpKQUkxeVB6ZzV1MVB4MTNrWVVzdk5VV0hsU2QxZXU5R1JUU05ZcS9kWHgvQ2JFNnpsM2pKWHlsc2dIcEtaM1I4U2pIWmNSZ1NTQTBtZ2Zvc2RPV0lhRmNRejdJRzFoNWxFQkRXQWdlUkFPZzhIRjdRWkt5RHpZVlZ0MStFVE1IalBXbnRUeFZJZzBCMUtiNk5LdVBzdDI1SjlZMzIxZFNLdTYvSzNNcUNVWmExQT09fA&cppv=2

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Server

178.250.7.13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

c960aa9c3b0dcd8dc75d3b5083fcef82e9d642bdbd81897382d79283edbf3708

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:33 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1244529
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:32 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=u7-VU3xqZS9xM1RyVUxmd3JKMk5qN2FFVFpnbnRYZVRLck5PTytmNENQZFl4WHhJejVyWVcyVEY5eGFpYUFxTmFWZ2xGSjVxZkFYempPTEdLQlJoZ0g4bmlFa29KTk5vRW5kTHRRQThtNlM4TFpKQUkxeVB6ZzV1MVB4MTNrWVVzdk5VV0hsU2QxZXU5R1JUU05ZcS9kWHgvQ2JFNnpsM2pKWHlsc2dIcEtaM1I4U2pIWmNSZ1NTQTBtZ2Zvc2RPV0lhRmNRejdJRzFoNWxFQkRXQWdlUkFPZzhIRjdRWkt5RHpZVlZ0MStFVE1IalBXbnRUeFZJZzBCMUtiNk5LdVBzdDI1SjlZMzIxZFNLdTYvSzNNcUNVWmExQT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 266381
content-length: 0
expires: 0

GET
H2 200 container.html Show response
29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 22EA 6 KB
3 KB 41ms
40ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.creditosul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 22:05:33 GMT
expires: Tue, 02 Jul 2024 22:05:33 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 5882 0
176 B 147ms
44ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.creditosul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Mon, 03 Jul 2023 22:05:33 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 css
fonts.googleapis.com/ Frame 22EA 4 KB
728 B 50ms
49ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4681d619f677c1b314814309a6f00a5e0ec3f12968e807ee71def1cf42bd7808

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 03 Jul 2023 22:05:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 03 Jul 2023 21:21:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 03 Jul 2023 22:05:33 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 22EA 2 KB
973 B 133ms
45ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 18:04:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14466
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 18:04:27 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 22EA 23 KB
9 KB 132ms
46ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite_fy2021.js

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 18:04:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14470
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9104
x-xss-protection: 0
server: cafe
etag: 12939045362079141464
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 18:04:23 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 22EA 3 KB
1 KB 136ms
50ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 18:11:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14045
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 18:11:28 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame BFD7 1 KB
643 B 41ms
40ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 18777
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 16:52:36 GMT
etag: 48472445140208031
expires: Tue, 04 Jul 2023 16:52:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 22EA 20 KB
9 KB 122ms
37ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15306
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 17:50:27 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 22EA 0
0 48ms
48ms Image
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRD_ErCCz6hIfOvSgiWte_7HSuMrGXG-xzqWXwlsYN2cTzIh2paSWBmRuapk5V8j7qNuxe00BPNTozmIFl9UP9e-0IK6Q
Requested by: Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 22EA 179 KB
57 KB 140ms
49ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 03 Jul 2023 22:05:33 GMT

GET
H2 200 5f03bef6f00b7a8cf9d43233a2aa7e67.js Show response
www.gstatic.com/mysidia/ Frame 22EA 33 KB
14 KB 131ms
37ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5f03bef6f00b7a8cf9d43233a2aa7e67.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a5fa3073b94aa8259d04802566504c897fd640610ea9f36654cfacc615f325e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 20:05:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 352820
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14183
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 19:09:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 27 Sep 2023 20:05:13 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame BFD7
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEF7q55ubFW7wnv0uYyGL8Jo&google_cver=1&google_push=AaAOQGHd-45wQuffTqHHRCq68yEM_2TIzvMUwiDANgfA_agyBYLqr0NIZ3EOtvHEkDqj5PliPTMEIvpBpoi6OPqCAB4HVx6k7bkpbw
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=OTEwNjY1Mjk4NTQzMjU1OTk2MQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEF7q55ubFW7wnv0uYyGL8Jo&google_cver=1

43 B
398 B

47ms
42ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEF7q55ubFW7wnv0uYyGL8Jo&google_cver=1
Requested by: Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 03 Jul 2023 22:05:33 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEF7q55ubFW7wnv0uYyGL8Jo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame BFD7 70 B
265 B 176ms
54ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESENuJlMjpXWOCXNPPk3pqaxA&google_cver=1&google_push=AaAOQGHNsRX6pS155pngBVPLg5IREpynqxED1YoYGHuPfHFsnv3L_bLCGmgfRS-MB4vNDJdTa7oAVWVPAAcIeL7S2vlDK_Q8Lqjg
Requested by: Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 03 Jul 2023 22:05:33 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame BFD7
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=OZZl3TvvTgmcFvwdv8E1Jg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
232 B

48ms
48ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=OZZl3TvvTgmcFvwdv8E1Jg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGG9jjY7agMfSNlf5poAn0tjdqUTaqpz6mBffYLUE-nEigvMdgl7D-Or7BzmWPFx5V_oqd3pTzwiAk2tIha2cPi47Vookre2

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=OZZl3TvvTgmcFvwdv8E1Jg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGG9jjY7agMfSNlf5poAn0tjdqUTaqpz6mBffYLUE-nEigvMdgl7D-Or7BzmWPFx5V_oqd3pTzwiAk2tIha2cPi47Vookre2
date: Mon, 03 Jul 2023 22:05:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame BFD7
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEE-AehTdGYK8gERtvBBzwdw&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEE-AehTdGYK8gERtvBBzwdw&google_push=Aa...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEE-AehTdGYK8gERtvBBzwdw&google_hm=ZKNGLVosudi0ZfkuNK4djQAAFGgAAAAB&google_nid=index&google_push=AaAOQGFacLlmcp03hsWPpVzppaoilYOUrtSYc...

170 B
232 B

49ms
49ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEE-AehTdGYK8gERtvBBzwdw&google_hm=ZKNGLVosudi0ZfkuNK4djQAAFGgAAAAB&google_nid=index&google_push=AaAOQGFacLlmcp03hsWPpVzppaoilYOUrtSYcUpOg1bfMnPcjDLdohsE_yYuTHdnKmMsSU6Y_QRDso7HeW_vt7_Eh6vlr3ZsBc16

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 03 Jul 2023 22:05:33 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEE-AehTdGYK8gERtvBBzwdw&google_hm=ZKNGLVosudi0ZfkuNK4djQAAFGgAAAAB&google_nid=index&google_push=AaAOQGFacLlmcp03hsWPpVzppaoilYOUrtSYcUpOg1bfMnPcjDLdohsE_yYuTHdnKmMsSU6Y_QRDso7HeW_vt7_Eh6vlr3ZsBc16
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame BFD7
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEHNkg4kPhd6xMFh9nC6yn14&google_cver=1&google_push=AaAOQGEQv20zj63N9JMpytEQu9lwKi9NQAAiRDG5EVeBfE5rmQpH73Mv-BqhvBJT50uaaHhVN-E2W3ZZqIHx2Hjj1g_e3YnfkD--
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AaAOQGEQv20zj63N9JMpytEQu9lwKi9NQAAiRDG5EVeBfE5rmQpH73Mv-BqhvBJT50uaaHhVN-E2W3ZZqIHx2Hjj1g_e3YnfkD-...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDExMDE3ODk2MTMzNjg4NTk0NTQzNg%3D%3D&google_push=AaAOQGEQv20zj63N9JMpytEQu9lwKi9NQAAiRDG5EVeBfE5rmQpH73Mv...

170 B
243 B

49ms
49ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDExMDE3ODk2MTMzNjg4NTk0NTQzNg%3D%3D&google_push=AaAOQGEQv20zj63N9JMpytEQu9lwKi9NQAAiRDG5EVeBfE5rmQpH73Mv-BqhvBJT50uaaHhVN-E2W3ZZqIHx2Hjj1g_e3YnfkD--

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDExMDE3ODk2MTMzNjg4NTk0NTQzNg%3D%3D&google_push=AaAOQGEQv20zj63N9JMpytEQu9lwKi9NQAAiRDG5EVeBfE5rmQpH73Mv-BqhvBJT50uaaHhVN-E2W3ZZqIHx2Hjj1g_e3YnfkD--
date: Mon, 03 Jul 2023 22:05:33 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58281/ Frame BFD7 0
125 B 211ms
35ms Image
text/plain 3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEHMu9CCKH1-NS9TX2mbR5Hc&google_cver=1&google_push=AaAOQGHbKiVHexIjkYKRwNsJTL5XKsjY5Kw6QwFtAYtC_fW6pBXhHNRoCwkmwduajsa4E7cTuC09p1i2oSlIeGNc_YlZ2EGD1dt4qQw

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:33 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

/
onetag-sys.com/match/ Frame BFD7
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEFZTjIySwS1poeT3KKlNplc&google_cver=1&google_push=AaAOQGEk6NJj1YrzKRx7FJad8eul4AS02MCbE-CGI1HunN-Rb1tukkL0hX_Njf_vFXVID6DC5fZ3NpUTBr3...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGEk6NJj1YrzKRx7FJad8eul4AS02MCbE-CGI1HunN-Rb1tukkL0hX_Njf_vFXVID6DC5fZ3NpUTBr3E4pDXZ9zAqXQxRM6qdg4
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

40ms
40ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame BFD7 0
130 B 148ms
46ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LDv-_pBqaGx7wpw2DEyhuitCOOiJEaK28-1fcXsmglqEqz5hCxVIQWLf7WkToXxButCWy238c

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:33 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 1213417872897242 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 170ms
169ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1213417872897242?v=2.9.111&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0231a170cb5204055696f44f744eec121d834462c11476f479ff523fe59d294c

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 03 Jul 2023 22:05:33 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: kh1MFLVEVc8Y24H6jaA/Htaa7sEU9gdpwXBRO/fMy+Eb96X8fnknCioadcDtcdGBGZU6FdByRzoNALmmImMV0w==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js Show response
pagead2.googlesyndication.com/bg/ Frame 7D7F 37 KB
14 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 13:22:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31368
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14631
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 02 Jul 2024 13:22:45 GMT

GET
H3 200 2740767399393350 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 178ms
177ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2740767399393350?v=2.9.111&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cca1d217dfa402be35f14c0581cd97def322243e07376827927fa45e4eb02173

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 03 Jul 2023 22:05:33 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: zjmcBwd+JFSwu5Lb2+uMv39y5zR1mIuNtxseOKYMgwyBeH9FVvarhvnQ4of6d4LaYjLgfUsPXQQ7lI0LuhbONQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 9038410082867569 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 170ms
169ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/9038410082867569?v=2.9.111&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

46baa2a6f37fa5c72a78c3f0db33d5a626985b4f9ce5fb1d5ba9bd8360c1b307

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: Tm9X5eItdZ7I2KJqEnaIk+EYG9DAgfNXmPfcwC8Vz3yRIR1e2k/qvklI+6YA+39PS5o4K9MoEwPJryHyQA4KyQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 container.html Show response
29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D5C4 6 KB
3 KB 37ms
37ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.creditosul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 22:05:33 GMT
expires: Tue, 02 Jul 2024 22:05:33 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 507317848148093 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 195ms
195ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/507317848148093?v=2.9.111&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9f66cf2042fc283bc05b96d871ec742da1c1198a13eb0cad4053b34c9ff844b0

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: NM0LzzJn/AhFzqd0QiTSWmoqq4KE0Zxbge5532MzVSsC5/8DH+0pIachJXtIf/cuTvnVmv00c6ixSuinDvr82Q==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 css2
fonts.googleapis.com/ Frame D5C4 4 KB
671 B 48ms
48ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 03 Jul 2023 22:05:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 03 Jul 2023 20:54:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 03 Jul 2023 22:05:34 GMT

GET
H2 200 90cda0d4b2e9798013d5ae8e8588fe0b.js Show response
www.gstatic.com/mysidia/ Frame 5934 9 KB
4 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/90cda0d4b2e9798013d5ae8e8588fe0b.js?tag=client_fast_engine_2019

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa7074f9a3c53a17de894245299386751108ee411500d2548aaf09c30fc1e555

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:33:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16311
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3972
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 19:09:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 01 Oct 2023 17:33:43 GMT

GET
H2 200 406dbba891b387e92c78189f03f7ec13.js Show response
www.gstatic.com/mysidia/ Frame 5934 117 KB
41 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/406dbba891b387e92c78189f03f7ec13.js?tag=leadgen/new_snom_text

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f79737ff968de505e56b83cb3e42eaca8b4cc8e636882c79029eee9326fadd78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 23:22:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 600205
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41716
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 23:04:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 24 Sep 2023 23:22:09 GMT

GET
H2 200 0a344a526ec8d4f9a35ac9588626e14d.js Show response
www.gstatic.com/mysidia/ Frame 5934 19 KB
8 KB 73ms
73ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/0a344a526ec8d4f9a35ac9588626e14d.js?tag=pingback

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b422edd9de5ae893d9520d5659919963e6194aafea56a74406021f7c337a524c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 16:52:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18784
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8005
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 19:09:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 01 Oct 2023 16:52:30 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 5934 9 KB
1 KB 55ms
54ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%7CGoogle%20Sans%3A400

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

99fae6468b3bd803389038dbee0d9d96f845779869b3d448db662e735bb8ec6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 03 Jul 2023 22:05:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 03 Jul 2023 21:44:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 03 Jul 2023 22:05:34 GMT

GET
H3 200 mdc_list_min.js Show response
pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/js/ Frame 5934 27 KB
6 KB 40ms
38ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/js/mdc_list_min.js

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0a0610548e89956b26496552978f70638cbbba6f7d3fc204e137457a52d53f8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 16:54:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18657
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6467
x-xss-protection: 0
server: cafe
etag: 4758454654811317262
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 04 Jul 2023 16:54:37 GMT

GET
H3 200 mdc_menu_min.js Show response
pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/js/ Frame 5934 51 KB
11 KB 41ms
38ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/js/mdc_menu_min.js

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd543b21d162ee922201fe54b79778548f8102ea91376960e856c069a135cb76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:09:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57356
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11146
x-xss-protection: 0
server: cafe
etag: 2759356358486721826
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 04 Jul 2023 06:09:38 GMT

GET
H3 200 mdc_menu_surface.min.js Show response
pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/js/ Frame 5934 18 KB
5 KB 57ms
54ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/js/mdc_menu_surface.min.js

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

35ef325738aec617e593976f23534b7d5b159f4642f24bc7c1bbbb40a7dc181f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:48:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15431
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4739
x-xss-protection: 0
server: cafe
etag: 18373107336927916518
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 04 Jul 2023 17:48:23 GMT

GET
H3 200 mdc_select_min.js Show response
pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/js/ Frame 5934 103 KB
18 KB 55ms
53ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/js/mdc_select_min.js

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f61ce0d0d062c15912a8fd7067d050eb058a4947d7d516ffa6efc31fd32ea731

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:51:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15223
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18791
x-xss-protection: 0
server: cafe
etag: 10996637669125113147
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 04 Jul 2023 17:51:51 GMT

GET
H3 200 mdc_textfield_min.js Show response
pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/js/ Frame 5934 58 KB
10 KB 53ms
51ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/js/mdc_textfield_min.js

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bbd11d287d579b875f5ba1e88c62f56834dd8d925d7776fdc4eb201cf9aa5192

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 07:58:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50811
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10107
x-xss-protection: 0
server: cafe
etag: 7588401036457704084
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 04 Jul 2023 07:58:43 GMT

