mestreemfinancas.com Open in urlscan Pro
108.179.193.123 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://supertrabalhocom.lt.acemlnb.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZsaW5rLm1lc3RyZWVtZmluYW5jYXMuY29tJTJGbCUyRjQ0OT...
Effective URL:
https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Submission: On March 22 via api (March 22nd 2023, 6:51:10 pm UTC) from BR — Scanned from DE

Summary HTTP 274 Redirects Behaviour Indicators

Summary

This website contacted 44 IPs in 7 countries across 45 domains to perform 274 HTTP transactions. The main IP is 108.179.193.123, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is mestreemfinancas.com.
TLS certificate: Issued by R3 on March 8th 2023. Valid for: 3 months.

This is the only time mestreemfinancas.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.237.157.157 34.237.157.157	14618 (AMAZON-AES) (AMAZON-AES)
1 1	137.184.92.206 137.184.92.206	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
30	108.179.193.123 108.179.193.123	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
2	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
2	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
9	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
1 8	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1 6	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700:10:... 2606:4700:10::6816:3556	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2600:9000:225... 2600:9000:2250:2200:a:e047:752:b361	16509 (AMAZON-02) (AMAZON-02)
43	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
2 4	2a05:d018:dd0... 2a05:d018:dd0:6881:e518:8fca:7301:8eac	16509 (AMAZON-02) (AMAZON-02)
20	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
30	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	162.19.138.118 162.19.138.118	16276 (OVH) (OVH)
11 32	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
5 11	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
5 8	37.252.171.52 37.252.171.52	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	34.120.135.53 34.120.135.53	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	64.233.167.154 64.233.167.154	15169 (GOOGLE) (GOOGLE)
3	2600:9000:223... 2600:9000:223f:6200:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
8	2600:1f18:1ac... 2600:1f18:1aca:4280:a733:75de:e8c8:e5e	14618 (AMAZON-AES) (AMAZON-AES)
6	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
20	2a00:1450:400... 2a00:1450:4001:810::2006	15169 (GOOGLE) (GOOGLE)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
4	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
2 4	46.228.164.11 46.228.164.11	56396 (AMOBEE) (AMOBEE)
1 3	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	151.101.194.49 151.101.194.49	54113 (FASTLY) (FASTLY)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 2	3.68.12.190 3.68.12.190	16509 (AMAZON-02) (AMAZON-02)
1	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
2 2	216.52.2.48 216.52.2.48	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1 2	62.144.160.15 62.144.160.15	12312 (ECOTEL) (ECOTEL)
2 2	185.29.132.245 185.29.132.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 1	34.91.62.186 34.91.62.186	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	198.47.127.19 198.47.127.19	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
5 5	213.19.147.44 213.19.147.44	26120 (RHYTHMONE) (RHYTHMONE)
1	2620:116:800d... 2620:116:800d:21:de2e:c7b3:55c0:d5a0	16509 (AMAZON-02) (AMAZON-02)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
1 1	51.89.9.253 51.89.9.253	16276 (OVH) (OVH)
2 2	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
274	44

1 34.237.157.157 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-237-157-157.compute-1.amazonaws.com

supertrabalhocom.lt.acemlnb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 137.184.92.206 (Santa Clara, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: quiz.dmcleads.com

link.mestreemfinancas.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 108.179.193.123 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 108-179-193-123.unifiedlayer.com

mestreemfinancas.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

script.joinads.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3556 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:2200:a:e047:752:b361 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a05:d018:dd0:6881:e518:8fca:7301:8eac (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.118 (France)

ASN16276 (OVH, FR)
PTR: ns31533569.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 142.250.184.226 (United States) 11 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 185.80.39.216 (Canada) 5 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 37.252.171.52 (Frankfurt am Main, Germany) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.135.53 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 53.135.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.167.154 (United States)

ASN15169 (GOOGLE, US)
PTR: wl-in-f154.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:223f:6200:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:1f18:1aca:4280:a733:75de:e8c8:e5e (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:810::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.228.164.11 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:18ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Bad Durrheim, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.68.12.190 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-68-12-190.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.48 (United States) 2 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 62.144.160.15 (Düsseldorf, Germany) 1 redirects

ASN12312 (ECOTEL, DE)

ssl.hurra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.132.245 (United Kingdom) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.91.62.186 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.62.91.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.19 (United States) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 213.19.147.44 (Castricum, Netherlands) 5 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:de2e:c7b3:55c0:d5a0 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.253 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip253.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
67	googlesyndication.com f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 108 tpc.googlesyndication.com — Cisco Umbrella Rank: 135	382 KB
54	doubleclick.net 12 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 190 googleads.g.doubleclick.net — Cisco Umbrella Rank: 29 cm.g.doubleclick.net — Cisco Umbrella Rank: 206 bid.g.doubleclick.net — Cisco Umbrella Rank: 714 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 319	389 KB
31	mestreemfinancas.com 1 redirects link.mestreemfinancas.com mestreemfinancas.com	549 KB
30	facebook.com www.facebook.com — Cisco Umbrella Rank: 109	987 B
20	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 283	524 KB
15	adsafeprotected.com 2 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 747 static.adsafeprotected.com — Cisco Umbrella Rank: 575 dt.adsafeprotected.com — Cisco Umbrella Rank: 530	201 KB
12	facebook.net connect.facebook.net — Cisco Umbrella Rank: 147	1 MB
11	casalemedia.com 5 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 535	9 KB
8	adnxs.com 5 redirects ib.adnxs.com — Cisco Umbrella Rank: 210	8 KB
7	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 68 www.google.com — Cisco Umbrella Rank: 2	2 KB
7	gstatic.com fonts.gstatic.com www.gstatic.com	322 KB
6	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 396	126 KB
4	turn.com 2 redirects ad.turn.com — Cisco Umbrella Rank: 794 r.turn.com — Cisco Umbrella Rank: 3277	2 KB
4	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 2722 google-bidout-d.openx.net — Cisco Umbrella Rank: 2668 rtb.openx.net — Cisco Umbrella Rank: 1455	1 KB
3	1rx.io 3 redirects sync.1rx.io — Cisco Umbrella Rank: 520	2 KB
3	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 749 s.tribalfusion.com — Cisco Umbrella Rank: 1837	2 KB
3	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 392 mug.criteo.com — Cisco Umbrella Rank: 2797	7 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 187	146 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 8820 www.google.de — Cisco Umbrella Rank: 6058	1 KB
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 352	958 B
2	unrulymedia.com 2 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1115	1 KB
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 731	1 KB
2	mathtag.com 2 redirects sync.mathtag.com — Cisco Umbrella Rank: 470	2 KB
2	hurra.com 1 redirects ssl.hurra.com — Cisco Umbrella Rank: 73397	533 B
2	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 603	1 KB
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 297	1 KB
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 924 id5-sync.com — Cisco Umbrella Rank: 414	17 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 25	20 KB
2	joinads.me script.joinads.me	2 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	109 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	3 KB
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 766	338 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 5893	554 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 31935	610 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 660	464 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 322	501 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 740	749 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1426	627 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 611	577 B
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 3187	2 KB
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 642	13 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 2922	8 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 334	1 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 168	2 KB
1	acemlnb.com 1 redirects supertrabalhocom.lt.acemlnb.com	205 B
274	45

	Domain	Requested by
43	pagead2.googlesyndication.com	mestreemfinancas.com pagead2.googlesyndication.com tpc.googlesyndication.com fw.adsafeprotected.com f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net securepubads.g.doubleclick.net
32	cm.g.doubleclick.net	11 redirects googleads.g.doubleclick.net mestreemfinancas.com f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
30	www.facebook.com	mestreemfinancas.com
30	mestreemfinancas.com	mestreemfinancas.com
20	s0.2mdn.net	mestreemfinancas.com s0.2mdn.net f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
20	tpc.googlesyndication.com	mestreemfinancas.com googleads.g.doubleclick.net tpc.googlesyndication.com f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com s0.2mdn.net securepubads.g.doubleclick.net
12	connect.facebook.net	mestreemfinancas.com connect.facebook.net
11	dsum-sec.casalemedia.com	5 redirects googleads.g.doubleclick.net
9	securepubads.g.doubleclick.net	mestreemfinancas.com securepubads.g.doubleclick.net
8	dt.adsafeprotected.com	f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com mestreemfinancas.com
8	ib.adnxs.com	5 redirects googleads.g.doubleclick.net
8	googleads.g.doubleclick.net	1 redirects www.googletagmanager.com mestreemfinancas.com pagead2.googlesyndication.com f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
6	cdn.ampproject.org	securepubads.g.doubleclick.net
6	www.google.com	1 redirects mestreemfinancas.com tpc.googlesyndication.com
5	www.gstatic.com	script.joinads.me
4	googleads4.g.doubleclick.net	mestreemfinancas.com
4	fw.adsafeprotected.com	2 redirects mestreemfinancas.com
4	f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	sync.1rx.io	3 redirects
3	static.adsafeprotected.com	f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
3	www.googletagservices.com	mestreemfinancas.com f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
2	eb2.3lift.com	2 redirects
2	sync.targeting.unrulymedia.com	2 redirects
2	image6.pubmatic.com	2 redirects
2	sync.mathtag.com	2 redirects
2	ssl.hurra.com	1 redirects f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
2	ap.lijit.com	2 redirects
2	x.bidswitch.net	2 redirects
2	a.tribalfusion.com	1 redirects f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
2	r.turn.com	mestreemfinancas.com f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
2	ad.turn.com	2 redirects
2	gum.criteo.com	1 redirects static.criteo.net
2	oajs.openx.net	1 redirects mestreemfinancas.com
2	www.google.de	mestreemfinancas.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	fonts.gstatic.com	fonts.googleapis.com
2	script.joinads.me	mestreemfinancas.com script.joinads.me
2	www.googletagmanager.com	mestreemfinancas.com
2	fonts.googleapis.com	mestreemfinancas.com f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
1	onetag-sys.com	1 redirects
1	ads.travelaudience.com	1 redirects
1	gcm.ctnsnet.com	1 redirects
1	cms.quantserve.com	f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
1	pixel.rubiconproject.com	1 redirects
1	um.simpli.fi	1 redirects
1	rtb.openx.net	f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
1	dsp.adfarm1.adition.com	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	s.tribalfusion.com	mestreemfinancas.com
1	google-bidout-d.openx.net	oa.openxcdn.net
1	mug.criteo.com	mestreemfinancas.com
1	bid.g.doubleclick.net	f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
1	id5-sync.com	cdn.id5-sync.com
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	www.googleadservices.com	www.googletagmanager.com
1	link.mestreemfinancas.com	1 redirects
1	supertrabalhocom.lt.acemlnb.com	1 redirects
274	63

This site contains no links.

Subject Issuer	Validity	Valid
mestreemfinancas.com R3	`2023-03-08` - `2023-06-06`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.joinads.me E1	`2023-02-19` - `2023-05-20`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-01-10` - `2023-03-30`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-01-29` - `2023-04-29`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-13` - `2023-04-15`	3 months	crt.sh
cdn.prod.uidapi.com R3	`2023-02-25` - `2023-05-26`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M01	`2023-02-10` - `2023-06-23`	4 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.id5-sync.com R3	`2023-01-25` - `2023-04-25`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M01	`2023-02-24` - `2023-09-04`	6 months	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-03-01` - `2023-05-08`	2 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-09` - `2023-06-03`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh

This page contains 38 frames:

Primary Page: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Frame ID: EE1A5AE3E5470C64483B84F31E41A2CA
Requests: 101 HTTP requests in this frame

Frame: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 3AF255C82FB238AA2BC87F4158D4A24B
Requests: 1 HTTP requests in this frame

Frame: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: C9F61BA02FFA2F76B0E306D930970A99
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjX7tzgATAB&v=APEucNUhpVBZ_oyUi8-CQ64nmaeZwfu7i-c_FHF4g_liY5w_mujuPsgdN6W70CHCSKx9Ht4aJuD4F8x0TKfzlLGKkQ0dtlT45SVLA6tjuJy6hV-Si5nhgLxaUvvpeSgE1Q4TsAuowLjAGF791aJc4kVAfepArA7Kn6j3J76kJpsFelg6sS98KUs
Frame ID: BA70E6C735EF87E098BE36DF7093CC23
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 0CA2666BA16856600BAC896F593B3067
Requests: 23 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 6E46248550E30894F906880C75D05980
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012302271541000/amp4ads-v0.mjs
Frame ID: 487F5AB9BAA8C3F96B73F6A486F2209E
Requests: 16 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5E1C2B1BC638719D5705DEEEA8137CE9
Requests: 3 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=mestreemfinancas.com
Frame ID: 4147FF15AC21A401614477A7EA0A0ED2
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 938AF57B06A20969A9877BFB11A6F9D7
Requests: 9 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 6196F5BDBFBB7FB38E19F8B7818F8085
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/18383144231782500333/DE-DEU_XA-10_0_970x90_BAN-A_HTML5_BOFU-no-SecuretheEnterprise-ZTHubPageBanners_0_105/index.html
Frame ID: 95DBEA8D712900314D2D65892E3D9E23
Requests: 5 HTTP requests in this frame

Frame: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 39099FE01B9C90CAD0D64E416D123123
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMj2CRCHtHAYpdOBxQEwAQ&v=APEucNXmTSWM625OlA4KIAw4Dx4LH1yPklbvbRY0UHrfeiwLJ28sKidwOq2lavm7blF8ZSARqE0UqgLkUfyth1WMsALCdUaCP-b5RT_8cZ8KC32_Cl-g5EuA4sMRKiulD_kPQMll8DVjEyJ7tjuYDjre8W8xkCrPmPLKrvngH60xe1LsB4wx82M
Frame ID: 6EC5F0CE16D3E2CFB2BE88DF55E095CC
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 30A680D9961300A86B001EB53D44AC5E
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5679832485042972162/index.html
Frame ID: 595ACDC19F7FA1A451B3AF32A98124D2
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 92F8B34D76CB8C09A95B644704658005
Requests: 3 HTTP requests in this frame

Frame: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: DB67A5852A5896B69C4FD83D83209B4C
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMY57Hh4QEwAQ&v=APEucNUFmEfchAwPmD-UEATHaruhMEHwdSzxG7a4Qmew4vgUU_5T1mJlzsalui1Xz3BvRA5SoshtWCFxJRWqNWNMDoOtX_FkTZdnDcFc_kPBqlBtRnUrLGknEr1h8K0QEh6Ntw2XioMclp61Atz5yDubRdob5OC-v7sx0rxeyEwZvgRZuOU8BhE
Frame ID: 49E280AFADDC05D1ECE1B4357E9A939D
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 43C062389769EC9943A938A3801F4F3F
Requests: 23 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2F80A651A2DF0DE17C622C965F35EE75
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/8960813517719584162/index.html?e=69&leftOffset=0&topOffset=0&c=btfVq0qUz1&t=1&renderingType=2&ev=01_247
Frame ID: CC3D644D58DF5B3B68ACB198B6FCEBCF
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 249FC74862B587514B8156557C0DECA2
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 8C642396DAB53203306BF833459F6EA1
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js
Frame ID: D58DE0E59B579C1D6371B9A5F225FB1F
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js
Frame ID: A76F639030DF0BF86911D8ED214C402A
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: FCE6CC903FD31814039A2576C8C6834C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 3591BDA4E6A49AE23BE775BCBA3CF46A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1AD91752058435947A231220743E53F1
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 17969875F86F5AB265290A6DC0A1759D
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: A35DDA6FCBEC5687B44ED18C9DFBD822
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 94BEF20301A29C0E68D56DAD60A1499F
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 4E600F7EBD4F8F71F02CD5C22185691B
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 1C7DEB208AA5467BCD51EA8143E4B01D
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 94864DA99E348BB30364E8B50A961DF1
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 0EAEB49F901640C435EC383E5CB34B14
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: D47FDCB685166EB3EC285D55FE73702C
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: C0CE33301FE29EBD0C265EE8178EDA96
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

e-FGTS-calamidade - Mestre em Financas

Page URL History Show full URLs

https://supertrabalhocom.lt.acemlnb.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZsaW5rLm1lc3RyZWVtZmluYW5jYX... HTTP 302
https://link.mestreemfinancas.com/l/4496 HTTP 302
https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Firebase (Databases) Expand

Overall confidence: 100%
Detected patterns

/firebasejs/([\d.]+)/firebase

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

274
Requests

87 %
HTTPS

48 %
IPv6

45
Domains

63
Subdomains

44
IPs

7
Countries

4032 kB
Transfer

11169 kB
Size

40
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://supertrabalhocom.lt.acemlnb.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZsaW5rLm1lc3RyZWVtZmluYW5jYXMuY29tJTJGbCUyRjQ0OTY=&sig=8qf4s8Um5XJoyorV3ncudUYxSyvzafdeFeaWYd5GDgxr&iat=1679484462&a=%7C%7C68355762%7C%7C&account=supertrabalhocom%2Eactivehosted%2Ecom&email=5qWP2PgIrOm8WhEHMHGUyQlBbB7D72b18UsxdNzCqD2I1IaHBC6v%3Ap2PB5nGb8cTV%2FM7tQdpz9OC8nSvsfT%2BY&s=1cdf428d0b5f5edcd2165476855a2c6a&i=1091A1093A6A3636 HTTP 302
https://link.mestreemfinancas.com/l/4496 HTTP 302
https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 54

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10883628328/?random=1866008271&cv=11&fst=1679511061887&bg=ffffff&guid=ON&async=1&gtm=45be33k0&u_w=1600&u_h=1200&url=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&label=sgBQCMy6kYMYEKj628Uo&hn=www.googleadservices.com&frm=0&tiba=e-FGTS-calamidade%20-%20Mestre%20em%20Financas&gtm_ee=1&auid=638489972.1679511062&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=Fk4bZJK-C_yO9u8P4vSHiAI&sscte=1&crd=&pscrd=Ek5DaEVJOE03cW9BWVF6dWF3eUp6QXUtN0lBUklsQUNTQVFjOF9EQ2lraUliSUppY1BHNlEwZEFxd1RKbWdmODg1TjRIUTRMQmx5VVZKV0EaWENoRUk4TTdxb0FZUXg2bWw5TDJtNzVQaEFSSXRBQjdPd2N0Rk5vTmxhSlktdjc3UXkycVNNOVBOMGRjVHdGeHF3MGRoVjkwMlJodThINkNqWEE0d3h1dHU HTTP 302
https://www.google.com/pagead/1p-conversion/10883628328/?random=1866008271&cv=11&fst=1679511061887&bg=ffffff&guid=ON&async=1&gtm=45be33k0&u_w=1600&u_h=1200&url=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&label=sgBQCMy6kYMYEKj628Uo&hn=www.googleadservices.com&frm=0&tiba=e-FGTS-calamidade%20-%20Mestre%20em%20Financas&gtm_ee=1&auid=638489972.1679511062&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEVJOE03cW9BWVF6dWF3eUp6QXUtN0lBUklsQUNTQVFjOF9EQ2lraUliSUppY1BHNlEwZEFxd1RKbWdmODg1TjRIUTRMQmx5VVZKV0EaWENoRUk4TTdxb0FZUXg2bWw5TDJtNzVQaEFSSXRBQjdPd2N0Rk5vTmxhSlktdjc3UXkycVNNOVBOMGRjVHdGeHF3MGRoVjkwMlJodThINkNqWEE0d3h1dHU&is_vtc=1&ocp_id=Fk4bZJK-C_yO9u8P4vSHiAI&cid=CAQSKQDUE5ymuPdWnNhlObmhLHKGRhJCg4MFK5rpxc88uderxKYGVUwSEY98&random=3603596286 HTTP 302
https://www.google.de/pagead/1p-conversion/10883628328/?random=1866008271&cv=11&fst=1679511061887&bg=ffffff&guid=ON&async=1&gtm=45be33k0&u_w=1600&u_h=1200&url=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&label=sgBQCMy6kYMYEKj628Uo&hn=www.googleadservices.com&frm=0&tiba=e-FGTS-calamidade%20-%20Mestre%20em%20Financas&gtm_ee=1&auid=638489972.1679511062&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEVJOE03cW9BWVF6dWF3eUp6QXUtN0lBUklsQUNTQVFjOF9EQ2lraUliSUppY1BHNlEwZEFxd1RKbWdmODg1TjRIUTRMQmx5VVZKV0EaWENoRUk4TTdxb0FZUXg2bWw5TDJtNzVQaEFSSXRBQjdPd2N0Rk5vTmxhSlktdjc3UXkycVNNOVBOMGRjVHdGeHF3MGRoVjkwMlJodThINkNqWEE0d3h1dHU&is_vtc=1&ocp_id=Fk4bZJK-C_yO9u8P4vSHiAI&cid=CAQSKQDUE5ymuPdWnNhlObmhLHKGRhJCg4MFK5rpxc88uderxKYGVUwSEY98&random=3603596286&ipr=y&prhg=0

Request Chain 73

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEICrGQ8srrlP5_NzKVoubr4&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEICrGQ8srrlP5_NzKVoubr4&google_cver=1&C=1

Request Chain 74

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZBtOFi.vLAe07NmPzehOvgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEICrGQ8srrlP5_NzKVoubr4&google_cver=1&google_hm=2

Request Chain 75

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELoyHvA4cXJqSCPh9vrWc6k&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESELoyHvA4cXJqSCPh9vrWc6k%26google_cver%3D1

Request Chain 76

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzU1MzIzNzEzNzg4MDg3MTI3NQ%3D%3D

Request Chain 80

https://oajs.openx.net/esp?url=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rid=esp&cc=1