GET
H3 200 mdc_list_min.css
pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/css/ Frame 5934 31 KB
3 KB 51ms
49ms Stylesheet
text/css 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/css/mdc_list_min.css

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

39473f41f6492001648e93d50aa18f14ae5e917cd9c93da48ec2dd50ca1f364b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:54:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54664
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3021
x-xss-protection: 0
server: cafe
etag: 18113988596513574663
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 04 Jul 2023 06:54:30 GMT

GET
H3 200 mdc_menu_min.css
pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/css/ Frame 5934 3 KB
794 B 51ms
49ms Stylesheet
text/css 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/css/mdc_menu_min.css

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3c4a4057f02182efe3e8959561124f215a4a8e50e03257b71d550cbf74ecc4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:48:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15431
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 766
x-xss-protection: 0
server: cafe
etag: 14497039402300002370
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 04 Jul 2023 17:48:23 GMT

GET
H3 200 mdc_menu_surface_min.css
pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/css/ Frame 5934 2 KB
636 B 50ms
48ms Stylesheet
text/css 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/css/mdc_menu_surface_min.css

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

389090922185d81fe757eb0e033fccb17583e98a7dc5b9900a1dbd7bb49aafa5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 15:57:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22096
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 611
x-xss-protection: 0
server: cafe
etag: 18268606943400439583
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 04 Jul 2023 15:57:18 GMT

GET
H3 200 mdc_select_min.css
pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/css/ Frame 5934 37 KB
4 KB 52ms
50ms Stylesheet
text/css 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/css/mdc_select_min.css

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b5737b0c371611ffbda25040aefb4a72202b3f4f4223da5802f9841823f125ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:09:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57356
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3940
x-xss-protection: 0
server: cafe
etag: 17986137158686949241
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 04 Jul 2023 06:09:38 GMT

GET
H3 200 mdc_textfield_min.css
pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/css/ Frame 5934 51 KB
5 KB 51ms
49ms Stylesheet
text/css 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gadgets/mysidia/static/css/mdc_textfield_min.css

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5fb44f5faa5569cf002f97433c48ff5f53a0c6a181d3f67858c93a8379dbde0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 05:26:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59940
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4595
x-xss-protection: 0
server: cafe
etag: 17552977722549843295
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 04 Jul 2023 05:26:34 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 5934 2 KB
931 B 45ms
42ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 18:04:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14467
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 18:04:27 GMT

GET
H2 200 295f866bdf8a9d2eacd799fd6d660670.js Show response
www.gstatic.com/mysidia/ Frame 5934 22 KB
9 KB 83ms
81ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/295f866bdf8a9d2eacd799fd6d660670.js?tag=exit_2019

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4e52504e28737fce70410213376b4c7486ce57a1768b937c2d83c869a580c4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 23:17:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 600467
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9301
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 23:04:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 24 Sep 2023 23:17:47 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 5934 23 KB
9 KB 45ms
43ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite_fy2021.js

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 18:04:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14471
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9104
x-xss-protection: 0
server: cafe
etag: 12939045362079141464
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 18:04:23 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 5934 3 KB
1 KB 47ms
45ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 18:11:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14046
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 18:11:28 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 5934 20 KB
8 KB 38ms
36ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15307
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 17:50:27 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 5934 0
0 54ms
52ms Image
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS5qdPsqtw31FvGsFzi5OE9yPyArQkldfOv0OkhmRT2ZxV40qT3RsGydMBfMJi4HOf9HFB4uDXAkSNmrpO27gfOyNZBqQ
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5934 179 KB
56 KB 56ms
54ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 03 Jul 2023 22:05:34 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame D5C4 20 KB
9 KB 46ms
46ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

27c045f2414b6b6af54b601c46312a6cbeb5dff6da152d9aceea0272fc896d03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 19:00:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11092
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8602
x-xss-protection: 0
server: cafe
etag: 5099012690780875661
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 19:00:42 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame D5C4 205 B
520 B 85ms
84ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 02 Jul 2023 14:29:14 GMT
x-content-type-options: nosniff
age: 113780
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 17:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 01 Jul 2024 14:29:14 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame D5C4 604 B
696 B 85ms
85ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:47:52 GMT
x-content-type-options: nosniff
age: 256662
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 17:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 29 Jun 2024 22:47:52 GMT

GET
H3 200 container.html Show response
29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 892F 6 KB
3 KB 38ms
37ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.creditosul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 22:05:33 GMT
expires: Tue, 02 Jul 2024 22:05:33 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E10B 1 KB
650 B 38ms
38ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 18778
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 16:52:36 GMT
etag: 48472445140208031
expires: Tue, 04 Jul 2023 16:52:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 892F 0
0 81ms
81ms Fetch
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Clx1fLkajZJziA-iI1PIPgr6j4A2Q4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi00ODk0MjA5ODcwODU3OTA1yAEJqQKO_Xp4wk2yPuACAKgDAcgDAqoEwgJP0IJ0fddpS7zFZaIza_OQdEnPYBf5MW932R6vztTaqQnClvirOfbtKI5L1Q14pjV3fdR7xl146tNYyFojgC5jC0MxXVGeoZLv3CmmA5P0_tiumMZJz8kl3PFA8M6XRcMTNWJwa7Cq6xdrOmaNlaHCCpzqJxjo_YsP59MTJJvhLUF5g_Se29ZqsXfe54jUc84S6eQifkxhfdQjwSxWORhBOaykfFVkfrWIZYHjU838bsuoee1RqOlpfpBljwBR_XZcLfFLUHX6wg3oF_TqnHpu5FmYIMrY2ZA82TlStla0POfASGtvMBF_UTrqemxlwoPeCjS5kfSdXmen4DMwLHRBp3oqwvhdeFFujpqB5xzN9VADOT22JeRzC5tkoRWraf6BBoYkGHk0zKab1RHzMzYJYxedwXHSwT6bZe9egi-S4IFQ4AQBgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTQ4OTQyMDk4NzA4NTc5MDUY09p-&sigh=Y5CuRloJMfI&uach_m=[UACH]&cid=CAQSOwBygQiDSb_sa6YxJsqZDs8kGXumxRcPgWOiEo3_1WcRoJml4D18yRiD-IPTxaKiYPI6hJqFk-RNh_loGAE
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 892F 0
0 158ms
45ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1gtz3gn02jsmmndr0gg8t1q81sjwbs384d8t0hgc09zeegb7jh83rmr0wsdhzwtp59meg0zy4hg2td8td2ezwck8nyskt3nhd15d849nc3vvd0ekm8xqs7b3r3err098svm94yywecmbbdbe4bnyzqph5yj5mgzbp2nqhmzvvdgv1x4fmf52k6gqed1ehrrtq21qrkx3vkzjp0hq1awn1x249mmatxfzp2154mm4p5xrd9bp07mvxcrj0qw7ggddm4tfmnx5k3tqe0xkh7z8bh9c5sjn8gvccnhrdt9hfj0fwnyd0jfd61fexxyzjhhp69hjvncs5p6nztjfc8snehtqz431kyg4ar90j18qmhkrn58495v940xqccn9abkq2cgcbrhbbw&b=ZKNGLgAA8RwIVQRoAAjfAkjZHr2SQqUNHb01sw
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 03 Jul 2023 22:05:34 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame C53F 2 KB
3 KB 168ms
58ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1k21p8vjc5hny9nnrdrkn7jf6f16nahv5cbsmtfadk731e0te2avwt37vx2m5p0hx44ef1v62vr6zqp8sh22jrwh093z5stmbwt30gja8brzpr8srctkk8dfzp70q1n5h5f8jjpdhqs5w7cxehkrw6cr0gythk4br7zhc42pdwdtg92j0hva38d6fw6pxw8969pv1hscvrneg7rdzavpc2r4vtag3710dkfmdemy9qtm52gze3jq02wt3s8w69pa15668mwh2tp68sdd3pkapece8y7m754r0epqy0pxd2cgrh0shknygaadv0pmcxeb3fd8m3ncakg4ephs1y2a0znvw6gzck4c6d7v63h5s08fde0t04myy435egxf0d8sejh6d13jwfe0e387r1a5e3cfz9fgz32fjvnr3ykps2cedp8x&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCPDOiLkajZJziA-iI1PIPgr6j4A2Q4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi00ODk0MjA5ODcwODU3OTA1yAEJqQKO_Xp4wk2yPuACAKgDAcgDAqoExQJP0IJ0fddpS7zFZaIza_OQdEnPYBf5MW932R6vztTaqQnClvirOfbtKI5L1Q14pjV3fdR7xl146tNYyFojgC5jC0MxXVGeoZLv3CmmA5P0_tiumMZJz8kl3PFA8M6XRcMTNWJwa7Cq6xdrOmaNlaHCCpzqJxjo_YsP59MTJJvhLUF5g_Se29ZqsXfe54jUc84S6eQifkxhfdQjwSxWORhBOaykfFVkfrWIZYHjU838bsuoee1RqOlpfpBljwBR_XZcLfFLUHX6wg3oF_TqnHpu5FmYIMrY2ZA82TlStla0POfASGtvMBF_UTrqemxlwoPeCjS5kfSdXmen4DMwLHRBp3oqwvhdeFFujpqB5xzN9VADOT22JeRzC5tkoVepSGxW_wFk0P58WnzSR-PKJzykaTmFHPEQiKxj8fFymvpOf8GY9Sic4AQBgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2qt0_CC91gmiRUosfCEx91fB6KFA%26client%3Dca-pub-4894209870857905%26adurl%3D

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6702d5d480aae283c2377355d0f42a72822925ad9b4752143fab655f04f3d404

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7e126e42884c1c44-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 22:05:34 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 892F 3 KB
1 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 18:11:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14046
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 18:11:28 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D222 1 KB
650 B 39ms
38ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 18778
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 16:52:36 GMT
etag: 48472445140208031
expires: Tue, 04 Jul 2023 16:52:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 892F 20 KB
8 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15307
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 17:50:27 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 892F 0
0 46ms
46ms Image
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS39Gr5_R1DRfyYrzAImD2lWQRpInjXTbWr3h2RvGjnmX_dmwSZ0Mmy8r-knCmb9XVc2Z2ERq98VSwki2Qy8X1xxxWTXw
Requested by: Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 892F 24 KB
6 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 468163
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 27 Jun 2024 12:02:51 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 892F 179 KB
56 KB 105ms
104ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 03 Jul 2023 22:05:34 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E10B
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEKgzk682F-erxW2Lz1wtXU0&google_cver=1&google_push=AaAOQGGCuVJTh2PO-VTaqL1VVMG_lyi2tFH24DztkliLDnH9TfX99q7a96MpRGH4hxxy0VBtx6uVQckN9lKWBBsHPZESuZIdwlSR
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=854771F2AB5E4946B0222C8BF4CB5BC9&google_push=AaAOQGGCuVJTh2PO-VTaqL1VVMG_lyi2tFH24DztkliLDnH9TfX99q7a96MpRGH4hxxy0VBtx6uVQckN9lKWBBs...

170 B
188 B

49ms
49ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=854771F2AB5E4946B0222C8BF4CB5BC9&google_push=AaAOQGGCuVJTh2PO-VTaqL1VVMG_lyi2tFH24DztkliLDnH9TfX99q7a96MpRGH4hxxy0VBtx6uVQckN9lKWBBsHPZESuZIdwlSR

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 03 Jul 2023 22:05:34 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=854771F2AB5E4946B0222C8BF4CB5BC9&google_push=AaAOQGGCuVJTh2PO-VTaqL1VVMG_lyi2tFH24DztkliLDnH9TfX99q7a96MpRGH4hxxy0VBtx6uVQckN9lKWBBsHPZESuZIdwlSR
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Sun, 02 Jul 2023 22:05:34 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame E10B 70 B
264 B 58ms
56ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEE-Vtm7KijlVpeLzCkiEMtE&google_cver=1&google_push=AaAOQGFRv7nL1kRJzspIz1q4DkpDnCUXtO5zFad99U4b5eRvxwOmJ59hsu2rq0l48sYrSig30UIPdjyea3ZbplUaoKPjuaLoeHlGog
Requested by: Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E10B
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEEQcv8o36jfJkApbCWVS_lA&google_cver=1&google_push=AaAOQGFvW81NIBTm6BZhm0T7VJm0QPE7Ltsnl_VuzCkNJHcK3ZM9TQTpTuz8lbOCUXlc4CnBXIIDnNd_wFRgCyySJSwFgr9...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEEQcv8o36jfJkApbCWVS_lA&google_cver=1&google_push=AaAOQGFvW81NIBTm6BZhm0T7VJm0QPE7Ltsnl_VuzCkNJHcK3ZM9TQTpTuz8lbOCUXlc4CnBXIIDnNd_wFRgCyySJSwFg...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGFvW81NIBTm6BZhm0T7VJm0QPE7Ltsnl_VuzCkNJHcK3ZM9TQTpTuz8lbOCUXlc4CnBXIIDnNd_wFRgCyySJSwFgr9jRsfk

170 B
188 B

50ms
49ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGFvW81NIBTm6BZhm0T7VJm0QPE7Ltsnl_VuzCkNJHcK3ZM9TQTpTuz8lbOCUXlc4CnBXIIDnNd_wFRgCyySJSwFgr9jRsfk

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGFvW81NIBTm6BZhm0T7VJm0QPE7Ltsnl_VuzCkNJHcK3ZM9TQTpTuz8lbOCUXlc4CnBXIIDnNd_wFRgCyySJSwFgr9jRsfk
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame E10B
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&...
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-ofXRIDxzG6HeWqgtYijagU3YzpS83e2SDZcjug&google_push=PUSH_DATA
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_error=5

43 B
368 B

39ms
39ms

Image
image/gif

178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_error=5

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 82885
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 274
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E10B
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEBo9x7IHfbRPPL1vBoSxI1k&google_cver=1&google_push=AaAOQGHIaPCLFtn6Cvhyfoi5BSu1jcYJ59mquE0eG38UOzlhTx4T9_zxDY2C_yjrtITSWbYPcO-T1gABirr0sh5I...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AaAOQGHIaPCLFtn6Cvhyfoi5BSu1jcYJ59mquE0eG38UOzlhTx4T9_zxDY2C_yjrtITSWbYPcO-T1gABirr0sh5IbbNdQleefqsVtA

170 B
188 B

52ms
52ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AaAOQGHIaPCLFtn6Cvhyfoi5BSu1jcYJ59mquE0eG38UOzlhTx4T9_zxDY2C_yjrtITSWbYPcO-T1gABirr0sh5IbbNdQleefqsVtA

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 03 Jul 2023 22:05:34 GMT
via: 1.1 8e04f5d6c745b231c10fce7c2aa9c70e.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA6-C1
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AaAOQGHIaPCLFtn6Cvhyfoi5BSu1jcYJ59mquE0eG38UOzlhTx4T9_zxDY2C_yjrtITSWbYPcO-T1gABirr0sh5IbbNdQleefqsVtA
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: YIfsZhO8cz1SMidszkR0LCL86PsBRwKi9CR83rih8oR5xc7_nXHfow==

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58281/ Frame E10B 0
38 B 36ms
34ms Image
text/plain 3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEJ9jrmLgkS0qjCg0dOWfg04&google_cver=1&google_push=AaAOQGEwi-wf_VmfsbtRwN7IVlR3a8uYhfeO96nzS_2otEGdbAm7F2p6JfFPe1st8KAMOMHoB-PEPxr7cJ7bIHBMTFNF9t8ZrAxXLw

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:34 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

report
sync.teads.tv/um/ Frame E10B
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEKYC66_-2v08...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AaAOQGEt027FyNZhibR37Fru7DESjwN36DsHdtWQGxRGBVsWnHvL3FYZAji6HvBm0aUcpN9BZeY1129OYeSgtqm1KEs3RVeowPI32Xo
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

54ms
54ms

Image
image/gif

104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Mon, 03 Jul 2023 22:05:34 GMT
pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E10B 0
12 B 50ms
48ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L5eh6YCilx9It6C8ndwAJGCJnFMS4lMP0JiQiYwYinKj2ysGARo1sfFJFUoyTFEioG9HBBptY

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:34 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5934 0
28 B 69ms
69ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=ChQIByoQd2ViX2ludGVyc3RpdGlhbAoHCAgqA2x0cgoMCAEqCFRvd2VyQWxsCgoIAioGc2VydmVyCi4aIWRpc3BsYXlfbGVhZF9mb3JtX3F1ZXN0aW9uX251bWJlciEAAAAAAADwPzABCg0QKyEAAAAAAAAyQDABEhpDUFdNd3V6RjhfOENGVUFDVlFnZF96c1A2QSIVbGVhZGdlbi9uZXdfc25vbV90ZXh0KCw=

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/0a344a526ec8d4f9a35ac9588626e14d.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js Show response
pagead2.googlesyndication.com/bg/ Frame D5B9 37 KB
14 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 13:22:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31369
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14631
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 02 Jul 2024 13:22:45 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame D222
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEDURibkYRxjAJ_noBBikj7c&google_cver=1&google_push=AaAOQGFa8CTVpfgXTSJ_JbcLxlNr-xGceb5ffRYAZNihupTVT-oD-6rm5HV-U936WUHYq1u0c2WlchQ4LNMXy5ZvKiTogs3SjA&re...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDURibkYRxjAJ_noBBikj7c&google_cver=1&google_push=AaAOQGFa8CTVpfgXTSJ_JbcLxlNr-xGceb5ffRYAZNihupTVT-oD-6rm5HV-U936WUHYq1u0c2WlchQ4LNMXy5ZvKiTogs3SjA&...

43 B
406 B

197ms
184ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDURibkYRxjAJ_noBBikj7c&google_cver=1&google_push=AaAOQGFa8CTVpfgXTSJ_JbcLxlNr-xGceb5ffRYAZNihupTVT-oD-6rm5HV-U936WUHYq1u0c2WlchQ4LNMXy5ZvKiTogs3SjA&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGFa8CTVpfgXTSJ_JbcLxlNr-xGceb5ffRYAZNihupTVT-oD-6rm5HV-U936WUHYq1u0c2WlchQ4LNMXy5ZvKiTogs3SjA%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7e126e442ed437fb-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 70
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDURibkYRxjAJ_noBBikj7c&google_cver=1&google_push=AaAOQGFa8CTVpfgXTSJ_JbcLxlNr-xGceb5ffRYAZNihupTVT-oD-6rm5HV-U936WUHYq1u0c2WlchQ4LNMXy5ZvKiTogs3SjA&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGFa8CTVpfgXTSJ_JbcLxlNr-xGceb5ffRYAZNihupTVT-oD-6rm5HV-U936WUHYq1u0c2WlchQ4LNMXy5ZvKiTogs3SjA%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7e126e42cd9937fb-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame D222 0
172 B 161ms
44ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEG9wenaTIuGSEpsWhvKwUj4&google_cver=1&google_push=AaAOQGFjWyz46hyAMsvPan6k6KmGYm-ly-OsXJO3xBWeA9ZtejabjwQLNUHfNTR8F0u8DO7W5FEr8A992ZaaqJOribWAsF23iw
Requested by: Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:34 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D222
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHZ9KLdfD8QfhOiqq8MNmSc&google_cver=1&google_push=AaAOQGExGs_SEpDu54Lwr6OHj6Fy7YzH-F9S3zpYZH1EMXpPoEKvcfJHJtb4ksNe1-qMAuMHvpzR3MDWesy9eh2vBu37fMK...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGExGs_SEpDu54Lwr6OHj6Fy7YzH-F9S3zpYZH1EMXpPoEKvcfJHJtb4ksNe1-qMAuMHvpzR3MDWesy9eh2vBu37fMKEj-s&google_hm=eS1xTlVtMnpkRTJwRy5iRjF...

170 B
188 B

48ms
48ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGExGs_SEpDu54Lwr6OHj6Fy7YzH-F9S3zpYZH1EMXpPoEKvcfJHJtb4ksNe1-qMAuMHvpzR3MDWesy9eh2vBu37fMKEj-s&google_hm=eS1xTlVtMnpkRTJwRy5iRjFfaWtQbXZFbHBRajFERlBfeX5B

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 03 Jul 2023 22:05:34 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGExGs_SEpDu54Lwr6OHj6Fy7YzH-F9S3zpYZH1EMXpPoEKvcfJHJtb4ksNe1-qMAuMHvpzR3MDWesy9eh2vBu37fMKEj-s&google_hm=eS1xTlVtMnpkRTJwRy5iRjFfaWtQbXZFbHBRajFERlBfeX5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D222
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDhBP-XekJ_E51NVjN94FoI&google_cver=1&google_push=AaAOQGGoYu62DhjfC6E_XWpjMvf8-PepeYk8W0-QpoPb4Wz8PKjeC7eR-oolWg2rVgGZo79LD0rBIqZn...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEDhBP-XekJ_E51NVjN94FoI&google_cver=1&google_push=AaAOQGGoYu62DhjfC6E_XWpjMvf8-PepeYk8W0-QpoPb4Wz8PKjeC7eR-oolWg2rVgGZo79LD0r...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzQ0NzA2MzM0OTE2MDk1NjYyNQ&google_push=AaAOQGGoYu62DhjfC6E_XWpjMvf8-PepeYk8W0-QpoPb4Wz8PKjeC7eR-oolWg2rVgGZo79LD0rBIq...

170 B
188 B

55ms
55ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzQ0NzA2MzM0OTE2MDk1NjYyNQ&google_push=AaAOQGGoYu62DhjfC6E_XWpjMvf8-PepeYk8W0-QpoPb4Wz8PKjeC7eR-oolWg2rVgGZo79LD0rBIqZndEZHgRpjMb7nDu-EPs4

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzQ0NzA2MzM0OTE2MDk1NjYyNQ&google_push=AaAOQGGoYu62DhjfC6E_XWpjMvf8-PepeYk8W0-QpoPb4Wz8PKjeC7eR-oolWg2rVgGZo79LD0rBIqZndEZHgRpjMb7nDu-EPs4
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D222
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDhBP-XekJ_E51NVjN94FoI&google_cver=1&google_push=AaAOQGFsxpi915bZtiNTe-gYn7pH6SR3qJpTXXYO4fas7muTwNa2hTabuqT9L0oZ-pcKvxAxc6UfMTIm...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEDhBP-XekJ_E51NVjN94FoI&google_cver=1&google_push=AaAOQGFsxpi915bZtiNTe-gYn7pH6SR3qJpTXXYO4fas7muTwNa2hTabuqT9L0oZ-pcKvxAxc6U...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDMxMDA2NjkxNjkxMTc0ODE2MQ&google_push=AaAOQGFsxpi915bZtiNTe-gYn7pH6SR3qJpTXXYO4fas7muTwNa2hTabuqT9L0oZ-pcKvxAxc6UfMT...

170 B
188 B

56ms
55ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDMxMDA2NjkxNjkxMTc0ODE2MQ&google_push=AaAOQGFsxpi915bZtiNTe-gYn7pH6SR3qJpTXXYO4fas7muTwNa2hTabuqT9L0oZ-pcKvxAxc6UfMTIm2OQDbkGCC_HHdiO5mrg

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDMxMDA2NjkxNjkxMTc0ODE2MQ&google_push=AaAOQGFsxpi915bZtiNTe-gYn7pH6SR3qJpTXXYO4fas7muTwNa2hTabuqT9L0oZ-pcKvxAxc6UfMTIm2OQDbkGCC_HHdiO5mrg
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D222
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=OZZl3TvvTgmcFvwdv8E1Jg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

59ms
59ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=OZZl3TvvTgmcFvwdv8E1Jg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGEJIk3f33GuImvPX0WolGRxyjPabxmulhu2sOL5HBin1sHm_A9VPLmSNaDquIgqs2DNeKHLCrgopKxJnDSqxQ9irT5toM8

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=OZZl3TvvTgmcFvwdv8E1Jg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGEJIk3f33GuImvPX0WolGRxyjPabxmulhu2sOL5HBin1sHm_A9VPLmSNaDquIgqs2DNeKHLCrgopKxJnDSqxQ9irT5toM8
date: Mon, 03 Jul 2023 22:05:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D222
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEM6-DdwbaqZcawBwBEFTXl0&google_cver=1&google_push=AaAOQGGm04DoZtkNJWuggptW74EYceMoVXOLQVzGdFRIN99R2mxcKUbcGPLeiN3NT0JGjpMhQe4GyPmXt5sf...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGGm04DoZtkNJWuggptW74EYceMoVXOLQVzGdFRIN99R2mxcKUbcGPLeiN3NT0JGjpMhQe4GyPmXt5sf-ac_LE2XyjVbJcA

170 B
188 B

56ms
55ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGGm04DoZtkNJWuggptW74EYceMoVXOLQVzGdFRIN99R2mxcKUbcGPLeiN3NT0JGjpMhQe4GyPmXt5sf-ac_LE2XyjVbJcA

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGGm04DoZtkNJWuggptW74EYceMoVXOLQVzGdFRIN99R2mxcKUbcGPLeiN3NT0JGjpMhQe4GyPmXt5sf-ac_LE2XyjVbJcA
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame D222 0
12 B 47ms
46ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JhejJbPNxPYAwGtPXHYez2ICFqT-D1_3RhoJWxLI-Y_wzrjoWg_goYMpcPRzV9hjb2qyGG

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:34 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 886845122549418 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 174ms
174ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/886845122549418?v=2.9.111&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9b99c7c09885b47e4b8a468e181a901ccf21506733c228d34b8165a207c272cd

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: RQIKTsUyL8ScMC7dGVHrRbAgNwIZov9Yup3ZqWRmreAYE9pwWdXFQvRxAmBsQf3ijkBM/tktH2NEXcpX31JWgg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 default.css
as.ad4m.at/ad/style/0.1.48/one-ad/ Frame C53F 114 KB
14 KB 48ms
47ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1k21p8vjc5hny9nnrdrkn7jf6f16nahv5cbsmtfadk731e0te2avwt37vx2m5p0hx44ef1v62vr6zqp8sh22jrwh093z5stmbwt30gja8brzpr8srctkk8dfzp70q1n5h5f8jjpdhqs5w7cxehkrw6cr0gythk4br7zhc42pdwdtg92j0hva38d6fw6pxw8969pv1hscvrneg7rdzavpc2r4vtag3710dkfmdemy9qtm52gze3jq02wt3s8w69pa15668mwh2tp68sdd3pkapece8y7m754r0epqy0pxd2cgrh0shknygaadv0pmcxeb3fd8m3ncakg4ephs1y2a0znvw6gzck4c6d7v63h5s08fde0t04myy435egxf0d8sejh6d13jwfe0e387r1a5e3cfz9fgz32fjvnr3ykps2cedp8x&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCPDOiLkajZJziA-iI1PIPgr6j4A2Q4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi00ODk0MjA5ODcwODU3OTA1yAEJqQKO_Xp4wk2yPuACAKgDAcgDAqoExQJP0IJ0fddpS7zFZaIza_OQdEnPYBf5MW932R6vztTaqQnClvirOfbtKI5L1Q14pjV3fdR7xl146tNYyFojgC5jC0MxXVGeoZLv3CmmA5P0_tiumMZJz8kl3PFA8M6XRcMTNWJwa7Cq6xdrOmaNlaHCCpzqJxjo_YsP59MTJJvhLUF5g_Se29ZqsXfe54jUc84S6eQifkxhfdQjwSxWORhBOaykfFVkfrWIZYHjU838bsuoee1RqOlpfpBljwBR_XZcLfFLUHX6wg3oF_TqnHpu5FmYIMrY2ZA82TlStla0POfASGtvMBF_UTrqemxlwoPeCjS5kfSdXmen4DMwLHRBp3oqwvhdeFFujpqB5xzN9VADOT22JeRzC5tkoVepSGxW_wFk0P58WnzSR-PKJzykaTmFHPEQiKxj8fFymvpOf8GY9Sic4AQBgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2qt0_CC91gmiRUosfCEx91fB6KFA%26client%3Dca-pub-4894209870857905%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1k21p8vjc5hny9nnrdrkn7jf6f16nahv5cbsmtfadk731e0te2avwt37vx2m5p0hx44ef1v62vr6zqp8sh22jrwh093z5stmbwt30gja8brzpr8srctkk8dfzp70q1n5h5f8jjpdhqs5w7cxehkrw6cr0gythk4br7zhc42pdwdtg92j0hva38d6fw6pxw8969pv1hscvrneg7rdzavpc2r4vtag3710dkfmdemy9qtm52gze3jq02wt3s8w69pa15668mwh2tp68sdd3pkapece8y7m754r0epqy0pxd2cgrh0shknygaadv0pmcxeb3fd8m3ncakg4ephs1y2a0znvw6gzck4c6d7v63h5s08fde0t04myy435egxf0d8sejh6d13jwfe0e387r1a5e3cfz9fgz32fjvnr3ykps2cedp8x&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCPDOiLkajZJziA-iI1PIPgr6j4A2Q4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi00ODk0MjA5ODcwODU3OTA1yAEJqQKO_Xp4wk2yPuACAKgDAcgDAqoExQJP0IJ0fddpS7zFZaIza_OQdEnPYBf5MW932R6vztTaqQnClvirOfbtKI5L1Q14pjV3fdR7xl146tNYyFojgC5jC0MxXVGeoZLv3CmmA5P0_tiumMZJz8kl3PFA8M6XRcMTNWJwa7Cq6xdrOmaNlaHCCpzqJxjo_YsP59MTJJvhLUF5g_Se29ZqsXfe54jUc84S6eQifkxhfdQjwSxWORhBOaykfFVkfrWIZYHjU838bsuoee1RqOlpfpBljwBR_XZcLfFLUHX6wg3oF_TqnHpu5FmYIMrY2ZA82TlStla0POfASGtvMBF_UTrqemxlwoPeCjS5kfSdXmen4DMwLHRBp3oqwvhdeFFujpqB5xzN9VADOT22JeRzC5tkoVepSGxW_wFk0P58WnzSR-PKJzykaTmFHPEQiKxj8fFymvpOf8GY9Sic4AQBgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2qt0_CC91gmiRUosfCEx91fB6KFA%26client%3Dca-pub-4894209870857905%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:34 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1687950287
age: 471148
cf-polished: origSize=117335
x-guploader-uploadid: ADPycdu7Pb84Y6vCPqpUShyJrQGb98f4yuF1LiyC2B7DeEN9kG_1SbpI2iXm6tsp7d5fI22nNzf0l66mXGhEIUVspATbXw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 28 Jun 2023 11:05:15 GMT
server: cloudflare
etag: W/"5d49535c2a84a9762127b3d9e77d7e02"
vary: Accept-Encoding
x-goog-generation: 1687950315098833
content-type: text/css
x-goog-hash: crc32c=aWAnwg==, md5=XUlTXCqEqXYhJ7PZ531+Ag==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EKSPCcfxWiP7P4DSE9gvKhTL85RjJN7gMpZfZUafxNS9FFSmg8M8jMy71YX11kzrAtf%2FxjQUeayQqzCf6bH4eIFyDnV8B%2FgnGBkLK5dHNJJsfj0wYHOcI74X6SjcCi4iCYgjUB%2BgNd0%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 117335
cf-ray: 7e126e4318fc1c44-FRA
expires: Mon, 03 Jul 2023 23:05:34 GMT