Request Chain 82

https://fw.adsafeprotected.com/rfw/bgd/1135760/69474538/xbbe/creative/adj?p=APEucNXYmfPfoTjVmlF1Jd08IEchMLhOXyCx7g9zBnXZB--j0HxovnQ&d=CokBAKAmf-DSJ4I01GV5e23kZ9VX8YhZVDgmsF-zFLrCHeyxnokK7o6PM2dUHbSgcS7FazX0DGSMXvMbkHdyslnnc5qUqhWXAo33QVpfSHoDWfbjgYhAA_cTXjccJF1Fgt4kdCFBPV-zKRk3JabK7RQ9HOoTosqoyFYB_oytjBtAzT7j50G1y0bJgZkSmRUAoCZ_4FV1v5TXKPWRqk5VKvl-oYmgTavdCyNQ65NhckK3bsJ_uPLe84Dr61IzPNnJP0U505lUFxR4kPrGphO6ZeJLeNpReeAhrskbgx7-IK29imUa8u4kCcHdW5uEzWUcpgW1r7V60bmCZza1ogL46ZyfaGzRICgRHsArLBA0N18hyz7e8A8yASYMS-meOoJQUPorx-Nyk2Q0vHxGwCVPZoKwPeryHqrtPoIyHlHQUcv_Vb_7yUOinMpmLewfFKaQhepEHZaqePfW5jvNePGNU9Pzpdv08tFJ3P5Ab2BXRXxD2iEw3tchqrnpiZwSE2kj2eDulxwrRPTdh8VwJ0QsAoxutysW_zYpPvqIY_JUMPCKHE8wzkHIslXUPTpU18zotou_e1egItKEpnRvokKz_B8BHMovWY5xN5HCG1Fqt1udyAuZzmmmM9FLnlFkGMk_Vw1lvG3burwYYHIA5MVXH8OUVfLhX6DtsY1ZLB1JRv2JuaUcgNDTSZwFLDNVtekxnwNIBLLJb1ChLwcu3P15_jnyafR_wh_5YQH6Vx7HEvLwUi2qBrduCUPfAKYrt8sh1K-Oy0unASBjg1LHR-8WBFbDu3Hn2wpf76C2arYtDlgWs0TxbGsLPNGdB6SHjpaES-ZmUNyEubpKUJs0GafZ9e1d-V8lmj4_-FkR4KuY9KkqGMxUPSQ4LnGANkvCqucTstVCXzQfVUNhKPGohxYaKFgnazvCL_EIS1QM5GBXwcNVEInHqCinVYaLR70gMzUVDsEEZOfhOR2YFpmzrDNxug47yqhsjvgzhQGOXtQaF-mMTcwxWt0gvzD2Nc3LXWWfBTnYQ968Fbi1UpaMI0oFW_DUb9JNeViXwXU_vi3T5RHjou1mck0rGKds_SwtmaJSRUBfBaA7md45kQ8VCHxRTNBxpUfF6yprbp0ZlYwLbSUYZN5DXpyh2JyURy5ZapQq5NDaSjX-H_AmVws29O5LNu8aEaV-3xg8mYHxL0pWGOro9iVdBzG_qBvx2ON7t229AYX6fNt44mCQfpoW2NAjRITTl_csv9Ip-YEWyBNjqHWba9mqATP6lPUlohw5ie3BiBX-b8Ph0RuUsaLIf7iO2PesUIqb4MgZJNA7yVpyYwsFtJ0fIv0gIwVveF0DFwlJtc5-rvuDF74kdqiqg4sVmNd3d4i63eKlOL655EKAE676QN_Vwk5I0DO6r5VyEyClLrtKFdmvN2pi4ajULfvzE4ORdBkQpoew9iQKXDxlbESLMsVtZSDVVTP-qbh_DeqDy8IXS5zzRwixc8uN-rEjxwc6apSgv08qB6PgIorr301AcAx1XhmEECuGFile8lf9mxaD8zCK4E24AIe6xmSBUKa7mbKw2Lho1yMl5lNnhqDRJmkyHRax39sbeIk2yKrBCmxgQ3P7Bl49X-TiqrHQOla_ds35Q4imN73qfCOUP-THTEq46t-O6gBdgI6cH9MitA0Z4zT8aMcqqnUuF8xChA-uVBxz-xakA_Awyw4mFrfY2kWnM0WQEVI810eVzyC5LLV8V0YGUUNXp1esaXYG0rCT9ZTUcAQaqASGb4vQ6-LVZzP_ZJDNp1_I3NYBbtnet5jB5HMwSNPVRiW70h-zYRKm7_hrPO-PRmJIvneLTt9SpTyh6lrjfeUmo4Xh204qXUEfTRFadDTOS4jkqtWsWndpgglKQ0ILLLSn2gvwiXmHfL0YhNFTt34hjxn165UZJ1BE7eWYGfk31b9HjYbyGhqkyu8fxIrrUTOGGpTLBxu21pRMWruJc_Gn1Z1drVArGbitO6jk-DwoS3w08ZRL2-WPIJ6qU7uznm9JlchIkgqsUuTz6u4Q6_vekezlICVyymOcK9yXWUtXyQzl2TcyCg0Xe1MpF6ZxPB0wZaCyRPzZqix3qgHYBtmza2bDsx-i_h_1VGvwc2eFnyDRYOL6HymobmM1YY3wO8lLGXc1nONRbQAJuWCEpEMQ_4ZqMOpUhacpJLvbdoRG9k2yJ7GwfDgx32na4YaBhcgOHftsUgvkisIYoZHpcjiSScVUxmyjY5ucFGpfQZ0bg8naVY1SD0Cy4fcR07nPTIWA7-VSChgSxucsm4w5WdOon-3M45s-VR0WR29blQd0FZ8upHiiZ4BsASuLKzbJ6IYJ_W9QodeoGWKKQYmbs6sODUMsBV1eM1ipIJgXbV2Ma-lvxOdvVsb2etiBzJALgWTqa_2UOJUaSkyxWPndax_AFPdgVCP5dqgLS57gL1O_9U-wMtgYzkUqWu92wYuXi-Ipq3fbClEw4aU6euqoeUsxcCm-XCC7Cw9Hri6QvAziVqVYHr6exKybqMTQM0YWGAhCg45UpuKwH47vJ967m6bXnafc4M_fNhvNkdCKKIJjR3hcfHNMUZzQAcul_3iqQFxJvhVR1s5KOUuHksEeMP7kyQRf8drYI-eY074s9KFPGDU9YCrGoC4o7TE3IZmxr6oYmncWVPW83ui0oYKBJyx9CUaUfTpxV0zQmj6pXu1nx8f23hPepoY161eRgdCXnaGdOrCup8MhtHyUMTheh6q6wKqG7jNUSis9lK96OCpiJfmHl0sKVr0REX3A8TluDfwXHZGlGB69DEbOVlK_a-YsBxUbefLZUzvKYw4HY4cMZz-66wkbvpKlDwa1_beHvdqwFlJ8BES3YhcFnDwOLq1DNrQ3ju0T1-BpJWiUHvElvftCTN-Og-hDHk71Q_t3Nb-VHT2Cm8bMlLR2TuowANswz8i6Z6ObqlssgE8JbVUNM7Usi1VVwX_ZS-IaqsJ-9l3EQtXEtFY5sr869fgOWZJjCTdIZOun5R_RWSgkUsyGG9wT9wlvTidK1WITICvLkLcBOPfnfzvdvp59dWEwZUJwh35K7pEpB7ikNde-dd0iUL9sBhWyI3UleDkkF_naJuHE9HbM1RtJI8vdaLTZR6lNRr3FNPDsFi_tMkJrKB0NulExlkAhCxeznnhaZ6DMX5qljacoX3efg2R_1vcmjR1vLEEichvFE11949erx8Scl4PAchOw4tLJDbzF2ldTPkSqe348q2inC3kakLAuog81vLDJqetdgjAUHWxiCm5ikxYfKFuiK5c6ZdfLWzTqTbXqPaX625a7t8feyZS7UPmAZuE7EW5Pwbh3kAtaqG292qsFZoNG9ySSVIL7QpOudOjxtU2qIZoQlweGPD3KOP-gPJ1HloaiKXMd-EK09LDPMVt0SYDpc5fRZpuv37ZUBq-KrAO8-PQ66R-T-UWAOMjcaea6kk4BJ_wDyEvNDa-k2PWnGgLel9uTbL-daz7vRdAYesyZDf1Nx_drF1kY34brLWB5plN9-qZpH4MRwZe4u1CZejXYOVLEIOtvqGu1RY54r21mHT0ErMoiBuVKO0xGwFPc2peQ6uNxiQXt70klE-IMVb3MEosVm8Y6WHYfax7TS5W2eg46RJ5pCSWYDHhgXcXzWTp4529UrVk_R4Bj8mruC5c1g0ihWIUr1MsFzpAjZ1fyrdUOyTNvmqp0vtQ9Oj9LqjvKsxjgowBWqFJQglYNq-Zoo-OTjCGVW3DpJrrQkaLO0i0kAdAQfm80X4iDWeakMsMsExzrQcLUT-m9ClfmhOZX2QNuHafikVfxGkIIBBI8ANQTnKY95zVLv5nwk5iXhUoOSLDR-TJvVMk72kAqMukRZ_fv1ISwQgZ-5VuqYXxhZuU_YpBms96jLEH8GAFgAQ&bundleId=&ias_dspID=3&ias_campId=1008772806&ias_pubId=pub-4894209870857905&ias_chanId=1&ias_placementId=18137317859&bidurl=https://mestreemfinancas.com/e-fgts-calamidade/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hAVIS21bAQeeHVMWc24J9u&adsafe_url=https%3A%2F%2Fmestreemfinancas.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fmestreemfinancas.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Ff885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Ff885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=bed&adsafe_jsinfo=,id:a340315b-f384-17cd-fd0d-8d2dba3b71fd,c:7CmN8W,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-67fb65999c-s5h5m,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:4,mot:0,app:0,maw:0,fm:tzgdg84+11%7C121*.1135760-69474538%7C1211,idMap:121*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:18,oid:7e43a67f-c8e2-11ed-8d9c-622cfc0092ae,v:19.8.400,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNXYmfPfoTjVmlF1Jd08IEchMLhOXyCx7g9zBnXZB--j0HxovnQ&d=CokBAKAmf-DSJ4I01GV5e23kZ9VX8YhZVDgmsF-zFLrCHeyxnokK7o6PM2dUHbSgcS7FazX0DGSMXvMbkHdyslnnc5qUqhWXAo33QVpfSHoDWfbjgYhAA_cTXjccJF1Fgt4kdCFBPV-zKRk3JabK7RQ9HOoTosqoyFYB_oytjBtAzT7j50G1y0bJgZkSmRUAoCZ_4FV1v5TXKPWRqk5VKvl-oYmgTavdCyNQ65NhckK3bsJ_uPLe84Dr61IzPNnJP0U505lUFxR4kPrGphO6ZeJLeNpReeAhrskbgx7-IK29imUa8u4kCcHdW5uEzWUcpgW1r7V60bmCZza1ogL46ZyfaGzRICgRHsArLBA0N18hyz7e8A8yASYMS-meOoJQUPorx-Nyk2Q0vHxGwCVPZoKwPeryHqrtPoIyHlHQUcv_Vb_7yUOinMpmLewfFKaQhepEHZaqePfW5jvNePGNU9Pzpdv08tFJ3P5Ab2BXRXxD2iEw3tchqrnpiZwSE2kj2eDulxwrRPTdh8VwJ0QsAoxutysW_zYpPvqIY_JUMPCKHE8wzkHIslXUPTpU18zotou_e1egItKEpnRvokKz_B8BHMovWY5xN5HCG1Fqt1udyAuZzmmmM9FLnlFkGMk_Vw1lvG3burwYYHIA5MVXH8OUVfLhX6DtsY1ZLB1JRv2JuaUcgNDTSZwFLDNVtekxnwNIBLLJb1ChLwcu3P15_jnyafR_wh_5YQH6Vx7HEvLwUi2qBrduCUPfAKYrt8sh1K-Oy0unASBjg1LHR-8WBFbDu3Hn2wpf76C2arYtDlgWs0TxbGsLPNGdB6SHjpaES-ZmUNyEubpKUJs0GafZ9e1d-V8lmj4_-FkR4KuY9KkqGMxUPSQ4LnGANkvCqucTstVCXzQfVUNhKPGohxYaKFgnazvCL_EIS1QM5GBXwcNVEInHqCinVYaLR70gMzUVDsEEZOfhOR2YFpmzrDNxug47yqhsjvgzhQGOXtQaF-mMTcwxWt0gvzD2Nc3LXWWfBTnYQ968Fbi1UpaMI0oFW_DUb9JNeViXwXU_vi3T5RHjou1mck0rGKds_SwtmaJSRUBfBaA7md45kQ8VCHxRTNBxpUfF6yprbp0ZlYwLbSUYZN5DXpyh2JyURy5ZapQq5NDaSjX-H_AmVws29O5LNu8aEaV-3xg8mYHxL0pWGOro9iVdBzG_qBvx2ON7t229AYX6fNt44mCQfpoW2NAjRITTl_csv9Ip-YEWyBNjqHWba9mqATP6lPUlohw5ie3BiBX-b8Ph0RuUsaLIf7iO2PesUIqb4MgZJNA7yVpyYwsFtJ0fIv0gIwVveF0DFwlJtc5-rvuDF74kdqiqg4sVmNd3d4i63eKlOL655EKAE676QN_Vwk5I0DO6r5VyEyClLrtKFdmvN2pi4ajULfvzE4ORdBkQpoew9iQKXDxlbESLMsVtZSDVVTP-qbh_DeqDy8IXS5zzRwixc8uN-rEjxwc6apSgv08qB6PgIorr301AcAx1XhmEECuGFile8lf9mxaD8zCK4E24AIe6xmSBUKa7mbKw2Lho1yMl5lNnhqDRJmkyHRax39sbeIk2yKrBCmxgQ3P7Bl49X-TiqrHQOla_ds35Q4imN73qfCOUP-THTEq46t-O6gBdgI6cH9MitA0Z4zT8aMcqqnUuF8xChA-uVBxz-xakA_Awyw4mFrfY2kWnM0WQEVI810eVzyC5LLV8V0YGUUNXp1esaXYG0rCT9ZTUcAQaqASGb4vQ6-LVZzP_ZJDNp1_I3NYBbtnet5jB5HMwSNPVRiW70h-zYRKm7_hrPO-PRmJIvneLTt9SpTyh6lrjfeUmo4Xh204qXUEfTRFadDTOS4jkqtWsWndpgglKQ0ILLLSn2gvwiXmHfL0YhNFTt34hjxn165UZJ1BE7eWYGfk31b9HjYbyGhqkyu8fxIrrUTOGGpTLBxu21pRMWruJc_Gn1Z1drVArGbitO6jk-DwoS3w08ZRL2-WPIJ6qU7uznm9JlchIkgqsUuTz6u4Q6_vekezlICVyymOcK9yXWUtXyQzl2TcyCg0Xe1MpF6ZxPB0wZaCyRPzZqix3qgHYBtmza2bDsx-i_h_1VGvwc2eFnyDRYOL6HymobmM1YY3wO8lLGXc1nONRbQAJuWCEpEMQ_4ZqMOpUhacpJLvbdoRG9k2yJ7GwfDgx32na4YaBhcgOHftsUgvkisIYoZHpcjiSScVUxmyjY5ucFGpfQZ0bg8naVY1SD0Cy4fcR07nPTIWA7-VSChgSxucsm4w5WdOon-3M45s-VR0WR29blQd0FZ8upHiiZ4BsASuLKzbJ6IYJ_W9QodeoGWKKQYmbs6sODUMsBV1eM1ipIJgXbV2Ma-lvxOdvVsb2etiBzJALgWTqa_2UOJUaSkyxWPndax_AFPdgVCP5dqgLS57gL1O_9U-wMtgYzkUqWu92wYuXi-Ipq3fbClEw4aU6euqoeUsxcCm-XCC7Cw9Hri6QvAziVqVYHr6exKybqMTQM0YWGAhCg45UpuKwH47vJ967m6bXnafc4M_fNhvNkdCKKIJjR3hcfHNMUZzQAcul_3iqQFxJvhVR1s5KOUuHksEeMP7kyQRf8drYI-eY074s9KFPGDU9YCrGoC4o7TE3IZmxr6oYmncWVPW83ui0oYKBJyx9CUaUfTpxV0zQmj6pXu1nx8f23hPepoY161eRgdCXnaGdOrCup8MhtHyUMTheh6q6wKqG7jNUSis9lK96OCpiJfmHl0sKVr0REX3A8TluDfwXHZGlGB69DEbOVlK_a-YsBxUbefLZUzvKYw4HY4cMZz-66wkbvpKlDwa1_beHvdqwFlJ8BES3YhcFnDwOLq1DNrQ3ju0T1-BpJWiUHvElvftCTN-Og-hDHk71Q_t3Nb-VHT2Cm8bMlLR2TuowANswz8i6Z6ObqlssgE8JbVUNM7Usi1VVwX_ZS-IaqsJ-9l3EQtXEtFY5sr869fgOWZJjCTdIZOun5R_RWSgkUsyGG9wT9wlvTidK1WITICvLkLcBOPfnfzvdvp59dWEwZUJwh35K7pEpB7ikNde-dd0iUL9sBhWyI3UleDkkF_naJuHE9HbM1RtJI8vdaLTZR6lNRr3FNPDsFi_tMkJrKB0NulExlkAhCxeznnhaZ6DMX5qljacoX3efg2R_1vcmjR1vLEEichvFE11949erx8Scl4PAchOw4tLJDbzF2ldTPkSqe348q2inC3kakLAuog81vLDJqetdgjAUHWxiCm5ikxYfKFuiK5c6ZdfLWzTqTbXqPaX625a7t8feyZS7UPmAZuE7EW5Pwbh3kAtaqG292qsFZoNG9ySSVIL7QpOudOjxtU2qIZoQlweGPD3KOP-gPJ1HloaiKXMd-EK09LDPMVt0SYDpc5fRZpuv37ZUBq-KrAO8-PQ66R-T-UWAOMjcaea6kk4BJ_wDyEvNDa-k2PWnGgLel9uTbL-daz7vRdAYesyZDf1Nx_drF1kY34brLWB5plN9-qZpH4MRwZe4u1CZejXYOVLEIOtvqGu1RY54r21mHT0ErMoiBuVKO0xGwFPc2peQ6uNxiQXt70klE-IMVb3MEosVm8Y6WHYfax7TS5W2eg46RJ5pCSWYDHhgXcXzWTp4529UrVk_R4Bj8mruC5c1g0ihWIUr1MsFzpAjZ1fyrdUOyTNvmqp0vtQ9Oj9LqjvKsxjgowBWqFJQglYNq-Zoo-OTjCGVW3DpJrrQkaLO0i0kAdAQfm80X4iDWeakMsMsExzrQcLUT-m9ClfmhOZX2QNuHafikVfxGkIIBBI8ANQTnKY95zVLv5nwk5iXhUoOSLDR-TJvVMk72kAqMukRZ_fv1ISwQgZ-5VuqYXxhZuU_YpBms96jLEH8GAFgAQ&bundleId=