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame C53F 25 KB
10 KB 96ms
56ms Script
application/javascript 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1k21p8vjc5hny9nnrdrkn7jf6f16nahv5cbsmtfadk731e0te2avwt37vx2m5p0hx44ef1v62vr6zqp8sh22jrwh093z5stmbwt30gja8brzpr8srctkk8dfzp70q1n5h5f8jjpdhqs5w7cxehkrw6cr0gythk4br7zhc42pdwdtg92j0hva38d6fw6pxw8969pv1hscvrneg7rdzavpc2r4vtag3710dkfmdemy9qtm52gze3jq02wt3s8w69pa15668mwh2tp68sdd3pkapece8y7m754r0epqy0pxd2cgrh0shknygaadv0pmcxeb3fd8m3ncakg4ephs1y2a0znvw6gzck4c6d7v63h5s08fde0t04myy435egxf0d8sejh6d13jwfe0e387r1a5e3cfz9fgz32fjvnr3ykps2cedp8x&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCPDOiLkajZJziA-iI1PIPgr6j4A2Q4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi00ODk0MjA5ODcwODU3OTA1yAEJqQKO_Xp4wk2yPuACAKgDAcgDAqoExQJP0IJ0fddpS7zFZaIza_OQdEnPYBf5MW932R6vztTaqQnClvirOfbtKI5L1Q14pjV3fdR7xl146tNYyFojgC5jC0MxXVGeoZLv3CmmA5P0_tiumMZJz8kl3PFA8M6XRcMTNWJwa7Cq6xdrOmaNlaHCCpzqJxjo_YsP59MTJJvhLUF5g_Se29ZqsXfe54jUc84S6eQifkxhfdQjwSxWORhBOaykfFVkfrWIZYHjU838bsuoee1RqOlpfpBljwBR_XZcLfFLUHX6wg3oF_TqnHpu5FmYIMrY2ZA82TlStla0POfASGtvMBF_UTrqemxlwoPeCjS5kfSdXmen4DMwLHRBp3oqwvhdeFFujpqB5xzN9VADOT22JeRzC5tkoVepSGxW_wFk0P58WnzSR-PKJzykaTmFHPEQiKxj8fFymvpOf8GY9Sic4AQBgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2qt0_CC91gmiRUosfCEx91fB6KFA%26client%3Dca-pub-4894209870857905%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Mar 2023 13:45:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 356369
etag: W/"fcb2a26b07bd76d9a925cae661d6d94d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6pRzeFgD2jm4sTY9UamXq9PtdUDGgsuizkfdsn%2F1XvI7ztmkO%2FuHyJW1WBt%2BE9cnYukYxKKxobERq7MdbhM2KhebWYghAFxrNwNZSFOHksdAxgORNppymQkgzV%2FGqwcyLQ1bAuY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 7e126e4359301c44-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 27 Jun 2023 13:46:21 GMT

GET
H3 200 container.html Show response
29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6DE6 6 KB
3 KB 39ms
39ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.creditosul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 22:05:33 GMT
expires: Tue, 02 Jul 2024 22:05:33 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 851723189461274 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 168ms
168ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/851723189461274?v=2.9.111&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

905818c5ad86a8e5eda295d9f8479b3939d5bb71ef1fc5ecb6ba5bfa401fa9fe

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: cs9CNI/0C7Asy9Rzkf1tSIISDt/7R9/n+uq7R5kRzv86OK0r9OArM7jkIKLS1DMCu25TlVSYMXhVXKrgbJ3EFA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 6DE6 14 KB
1 KB 48ms
48ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 03 Jul 2023 22:05:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 03 Jul 2023 20:21:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 03 Jul 2023 22:05:34 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 6DE6 2 KB
892 B 38ms
38ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 18:04:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14467
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 18:04:27 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 6DE6 0
0 83ms
82ms Fetch
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CgXIdLkajZP7yD4TtgAe_n4yIDNfK-IZuxZX2weMQ6Kq2lYsDEAEgpJ2XjwFglYqegrAHoAH2kN2NKcgBCakCC94UsJJQsj7gAgCoAwHIA8sEqgS2Ak_QqtgpOLimriaMY38YT9l4HW-rCDsXY6IgvnAUQZ3mnxbcSdyAAt-y1UQCpxlldyCC_NlfrAEprY7MO-CGWB23hRjcXg1Qx1kp9EQS2u1PbSpih7OjzfpG0UQfVRuwI43MEIjOAmRGApigJ1yHy4LNq-ymELa6WQf4xLH_MonuZom18gH_Jz_YeQPucJ0r4eRLGsP5sJ7Nx21YZlnw95YlQMh5fhtsAyyfYUFKi8SGBbgaIowO4ErhuSGE6u8-K5upeiM4kdPXkqZi51Mt_u20Uf3dZGG9asnWPv7wB0hVSyyz_GyID5Bw3xGhyzMmLo1C_a-_Fl-jiZkAwQF3XUZESqDcDHv_2yvaXbpYZdkVx4PE4Fz4ip2YKDGwf8JhSJfsEnIaRP0IpdL3Pkg3vT-7alQIjijABPHTloOmBOAEAZIFBAgEGAGSBQQIBRgEoAYugAf2yK3tA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEKziLNIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgPICwG4E4gE2BMK0BUBgBcBshceChwIABIUcHViLTg1MTk1NjY0MDE4NTEyMzYY09p-&sigh=mLMTqlEiCFA&uach_m=[UACH]&cid=CAQSPABygQiDxxtxX-uJZp6nhy4pIQlNd6PjwbDIvAX_zm-oKytiK0iAzy9SCAUhLpUoW08qcxysJYVRcfZvEhgB&template_id=520
Requested by: Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 6DE6 23 KB
9 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite_fy2021.js

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 18:04:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14471
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9104
x-xss-protection: 0
server: cafe
etag: 12939045362079141464
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 18:04:23 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 6DE6 3 KB
1 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 18:11:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14046
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 18:11:28 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 7723 1 KB
650 B 40ms
39ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 18778
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 16:52:36 GMT
etag: 48472445140208031
expires: Tue, 04 Jul 2023 16:52:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 6DE6 20 KB
8 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15307
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 17 Jul 2023 17:50:27 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 6DE6 0
0 47ms
46ms Image
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSbLrKARVFsTsAffWGko6riMNjNEolIMH5ohgbBRFoV6myAChu3rTEKrQamFUrH5eF-vIp6HusY5glfyFZWE71opnJPwA
Requested by: Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6DE6 179 KB
56 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 03 Jul 2023 22:05:34 GMT

GET
H3 200 77005c67fa3fd636ca667830ce382e45.js Show response
www.gstatic.com/mysidia/ Frame 6DE6 33 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/77005c67fa3fd636ca667830ce382e45.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

162c5ebe4d8983b62bbb17bdcbec49361953db02abb8ef83a527c25544b4de9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:33:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16312
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14190
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 18:45:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 01 Oct 2023 17:33:42 GMT

GET
H2 200 data=5lY2inhuEGt-JJ6kb5tlp5Y_004wwulYbr8byV5IuzRQ0TKQy-z3nTgdHWgwbKwAolpkIESjGYd9pxKRo5Mrg4o
mts0.google.com/vt/ Frame 6DE6 21 KB
22 KB 237ms
80ms Image
image/png 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mts0.google.com/vt/data=5lY2inhuEGt-JJ6kb5tlp5Y_004wwulYbr8byV5IuzRQ0TKQy-z3nTgdHWgwbKwAolpkIESjGYd9pxKRo5Mrg4o

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

cca99c19e8612ba2d315918aefb5ac219cd808b49dd3e5f0efc5e6db81b2dd14

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'; base-uri 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'; base-uri 'none'
date: Mon, 03 Jul 2023 22:05:34 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=45
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21711
x-xss-protection: 0
x-server-version-bin: CggIBBDv3fWkBg==
server: scaffolding on HTTPServer2
etag: 05a74e81278c78459
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=3600
expires: Mon, 03 Jul 2023 23:05:34 GMT

GET
DATA 200
OK truncated
/ Frame 6DE6 297 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 65f22d8aa0690bd9cf8ffe5d68e5f6866b05ed8fc6f6c9083b996c1b3c4c75f4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 6DE6 336 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: be3b15b1e68cf3e9278293d3b50491fe16c985e0ee5968852cac4fc062a7134e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 6DE6 462 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 01cbb105faef1373e9d53ddc5e62c9c7b5f66cbc64c2c045a3daec0328b831e6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 6DE6 465 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41b7f4ef86f2344e72da822fe79265700ff1bf3361450a02ab4397ff1a5eb040

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 frame.html Show response
ad4m.at/ Frame 5AE8 2 KB
1 KB 48ms
48ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2169659
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 7e126e43db171e14-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Mon, 03 Jul 2023 22:05:34 GMT
expires: Thu, 08 Jun 2023 00:41:56 GMT
last-modified: Thu, 25 Aug 2022 14:12:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6jwB4Z7hJdoHzvRArtdnrAEbkNsPSdIa06LuNp4vvFq5Fu4x7Ogig%2Bpq2WH55OZ%2Fg20wcA8aFfXzi3W1rQt%2FNeDHIJA2GYyfs4Lo%2FQVkZfSRxaYnMVSQg%2FV5DHObyHm%2BuOO2mow%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 7723
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEGNKOyB6gFG7CXt8NPYz5Kg&google_cver=1&google_push=AaAOQGF7SN6PtREuIgGgKguymUvVSgyzLXxTLtf73qQ_6b1Swgh6YKdlznrolV8X-fAofkTKo3txtPqEkAtTX3lcdHcoqWZpS4YaYA
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=OTEwNjY1Mjk4NTQzMjU1OTk2MQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEGNKOyB6gFG7CXt8NPYz5Kg&google_cver=1

43 B
398 B

37ms
37ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEGNKOyB6gFG7CXt8NPYz5Kg&google_cver=1
Requested by: Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEGNKOyB6gFG7CXt8NPYz5Kg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7723
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHrrCuM75T6Nauaij0iagOM&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHrrCuM75T6Nauaij0iagOM&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=d2hrUEVRTDExUWdyRlE1&google_gid=CAESEHrrCuM75T6Nauaij0iagOM&google_cver=1&google_push=AaAOQGHZhrNu9BYubj4CA4kA25MfPNxHeh10HayWgOguAH4...

170 B
188 B

46ms
45ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=d2hrUEVRTDExUWdyRlE1&google_gid=CAESEHrrCuM75T6Nauaij0iagOM&google_cver=1&google_push=AaAOQGHZhrNu9BYubj4CA4kA25MfPNxHeh10HayWgOguAH4vkDfa0B8pJL7VpnzQGpVRJFcVwrl-FhhiWGTX7FFgDtWPtHFX1DGA0Q

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 03 Jul 2023 22:05:34 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-782-g97d928b#rel-ec2-master i-0afa2568184f9f5d2@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=d2hrUEVRTDExUWdyRlE1&google_gid=CAESEHrrCuM75T6Nauaij0iagOM&google_cver=1&google_push=AaAOQGHZhrNu9BYubj4CA4kA25MfPNxHeh10HayWgOguAH4vkDfa0B8pJL7VpnzQGpVRJFcVwrl-FhhiWGTX7FFgDtWPtHFX1DGA0Q
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7723
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEIfI4qzfWtAUuMrjf1nsxfs&google_push=AaAOQGFyr9PU72Asxq2pOBm-8CQxbRY44jftPYBIhwppm5pWxDCaubURlN...

170 B
188 B

47ms
47ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEIfI4qzfWtAUuMrjf1nsxfs&google_push=AaAOQGFyr9PU72Asxq2pOBm-8CQxbRY44jftPYBIhwppm5pWxDCaubURlN8QTbgyuY7f4r4RJ7lKIbgFqmmBVqnyWd2YxnI0FJhKiw

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230096-FRA
pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1688421935.846479,VS0,VE96
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEIfI4qzfWtAUuMrjf1nsxfs&google_push=AaAOQGFyr9PU72Asxq2pOBm-8CQxbRY44jftPYBIhwppm5pWxDCaubURlN8QTbgyuY7f4r4RJ7lKIbgFqmmBVqnyWd2YxnI0FJhKiw
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7723
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEDsvORW1qM0R_zp_9bWt5-M&google_cver=1&google_push=AaAOQGGAeynGAGSct3ZZ5IP2qSQCSmOkbfQilat94p5w0e6vzk66bsFLLm4ImCkMOJfIBUXwrIx8fNb95caxvZ1ocna7Ln1tthYGfQ
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=854771F2AB5E4946B0222C8BF4CB5BC9&google_push=AaAOQGGAeynGAGSct3ZZ5IP2qSQCSmOkbfQilat94p5w0e6vzk66bsFLLm4ImCkMOJfIBUXwrIx8fNb95caxvZ1...

170 B
188 B

44ms
43ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=854771F2AB5E4946B0222C8BF4CB5BC9&google_push=AaAOQGGAeynGAGSct3ZZ5IP2qSQCSmOkbfQilat94p5w0e6vzk66bsFLLm4ImCkMOJfIBUXwrIx8fNb95caxvZ1ocna7Ln1tthYGfQ

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 03 Jul 2023 22:05:34 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=854771F2AB5E4946B0222C8BF4CB5BC9&google_push=AaAOQGGAeynGAGSct3ZZ5IP2qSQCSmOkbfQilat94p5w0e6vzk66bsFLLm4ImCkMOJfIBUXwrIx8fNb95caxvZ1ocna7Ln1tthYGfQ
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Sun, 02 Jul 2023 22:05:34 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7723
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEKMFXVtVW0TYb-tYnymftl8&google_cver=1&google_push=AaAOQGEod865to9GZO_8KvdP92FyC0VJheFY5xh06NqYhsNmLBy921Ro5wp341LHQDaWCxr89a0QHjitO6O...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGEod865to9GZO_8KvdP92FyC0VJheFY5xh06NqYhsNmLBy921Ro5wp341LHQDaWCxr89a0QHjitO6OBvpMwfYyaPNaL1PaF&google_hm=NEEDiDPlTDC1iLbSJwoez4w

170 B
188 B

46ms
46ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGEod865to9GZO_8KvdP92FyC0VJheFY5xh06NqYhsNmLBy921Ro5wp341LHQDaWCxr89a0QHjitO6OBvpMwfYyaPNaL1PaF&google_hm=NEEDiDPlTDC1iLbSJwoez4w

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:33 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGEod865to9GZO_8KvdP92FyC0VJheFY5xh06NqYhsNmLBy921Ro5wp341LHQDaWCxr89a0QHjitO6OBvpMwfYyaPNaL1PaF&google_hm=NEEDiDPlTDC1iLbSJwoez4w
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7723
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEC_AruiE_COjQpP2OxSyGN4&google_cver=1&google_push=AaAOQGGKltpJfPkHco95gGDl6mONdx1c4KGxfjWZrxSxc8MQa7Lptg42RUF3ERRIdgb9MhIJ4VYGmrqDCi5xww5iyvZQ...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEC_AruiE_COjQpP2OxSyGN4&google_cver=1&google_push=AaAOQGGKltpJfPkHco95gGDl6mONdx1c4KGxfjWZrxSxc8MQa7Lptg42RUF3ERRIdgb9MhIJ4VYGmrqDCi5xww...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGGKltpJfPkHco95gGDl6mONdx1c4KGxfjWZrxSxc8MQa7Lptg42RUF3ERRIdgb9MhIJ4VYGmrqDCi5xww5iyvZQHfRTXTMAjA&google_hm=TEbLifbVR4qEABmBnlvvDw==

170 B
188 B

51ms
49ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGGKltpJfPkHco95gGDl6mONdx1c4KGxfjWZrxSxc8MQa7Lptg42RUF3ERRIdgb9MhIJ4VYGmrqDCi5xww5iyvZQHfRTXTMAjA&google_hm=TEbLifbVR4qEABmBnlvvDw==

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGGKltpJfPkHco95gGDl6mONdx1c4KGxfjWZrxSxc8MQa7Lptg42RUF3ERRIdgb9MhIJ4VYGmrqDCi5xww5iyvZQHfRTXTMAjA&google_hm=TEbLifbVR4qEABmBnlvvDw==
date: Mon, 03 Jul 2023 22:05:34 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7723
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEL_lv_As-...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEL_...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=4c46cb89-f6d5-478a-8400-19819e5bef0f&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

50ms
48ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=4c46cb89-f6d5-478a-8400-19819e5bef0f&%%GOOGLE_PUSH_PAIR%%

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=4c46cb89-f6d5-478a-8400-19819e5bef0f&%%GOOGLE_PUSH_PAIR%%
date: Mon, 03 Jul 2023 22:05:34 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 7723 0
12 B 56ms
46ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JklMu6RVCbt4H2M0iDF2NcWnOQaapz6hwIfyLbqe4KCC7WhFsxjGFn28xtRKglUzxDqev_fg

Requested by

Host: 29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
URL: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:34 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 6DE6 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 99d1550a875d9a33c384a98fa89dd03ad861591dcddaee3b6005d01b6ebffd50

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 rs Show response
ad4m.at/ Frame C53F 1 KB
2 KB 55ms
54ms XHR
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f2caa6c96dfa2e8d0b8b8770ee3a4d4beb69475e8e7c367e30aff7d5884e712d

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 03 Jul 2023 22:05:34 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LKpFZz5dHOwKFU95pCNDOPB%2Buxijru7%2BwkBhc5wigpBWN%2FlbgEGuG1oLmGMjyEVRLKmVHXgAKXFm5zwet0tCdGfBUegHIyA1djv8dH0D0HkEPjPg5ksrsD9rKRfExtkP%2B%2BtlvwE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 7e126e44e8831e6e-FRA
x-backend-server: aa-reachservice-group-europe-west1-nsjd
alt-svc: h3=":443"; ma=86400

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 6DE6 33 KB
33 KB 36ms
34ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 02 Jul 2023 02:43:59 GMT
x-content-type-options: nosniff
age: 156095
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 01 Jul 2024 02:43:59 GMT

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 81ms
46ms Preflight
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7e126e4498311e6e-FRA
content-length: 24
content-type: text/plain
date: Mon, 03 Jul 2023 22:05:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eEcjt32SJ5NEVRlKAQkar7PehSi6%2F3tB2asvjoas9jfgm2pmhWuyY19qSXYVIN%2FcS9Z1xgufjwugADRo4zso45ch9VUgSnWpHzKSBuWJu3S0fGIgg28QXAIfYovLxR2CIhqxMa0%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-nsjd

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 135ms
31ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1537353300119728&ev=PageView&dl=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rl=&if=false&ts=1688421934805&sw=1600&sh=1200&v=2.9.111&r=stable&ec=0&o=30&fbp=fb.1.1688421934803.965820840&cs_est=true&it=1688421932523&coo=false&rqm=GET

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 135ms
32ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1897808950573752&ev=PageView&dl=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rl=&if=false&ts=1688421934806&sw=1600&sh=1200&v=2.9.111&r=stable&ec=0&o=30&fbp=fb.1.1688421934803.965820840&cs_est=true&it=1688421932523&coo=false&rqm=GET

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 135ms
32ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1417078182161683&ev=PageView&dl=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rl=&if=false&ts=1688421934808&sw=1600&sh=1200&v=2.9.111&r=stable&ec=0&o=30&fbp=fb.1.1688421934803.965820840&cs_est=true&it=1688421932523&coo=false&rqm=GET

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 135ms
32ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1213417872897242&ev=PageView&dl=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rl=&if=false&ts=1688421934808&sw=1600&sh=1200&v=2.9.111&r=stable&ec=0&o=30&fbp=fb.1.1688421934803.965820840&cs_est=true&it=1688421932523&coo=false&rqm=GET

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 135ms
33ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2740767399393350&ev=PageView&dl=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rl=&if=false&ts=1688421934809&sw=1600&sh=1200&v=2.9.111&r=stable&ec=0&o=30&fbp=fb.1.1688421934803.965820840&cs_est=true&it=1688421932523&coo=false&rqm=GET

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 135ms
33ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=9038410082867569&ev=PageView&dl=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rl=&if=false&ts=1688421934809&sw=1600&sh=1200&v=2.9.111&r=stable&ec=0&o=30&fbp=fb.1.1688421934803.965820840&cs_est=true&it=1688421932523&coo=false&rqm=GET

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 35ms
33ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=507317848148093&ev=PageView&dl=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rl=&if=false&ts=1688421934810&sw=1600&sh=1200&v=2.9.111&r=stable&ec=0&o=30&fbp=fb.1.1688421934803.965820840&cs_est=true&it=1688421932523&coo=false&rqm=GET

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 35ms
34ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=886845122549418&ev=PageView&dl=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rl=&if=false&ts=1688421934811&sw=1600&sh=1200&v=2.9.111&r=stable&ec=0&o=30&fbp=fb.1.1688421934803.965820840&cs_est=true&it=1688421932523&coo=false&rqm=GET

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 36ms
34ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=851723189461274&ev=PageView&dl=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rl=&if=false&ts=1688421934811&sw=1600&sh=1200&v=2.9.111&r=stable&ec=0&o=30&fbp=fb.1.1688421934803.965820840&cs_est=true&it=1688421932523&coo=false&rqm=GET

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 36ms
34ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1537353300119728&ev=ViewContent&dl=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rl=&if=false&ts=1688421934812&sw=1600&sh=1200&v=2.9.111&r=stable&ec=1&o=30&fbp=fb.1.1688421934803.965820840&it=1688421932523&coo=false&rqm=GET

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 36ms
35ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1897808950573752&ev=ViewContent&dl=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rl=&if=false&ts=1688421934813&sw=1600&sh=1200&v=2.9.111&r=stable&ec=1&o=30&fbp=fb.1.1688421934803.965820840&it=1688421932523&coo=false&rqm=GET

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 36ms
35ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1417078182161683&ev=ViewContent&dl=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rl=&if=false&ts=1688421934813&sw=1600&sh=1200&v=2.9.111&r=stable&ec=1&o=30&fbp=fb.1.1688421934803.965820840&it=1688421932523&coo=false&rqm=GET

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 37ms
35ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1213417872897242&ev=ViewContent&dl=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rl=&if=false&ts=1688421934814&sw=1600&sh=1200&v=2.9.111&r=stable&ec=1&o=30&fbp=fb.1.1688421934803.965820840&it=1688421932523&coo=false&rqm=GET

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 37ms
35ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2740767399393350&ev=ViewContent&dl=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rl=&if=false&ts=1688421934815&sw=1600&sh=1200&v=2.9.111&r=stable&ec=1&o=30&fbp=fb.1.1688421934803.965820840&it=1688421932523&coo=false&rqm=GET

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 37ms
36ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=9038410082867569&ev=ViewContent&dl=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rl=&if=false&ts=1688421934815&sw=1600&sh=1200&v=2.9.111&r=stable&ec=1&o=30&fbp=fb.1.1688421934803.965820840&it=1688421932523&coo=false&rqm=GET

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 37ms
36ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=507317848148093&ev=ViewContent&dl=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rl=&if=false&ts=1688421934816&sw=1600&sh=1200&v=2.9.111&r=stable&ec=1&o=30&fbp=fb.1.1688421934803.965820840&it=1688421932523&coo=false&rqm=GET

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 37ms
36ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=886845122549418&ev=ViewContent&dl=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rl=&if=false&ts=1688421934816&sw=1600&sh=1200&v=2.9.111&r=stable&ec=1&o=30&fbp=fb.1.1688421934803.965820840&it=1688421932523&coo=false&rqm=GET

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 38ms
37ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=851723189461274&ev=ViewContent&dl=https%3A%2F%2Fwww.creditosul.com%2Fe-restituicao-ir-pix%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_876&rl=&if=false&ts=1688421934818&sw=1600&sh=1200&v=2.9.111&r=stable&ec=1&o=30&fbp=fb.1.1688421934803.965820840&it=1688421932523&coo=false&rqm=GET

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 03 Jul 2023 22:05:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame B204 3 KB
3 KB 51ms
51ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=14019&b=JBeszf5fZj9TBH6H7tptp5BaxSgTbWguA8&f=GjeTBfpf4BPhKHeHGtBCp5waZSYTeA9tY1&c=320&d=50&e=&g=5f4bae683061cabe3060da37aeb84003%2F13386214465822056641&i=21596&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688421934847&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwtrq9b941bteb87f4r3m9wytqe7sp7nenkq0arc9xdnwna7f7ev1e7q6envvr16see3pxzt7s3f1j1853zwbksm41w0s132s34dc8s3648dwxrgedrkt3mw02swp17fcxq0ye7bb3k6mwkdbkbf0cxcbgj0gswgr2x93w1ymnh0vc7apxn9g7wkpsw7st93x91vyf04zbs9tpr80y4rev79tes3qtezpvkwgzpjs6cw3kjc8sscdyrm43zpq7nqdxrcnphqz2gsenea300%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCPDOiLkajZJziA-iI1PIPgr6j4A2Q4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi00ODk0MjA5ODcwODU3OTA1yAEJqQKO_Xp4wk2yPuACAKgDAcgDAqoExQJP0IJ0fddpS7zFZaIza_OQdEnPYBf5MW932R6vztTaqQnClvirOfbtKI5L1Q14pjV3fdR7xl146tNYyFojgC5jC0MxXVGeoZLv3CmmA5P0_tiumMZJz8kl3PFA8M6XRcMTNWJwa7Cq6xdrOmaNlaHCCpzqJxjo_YsP59MTJJvhLUF5g_Se29ZqsXfe54jUc84S6eQifkxhfdQjwSxWORhBOaykfFVkfrWIZYHjU838bsuoee1RqOlpfpBljwBR_XZcLfFLUHX6wg3oF_TqnHpu5FmYIMrY2ZA82TlStla0POfASGtvMBF_UTrqemxlwoPeCjS5kfSdXmen4DMwLHRBp3oqwvhdeFFujpqB5xzN9VADOT22JeRzC5tkoVepSGxW_wFk0P58WnzSR-PKJzykaTmFHPEQiKxj8fFymvpOf8GY9Sic4AQBgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2qt0_CC91gmiRUosfCEx91fB6KFA%2526client%253Dca-pub-4894209870857905%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1dcf6a4d79f645f5ee040fe39446dcda3a3bfd6f0afd6392eec14c973a349e3c

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1k21p8vjc5hny9nnrdrkn7jf6f16nahv5cbsmtfadk731e0te2avwt37vx2m5p0hx44ef1v62vr6zqp8sh22jrwh093z5stmbwt30gja8brzpr8srctkk8dfzp70q1n5h5f8jjpdhqs5w7cxehkrw6cr0gythk4br7zhc42pdwdtg92j0hva38d6fw6pxw8969pv1hscvrneg7rdzavpc2r4vtag3710dkfmdemy9qtm52gze3jq02wt3s8w69pa15668mwh2tp68sdd3pkapece8y7m754r0epqy0pxd2cgrh0shknygaadv0pmcxeb3fd8m3ncakg4ephs1y2a0znvw6gzck4c6d7v63h5s08fde0t04myy435egxf0d8sejh6d13jwfe0e387r1a5e3cfz9fgz32fjvnr3ykps2cedp8x&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCPDOiLkajZJziA-iI1PIPgr6j4A2Q4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi00ODk0MjA5ODcwODU3OTA1yAEJqQKO_Xp4wk2yPuACAKgDAcgDAqoExQJP0IJ0fddpS7zFZaIza_OQdEnPYBf5MW932R6vztTaqQnClvirOfbtKI5L1Q14pjV3fdR7xl146tNYyFojgC5jC0MxXVGeoZLv3CmmA5P0_tiumMZJz8kl3PFA8M6XRcMTNWJwa7Cq6xdrOmaNlaHCCpzqJxjo_YsP59MTJJvhLUF5g_Se29ZqsXfe54jUc84S6eQifkxhfdQjwSxWORhBOaykfFVkfrWIZYHjU838bsuoee1RqOlpfpBljwBR_XZcLfFLUHX6wg3oF_TqnHpu5FmYIMrY2ZA82TlStla0POfASGtvMBF_UTrqemxlwoPeCjS5kfSdXmen4DMwLHRBp3oqwvhdeFFujpqB5xzN9VADOT22JeRzC5tkoVepSGxW_wFk0P58WnzSR-PKJzykaTmFHPEQiKxj8fFymvpOf8GY9Sic4AQBgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2qt0_CC91gmiRUosfCEx91fB6KFA%26client%3Dca-pub-4894209870857905%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7e126e454cba1e14-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 22:05:34 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js Show response
pagead2.googlesyndication.com/bg/ Frame 492F 37 KB
14 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 13:22:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31369
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14631
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 02 Jul 2024 13:22:45 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.48/one-ad/ Frame B204 114 KB
14 KB 47ms
46ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14019&b=JBeszf5fZj9TBH6H7tptp5BaxSgTbWguA8&f=GjeTBfpf4BPhKHeHGtBCp5waZSYTeA9tY1&c=320&d=50&e=&g=5f4bae683061cabe3060da37aeb84003%2F13386214465822056641&i=21596&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688421934847&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwtrq9b941bteb87f4r3m9wytqe7sp7nenkq0arc9xdnwna7f7ev1e7q6envvr16see3pxzt7s3f1j1853zwbksm41w0s132s34dc8s3648dwxrgedrkt3mw02swp17fcxq0ye7bb3k6mwkdbkbf0cxcbgj0gswgr2x93w1ymnh0vc7apxn9g7wkpsw7st93x91vyf04zbs9tpr80y4rev79tes3qtezpvkwgzpjs6cw3kjc8sscdyrm43zpq7nqdxrcnphqz2gsenea300%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCPDOiLkajZJziA-iI1PIPgr6j4A2Q4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi00ODk0MjA5ODcwODU3OTA1yAEJqQKO_Xp4wk2yPuACAKgDAcgDAqoExQJP0IJ0fddpS7zFZaIza_OQdEnPYBf5MW932R6vztTaqQnClvirOfbtKI5L1Q14pjV3fdR7xl146tNYyFojgC5jC0MxXVGeoZLv3CmmA5P0_tiumMZJz8kl3PFA8M6XRcMTNWJwa7Cq6xdrOmaNlaHCCpzqJxjo_YsP59MTJJvhLUF5g_Se29ZqsXfe54jUc84S6eQifkxhfdQjwSxWORhBOaykfFVkfrWIZYHjU838bsuoee1RqOlpfpBljwBR_XZcLfFLUHX6wg3oF_TqnHpu5FmYIMrY2ZA82TlStla0POfASGtvMBF_UTrqemxlwoPeCjS5kfSdXmen4DMwLHRBp3oqwvhdeFFujpqB5xzN9VADOT22JeRzC5tkoVepSGxW_wFk0P58WnzSR-PKJzykaTmFHPEQiKxj8fFymvpOf8GY9Sic4AQBgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2qt0_CC91gmiRUosfCEx91fB6KFA%2526client%253Dca-pub-4894209870857905%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=14019&b=JBeszf5fZj9TBH6H7tptp5BaxSgTbWguA8&f=GjeTBfpf4BPhKHeHGtBCp5waZSYTeA9tY1&c=320&d=50&e=&g=5f4bae683061cabe3060da37aeb84003%2F13386214465822056641&i=21596&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688421934847&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwtrq9b941bteb87f4r3m9wytqe7sp7nenkq0arc9xdnwna7f7ev1e7q6envvr16see3pxzt7s3f1j1853zwbksm41w0s132s34dc8s3648dwxrgedrkt3mw02swp17fcxq0ye7bb3k6mwkdbkbf0cxcbgj0gswgr2x93w1ymnh0vc7apxn9g7wkpsw7st93x91vyf04zbs9tpr80y4rev79tes3qtezpvkwgzpjs6cw3kjc8sscdyrm43zpq7nqdxrcnphqz2gsenea300%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCPDOiLkajZJziA-iI1PIPgr6j4A2Q4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi00ODk0MjA5ODcwODU3OTA1yAEJqQKO_Xp4wk2yPuACAKgDAcgDAqoExQJP0IJ0fddpS7zFZaIza_OQdEnPYBf5MW932R6vztTaqQnClvirOfbtKI5L1Q14pjV3fdR7xl146tNYyFojgC5jC0MxXVGeoZLv3CmmA5P0_tiumMZJz8kl3PFA8M6XRcMTNWJwa7Cq6xdrOmaNlaHCCpzqJxjo_YsP59MTJJvhLUF5g_Se29ZqsXfe54jUc84S6eQifkxhfdQjwSxWORhBOaykfFVkfrWIZYHjU838bsuoee1RqOlpfpBljwBR_XZcLfFLUHX6wg3oF_TqnHpu5FmYIMrY2ZA82TlStla0POfASGtvMBF_UTrqemxlwoPeCjS5kfSdXmen4DMwLHRBp3oqwvhdeFFujpqB5xzN9VADOT22JeRzC5tkoVepSGxW_wFk0P58WnzSR-PKJzykaTmFHPEQiKxj8fFymvpOf8GY9Sic4AQBgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2qt0_CC91gmiRUosfCEx91fB6KFA%2526client%253Dca-pub-4894209870857905%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1687950287
age: 471149
cf-polished: origSize=117335
x-guploader-uploadid: ADPycdu7Pb84Y6vCPqpUShyJrQGb98f4yuF1LiyC2B7DeEN9kG_1SbpI2iXm6tsp7d5fI22nNzf0l66mXGhEIUVspATbXw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 28 Jun 2023 11:05:15 GMT
server: cloudflare
etag: W/"5d49535c2a84a9762127b3d9e77d7e02"
vary: Accept-Encoding
x-goog-generation: 1687950315098833
content-type: text/css
x-goog-hash: crc32c=aWAnwg==, md5=XUlTXCqEqXYhJ7PZ531+Ag==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PR4NPhSeTaboMbEEUrvSCxLynPr2c0OFb8bBJW%2BlV1fqKIXvXP8mm13Rb6Q7SFWyJtlj5TssE%2FkTFUU%2Flqg%2FtPGgZfFvYuWgivGgkq3O0MWO6oa%2BjpAKnuQc4YsJh1xJ3K3HH%2FbMcJ4%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 117335
cf-ray: 7e126e460e001e14-FRA
expires: Mon, 03 Jul 2023 23:05:35 GMT