Request Chain 106

https://gum.criteo.com/sid/json?origin=publishertagids&domain=mestreemfinancas.com&sn=ChromeSyncframe&so=0&topUrl=mestreemfinancas.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=6-VDLHxQK1FmS1k2QVJ5QlBTdy9KbnRQVVdLd2RkNXhIQ0pmbUdQZlR0S3Z5UUhNNTAyLzU2WmJFcEtFYjhzYjhzZFJDK2hZZjB3aDZJVUw1WHBwNGhwalpvVkRaZkU0UXVxems1N0JJNDhLRGVreStIN1VDbWRtdTIrV3F2dE9DaDd4Z1Y1TmJ2bmtzREU1TlcrMHpyaGZ0T2hzMlhOdEN6d2RHZ1ZpNER6T05LQ25kTWZDRFNGdGVYSTJDM050MExZcW55Rk4reUFCbTRHWTRUalh4aVEyRXZRN05qWUFFQy9nYkNXaFFpT0pQbklLa1BINUppT29uSmZHRWxzN205Z0FNN3BqbzFvejQ4Y3kwdWs1REJsMTZ5cExlenc4SDN6d3RXT21zS0wxUGdNaz18&cppv=2

Request Chain 115

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEGfV5CsT7t7mT_Ou8Q_D5Pw&google_cver=1&google_push=Aa02lx8M7aHvRo9N5SqGOSLfSkryjATQqmhTxaEGahRaKJnejJ4Ni8M4PE5zXg7cPsgWNYgVxBIlZMaeWyLpgrpA4ltKtp6GpbhRYLJfZZsu51d3HzlvnfiwFw0cvHafc3waPaXsyeClxaSg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzYxNjU3NzEzMDIyMTAyNjg2OQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEJdMzNnvlRE1QUQNpfhnW0w&google_cver=1

Request Chain 116

https://a.tribalfusion.com/i.match?p=b6&u=CAESEFgc12d8YBf6-XRioR5hpCI&google_cver=1&google_push=Aa02lx_CYJdh9VJ6in29el5NLzU7vldwrEH1Q1-UO8CmHwzR4XMysG1eZZvJwAwsB2WGL3NTocqx2FGfScT45mxtQQ4rKZsTVvEEZppoOakEOV9DDW8WiXWZdZN_7LnS-VI0lk_t9uaBLJk&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx_CYJdh9VJ6in29el5NLzU7vldwrEH1Q1-UO8CmHwzR4XMysG1eZZvJwAwsB2WGL3NTocqx2FGfScT45mxtQQ4rKZsTVvEEZppoOakEOV9DDW8WiXWZdZN_7LnS-VI0lk_t9uaBLJk%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFgc12d8YBf6-XRioR5hpCI&google_cver=1&google_push=Aa02lx_CYJdh9VJ6in29el5NLzU7vldwrEH1Q1-UO8CmHwzR4XMysG1eZZvJwAwsB2WGL3NTocqx2FGfScT45mxtQQ4rKZsTVvEEZppoOakEOV9DDW8WiXWZdZN_7LnS-VI0lk_t9uaBLJk&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx_CYJdh9VJ6in29el5NLzU7vldwrEH1Q1-UO8CmHwzR4XMysG1eZZvJwAwsB2WGL3NTocqx2FGfScT45mxtQQ4rKZsTVvEEZppoOakEOV9DDW8WiXWZdZN_7LnS-VI0lk_t9uaBLJk%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 117

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEFrCVjyw-hpszuHlLV8oPwg&google_cver=1&google_push=Aa02lx_O5T5rvooejsSTuzVuouPGWS9n7OL4elxX5oLkVfagOx6Kdz-GTdAfP3bjQJAmzBKNhv7WlvmS4JY3cFaM-QZUfWZIKH4VzldQ-BbA8vrF-nY6I1N_PkRpQ6tNivMdtVmu1P5vCqtg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFrCVjyw-hpszuHlLV8oPwg&google_push=Aa02lx_O5T5rvooejsSTuzVuouPGWS9n7OL4elxX5oLkVfagOx6Kdz-GTdAfP3bjQJAmzBKNhv7WlvmS4JY3cFaM-QZUfWZIKH4VzldQ-BbA8vrF-nY6I1N_PkRpQ6tNivMdtVmu1P5vCqtg

Request Chain 118

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEIFPxTnrP7cw4wRXUyEDDIQ&google_cver=1&google_push=Aa02lx8WceJzr6llrRb5j2I6gItLm5-WUdkDKqNtKnRJa45pa4qWdgzxfnFPq0a-n4f4kvf1fLrtIOeZPncpyJeWzb6Bx_d2To7F_1mIJUZaolhwbUcfKrIo6-NtO7-Zc_w_XSYRb_u45Nk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxMzQ0NTA4ODg2MTE1NzUyMg%3D%3D&google_push=Aa02lx8WceJzr6llrRb5j2I6gItLm5-WUdkDKqNtKnRJa45pa4qWdgzxfnFPq0a-n4f4kvf1fLrtIOeZPncpyJeWzb6Bx_d2To7F_1mIJUZaolhwbUcfKrIo6-NtO7-Zc_w_XSYRb_u45Nk

Request Chain 119

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEHLbWvcTjE1wpKa6ZWQ5CwA&google_cver=1&google_push=Aa02lx-BIhlFiU570ZybgpvRYxYCVX5UfpJJPcJLXIPXZgYOsV94po1bN-9bz5Y5NQnaEWJHO5AExH8_2P8rPdReKLOgCsGU4pnwuh-oBNZt4em3uYSPZcMWPvvQUdqnQvfGzLTAv3JRR75L HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEHLbWvcTjE1wpKa6ZWQ5CwA&google_cver=1&google_push=Aa02lx-BIhlFiU570ZybgpvRYxYCVX5UfpJJPcJLXIPXZgYOsV94po1bN-9bz5Y5NQnaEWJHO5AExH8_2P8rPdReKLOgCsGU4pnwuh-oBNZt4em3uYSPZcMWPvvQUdqnQvfGzLTAv3JRR75L HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aa02lx-BIhlFiU570ZybgpvRYxYCVX5UfpJJPcJLXIPXZgYOsV94po1bN-9bz5Y5NQnaEWJHO5AExH8_2P8rPdReKLOgCsGU4pnwuh-oBNZt4em3uYSPZcMWPvvQUdqnQvfGzLTAv3JRR75L&google_hm=_7QMGgBWSSGVKesIT1n55w==

Request Chain 121

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEItO0pZ2q8dMemqG1o5EhUs&google_cver=1&google_push=Aa02lx99fWSZuK9ryBnQk1DGDdMXetAFaYaWQ6P8uMIU7eIvUMwFzzstDl1rwpOFY9cm1jbG_VTsjj9p8q1i2c1UGT1UP-9SP_07C4NmWcj0NL_LMJVHP9usUWf9v2SoEnubpivo8TV5fEc HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEItO0pZ2q8dMemqG1o5EhUs&google_cver=1&google_push=Aa02lx99fWSZuK9ryBnQk1DGDdMXetAFaYaWQ6P8uMIU7eIvUMwFzzstDl1rwpOFY9cm1jbG_VTsjj9p8q1i2c1UGT1UP-9SP_07C4NmWcj0NL_LMJVHP9usUWf9v2SoEnubpivo8TV5fEc&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx99fWSZuK9ryBnQk1DGDdMXetAFaYaWQ6P8uMIU7eIvUMwFzzstDl1rwpOFY9cm1jbG_VTsjj9p8q1i2c1UGT1UP-9SP_07C4NmWcj0NL_LMJVHP9usUWf9v2SoEnubpivo8TV5fEc&google_hm=GWrrtGZHYyXCbZvkQcOOfqns

Request Chain 138

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEER1RvgHgpyKvnC8DKjtrGY&google_cver=1

Request Chain 139

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZBtOFl9ZHM8Zuf1wW4cdpgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEER1RvgHgpyKvnC8DKjtrGY&google_cver=1

Request Chain 140

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEGWzRG47O82lZ2UcRbmtG9s&google_cver=1

Request Chain 141

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjUwOTQ3NjQwMDY1NTU0Mjc2OA%3D%3D

Request Chain 151

https://ssl.hurra.com/pvs.gif?cid=397&tid=37148 HTTP 302
https://ssl.hurra.com/pvs.gif?bd3p=1&cid=397&tid=37148

Request Chain 156

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAH6BM4Nt_btcBaW7-lyp68&google_cver=1&google_push=Aa02lx_pRyYPjeq1mUsdJuLXSx1KPwt1yVaXT0mQ_3ddtC4cVTkx2a_QI-zqeZNoO_VaZ332vLOW5KpV58XPgGHDOC6CPuYCz3d8n6NrEKZ7SHq2qBj-qSQh7NLZSboQdYll_oKQwHEew4Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzU0NDUxOTUzNjE4MzA5ODkzMw==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEJdMzNnvlRE1QUQNpfhnW0w&google_cver=1

Request Chain 157

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEAgBFCyTXloH1006nzMNjbg&google_cver=1&google_push=Aa02lx_NJ9dBXIvJeOiUd-0XWtvzQ2VaKnyFTQkmCEHMoZJCBzcdrqrm-xFlM1TJEj9aVxPPpN0eA5P6o9LVAUn2dYrOHtXzXp2QrZUAPBcYG-76T_ia9OyVUrvkwgh5RRlKVBilKGirdt0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aa02lx_NJ9dBXIvJeOiUd-0XWtvzQ2VaKnyFTQkmCEHMoZJCBzcdrqrm-xFlM1TJEj9aVxPPpN0eA5P6o9LVAUn2dYrOHtXzXp2QrZUAPBcYG-76T_ia9OyVUrvkwgh5RRlKVBilKGirdt0

Request Chain 159

https://um.simpli.fi/gp_match?google_gid=CAESECso_g2Z2dHaNDpbu-rufDI&google_cver=1&google_push=Aa02lx_k5DLgJ7Cs1Oa5RaaDybkKpR7B8DuhkM_R1vnQCj3Ifeq_DNQONr66pK683ZobErCm8yQV3OjVCAgrrdrZKJ0bpyTY6waun_ye3aJefNwW-TWpe9VeDDVN0_uAWOSIuN2BO_LVgLdp HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=F1BB52E6DE744CCEA99EC7DB806D18AA&google_push=Aa02lx_k5DLgJ7Cs1Oa5RaaDybkKpR7B8DuhkM_R1vnQCj3Ifeq_DNQONr66pK683ZobErCm8yQV3OjVCAgrrdrZKJ0bpyTY6waun_ye3aJefNwW-TWpe9VeDDVN0_uAWOSIuN2BO_LVgLdp