GET
H2 200 762E992A001272DDC355514B76DC4960DDF6238B0F54854C0B29BE64A7E78BA5693E54C1A602322E523834805FE15471ECC3FEB06D9A02796A930A4085F71F84
assets.ad4m.at/logo/ Frame B204 44 KB
44 KB 49ms
39ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/762E992A001272DDC355514B76DC4960DDF6238B0F54854C0B29BE64A7E78BA5693E54C1A602322E523834805FE15471ECC3FEB06D9A02796A930A4085F71F84
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14019&b=JBeszf5fZj9TBH6H7tptp5BaxSgTbWguA8&f=GjeTBfpf4BPhKHeHGtBCp5waZSYTeA9tY1&c=320&d=50&e=&g=5f4bae683061cabe3060da37aeb84003%2F13386214465822056641&i=21596&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688421934847&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwtrq9b941bteb87f4r3m9wytqe7sp7nenkq0arc9xdnwna7f7ev1e7q6envvr16see3pxzt7s3f1j1853zwbksm41w0s132s34dc8s3648dwxrgedrkt3mw02swp17fcxq0ye7bb3k6mwkdbkbf0cxcbgj0gswgr2x93w1ymnh0vc7apxn9g7wkpsw7st93x91vyf04zbs9tpr80y4rev79tes3qtezpvkwgzpjs6cw3kjc8sscdyrm43zpq7nqdxrcnphqz2gsenea300%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCPDOiLkajZJziA-iI1PIPgr6j4A2Q4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi00ODk0MjA5ODcwODU3OTA1yAEJqQKO_Xp4wk2yPuACAKgDAcgDAqoExQJP0IJ0fddpS7zFZaIza_OQdEnPYBf5MW932R6vztTaqQnClvirOfbtKI5L1Q14pjV3fdR7xl146tNYyFojgC5jC0MxXVGeoZLv3CmmA5P0_tiumMZJz8kl3PFA8M6XRcMTNWJwa7Cq6xdrOmaNlaHCCpzqJxjo_YsP59MTJJvhLUF5g_Se29ZqsXfe54jUc84S6eQifkxhfdQjwSxWORhBOaykfFVkfrWIZYHjU838bsuoee1RqOlpfpBljwBR_XZcLfFLUHX6wg3oF_TqnHpu5FmYIMrY2ZA82TlStla0POfASGtvMBF_UTrqemxlwoPeCjS5kfSdXmen4DMwLHRBp3oqwvhdeFFujpqB5xzN9VADOT22JeRzC5tkoVepSGxW_wFk0P58WnzSR-PKJzykaTmFHPEQiKxj8fFymvpOf8GY9Sic4AQBgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2qt0_CC91gmiRUosfCEx91fB6KFA%2526client%253Dca-pub-4894209870857905%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ffae8fb9199235cf70171d14a964159b4eda2da695a258c2586de98e3cb27bb2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1464828
cf-polished: origFmt=png, origSize=65187
alt-svc: h3=":443"; ma=86400
content-length: 44710
cf-bgj: imgq:85,h2pri
last-modified: Tue, 17 Jan 2023 14:45:52 GMT
server: cloudflare
etag: "99941d3864a6d6ef01023c96e0475815"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mG8Xc%2Boy3M%2FQQLoKXKBIJTgVd6OMW2kcVcsNyS4lrVVXDBMeSoYp9vjfpznY7%2FPDiJ5HvIC3JoAT7%2BbDPhEvLd43wjIBpZDv9nFm3Lp2UiLgi0I1rFJPJRgF6tv9Y14jOq3uJJR16oIRj2jr"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e126e460ba01c44-FRA
expires: Tue, 04 Jul 2023 22:05:35 GMT

GET
H2 200 EC9093D4AF3799CF781B1E590A25D192F3BFBB8EF4C33117758FB5ADF524B34A287AF80FDD08D80A46541DEAE1FFA692B6F4CA688E7C199182253AEB01A2863C
assets.ad4m.at/product_image/ Frame B204 222 KB
222 KB 76ms
67ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/EC9093D4AF3799CF781B1E590A25D192F3BFBB8EF4C33117758FB5ADF524B34A287AF80FDD08D80A46541DEAE1FFA692B6F4CA688E7C199182253AEB01A2863C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14019&b=JBeszf5fZj9TBH6H7tptp5BaxSgTbWguA8&f=GjeTBfpf4BPhKHeHGtBCp5waZSYTeA9tY1&c=320&d=50&e=&g=5f4bae683061cabe3060da37aeb84003%2F13386214465822056641&i=21596&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688421934847&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwtrq9b941bteb87f4r3m9wytqe7sp7nenkq0arc9xdnwna7f7ev1e7q6envvr16see3pxzt7s3f1j1853zwbksm41w0s132s34dc8s3648dwxrgedrkt3mw02swp17fcxq0ye7bb3k6mwkdbkbf0cxcbgj0gswgr2x93w1ymnh0vc7apxn9g7wkpsw7st93x91vyf04zbs9tpr80y4rev79tes3qtezpvkwgzpjs6cw3kjc8sscdyrm43zpq7nqdxrcnphqz2gsenea300%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCPDOiLkajZJziA-iI1PIPgr6j4A2Q4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi00ODk0MjA5ODcwODU3OTA1yAEJqQKO_Xp4wk2yPuACAKgDAcgDAqoExQJP0IJ0fddpS7zFZaIza_OQdEnPYBf5MW932R6vztTaqQnClvirOfbtKI5L1Q14pjV3fdR7xl146tNYyFojgC5jC0MxXVGeoZLv3CmmA5P0_tiumMZJz8kl3PFA8M6XRcMTNWJwa7Cq6xdrOmaNlaHCCpzqJxjo_YsP59MTJJvhLUF5g_Se29ZqsXfe54jUc84S6eQifkxhfdQjwSxWORhBOaykfFVkfrWIZYHjU838bsuoee1RqOlpfpBljwBR_XZcLfFLUHX6wg3oF_TqnHpu5FmYIMrY2ZA82TlStla0POfASGtvMBF_UTrqemxlwoPeCjS5kfSdXmen4DMwLHRBp3oqwvhdeFFujpqB5xzN9VADOT22JeRzC5tkoVepSGxW_wFk0P58WnzSR-PKJzykaTmFHPEQiKxj8fFymvpOf8GY9Sic4AQBgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2qt0_CC91gmiRUosfCEx91fB6KFA%2526client%253Dca-pub-4894209870857905%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41b9b9d488e3a57902a671111dd089363c2f7d3a41ec3177f196abbb7cbac078

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1225635
cf-polished: origFmt=png, origSize=342797
alt-svc: h3=":443"; ma=86400
content-length: 226916
cf-bgj: imgq:85,h2pri
last-modified: Wed, 15 Jun 2022 14:01:11 GMT
server: cloudflare
etag: "82c7de0f42ff55fdd0acc07731664031"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iuS3Z0remRp3K9Ne5MlN%2BQ6M9bVw7nHWN9lm%2Bg2TArJsntpqR6EWdPQZR4nuyKyx2dBA6B3WQifPtJ2fHfzZnqFR5bUDmU3PW%2FZOijLn7yy%2FVN3mxf%2BB9inARoA6F9x%2Bygr4e6nCwldIICW5"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e126e460ba31c44-FRA
expires: Tue, 04 Jul 2023 22:05:35 GMT

GET
H2

200

ztpv.php
www.conrad.de/ Frame B204
Redirect Chain

https://www.awin1.com/cshow.php?s=2470185&v=11354&q=377129&r=412871&pv=1&pref3=oneidJBeszf5fZj9TBH6H7tptp5BaxSgTbWguA8oneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0
https://www.conrad.de/ztpv.php?awc=11354_412871_1688421935_bc52a360-19ed-11ee-87f6-2265f034cf4c&insert=AW&&gdpr=0&gdpr_consent=

0
473 B

127ms
45ms

Image
text/plain

2606:4700::6812:7e05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.conrad.de/ztpv.php?awc=11354_412871_1688421935_bc52a360-19ed-11ee-87f6-2265f034cf4c&insert=AW&&gdpr=0&gdpr_consent=

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14019&b=JBeszf5fZj9TBH6H7tptp5BaxSgTbWguA8&f=GjeTBfpf4BPhKHeHGtBCp5waZSYTeA9tY1&c=320&d=50&e=&g=5f4bae683061cabe3060da37aeb84003%2F13386214465822056641&i=21596&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688421934847&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwtrq9b941bteb87f4r3m9wytqe7sp7nenkq0arc9xdnwna7f7ev1e7q6envvr16see3pxzt7s3f1j1853zwbksm41w0s132s34dc8s3648dwxrgedrkt3mw02swp17fcxq0ye7bb3k6mwkdbkbf0cxcbgj0gswgr2x93w1ymnh0vc7apxn9g7wkpsw7st93x91vyf04zbs9tpr80y4rev79tes3qtezpvkwgzpjs6cw3kjc8sscdyrm43zpq7nqdxrcnphqz2gsenea300%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCPDOiLkajZJziA-iI1PIPgr6j4A2Q4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi00ODk0MjA5ODcwODU3OTA1yAEJqQKO_Xp4wk2yPuACAKgDAcgDAqoExQJP0IJ0fddpS7zFZaIza_OQdEnPYBf5MW932R6vztTaqQnClvirOfbtKI5L1Q14pjV3fdR7xl146tNYyFojgC5jC0MxXVGeoZLv3CmmA5P0_tiumMZJz8kl3PFA8M6XRcMTNWJwa7Cq6xdrOmaNlaHCCpzqJxjo_YsP59MTJJvhLUF5g_Se29ZqsXfe54jUc84S6eQifkxhfdQjwSxWORhBOaykfFVkfrWIZYHjU838bsuoee1RqOlpfpBljwBR_XZcLfFLUHX6wg3oF_TqnHpu5FmYIMrY2ZA82TlStla0POfASGtvMBF_UTrqemxlwoPeCjS5kfSdXmen4DMwLHRBp3oqwvhdeFFujpqB5xzN9VADOT22JeRzC5tkoVepSGxW_wFk0P58WnzSR-PKJzykaTmFHPEQiKxj8fFymvpOf8GY9Sic4AQBgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2qt0_CC91gmiRUosfCEx91fB6KFA%2526client%253Dca-pub-4894209870857905%2526adurl%253D&y=1&s=&z=0

Protocol

Server

2606:4700::6812:7e05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:35 GMT
strict-transport-security: max-age=15552000
cf-ccp-worker: HTLPHandler-v1
server: cloudflare
vary: Accept-Encoding
cache-control: no-cache
cf-ray: 7e126e483f6c8fc5-FRA
content-length: 0
expires: -1

Redirect headers

Date: Mon, 03 Jul 2023 22:05:35 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://www.conrad.de/ztpv.php?awc=11354_412871_1688421935_bc52a360-19ed-11ee-87f6-2265f034cf4c&insert=AW&&gdpr=0&gdpr_consent=
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 0

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 7F4C 0
18 B 33ms
32ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.creditosul.com
Referer: https://www.creditosul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.creditosul.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 22:05:35 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H3 200 / Show response
www.facebook.com/tr/ Frame FC76 0
15 B 33ms
32ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.creditosul.com
Referer: https://www.creditosul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.creditosul.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 22:05:35 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 6261 0
15 B 34ms
32ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.creditosul.com
Referer: https://www.creditosul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.creditosul.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 22:05:35 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 0FFF 0
15 B 34ms
32ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.creditosul.com
Referer: https://www.creditosul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.creditosul.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 22:05:35 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H3 200 / Show response
www.facebook.com/tr/ Frame DDBB 0
15 B 36ms
32ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.creditosul.com
Referer: https://www.creditosul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.creditosul.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 22:05:35 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 240C 0
15 B 36ms
32ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.creditosul.com
Referer: https://www.creditosul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.creditosul.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 22:05:35 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 3758 0
15 B 38ms
32ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.creditosul.com
Referer: https://www.creditosul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.creditosul.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 22:05:35 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 560D 0
15 B 39ms
32ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.creditosul.com
Referer: https://www.creditosul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.creditosul.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 22:05:35 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 9485 0
15 B 39ms
32ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.creditosul.com
URL: https://www.creditosul.com/e-restituicao-ir-pix/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_876

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.creditosul.com
Referer: https://www.creditosul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.creditosul.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 22:05:35 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 firebase-app.js Show response
www.gstatic.com/firebasejs/8.3.1/ 20 KB
6 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.3.1/firebase-app.js

Requested by

Host: script.joinads.me
URL: https://script.joinads.me/push-notification.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0aade4473b4c7427f41a5b3aeacddf7a2e3532f2b7fece88a77644ec0e27d81a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 16:42:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537808
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6586
x-xss-protection: 0
last-modified: Thu, 18 Mar 2021 20:14:48 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Jun 2024 16:42:07 GMT

GET
H3 200 firebase-analytics.js Show response
www.gstatic.com/firebasejs/8.3.1/ 35 KB
11 KB 71ms
70ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.3.1/firebase-analytics.js

Requested by

Host: script.joinads.me
URL: https://script.joinads.me/push-notification.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b5bda00a5ec63e26748b9f40cf1356b3823db279199d74813874255c748657d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 19:24:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 268890
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10746
x-xss-protection: 0
last-modified: Thu, 18 Mar 2021 20:14:43 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 29 Jun 2024 19:24:05 GMT

GET
H3 200 firebase-auth.js Show response
www.gstatic.com/firebasejs/8.3.1/ 173 KB
173 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.3.1/firebase-auth.js