Request Chain 160

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEL4FGgzXDbUB3DywI3qFx5U&google_cver=1&google_push=Aa02lx9_t1XEDYD3ye1BmuDx90IKcGcnf1hMfso8LyT7OfnY5R3b7Ygar9FS1BSRC07iVx-dG3y81jdRAY7-hCatk76Ft6VKfvSTxSZ4dtmmXQoQmZOVp9JYi5-zpJK_Q5nSTFUI-SUOfJE3 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEL4FGgzXDbUB3DywI3qFx5U&google_cver=1&google_push=Aa02lx9_t1XEDYD3ye1BmuDx90IKcGcnf1hMfso8LyT7OfnY5R3b7Ygar9FS1BSRC07iVx-dG3y81jdRAY7-hCatk76Ft6VKfvSTxSZ4dtmmXQoQmZOVp9JYi5-zpJK_Q5nSTFUI-SUOfJE3&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=y9-tjvwlRA60jCTCeS3U2w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aa02lx9_t1XEDYD3ye1BmuDx90IKcGcnf1hMfso8LyT7OfnY5R3b7Ygar9FS1BSRC07iVx-dG3y81jdRAY7-hCatk76Ft6VKfvSTxSZ4dtmmXQoQmZOVp9JYi5-zpJK_Q5nSTFUI-SUOfJE3

Request Chain 161

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFrzxeXCbICfgwoFNo4WC2Q&google_cver=1&google_push=Aa02lx-dVXieczWM5FRbr7oRhSCUGqPNBYnSNOoPHFiJB0gmAfNkpiG6pcUaBAQSZMBw9DYN6aF6AyORXLPI5fnXUcYGhE7IjAlJm6z3eewRDKPFlfyWWkO2eXv7tmIOCbI-6eS_tumnrJ65 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZLMUlVSU0tRC1KRjlB&google_push=Aa02lx-dVXieczWM5FRbr7oRhSCUGqPNBYnSNOoPHFiJB0gmAfNkpiG6pcUaBAQSZMBw9DYN6aF6AyORXLPI5fnXUcYGhE7IjAlJm6z3eewRDKPFlfyWWkO2eXv7tmIOCbI-6eS_tumnrJ65

Request Chain 162

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEM6zTDRB3N8Xqfy7Z_ihLfc&google_cver=1&google_push=Aa02lx_Qp307NFk81UMDLFqV18kDCtB3vnbuhD7nuZwTGwjEOKwUcE4AHBwDmyDRJOmlniT2oaqH-9CuI-BuDY3CKyuSFgJRB446CzxWpvCEDA5zZ2w1Dcld7L1nFslgdhY3O4NTTGJqPDY HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=Aa02lx_Qp307NFk81UMDLFqV18kDCtB3vnbuhD7nuZwTGwjEOKwUcE4AHBwDmyDRJOmlniT2oaqH-9CuI-BuDY3CKyuSFgJRB446CzxWpvCEDA5zZ2w1Dcld7L1nFslgdhY3O4NTTGJqPDY&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1679511063506 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-7b90ebed-29dc-4aa7-8ca9-53ee7716a650-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAa02lx_Qp307NFk81UMDLFqV18kDCtB3vnbuhD7nuZwTGwjEOKwUcE4AHBwDmyDRJOmlniT2oaqH-9CuI-BuDY3CKyuSFgJRB446CzxWpvCEDA5zZ2w1Dcld7L1nFslgdhY3O4NTTGJqPDY%26google_hm%3DA3uQ6-0p3EqnjKlT7ncWplA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=Aa02lx_Qp307NFk81UMDLFqV18kDCtB3vnbuhD7nuZwTGwjEOKwUcE4AHBwDmyDRJOmlniT2oaqH-9CuI-BuDY3CKyuSFgJRB446CzxWpvCEDA5zZ2w1Dcld7L1nFslgdhY3O4NTTGJqPDY&google_hm=A3uQ6-0p3EqnjKlT7ncWplA

Request Chain 188

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEATydRkdqtW-378Ifpl2B3w&google_cver=1

Request Chain 189

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZBtOFl9ZHM8Zuf1wW4cdpgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEATydRkdqtW-378Ifpl2B3w&google_cver=1

Request Chain 190

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEE3mphcpX1WZ7E6YRVcRuy0&google_cver=1

Request Chain 191

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjUwOTQ3NjQwMDY1NTU0Mjc2OA%3D%3D

Request Chain 204

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEMtSzNGo_BiaXVe5uPRGKOs&google_cver=1&google_push=Aa02lx-3yoyAspHSjN7xgBdZQR7x50F1kx4fI_zX1BvFZ4quSnulmrBYYj8gAyWKJ7wUPEO1Zi64-8k072D_-ukx9WJH5F8Fj7eZQQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=I5tkG04YQACfH6La_sXQlQ&google_push=Aa02lx-3yoyAspHSjN7xgBdZQR7x50F1kx4fI_zX1BvFZ4quSnulmrBYYj8gAyWKJ7wUPEO1Zi64-8k072D_-ukx9WJH5F8Fj7eZQQ

Request Chain 205

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEPHNsyPMhAoiFeD2oSKMmlw&google_cver=1&google_push=Aa02lx9Mp-0Le-LzvP89rlBl-h4mNIUF35FPQlQ6zjannO0RzotwOJy8AFxrbtpLolHk8Rb5FXW4aT6g6iyxVBCmwpvzUCwTyQwzqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aa02lx9Mp-0Le-LzvP89rlBl-h4mNIUF35FPQlQ6zjannO0RzotwOJy8AFxrbtpLolHk8Rb5FXW4aT6g6iyxVBCmwpvzUCwTyQwzqA&google_hm=y04OJ34eQ5WrHtC6mRhrOiM

Request Chain 206

https://ads.travelaudience.com/google_pixel?google_gid=CAESENTa8QoxS_n00qBpqd_fK4E&google_cver=1&google_push=Aa02lx-YrDb5Eb5iBZq5sPL3x8xty6vekIZCi04aYXS-XuE2E6xycUv6Ib9WEPRl2n_XaqIasghrqhIFs2ZNsMm2fRBhgZ0BqBiB9Q HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=0ZclDvN2TH6v6FRvRnuKiA2&google_push=Aa02lx-YrDb5Eb5iBZq5sPL3x8xty6vekIZCi04aYXS-XuE2E6xycUv6Ib9WEPRl2n_XaqIasghrqhIFs2ZNsMm2fRBhgZ0BqBiB9Q

Request Chain 207

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEAzMZ4oJYxtLkv8T644h9gA&google_cver=1&google_push=Aa02lx8lSKsKeDb-flh_q5keB8qBa-wFgHEmHQzwrx2B3GvMSCzcMiNIXiav-6ttD6wgfsipvL3nMpzbz4GAZ4LpNdNYKZtusJ8cGA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx8lSKsKeDb-flh_q5keB8qBa-wFgHEmHQzwrx2B3GvMSCzcMiNIXiav-6ttD6wgfsipvL3nMpzbz4GAZ4LpNdNYKZtusJ8cGA

Request Chain 208

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEBUz7pLwD_QJQz0q1Dd1Siw&google_cver=1&google_push=Aa02lx-jc5cgBALVXe-uocs4VboF1B-MpCIAyUAqRoSKpJPn2MrojWnyoS8Umh9XO1C7JUDKlwhKJ4KmLPoPoIaTcXLvoXtsyGs0 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-7b90ebed-29dc-4aa7-8ca9-53ee7716a650-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAa02lx-jc5cgBALVXe-uocs4VboF1B-MpCIAyUAqRoSKpJPn2MrojWnyoS8Umh9XO1C7JUDKlwhKJ4KmLPoPoIaTcXLvoXtsyGs0%26google_hm%3DA3uQ6-0p3EqnjKlT7ncWplA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=Aa02lx-jc5cgBALVXe-uocs4VboF1B-MpCIAyUAqRoSKpJPn2MrojWnyoS8Umh9XO1C7JUDKlwhKJ4KmLPoPoIaTcXLvoXtsyGs0&google_hm=A3uQ6-0p3EqnjKlT7ncWplA

Request Chain 209

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEPAhNQtbte8DQaU8sQKlIQ8&google_cver=1&google_push=Aa02lx_LQGXVfUHMTRKdUIGAGeBFiS_H1ajBhBqBsBbXR497Hb3pltC135D_g0JQicDxpqDIVfdiqwqZ7RQTGWNY4EYovQMFrRgbEQ HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=Aa02lx_LQGXVfUHMTRKdUIGAGeBFiS_H1ajBhBqBsBbXR497Hb3pltC135D_g0JQicDxpqDIVfdiqwqZ7RQTGWNY4EYovQMFrRgbEQ&google_gid=CAESEPAhNQtbte8DQaU8sQKlIQ8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDIxMzUyNzI3MTExMjk4MTAyMzUwMg%3D%3D&google_push=Aa02lx_LQGXVfUHMTRKdUIGAGeBFiS_H1ajBhBqBsBbXR497Hb3pltC135D_g0JQicDxpqDIVfdiqwqZ7RQTGWNY4EYovQMFrRgbEQ

Request Chain 213

https://fw.adsafeprotected.com/rfw/st/1356883/69659741/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010506911&ias_pubId=pub-4894209870857905&ias_chanId=1&ias_placementId=19753436792&bidurl=https://mestreemfinancas.com/e-fgts-calamidade/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0g72OFfph9mlZzwJ5M6y_cC&adContainerId=brand_safety_F04bZM7IMbCVjuwPsN2ykAI&cbFunctionName=goog_wrapCb_F04bZM7IMbCVjuwPsN2ykAI&true_pb=&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fmestreemfinancas.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fmestreemfinancas.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Ff885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Ff885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=bed&adsafe_jsinfo=,id:bd26adf8-cb1a-e9f4-7c36-079ef3b820e6,c:7CmNtU,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-67fb65999c-m9jhk,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:c,bru:c,an:n,oam:0,mtim:2,mot:0,app:0,maw:0,fm:tzgdgt2+11%7C1211%7C1212%7C1213%7C1214%7C1215%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C171*.1356883-69659741%7C1711%7C1712%7C1713%7C1714,idMap:171*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:19,oid:7f1945ef-c8e2-11ed-9edb-ee1d205ec9b2,v:19.8.400,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}

274 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
mestreemfinancas.com/e-fgts-calamidade/
Redirect Chain

https://supertrabalhocom.lt.acemlnb.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZsaW5rLm1lc3RyZWVtZmluYW5jYXMuY29tJTJGbCUyRjQ0OTY=&sig=8qf4s8Um5XJoyorV3ncudUYxSyvzafdeFeaWYd5GDgxr&iat=16794...
https://link.mestreemfinancas.com/l/4496
https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

64 KB
14 KB

979ms
509ms

Document
text/html

108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: 598b8c1110efc26823b59e938c43fe2e5342f4fe834e8ceba5263c1db3c2ad36

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 22 Mar 2023 18:51:00 GMT
link: <https://mestreemfinancas.com/wp-json/>; rel="https://api.w.org/", <https://mestreemfinancas.com/wp-json/wp/v2/pages/2526>; rel="alternate"; type="application/json", <https://mestreemfinancas.com/?p=2526>; rel=shortlink
server: Apache
vary: Accept-Encoding
x-ua-compatible: IE=edge

Redirect headers

Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 22 Mar 2023 18:51:00 GMT
Location: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked

GET
H2 200 style.min.css
mestreemfinancas.com/wp-includes/css/dist/block-library/ 93 KB
17 KB 231ms
222ms Stylesheet
text/css 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2022 21:06:39 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/css

GET
H2 200 classic-themes.min.css
mestreemfinancas.com/wp-includes/css/ 217 B
279 B 122ms
113ms Stylesheet
text/css 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-includes/css/classic-themes.min.css?ver=1
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: 5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Wed, 02 Nov 2022 08:48:59 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 189

GET
H2 200 styles.css
mestreemfinancas.com/wp-content/plugins/contact-form-7/includes/css/ 3 KB
1 KB 413ms
404ms Stylesheet
text/css 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Fri, 08 Jul 2022 18:53:50 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 1010

GET
H2 200 preloader-plus.min.css
mestreemfinancas.com/wp-content/plugins/preloader-plus/assets/css/ 1 KB
628 B 122ms
114ms Stylesheet
text/css 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-content/plugins/preloader-plus/assets/css/preloader-plus.min.css?ver=2.2.1
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: 7b096cfae2525b059116d8b86e549bf6ae43fdcc78a90c72a3a42236d5caac52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Fri, 03 Feb 2023 21:49:45 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 573