Requested by

Host: script.joinads.me
URL: https://script.joinads.me/push-notification.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0460dfa53507eb6b050b3035d367ab5ddd0d2c7ccb31fe7a68fc6ac1cfbb2c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 17:25:30 GMT
x-content-type-options: nosniff
age: 189605
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 177065
x-xss-protection: 0
last-modified: Thu, 18 Mar 2021 20:14:55 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 30 Jun 2024 17:25:30 GMT

GET
H3 200 firebase-firestore.js Show response
www.gstatic.com/firebasejs/8.3.1/ 320 KB
88 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.3.1/firebase-firestore.js

Requested by

Host: script.joinads.me
URL: https://script.joinads.me/push-notification.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d73b123cd2ef3afda65cb6e76579341b1bb1f27faddb0dfc54875e7a05b0114b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 18:32:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 185584
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 90517
x-xss-protection: 0
last-modified: Thu, 18 Mar 2021 20:14:48 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 30 Jun 2024 18:32:31 GMT

GET
H3 200 firebase-messaging.js Show response
www.gstatic.com/firebasejs/8.3.1/ 40 KB
11 KB 77ms
76ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.3.1/firebase-messaging.js

Requested by

Host: script.joinads.me
URL: https://script.joinads.me/push-notification.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5243470d2be31f9aaf768f030f06b894aad081801460b75f6b396aca06fd8dda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 20:20:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 524717
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10884
x-xss-protection: 0
last-modified: Thu, 18 Mar 2021 20:14:56 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Jun 2024 20:20:18 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 86ms
85ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202306280101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

401805bf0ac9f56d3736d5631a9d6b8af867178fded709f1350b23b97b41540a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11344
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js?cb=31075787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 03 Jul 2023 22:05:35 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 091E 13 KB
5 KB 42ms
41ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.creditosul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 4395
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 20:52:20 GMT
expires: Tue, 02 Jul 2024 20:52:20 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 25BB 783 B
536 B 51ms
51ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

23f244a66d997159a57d7c2540cb772e94d0195a552fce4cb118375a6876b88d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-MCVXbQ6wX0YFzcNxqunYAg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.creditosul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-MCVXbQ6wX0YFzcNxqunYAg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jul 2023 22:05:35 GMT
expires: Mon, 03 Jul 2023 22:05:35 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js Show response
pagead2.googlesyndication.com/bg/ Frame 091E 37 KB
14 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 13:22:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31370
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14631
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 02 Jul 2024 13:22:45 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 25BB 0
0 73ms
73ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202306280101&jk=2425155733553059&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 091E 0
10 B 37ms
37ms Image
text/plain 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?nXTnIA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:35 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6DE6 42 B
64 B 82ms
81ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv_yd3jS8Cp39sfjTLXcbHHS1JKVMi57eV56j-AV9uRPvG5k-I0v3WuRvZ1GidtXeiijAYz2dChppyqoSvwpik0SbIoreZdRkVXUkPApFn2Cy2xO42LHT-Kw06-u_U3T1fkTbT8IU_cu35g&sai=AMfl-YSytCyY908ypY7xfJhkw8tsZYstrg_8CQxfttVaqrwI7XApF_LqwnzxoodJ2GqFIt1gqrK2BlNOSRNTDI-u2vghSx8jKXz7iGc60k9IJoF_izlFFduE9YwEJx0Z&sig=Cg0ArKJSzAvM65nywlqPEAE&cid=CAQSPABygQiDxxtxX-uJZp6nhy4pIQlNd6PjwbDIvAX_zm-oKytiK0iAzy9SCAUhLpUoW08qcxysJYVRcfZvEhgB&id=lidar2&mcvt=1000&p=665,632,945,968&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3506845074&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688421934578&rpt=333&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jul 2023 22:05:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 74ms
73ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202306280101&jk=2425155733553059&bg=!hYalhtLNAAb90kgr3dI7ADkAdvg8WkawYVJAzVM-EDny_mjISCQElMAv_GtX_wzi3AOs0SwCUtyeUqwtELQDR1N5JWgqVmseeDoCAAAATlIAAAAHaAEHCgCvEFsq5ePbAL4-BljfYUUJkHuwxRiaYpyLmjwdujVkL--HYUigNMvA0DUqOdXPC3QNccZ_x6hIeP2fuigbvfiZpZjLRDUE18h5WS2pEBEbSKJLcFx3NXAxxK4kMcFFLXho5JvOi-lDyRuFVgisaCMB2LqOu0r4vfJh59AF-5whvjIYSLKKuWT1XwncT9f5bAAE05t_2awNVbg69gIeCIgWT5vgDr322b6L9tPzJMEzG5kCsiz-CCDqR1ZF5qYGM6O1i5b3RAAffjYbvLNuvCUnahsJ4wJ32AuLInp0s3m7ycVkTmG8FW90lFIV7MORbMrovOYOHKKeGz0GFM5_cg0nzQRAQddo8dhEjPbJrn131srlF3iI-ADfK5c9t4hoQcCm1iuEGDy6hC2nqjFiMwkHJJeSkQkzSEgfvPyEnK8coMrDrCezlfw9V82W4w2TBDkW1xMF_CzM6mPBETpQBr36hPNWZx1HZWlyz7Q4T_XtI-XvTpFLGRB3D6-qIxNv8XZGzwv5JFDq9eD1L263v0bwNlbtN5eGRn7UJ8NZvueM_dkxDytNch78MbSmpYSZ2Vi4GY2pDWRCWzgNelAu01GVEpq70Mgc9IWuN3AF851TLEOP_RT2XXVjlDhfCd0zk0shNmGyfQAPHlSRbRQVDcpF2QHyInagmJYpGEB8ZrjUUju_l5XnRozwaYVtpzsrmIEEV58cafqrZxyWbHxLMc8fOMP2Kog7-NqtQPZC_I3-50ujMEu7FEqJFn2Gfqh5IWcveR8eTUtuSHjSUhjmrxxBiiNliH97rTrSjzlWnmI8lLOVppb051PoL7YHGEnFQh5PV2ipMXAXJ83BtRcCb3yNVEWomkJkFRtcOYcWOiJEsfbU8TgF2iT9Tteu7uk5XEP7bAUfjvISdRwyGjlWTCfBG2siT8ipnSXdeuX8UFTtVis87_KVZX7uZX5wgkZFKgcGjLtsqWoanUcCT6RKM_LZZtvEoygmtVOi_cLoO1TIADwhuWs_Eepf5TzKuPEM57OS7au0P0dqKd5evmUeGh08xFBq-0PpdFnUERfldhJPWEjB8jqCJoadONzCdVtdQaXQ4mtx69VfYRynFvN7zRJVuYpr_7B1I2p1NLJBpTKHzamEjpWE7D-OLCEWOqrEhO1Z-2riFw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 script-push.js Show response
script.joinads.me/ 1 KB
1 KB 37ms
37ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.joinads.me/script-push.js
Requested by: Host: script.joinads.me
URL: https://script.joinads.me/push-notification.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3cb238c7630ba8bd60ede523b57d4b3619086b3c54c04297662d2fddc65c6c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.creditosul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 22:05:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 278208
cf-polished: origSize=1468
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 01 Apr 2021 12:59:37 GMT
server: cloudflare
etag: W/"6065c3b9-5bc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1oBjblbM91ZGMy3M8%2F9JwezZMaCNqulBqaPIS7UD46gOd6iIPiD%2BcflFbHpJFV9e4p6O9P9a2KYfksH38%2FTfJsOhG5X%2FJ3ZfMazWVIYtM1V91NaMwaz5ZPbZ%2FFv%2FvTP4acnZUPZENAlTIhOqFNKtxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31104000
cf-ray: 7e126e550cea9bef-FRA
expires: Mon, 24 Jun 2024 16:48:49 GMT

Verdicts & Comments Add Verdict or Comment

109 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

40 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.creditosul.com/	1970-01-20 15:09:57	Name: _gcl_au Value: 1.1.1371899226.1688421933
.creditosul.com/	1970-01-20 22:36:21	Name: _ga_PTG7E1ZHWM Value: GS1.1.1688421932.1.0.1688421932.0.0.0
.creditosul.com/	1970-01-20 22:36:21	Name: _ga Value: GA1.2.1209800818.1688421933
.creditosul.com/	1970-01-20 13:01:48	Name: _gid Value: GA1.2.614841432.1688421933
.creditosul.com/	1970-01-20 13:00:21	Name: _gat_gtag_UA_201994943_9 Value: 1
.criteo.com/	1970-01-20 22:21:57	Name: uid Value: a7232e95-ae44-472e-a912-3cf3691b8e21
.openx.net/	1970-01-20 21:45:57	Name: i Value: 6730811f-fe9e-4967-bf5d-c277dc3b08d9\|1688421933
.creditosul.com/	1970-01-20 22:21:57	Name: cto_bundle Value: KRx9N19TY2c0NkwwNEpaTFdrNzRvcjlOcGFjZUo3TW9PS0dya0FoTW5mNTRMYXEwTHhzT25vVVdub2ZkQXJLU0t6SVhydzlZNGQwa21WTm9OaHhUdkY4dDg2NjEyelFpVCUyRkl2JTJCeVppQjBGWVF5T3d5dUZpNElWTGNBUVVCNVZ5Nko0S3FCTEM4YkVaVTB2bzNqTlNVZjhsJTJCd1ElM0QlM0Q
.turn.com/	1970-01-20 17:19:33	Name: uid Value: 9106652985432559961
.3lift.com/	1970-01-20 15:09:57	Name: tluid Value: 4110178961336885945436
.casalemedia.com/	1970-01-20 21:45:57	Name: CMID Value: ZKNGLVosudi0ZfkuNK4djQAA
.casalemedia.com/	1970-01-20 15:09:57	Name: CMPS Value: 5224
.casalemedia.com/	1970-01-20 15:09:57	Name: CMPRO Value: 5224
.pubmatic.com/	1970-01-20 13:01:48	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-20 21:45:57	Name: KADUSERCOOKIE Value: 399665DD-3BEF-4E09-9C16-FC1DBFC13526
.simpli.fi/	1970-01-20 21:47:24	Name: suid Value: 854771F2AB5E4946B0222C8BF4CB5BC9
.de17a.com/	1970-01-20 21:38:45	Name: guid Value: 1.3626711087706198829
.doubleclick.net/	1970-01-20 22:21:57	Name: IDE Value: AHWqTUk1cQNzIzhAoeV3YXLaoWGOteetqZz9ro9RsO_mRFfI45AYFdcE3XhP64XCrwo
.blismedia.com/	1970-01-20 21:46:01	Name: b Value: 64A3462E950D99706526008EBLIS
.creditosul.com/	1970-01-20 22:21:57	Name: __gads Value: ID=f54ec4d111e64140:T=1688421932:RT=1688421932:S=ALNI_MZFmcxm_cd5Q3hfEzKHRn-aSOJ1Mg
.creditosul.com/	1970-01-20 22:21:57	Name: __gpi Value: UID=00000c36f5fc8118:T=1688421932:RT=1688421932:S=ALNI_MahVLt_Tso1qImuSJxWbj_l5VM1zw
.adform.net/	1970-01-20 13:45:00	Name: C Value: 1
.yahoo.com/	1970-01-20 21:46:19	Name: A3 Value: d=AQABBC5Go2QCEBUx8VjaYOzZh-Yb993836IFEgEBAQGXpGStZAAAAAAA_eMAAA&S=AQAAAoPokksvdQc7gEyN02TDFo4
.adform.net/	1970-01-20 14:26:45	Name: uid Value: 3447063349160956625
.creditosul.com/	1970-01-20 15:09:57	Name: _fbp Value: fb.1.1688421934803.965820840
.bidswitch.net/	1970-01-20 21:45:57	Name: c Value: 1688421934
.bidswitch.net/	1970-01-20 21:45:57	Name: tuuid_lu Value: 1688421934
.bidswitch.net/	1970-01-20 21:45:57	Name: tuuid Value: 4c46cb89-f6d5-478a-8400-19819e5bef0f
.ctnsnet.com/	1970-01-20 21:45:57	Name: cid_3441038833e54c30b588b6d2270a1ecf Value: 1
.ctnsnet.com/	1970-01-20 21:45:57	Name: gid_CAESEKMFXVtVW0TYb-tYnymftl8 Value: 1
.w55c.net/	1970-01-20 22:32:02	Name: wfivefivec Value: whkPEQL11QgrFQ5
.bidswitch.net/	1970-01-20 13:00:22	Name: google_push Value: AaAOQGGKltpJfPkHco95gGDl6mONdx1c4KGxfjWZrxSxc8MQa7Lptg42RUF3ERRIdgb9MhIJ4VYGmrqDCi5xww5iyvZQHfRTXTMAjA
.w55c.net/	1970-01-20 13:43:33	Name: matchgoogle Value: 5
.tribalfusion.com/	1970-01-20 15:09:57	Name: ANON_ID Value: aLnseFpkijcDifqAaAsdL6gHjemwO6torY2tu4uT0cRKnxPPUKiTdctnA5MtGZaoUBFT92x43411JFeWjgwNY
.everesttech.net/	1970-01-20 21:45:57	Name: everest_g_v2 Value: g_surferid~ZKNGLgAWbN_iKwBS
.awin1.com/	1970-01-20 13:04:41	Name: awpv11354 Value: 412871\|1688421935\|bc52a360-19ed-11ee-87f6-2265f034cf4c
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 377129:2470185
www.conrad.de/	1970-01-20 13:04:41	Name: HTLP_timestamp Value: 1688421935408
www.conrad.de/	1970-01-20 13:04:41	Name: CEAffHA Value: YD
.www.conrad.de/	1970-01-20 13:00:23	Name: __cf_bm Value: GCM1vrPiykS4o_jihYHE8EaJSwFsHEBmKHCM4SNA4wc-1688421935-0-AaoMdgRCFoJgpHlXVqhY02i6Bso994NlOg26BuJd5YG8645bb8qGv72Hw4fh/2GV0mmI6ZzZNbk5uDIgp82+Gpg=

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://as.ad4m.at/ad/dr?ed=1k21p8vjc5hny9nnrdrkn7jf6f16nahv5cbsmtfadk731e0te2avwt37vx2m5p0hx44ef1v62vr6zqp8sh22jrwh093z5stmbwt30gja8brzpr8srctkk8dfzp70q1n5h5f8jjpdhqs5w7cxehkrw6cr0gythk4br7zhc42pdwdtg92j0hva38d6fw6pxw8969pv1hscvrneg7rdzavpc2r4vtag3710dkfmdemy9qtm52gze3jq02wt3s8w69pa15668mwh2tp68sdd3pkapece8y7m754r0epqy0pxd2cgrh0shknygaadv0pmcxeb3fd8m3ncakg4ephs1y2a0znvw6gzck4c6d7v63h5s08fde0t04myy435egxf0d8sejh6d13jwfe0e387r1a5e3cfz9fgz32fjvnr3ykps2cedp8x&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCPDOiLkajZJziA-iI1PIPgr6j4A2Q4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi00ODk0MjA5ODcwODU3OTA1yAEJqQKO_Xp4wk2yPuACAKgDAcgDAqoExQJP0IJ0fddpS7zFZaIza_OQdEnPYBf5MW932R6vztTaqQnClvirOfbtKI5L1Q14pjV3fdR7xl146tNYyFojgC5jC0MxXVGeoZLv3CmmA5P0_tiumMZJz8kl3PFA8M6XRcMTNWJwa7Cq6xdrOmaNlaHCCpzqJxjo_YsP59MTJJvhLUF5g_Se29ZqsXfe54jUc84S6eQifkxhfdQjwSxWORhBOaykfFVkfrWIZYHjU838bsuoee1RqOlpfpBljwBR_XZcLfFLUHX6wg3oF_TqnHpu5FmYIMrY2ZA82TlStla0POfASGtvMBF_UTrqemxlwoPeCjS5kfSdXmen4DMwLHRBp3oqwvhdeFFujpqB5xzN9VADOT22JeRzC5tkoVepSGxW_wFk0P58WnzSR-PKJzykaTmFHPEQiKxj8fFymvpOf8GY9Sic4AQBgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2qt0_CC91gmiRUosfCEx91fB6KFA%26client%3Dca-pub-4894209870857905%26adurl%3D Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://as.ad4m.at/ad/rar?a=14019&b=JBeszf5fZj9TBH6H7tptp5BaxSgTbWguA8&f=GjeTBfpf4BPhKHeHGtBCp5waZSYTeA9tY1&c=320&d=50&e=&g=5f4bae683061cabe3060da37aeb84003%2F13386214465822056641&i=21596&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1688421934847&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwtrq9b941bteb87f4r3m9wytqe7sp7nenkq0arc9xdnwna7f7ev1e7q6envvr16see3pxzt7s3f1j1853zwbksm41w0s132s34dc8s3648dwxrgedrkt3mw02swp17fcxq0ye7bb3k6mwkdbkbf0cxcbgj0gswgr2x93w1ymnh0vc7apxn9g7wkpsw7st93x91vyf04zbs9tpr80y4rev79tes3qtezpvkwgzpjs6cw3kjc8sscdyrm43zpq7nqdxrcnphqz2gsenea300%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCPDOiLkajZJziA-iI1PIPgr6j4A2Q4YGEXLaoworwAsCNtwEQASAAYJWKnoKwB4IBF2NhLXB1Yi00ODk0MjA5ODcwODU3OTA1yAEJqQKO_Xp4wk2yPuACAKgDAcgDAqoExQJP0IJ0fddpS7zFZaIza_OQdEnPYBf5MW932R6vztTaqQnClvirOfbtKI5L1Q14pjV3fdR7xl146tNYyFojgC5jC0MxXVGeoZLv3CmmA5P0_tiumMZJz8kl3PFA8M6XRcMTNWJwa7Cq6xdrOmaNlaHCCpzqJxjo_YsP59MTJJvhLUF5g_Se29ZqsXfe54jUc84S6eQifkxhfdQjwSxWORhBOaykfFVkfrWIZYHjU838bsuoee1RqOlpfpBljwBR_XZcLfFLUHX6wg3oF_TqnHpu5FmYIMrY2ZA82TlStla0POfASGtvMBF_UTrqemxlwoPeCjS5kfSdXmen4DMwLHRBp3oqwvhdeFFujpqB5xzN9VADOT22JeRzC5tkoVepSGxW_wFk0P58WnzSR-PKJzykaTmFHPEQiKxj8fFymvpOf8GY9Sic4AQBgAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2qt0_CC91gmiRUosfCEx91fB6KFA%2526client%253Dca-pub-4894209870857905%2526adurl%253D&y=1&s=&z=0 Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

29dd772d5d2f1242102ef62078eb1ff3.safeframe.googlesyndication.com
a.tribalfusion.com
ad.turn.com
ad4m.at
adservice.google.com
as.ad4m.at
assets.ad4m.at
c1.adform.net
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
cm.g.doubleclick.net
connect.facebook.net
d5p.de17a.com
dis.criteo.com
eb2.3lift.com
fonts.googleapis.com
fonts.gstatic.com
gcm.ctnsnet.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
gum.criteo.com
id5-sync.com
image6.pubmatic.com
match.adsrvr.org
mts0.google.com
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.wp.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prod-rtb.ad4mat.net
r.turn.com
receitasninja.lt.acemlna.com
region1.google-analytics.com
s.ad.smaato.net
s.tribalfusion.com
script.joinads.me
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
static.criteo.net
stats.wp.com
sync-tm.everesttech.net
sync.teads.tv
tpc.googlesyndication.com
tr.blismedia.com
um.simpli.fi
ups.analytics.yahoo.com
www.awin1.com
www.conrad.de
www.creditosul.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
104.64.118.247
104.75.89.75
108.179.193.124
141.95.98.65
15.197.193.217
151.101.2.49
172.217.18.2
172.217.23.98
178.250.1.9
178.250.7.13
18.196.180.213
185.64.190.78
185.80.39.216
192.0.76.3
2001:4860:4802:32::36
2001:678:cb4:bbbb::11
213.155.156.164
2600:1901:0:76b9::
2600:9000:2057:a000:1b:5138:8a40:93a1
2600:9000:2250:4000:a:e047:753:be1
2606:4700:10::ac43:266a
2606:4700:20::681a:bd1
2606:4700:20::ac43:4a81
2606:4700::6812:18ad
2606:4700::6812:7e05
2a00:1450:4001:803::2004
2a00:1450:4001:809::2001
2a00:1450:4001:80b::2001
2a00:1450:4001:80e::200a
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2003
2a00:1450:4001:810::200e
2a00:1450:4001:811::2002
2a00:1450:4001:811::200e
2a00:1450:4001:828::2002
2a00:1450:4001:828::2003
2a00:1450:4001:829::2002
2a00:1450:4001:82f::2008
2a00:1450:4001:830::2003
2a02:2638:3::3
2a02:2638:3::c
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a04:4e42:200::485
2a05:d018:d29:3601:3913:20ff:833f:762d
2a06:98c1:3121::3
3.120.19.26
3.75.62.37
34.102.146.192
34.120.107.143
34.91.62.186
34.96.105.8
35.186.193.173
35.244.159.8
37.157.2.229
51.89.9.252
52.21.253.179
76.223.111.18
0136d4cebbfb89c99c8bf6958d79d33e51b8dbe67abdb983e06308f940a982f4
01cbb105faef1373e9d53ddc5e62c9c7b5f66cbc64c2c045a3daec0328b831e6
02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2
0231a170cb5204055696f44f744eec121d834462c11476f479ff523fe59d294c
032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3
07b22178596c5c5ac3c9d568c7c86ab07960f1fb5ac0be88761eb3802df8905b
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0a0610548e89956b26496552978f70638cbbba6f7d3fc204e137457a52d53f8d
0aade4473b4c7427f41a5b3aeacddf7a2e3532f2b7fece88a77644ec0e27d81a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
100260c9bcb6d88ad77ce854969dc46bad3048f96ad127c24ab05715c8105936
133f35fbfc23c0d8cf814176860427bd6a02da9278de3de662da11d9602d8582
15fc476568c5c1919ef90dae9f6bce548c9f585d0f08a4136e6b6bda1c709cb6
162c5ebe4d8983b62bbb17bdcbec49361953db02abb8ef83a527c25544b4de9a
18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c
1ac27f152e4feabe9215d391259336844d64f5c62149a7978634c1ab2c3b27d6
1c1fef6e6b4f9832603850b9b6562e74d9a6a3700ba836efe88facc577121e8b
1c8265dfea61fdbeb7770b27478fa751de4f9a0d8647867f98a0a47c00255842
1dcf6a4d79f645f5ee040fe39446dcda3a3bfd6f0afd6392eec14c973a349e3c
20e74dbf3ee183f6fe1447dd7efef616905f78e10733e618dfd67f54c8a25ca8
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
23f244a66d997159a57d7c2540cb772e94d0195a552fce4cb118375a6876b88d
2661bf7b0200e2fb896e87f63eb9b3ad0deb75e9e6b41d6daee5f05c1288a427
27c045f2414b6b6af54b601c46312a6cbeb5dff6da152d9aceea0272fc896d03
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4
2d9c137b6960ae5904b796eb09dcb46525fc0af84f687c85b2339b566931f437
2da988427b34614d705adbf808e2e61d91f67bf147db9049e34c99b3624171e8
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31eb4c2edea11284a2a954bbac401c86e16641731c5815f51190b584062d8f4e
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
35ef325738aec617e593976f23534b7d5b159f4642f24bc7c1bbbb40a7dc181f
389090922185d81fe757eb0e033fccb17583e98a7dc5b9900a1dbd7bb49aafa5
39473f41f6492001648e93d50aa18f14ae5e917cd9c93da48ec2dd50ca1f364b
39d0fd9943a1069718bb60c51587b8a2b7711d562766565fafd8ac6050e44cdb
3a2cd7671a664891ca906636eef8a27ead4655ac766a4a183ce789e6bcc8450b
3a5fa3073b94aa8259d04802566504c897fd640610ea9f36654cfacc615f325e
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
401805bf0ac9f56d3736d5631a9d6b8af867178fded709f1350b23b97b41540a
41581282cd194744acc9836375924585ed25e3a4145e0e9f57fee9f5075abee2
41b7f4ef86f2344e72da822fe79265700ff1bf3361450a02ab4397ff1a5eb040
41b9b9d488e3a57902a671111dd089363c2f7d3a41ec3177f196abbb7cbac078
41c7e05e604e0bc6b8814d00221eac3e3db342d996362a2cfa1cd057ad2c809b
424819e46bf5c64acc9eb22fd6c9820b102101a9dcc57e42452955c19195fb17
42b9a15f9b6a86e0bca2678c6a6679ed2e73777ca55d893012e685275249f702
4681d619f677c1b314814309a6f00a5e0ec3f12968e807ee71def1cf42bd7808
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46baa2a6f37fa5c72a78c3f0db33d5a626985b4f9ce5fb1d5ba9bd8360c1b307
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4924e12a30059184d9bd1c36294dcdf957f5f2da452209448b35a93aa785cca5
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e539500752069c624d4c1c9719b0cd75bf0e88923c78017e42ceb8e095596ef
4ea1abdde849b92b49b1be554bed773d8cc45f2497ff42bf11b761e21b5dbf23
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
5243470d2be31f9aaf768f030f06b894aad081801460b75f6b396aca06fd8dda
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab
5fb44f5faa5569cf002f97433c48ff5f53a0c6a181d3f67858c93a8379dbde0d
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
65f22d8aa0690bd9cf8ffe5d68e5f6866b05ed8fc6f6c9083b996c1b3c4c75f4
6702d5d480aae283c2377355d0f42a72822925ad9b4752143fab655f04f3d404
69698827bf9a8f714565fccaf9b3de5d3e33c24ac2885bd30991fe980e833df8
6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7abd36a2f651330420d86187c125331d679408d1be7b6cd93efa64e08eaf80c7
7d6256c00ec47909aed0ff141dc3ade34b82dc1eaa57922edaa443409d0f768a
7faee9bc543f6badd0b9efb172e0637cb8cfbd3bd786b056d2390f085d75ecc4
867db731598a60f3bcec5f74c3775d11d0acbfe1ebbc51db63231568f3226716
8a83422b4a702bf55d780c3dc7f89e1a34c8d6b34cb5284503f573520eece166
8ab758e32437cf86d59e683d808940365c56bf6893f391a96d19e731b21bf154
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
905818c5ad86a8e5eda295d9f8479b3939d5bb71ef1fc5ecb6ba5bfa401fa9fe
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
99d1550a875d9a33c384a98fa89dd03ad861591dcddaee3b6005d01b6ebffd50
99fae6468b3bd803389038dbee0d9d96f845779869b3d448db662e735bb8ec6d
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b99c7c09885b47e4b8a468e181a901ccf21506733c228d34b8165a207c272cd
9f66cf2042fc283bc05b96d871ec742da1c1198a13eb0cad4053b34c9ff844b0
a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22
a48dea362116d7516a2cf97066a32758d353760ee02dbf900ddff86b02a16473
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a695b8b12c7d88355d0b1b33d6c643a7913bcfbeae91553bd7560019188b1032
aa7074f9a3c53a17de894245299386751108ee411500d2548aaf09c30fc1e555
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
af56f9a97ba9853d88e0dc672d67e32e3ff2f829df312625ef64a878f8632cf2
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b422edd9de5ae893d9520d5659919963e6194aafea56a74406021f7c337a524c
b5737b0c371611ffbda25040aefb4a72202b3f4f4223da5802f9841823f125ec
b5bda00a5ec63e26748b9f40cf1356b3823db279199d74813874255c748657d2
b651d87ef113cba0c8ec8a33bfdb694171effeba56b20be12e3c77fc15f6ae9f
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
bbd11d287d579b875f5ba1e88c62f56834dd8d925d7776fdc4eb201cf9aa5192
be3b15b1e68cf3e9278293d3b50491fe16c985e0ee5968852cac4fc062a7134e
becb4a032744398003d75428dec7b3d8bbbde666155c4353515a0d956a410b5a
c09ba41f54d13e6b804a0f82560af624c4cb246b15e3ad005d63799b2952dc3e
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
c1bcde9fd8025d889e40a0a6080a4bc50f7537b7c901c81883cc05f8058475b6
c3c8e9fb64ccd55d6a7b7ac277231e3a3f29710313d26a38b321ccaaffe4501d
c4e52504e28737fce70410213376b4c7486ce57a1768b937c2d83c869a580c4e
c6ea3b67b8bc4dd15db55c0ec71ea8a32ceafbdd9f48386b056c2463f9d657bb
c960aa9c3b0dcd8dc75d3b5083fcef82e9d642bdbd81897382d79283edbf3708
ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
cb89dd9e15012aaf7793589dac9047e4cd7a6ca775cef044ece7f23217acb7b8
cca1d217dfa402be35f14c0581cd97def322243e07376827927fa45e4eb02173
cca99c19e8612ba2d315918aefb5ac219cd808b49dd3e5f0efc5e6db81b2dd14
d0460dfa53507eb6b050b3035d367ab5ddd0d2c7ccb31fe7a68fc6ac1cfbb2c2
d2817724798e93de09aae1fdfe819bf8c6071ca93a306cd369969878b4fd5a2b
d73b123cd2ef3afda65cb6e76579341b1bb1f27faddb0dfc54875e7a05b0114b
d8149e00f11e583d2465a3ca5ac752c86e8b620095d2405178f5ff8e97e12d2a
dd3eea01c5f2cad96d8879a555421517c84ef286d4eb1336a57070b005953d45
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0f0d6d71e313ae3ee40517ae4df4806d42aacf7720c5c0220506c247796c4f7
e31e1cfb470365c46c451ae94f3a5f9bac9df96a0f403f044f851228a5bf1667
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3c4a4057f02182efe3e8959561124f215a4a8e50e03257b71d550cbf74ecc4f
e3cb238c7630ba8bd60ede523b57d4b3619086b3c54c04297662d2fddc65c6c4
e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e9d96de6ba659a2d25e1f09582373ba81250a2fbe672ec5e583568a031a08e98
ecf785fe496796d2e4b026d58de7ea89a471d19255b06b3fefc5576db5a69dbc
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2caa6c96dfa2e8d0b8b8770ee3a4d4beb69475e8e7c367e30aff7d5884e712d
f3971b50c2fef5d876fd6c9e71e3627e52a1b486c2d590756b352059319a6446
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f61ce0d0d062c15912a8fd7067d050eb058a4947d7d516ffa6efc31fd32ea731
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39
f79737ff968de505e56b83cb3e42eaca8b4cc8e636882c79029eee9326fadd78
fd543b21d162ee922201fe54b79778548f8102ea91376960e856c069a135cb76
fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c
ffae8fb9199235cf70171d14a964159b4eda2da695a258c2586de98e3cb27bb2

www.creditosul.com Open in urlscan Pro 108.179.193.124 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

233 Requests

88 %HTTPS

53 %IPv6

45 Domains

64 Subdomains

45 IPs

10 Countries

3578 kBTransfer

10454 kBSize

40 Cookies

0 Outgoing links

Page URL History

Redirected requests

233 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.creditosul.com Open in urlscan Pro
108.179.193.124 Public Scan

Screenshot
Live screenshot

Full Image

233
Requests

88 %
HTTPS

53 %
IPv6

45
Domains

64
Subdomains

45
IPs

10
Countries

3578 kB
Transfer

10454 kB
Size

40
Cookies

233 HTTP transactions
5 data transactions