GET
H2 200 widget-areas.min.css
mestreemfinancas.com/wp-content/themes/generatepress/assets/css/components/ 3 KB
889 B 123ms
115ms Stylesheet
text/css 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-content/themes/generatepress/assets/css/components/widget-areas.min.css?ver=3.2.4
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: e6b4122b94b82886e32952c07c78d342647b3a38a2834f4489e0922308a95eab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Tue, 20 Dec 2022 12:52:51 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 834

GET
H2 200 main.min.css
mestreemfinancas.com/wp-content/themes/generatepress/assets/css/ 19 KB
6 KB 124ms
116ms Stylesheet
text/css 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.2.4
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: 0468af8d74ba377eec707308168b6bfcd146fe0a2669a11a9af0128ad85b3bc2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Tue, 20 Dec 2022 12:52:51 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 6114

GET
H2 200 elementor-icons.min.css
mestreemfinancas.com/wp-content/plugins/elementor/assets/lib/eicons/css/ 19 KB
4 KB 123ms
115ms Stylesheet
text/css 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.15.0
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: b651d87ef113cba0c8ec8a33bfdb694171effeba56b20be12e3c77fc15f6ae9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Fri, 08 Jul 2022 17:06:53 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 3978

GET
H2 200 frontend-lite.min.css
mestreemfinancas.com/wp-content/plugins/elementor/assets/css/ 105 KB
21 KB 231ms
223ms Stylesheet
text/css 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.6.7
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: ecf785fe496796d2e4b026d58de7ea89a471d19255b06b3fefc5576db5a69dbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Fri, 08 Jul 2022 17:06:53 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/css

GET
H2 200 post-5.css
mestreemfinancas.com/wp-content/uploads/elementor/css/ 1 KB
387 B 124ms
117ms Stylesheet
text/css 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-content/uploads/elementor/css/post-5.css?ver=1675962711
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: e2f7d2878965ad61dcecd013500c1d038c5d6a8311a2da6299510566272e70f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Thu, 09 Feb 2023 17:11:51 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 355

GET
H2 200 global.css
mestreemfinancas.com/wp-content/uploads/elementor/css/ 9 KB
1 KB 123ms
116ms Stylesheet
text/css 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-content/uploads/elementor/css/global.css?ver=1675962711
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: 7b64a84c219d901e94b497f2374a5eabfa89a26b3c2891c774979dea81bb66d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Thu, 09 Feb 2023 17:11:51 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 1122

GET
H2 200 post-2526.css
mestreemfinancas.com/wp-content/uploads/elementor/css/ 4 KB
993 B 233ms
226ms Stylesheet
text/css 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-content/uploads/elementor/css/post-2526.css?ver=1676985291
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: c04d8a64a12d2baec77efe2a99b335351d98df781d96dde282b10a751e1b9be2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Tue, 21 Feb 2023 13:14:51 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 938

GET
H2 200 css
fonts.googleapis.com/ 42 KB
2 KB 56ms
20ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.1.1

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5dfdf00359b7743919a732ae8eb80536ff206faaf16a99fcdd3f967aca1f81e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 22 Mar 2023 17:03:57 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 22 Mar 2023 18:51:01 GMT

GET
H2 200 jquery.min.js Show response
mestreemfinancas.com/wp-includes/js/jquery/ 88 KB
38 KB 233ms
227ms Script
application/javascript 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Wed, 02 Nov 2022 08:48:59 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 jquery-migrate.min.js Show response
mestreemfinancas.com/wp-includes/js/jquery/ 11 KB
5 KB 343ms
337ms Script
application/javascript 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Wed, 18 Nov 2020 17:36:06 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 4618

GET
H2 200 preloader-plus.min.js Show response
mestreemfinancas.com/wp-content/plugins/preloader-plus//assets/js/ 1 KB
593 B 339ms
333ms Script
application/javascript 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-content/plugins/preloader-plus//assets/js/preloader-plus.min.js?ver=2.2.1
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: ea420d765b3a2def39c1b5ae6ec17b209cd156ab21fa8a8716159bb05ed655e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Fri, 03 Feb 2023 21:49:45 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 561

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 78 KB
27 KB 101ms
37ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8815bb9ff3d050c94b7d94e9e4508741d34c09b5681feded23f96c9ae9c765bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27467
x-xss-protection: 0
server: sffe
etag: "1519 / 315 of 1000 / last-modified: 1679483383"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 22 Mar 2023 18:51:01 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 179 KB
65 KB 90ms
58ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10883628328

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1eb5539a4bb7605f12dd1838a9b1fe811a5227a9033fb36294f458be3c00d42f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66494
x-xss-protection: 0
last-modified: Wed, 22 Mar 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 22 Mar 2023 18:51:01 GMT

GET
H2 200 push-notification.js Show response
script.joinads.me/ 1 KB
839 B 67ms
24ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.joinads.me/push-notification.js
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39d0fd9943a1069718bb60c51587b8a2b7711d562766565fafd8ac6050e44cdb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 694613
cf-polished: origSize=1350
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 01 Apr 2021 12:59:38 GMT
server: cloudflare
etag: W/"6065c3ba-546"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CDuQ%2BapR8omycZYQHCBnH6eVtTah5tqxVJkvCyV80C8hHsgzXwcl%2FTnV36YnFsE71zLkBjy6SVPeOznAgX80GWsbFAA5Jq3DA1JgvWMNLWgYgiUF%2BIokgwcLrNLURiXE2jtriPM1X6sjPKomWwIrXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31104000
cf-ray: 7ac09fa58bee9a0c-FRA
expires: Fri, 08 Mar 2024 17:54:08 GMT

GET
H2 200 animations.min.css
mestreemfinancas.com/wp-content/plugins/elementor/assets/lib/animations/ 18 KB
3 KB 232ms
227ms Stylesheet
text/css 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.6.7
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Fri, 08 Jul 2022 17:06:53 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 2997

GET
H2 200 regenerator-runtime.min.js Show response
mestreemfinancas.com/wp-includes/js/dist/vendor/ 6 KB
3 KB 343ms
338ms Script
application/javascript 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: f30769ea0b80a5d900c5f0de30b1aad1ab461195e69223d5ef63c2c5de8b6c1a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Mon, 11 Apr 2022 20:34:30 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 2675

GET
H2 200 wp-polyfill.min.js Show response
mestreemfinancas.com/wp-includes/js/dist/vendor/ 17 KB
7 KB 340ms
335ms Script
application/javascript 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: 1c1fef6e6b4f9832603850b9b6562e74d9a6a3700ba836efe88facc577121e8b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Wed, 02 Nov 2022 08:48:59 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 7621

GET
H2 200 index.js Show response
mestreemfinancas.com/wp-content/plugins/contact-form-7/includes/js/ 21 KB
8 KB 405ms
400ms Script
application/javascript 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: 7abd36a2f651330420d86187c125331d679408d1be7b6cd93efa64e08eaf80c7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Fri, 08 Jul 2022 18:53:50 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 7973

GET
H2 200 menu.min.js Show response
mestreemfinancas.com/wp-content/themes/generatepress/assets/js/ 7 KB
2 KB 336ms
332ms Script
application/javascript 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.2.4
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: 775a02c37772954d38fe41b802b94a0ee37dccb98a03827cdef3eddd2abc13d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Tue, 20 Dec 2022 12:52:51 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 2176

GET
H2 200 back-to-top.min.js Show response
mestreemfinancas.com/wp-content/themes/generatepress/assets/js/ 757 B
425 B 339ms
335ms Script
application/javascript 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-content/themes/generatepress/assets/js/back-to-top.min.js?ver=3.2.4
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: 808af092ebf9a3f9ffa55a0fcb1ec1809ac1a12ffa602e01e4ea91da1d2b5475

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Tue, 20 Dec 2022 12:52:51 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 393

GET
H2 200 webpack.runtime.min.js Show response
mestreemfinancas.com/wp-content/plugins/elementor/assets/js/ 5 KB
2 KB 231ms
227ms Script
application/javascript 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.6.7
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: e31e1cfb470365c46c451ae94f3a5f9bac9df96a0f403f044f851228a5bf1667

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Fri, 08 Jul 2022 17:06:53 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 2315

GET
H2 200 frontend-modules.min.js Show response
mestreemfinancas.com/wp-content/plugins/elementor/assets/js/ 14 KB
6 KB 339ms
335ms Script
application/javascript 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.6.7
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: 133f35fbfc23c0d8cf814176860427bd6a02da9278de3de662da11d9602d8582

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Fri, 08 Jul 2022 17:06:53 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 5798

GET
H2 200 waypoints.min.js Show response
mestreemfinancas.com/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
4 KB 342ms
339ms Script
application/javascript 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: 214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Fri, 08 Jul 2022 17:06:53 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 3747

GET
H2 200 core.min.js Show response
mestreemfinancas.com/wp-includes/js/jquery/ui/ 21 KB
8 KB 339ms
336ms Script
application/javascript 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: ca7154cdda62b535ceaba9ad2a2b2217ff49de94c069a2c4e89733f3f06b3651

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Wed, 02 Nov 2022 08:48:59 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 8344

GET
H2 200 frontend.min.js Show response
mestreemfinancas.com/wp-content/plugins/elementor/assets/js/ 37 KB
15 KB 337ms
334ms Script
application/javascript 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.6.7
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: e0f0d6d71e313ae3ee40517ae4df4806d42aacf7720c5c0220506c247796c4f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Fri, 08 Jul 2022 17:06:53 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 14837

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 112 KB
44 KB 57ms
38ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-165983883-5

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2cab8542374fa964a89c3101eeeb0810d15c106b57b6edd05d0c5ee02305d589

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44739
x-xss-protection: 0
last-modified: Wed, 22 Mar 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 22 Mar 2023 18:51:01 GMT

GET
H2 200 wp-emoji-release.min.js Show response
mestreemfinancas.com/wp-includes/js/ 18 KB
5 KB 272ms
271ms Script
application/javascript 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: gzip
last-modified: Tue, 12 Apr 2022 14:26:24 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 5321

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 107 KB
28 KB 277ms
22ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0a19fce040b8127f3e2e3ed609f7800153be329d6420b53295fb79a4f40012ec

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 22 Mar 2023 18:51:02 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27907
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: sr6QHJ51Wk5pw26+8jXFqR+2nRZ49Mh3gA2VORasRzZgaxSly4TLW92HZrOlL4y9+mLrDga5z5Nft628PWbJbg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 58ms
23ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.1.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mestreemfinancas.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 08:37:39 GMT
x-content-type-options: nosniff
age: 123202
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Mar 2024 08:37:39 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 56ms
22ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mestreemfinancas.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 08:37:39 GMT
x-content-type-options: nosniff
age: 123202
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Mar 2024 08:37:39 GMT

GET
H2 200 FGTS-7-1-768x512.png
mestreemfinancas.com/wp-content/uploads/2023/02/ 166 KB
166 KB 232ms
232ms Image
image/png 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mestreemfinancas.com/wp-content/uploads/2023/02/FGTS-7-1-768x512.png
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: a6d72c44ca09f0eb3e1af89f282ea5c1e94669f87d89cc6cab10925771c11cf2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
last-modified: Tue, 21 Feb 2023 12:58:37 GMT
server: Apache
accept-ranges: bytes
content-length: 169703
content-type: image/png

GET
H2 200 FGTS-8-768x512.png
mestreemfinancas.com/wp-content/uploads/2023/02/ 136 KB
136 KB 232ms
232ms Image
image/png 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mestreemfinancas.com/wp-content/uploads/2023/02/FGTS-8-768x512.png
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: a72da021ce55690ffbd77addc203b06896ed0f1168f2828d2cd9c47713341a2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
last-modified: Tue, 21 Feb 2023 12:58:30 GMT
server: Apache
accept-ranges: bytes
content-length: 139058
content-type: image/png

GET
H2 200 pubads_impl_2023032101.js Show response
securepubads.g.doubleclick.net/gpt/ 396 KB
134 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

73fb2fa0d192c9fe74aaef182a6dbc31c29e7cc863038f0d69eac0d5c8ae204f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 11:49:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25275
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 136519
x-xss-protection: 0
last-modified: Tue, 21 Mar 2023 08:35:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 21 Mar 2024 11:49:46 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 573 B
302 B 53ms
22ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=mestreemfinancas.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e100b78565f86a5cedf791f8ce4d3a7d39b6597f6070090d5fd38bfdf004ede5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 277
x-xss-protection: 0
expires: Wed, 22 Mar 2023 18:51:01 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 77ms
11ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-165983883-5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 22 Mar 2023 18:05:11 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 2750
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Wed, 22 Mar 2023 20:05:11 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10883628328/ 3 KB
2 KB 85ms
55ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10883628328/?random=1679511061877&cv=11&fst=1679511061877&bg=ffffff&guid=ON&async=1&gtm=45be33k0&u_w=1600&u_h=1200&url=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&hn=www.googleadservices.com&frm=0&tiba=e-FGTS-calamidade%20-%20Mestre%20em%20Financas&auid=638489972.1679511062&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10883628328

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8e8dcc9716ccad1d70ea280e235e73bf05f1e71f1a3fcaa4be7eff8fc29ebfb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1273
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/10883628328/ 3 KB
2 KB 319ms
26ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/10883628328/?random=1679511061887&cv=11&fst=1679511061887&bg=ffffff&guid=ON&async=1&gtm=45be33k0&u_w=1600&u_h=1200&url=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&label=sgBQCMy6kYMYEKj628Uo&hn=www.googleadservices.com&frm=0&tiba=e-FGTS-calamidade%20-%20Mestre%20em%20Financas&gtm_ee=1&auid=638489972.1679511062&uamb=0&uaw=0&data=event%3Dconversion&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10883628328

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

d881bb10f298a49857a8a6b4e0b375f57a24a7cce2833b9c17d75b1f19befb3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1616
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 153ms
73ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=mestreemfinancas.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 122ms
21ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=mestreemfinancas.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 40 KB
15 KB 1672ms
1671ms XHR
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2008483173985985&correlator=1834688950123906&eid=31073317%2C31073203%2C21065725&output=ldjh&gdfp_req=1&vrg=2023032101&ptt=17&impl=fif&iu_parts=22526454507%2Cmestreemfinancas.com%2CMestreemfinancas_Interstitial_20230204&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=1&adks=3550336826&sfv=1-0-40&ists=1&fas=8&cust_params=id_post_wp%3D2526%26utm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&sc=1&cookie_enabled=1&abxe=1&dt=1679511061989&lmt=1679511061&dlt=1679511061314&idt=637&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=1814452370.1679511062&ga_sid=1679511062&ga_hid=1032487299&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b2c4851cdcc609fc0e6ed89f471c4d3a74642a88787ced1514c9980b2f51fd95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14974
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mestreemfinancas.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 312 KB
57 KB 710ms
709ms XHR
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2008483173985985&correlator=1834688950123906&eid=31073317%2C31073203%2C21065725&output=ldjh&gdfp_req=1&vrg=2023032101&ptt=17&impl=fif&iu_parts=22526454507%2Cmestreemfinancas.com%2CMestreemfinancas_Content1_20230204&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=250x250%7C300x250%7C336x280&ifi=2&adks=1947044723&sfv=1-0-40&cust_params=id_post_wp%3D2526%26utm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&sc=1&cookie_enabled=1&abxe=1&dt=1679511061995&lmt=1679511061&dlt=1679511061314&idt=637&adxs=675&adys=832&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&frm=20&vis=1&psz=1120x0&msz=1120x0&fws=0&ohw=0&ga_vid=1814452370.1679511062&ga_sid=1679511062&ga_hid=1032487299&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

94ec0fa3d27f5df859328b02585a0e0aeb265ed1f42883cb4a79a376c7d7d819

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57930
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mestreemfinancas.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 49 KB
17 KB 322ms
321ms XHR
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2008483173985985&correlator=1834688950123906&eid=31073317%2C31073203%2C21065725&output=ldjh&gdfp_req=1&vrg=2023032101&ptt=17&impl=fif&iu_parts=22526454507%2Cmestreemfinancas.com%2CMestreemfinancas_Anchor_20230204&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=3&adks=691987584&sfv=1-0-40&ists=1&fas=2&cust_params=id_post_wp%3D2526%26utm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&sc=1&cookie_enabled=1&abxe=1&dt=1679511062001&lmt=1679511062&dlt=1679511061314&idt=637&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=1814452370.1679511062&ga_sid=1679511062&ga_hid=1032487299&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1b72a1ff662e22169f01bfd19d219cefd08c0cec018bd9afaa6a5cfb0c5946e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17291
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mestreemfinancas.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
9 KB 1112ms
1111ms XHR
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2008483173985985&correlator=1834688950123906&eid=31073317%2C31073203%2C21065725&output=ldjh&gdfp_req=1&vrg=2023032101&ptt=17&impl=fif&iu_parts=22526454507%2Cmestreemfinancas.com%2CMestreemfinancas_Mobile_Fixed_20230204&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C320x100&ifi=4&adks=4022149995&sfv=1-0-40&cust_params=id_post_wp%3D2526%26utm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&sc=1&cookie_enabled=1&abxe=1&dt=1679511062003&lmt=1679511062&dlt=1679511061314&idt=637&adxs=-12245933&adys=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=640&ohw=0&ga_vid=1814452370.1679511062&ga_sid=1679511062&ga_hid=1032487299&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f6cbfd83a95c022441310a35df83064f8b0f531f876fc04de49df8a08ddd78a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9375
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mestreemfinancas.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3AF2 6 KB
3 KB 96ms
35ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mestreemfinancas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:51:02 GMT
expires: Thu, 21 Mar 2024 18:51:02 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads_2023032101.js Show response
securepubads.g.doubleclick.net/gpt/ 33 KB
12 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2023032101.js?cb=31073317

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0249bb451c88404547895e0bf6f864612756386473cddc798d978742c65af546

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 10:55:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 114908
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12333
x-xss-protection: 0
last-modified: Tue, 21 Mar 2023 08:35:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 20 Mar 2024 10:55:54 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
209 B 21ms
20ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1032487299&t=pageview&_s=1&dl=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&ul=en-us&de=UTF-8&dt=e-FGTS-calamidade%20-%20Mestre%20em%20Financas&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAUABAAAAACAAI~&jid=1969572026&gjid=382892524&cid=1814452370.1679511062&tid=UA-165983883-5&_gid=400817542.1679511062&_r=1&gtm=457e33k0&z=1892873694

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://mestreemfinancas.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://mestreemfinancas.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/10883628328/ 42 B
455 B 275ms
20ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10883628328/?random=1679511061877&cv=11&fst=1679508000000&bg=ffffff&guid=ON&async=1&gtm=45be33k0&u_w=1600&u_h=1200&url=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&frm=0&tiba=e-FGTS-calamidade%20-%20Mestre%20em%20Financas&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=318818247&rmt_tld=0&ipr=y

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:02 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/10883628328/ 42 B
455 B 99ms
41ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10883628328/?random=1679511061877&cv=11&fst=1679508000000&bg=ffffff&guid=ON&async=1&gtm=45be33k0&u_w=1600&u_h=1200&url=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&frm=0&tiba=e-FGTS-calamidade%20-%20Mestre%20em%20Financas&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=318818247&rmt_tld=1&ipr=y

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:02 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 identity.js Show response
connect.facebook.net/signals/plugins/ 64 KB
20 KB 72ms
71ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/identity.js?v=2.9.99

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7e86f52cb0d423805ec541a4bccae5156a01fbe36355e6d798a450593212651f

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 22 Mar 2023 18:51:02 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 20722
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: g+wwaxtDoE4ohjFtgybBR8g4h010r8EbTlBYuinFz9ML8JQf+AIAIr0CmxBRNJa4t0BfiNVEe49UQCjJoS8pFA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 2059094117621613 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 243ms
243ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2059094117621613?v=2.9.99&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5cd1d3f62af07b4c29a844781688aadb6d84f30986e2c2aa5fd2d581ea517ed1

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 22 Mar 2023 18:51:02 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: lAbWib0mp+8y51yVJUBvUajJLfbHaCFAR0ngHwdsadXNeRkIPGQQqI+Wc4JAgFJM3jivevLkqsAmB+HX90LP6A==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-conversion/10883628328/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10883628328/?random=1866008271&cv=11&fst=1679511061887&bg=ffffff&guid=ON&async=1&gtm=45be33k0&u_w=1600&u_h=1200&url=https%3A%2F%2Fme...
https://www.google.com/pagead/1p-conversion/10883628328/?random=1866008271&cv=11&fst=1679511061887&bg=ffffff&guid=ON&async=1&gtm=45be33k0&u_w=1600&u_h=1200&url=https%3A%2F%2Fmestreemfinancas.com%2F...
https://www.google.de/pagead/1p-conversion/10883628328/?random=1866008271&cv=11&fst=1679511061887&bg=ffffff&guid=ON&async=1&gtm=45be33k0&u_w=1600&u_h=1200&url=https%3A%2F%2Fmestreemfinancas.com%2Fe...

42 B
108 B

38ms
37ms

Image
image/gif

2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/10883628328/?random=1866008271&cv=11&fst=1679511061887&bg=ffffff&guid=ON&async=1&gtm=45be33k0&u_w=1600&u_h=1200&url=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&label=sgBQCMy6kYMYEKj628Uo&hn=www.googleadservices.com&frm=0&tiba=e-FGTS-calamidade%20-%20Mestre%20em%20Financas&gtm_ee=1&auid=638489972.1679511062&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEVJOE03cW9BWVF6dWF3eUp6QXUtN0lBUklsQUNTQVFjOF9EQ2lraUliSUppY1BHNlEwZEFxd1RKbWdmODg1TjRIUTRMQmx5VVZKV0EaWENoRUk4TTdxb0FZUXg2bWw5TDJtNzVQaEFSSXRBQjdPd2N0Rk5vTmxhSlktdjc3UXkycVNNOVBOMGRjVHdGeHF3MGRoVjkwMlJodThINkNqWEE0d3h1dHU&is_vtc=1&ocp_id=Fk4bZJK-C_yO9u8P4vSHiAI&cid=CAQSKQDUE5ymuPdWnNhlObmhLHKGRhJCg4MFK5rpxc88uderxKYGVUwSEY98&random=3603596286&ipr=y&prhg=0

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:02 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:02 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/10883628328/?random=1866008271&cv=11&fst=1679511061887&bg=ffffff&guid=ON&async=1&gtm=45be33k0&u_w=1600&u_h=1200&url=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&label=sgBQCMy6kYMYEKj628Uo&hn=www.googleadservices.com&frm=0&tiba=e-FGTS-calamidade%20-%20Mestre%20em%20Financas&gtm_ee=1&auid=638489972.1679511062&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEVJOE03cW9BWVF6dWF3eUp6QXUtN0lBUklsQUNTQVFjOF9EQ2lraUliSUppY1BHNlEwZEFxd1RKbWdmODg1TjRIUTRMQmx5VVZKV0EaWENoRUk4TTdxb0FZUXg2bWw5TDJtNzVQaEFSSXRBQjdPd2N0Rk5vTmxhSlktdjc3UXkycVNNOVBOMGRjVHdGeHF3MGRoVjkwMlJodThINkNqWEE0d3h1dHU&is_vtc=1&ocp_id=Fk4bZJK-C_yO9u8P4vSHiAI&cid=CAQSKQDUE5ymuPdWnNhlObmhLHKGRhJCg4MFK5rpxc88uderxKYGVUwSEY98&random=3603596286&ipr=y&prhg=0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
1 KB 276ms
23ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 36988
x-jsd-version: master
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230042-FRA, cache-yyz4568-YYZ
x-jsd-version-type: branch
server: cloudflare
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vIrX467r3Iyyv327SLt%2FBFZPRm5RB1BC80DSQo4fx5FWzNST%2FVR5SxNIZRtVR08OmblkS31%2BxMu%2B%2BAM6ZbP7bKXrzpbT8mruRBklXzjQeYCryaXEHEZKtK2%2FRmTEO0Eqm2jE7YQfhFDvum0SbRA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 7ac09fad3b6a30f6-FRA

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 272ms
14ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 05:10:35 GMT
content-encoding: gzip
age: 567627
x-guploader-uploadid: ADPycdsRdNetRtDsJgQiW3jYUzNf--RNUpFn-nwKEqicmnAPK9Kxkrw33U8-Nf4bE3OVkYOkM3hRKPoN1ickSNTXQUfbEEpP_Dou
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Fri, 15 Mar 2024 05:10:35 GMT

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 58 KB
17 KB 85ms
37ms Script
text/javascript 2606:4700:10::6816:3556
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b1546ae8f493de03b1ca99f9f955a20785679be18625354b363f2f8311f421b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 13 Feb 2023 11:21:55 GMT
server: cloudflare
x-amz-request-id: B21V0F22VJP5FG8V
age: 3191
etag: W/"b988c8d91b8a22dcd50f129d3a9d67f1"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 7ac09fabfc48914d-FRA
x-amz-id-2: /9sMwXcqvgEyjTW3uC6dFiL1VgGHBKiy48ep+6fvhHMJAPYTXyiXQmvOZBH9pADy6GWgbZ0BNwk=

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 39 KB
13 KB 382ms
87ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

c7fc8dae04703101d705fac5268f8900d96149d6b2d3fdd6c1fac249ed16cf1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 24 Feb 2023 07:57:32 GMT
server: nginx
etag: W/"63f86dec-9c21"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 23 Mar 2023 18:51:02 GMT

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 2 KB
2 KB 58ms
11ms Script
text/javascript 2600:9000:2250:2200:a:e047:752:b361
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:2200:a:e047:752:b361 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 71fc1599035adc6bc34df2117b8631285905f97737ba730af28644ee6a0d8dde

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date: Wed, 22 Mar 2023 05:18:42 GMT
Via: 1.1 f7e6fd9466c5c2a3b15f0fb077de1afa.cloudfront.net (CloudFront)
Last-Modified: Mon, 23 Jan 2023 04:07:36 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P2
Age: 48741
x-amz-server-side-encryption: AES256
ETag: "aded621b17723f487b3c9d0e43cf2f94"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1859
X-Amz-Cf-Id: 1pW7mmGuaBhpg77Un3nVtLWWkt-qtiw9SS-FQr3WGdeLlq3GlDgzNQ==

GET
H2 200 container.html Show response
f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C9F6 6 KB
3 KB 15ms
10ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mestreemfinancas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:51:02 GMT
expires: Thu, 21 Mar 2024 18:51:02 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame BA70 624 B
242 B 65ms
56ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjX7tzgATAB&v=APEucNUhpVBZ_oyUi8-CQ64nmaeZwfu7i-c_FHF4g_liY5w_mujuPsgdN6W70CHCSKx9Ht4aJuD4F8x0TKfzlLGKkQ0dtlT45SVLA6tjuJy6hV-Si5nhgLxaUvvpeSgE1Q4TsAuowLjAGF791aJc4kVAfepArA7Kn6j3J76kJpsFelg6sS98KUs

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:51:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 0CA2 78 KB
28 KB 162ms
94ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 22 Mar 2023 18:51:02 GMT

GET
H2 200 adj Show response
fw.adsafeprotected.com/rjss/bgd/1135760/69474538/xbbe/creative/ Frame 0CA2 250 KB
76 KB 115ms
34ms Script
application/javascript 2a05:d018:dd0:6881:e518:8fca:7301:8eac
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bgd/1135760/69474538/xbbe/creative/adj?p=APEucNXYmfPfoTjVmlF1Jd08IEchMLhOXyCx7g9zBnXZB--j0HxovnQ&d=CokBAKAmf-DSJ4I01GV5e23kZ9VX8YhZVDgmsF-zFLrCHeyxnokK7o6PM2dUHbSgcS7FazX0DGSMXvMbkHdyslnnc5qUqhWXAo33QVpfSHoDWfbjgYhAA_cTXjccJF1Fgt4kdCFBPV-zKRk3JabK7RQ9HOoTosqoyFYB_oytjBtAzT7j50G1y0bJgZkSmRUAoCZ_4FV1v5TXKPWRqk5VKvl-oYmgTavdCyNQ65NhckK3bsJ_uPLe84Dr61IzPNnJP0U505lUFxR4kPrGphO6ZeJLeNpReeAhrskbgx7-IK29imUa8u4kCcHdW5uEzWUcpgW1r7V60bmCZza1ogL46ZyfaGzRICgRHsArLBA0N18hyz7e8A8yASYMS-meOoJQUPorx-Nyk2Q0vHxGwCVPZoKwPeryHqrtPoIyHlHQUcv_Vb_7yUOinMpmLewfFKaQhepEHZaqePfW5jvNePGNU9Pzpdv08tFJ3P5Ab2BXRXxD2iEw3tchqrnpiZwSE2kj2eDulxwrRPTdh8VwJ0QsAoxutysW_zYpPvqIY_JUMPCKHE8wzkHIslXUPTpU18zotou_e1egItKEpnRvokKz_B8BHMovWY5xN5HCG1Fqt1udyAuZzmmmM9FLnlFkGMk_Vw1lvG3burwYYHIA5MVXH8OUVfLhX6DtsY1ZLB1JRv2JuaUcgNDTSZwFLDNVtekxnwNIBLLJb1ChLwcu3P15_jnyafR_wh_5YQH6Vx7HEvLwUi2qBrduCUPfAKYrt8sh1K-Oy0unASBjg1LHR-8WBFbDu3Hn2wpf76C2arYtDlgWs0TxbGsLPNGdB6SHjpaES-ZmUNyEubpKUJs0GafZ9e1d-V8lmj4_-FkR4KuY9KkqGMxUPSQ4LnGANkvCqucTstVCXzQfVUNhKPGohxYaKFgnazvCL_EIS1QM5GBXwcNVEInHqCinVYaLR70gMzUVDsEEZOfhOR2YFpmzrDNxug47yqhsjvgzhQGOXtQaF-mMTcwxWt0gvzD2Nc3LXWWfBTnYQ968Fbi1UpaMI0oFW_DUb9JNeViXwXU_vi3T5RHjou1mck0rGKds_SwtmaJSRUBfBaA7md45kQ8VCHxRTNBxpUfF6yprbp0ZlYwLbSUYZN5DXpyh2JyURy5ZapQq5NDaSjX-H_AmVws29O5LNu8aEaV-3xg8mYHxL0pWGOro9iVdBzG_qBvx2ON7t229AYX6fNt44mCQfpoW2NAjRITTl_csv9Ip-YEWyBNjqHWba9mqATP6lPUlohw5ie3BiBX-b8Ph0RuUsaLIf7iO2PesUIqb4MgZJNA7yVpyYwsFtJ0fIv0gIwVveF0DFwlJtc5-rvuDF74kdqiqg4sVmNd3d4i63eKlOL655EKAE676QN_Vwk5I0DO6r5VyEyClLrtKFdmvN2pi4ajULfvzE4ORdBkQpoew9iQKXDxlbESLMsVtZSDVVTP-qbh_DeqDy8IXS5zzRwixc8uN-rEjxwc6apSgv08qB6PgIorr301AcAx1XhmEECuGFile8lf9mxaD8zCK4E24AIe6xmSBUKa7mbKw2Lho1yMl5lNnhqDRJmkyHRax39sbeIk2yKrBCmxgQ3P7Bl49X-TiqrHQOla_ds35Q4imN73qfCOUP-THTEq46t-O6gBdgI6cH9MitA0Z4zT8aMcqqnUuF8xChA-uVBxz-xakA_Awyw4mFrfY2kWnM0WQEVI810eVzyC5LLV8V0YGUUNXp1esaXYG0rCT9ZTUcAQaqASGb4vQ6-LVZzP_ZJDNp1_I3NYBbtnet5jB5HMwSNPVRiW70h-zYRKm7_hrPO-PRmJIvneLTt9SpTyh6lrjfeUmo4Xh204qXUEfTRFadDTOS4jkqtWsWndpgglKQ0ILLLSn2gvwiXmHfL0YhNFTt34hjxn165UZJ1BE7eWYGfk31b9HjYbyGhqkyu8fxIrrUTOGGpTLBxu21pRMWruJc_Gn1Z1drVArGbitO6jk-DwoS3w08ZRL2-WPIJ6qU7uznm9JlchIkgqsUuTz6u4Q6_vekezlICVyymOcK9yXWUtXyQzl2TcyCg0Xe1MpF6ZxPB0wZaCyRPzZqix3qgHYBtmza2bDsx-i_h_1VGvwc2eFnyDRYOL6HymobmM1YY3wO8lLGXc1nONRbQAJuWCEpEMQ_4ZqMOpUhacpJLvbdoRG9k2yJ7GwfDgx32na4YaBhcgOHftsUgvkisIYoZHpcjiSScVUxmyjY5ucFGpfQZ0bg8naVY1SD0Cy4fcR07nPTIWA7-VSChgSxucsm4w5WdOon-3M45s-VR0WR29blQd0FZ8upHiiZ4BsASuLKzbJ6IYJ_W9QodeoGWKKQYmbs6sODUMsBV1eM1ipIJgXbV2Ma-lvxOdvVsb2etiBzJALgWTqa_2UOJUaSkyxWPndax_AFPdgVCP5dqgLS57gL1O_9U-wMtgYzkUqWu92wYuXi-Ipq3fbClEw4aU6euqoeUsxcCm-XCC7Cw9Hri6QvAziVqVYHr6exKybqMTQM0YWGAhCg45UpuKwH47vJ967m6bXnafc4M_fNhvNkdCKKIJjR3hcfHNMUZzQAcul_3iqQFxJvhVR1s5KOUuHksEeMP7kyQRf8drYI-eY074s9KFPGDU9YCrGoC4o7TE3IZmxr6oYmncWVPW83ui0oYKBJyx9CUaUfTpxV0zQmj6pXu1nx8f23hPepoY161eRgdCXnaGdOrCup8MhtHyUMTheh6q6wKqG7jNUSis9lK96OCpiJfmHl0sKVr0REX3A8TluDfwXHZGlGB69DEbOVlK_a-YsBxUbefLZUzvKYw4HY4cMZz-66wkbvpKlDwa1_beHvdqwFlJ8BES3YhcFnDwOLq1DNrQ3ju0T1-BpJWiUHvElvftCTN-Og-hDHk71Q_t3Nb-VHT2Cm8bMlLR2TuowANswz8i6Z6ObqlssgE8JbVUNM7Usi1VVwX_ZS-IaqsJ-9l3EQtXEtFY5sr869fgOWZJjCTdIZOun5R_RWSgkUsyGG9wT9wlvTidK1WITICvLkLcBOPfnfzvdvp59dWEwZUJwh35K7pEpB7ikNde-dd0iUL9sBhWyI3UleDkkF_naJuHE9HbM1RtJI8vdaLTZR6lNRr3FNPDsFi_tMkJrKB0NulExlkAhCxeznnhaZ6DMX5qljacoX3efg2R_1vcmjR1vLEEichvFE11949erx8Scl4PAchOw4tLJDbzF2ldTPkSqe348q2inC3kakLAuog81vLDJqetdgjAUHWxiCm5ikxYfKFuiK5c6ZdfLWzTqTbXqPaX625a7t8feyZS7UPmAZuE7EW5Pwbh3kAtaqG292qsFZoNG9ySSVIL7QpOudOjxtU2qIZoQlweGPD3KOP-gPJ1HloaiKXMd-EK09LDPMVt0SYDpc5fRZpuv37ZUBq-KrAO8-PQ66R-T-UWAOMjcaea6kk4BJ_wDyEvNDa-k2PWnGgLel9uTbL-daz7vRdAYesyZDf1Nx_drF1kY34brLWB5plN9-qZpH4MRwZe4u1CZejXYOVLEIOtvqGu1RY54r21mHT0ErMoiBuVKO0xGwFPc2peQ6uNxiQXt70klE-IMVb3MEosVm8Y6WHYfax7TS5W2eg46RJ5pCSWYDHhgXcXzWTp4529UrVk_R4Bj8mruC5c1g0ihWIUr1MsFzpAjZ1fyrdUOyTNvmqp0vtQ9Oj9LqjvKsxjgowBWqFJQglYNq-Zoo-OTjCGVW3DpJrrQkaLO0i0kAdAQfm80X4iDWeakMsMsExzrQcLUT-m9ClfmhOZX2QNuHafikVfxGkIIBBI8ANQTnKY95zVLv5nwk5iXhUoOSLDR-TJvVMk72kAqMukRZ_fv1ISwQgZ-5VuqYXxhZuU_YpBms96jLEH8GAFgAQ&bundleId=&ias_dspID=3&ias_campId=1008772806&ias_pubId=pub-4894209870857905&ias_chanId=1&ias_placementId=18137317859&bidurl=https://mestreemfinancas.com/e-fgts-calamidade/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hAVIS21bAQeeHVMWc24J9u
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:dd0:6881:e518:8fca:7301:8eac Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 2d4fa7a21f3e64c02dff32fa9860b0c781e5ffbf19dc5308b548a1c725f45b94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:02 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230320/r20110914/client/ Frame 0CA2 3 KB
1 KB 63ms
12ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230320/r20110914/client/window_focus_fy2021.js

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 16:31:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8367
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Apr 2023 16:31:35 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230320/r20110914/client/ Frame 0CA2 20 KB
9 KB 62ms
11ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230320/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 11:58:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24751
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Apr 2023 11:58:31 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 0CA2 0
0 27ms
18ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSM4pKCX7sTYFRgXmZjKKf2GJlLii-CGWhHZrNh1_KRZgJsN4OdHAqC23PQn4mjJg_XyZWlRBIhCOn3CV0nk2bAnaq_XQ
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0CA2 158 KB
49 KB 86ms
22ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe14bc8a4e294c047589838fd09a3efc81771751a0be03ea8ec99e734e965fd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679312138029146"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Mar 2023 18:51:02 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0CA2 42 B
401 B 108ms
45ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ARV0hK54ysEHib4R_Oql1mwa5Rf7hVXv_JvkpKwyNImAGD8ZAoy6Dl7oKvPqbCgDyTF75B1NDWsFhLb7r_iI8jY49kyKrQSN2a6QxyXRkYXZ7vMlM

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0CA2 0
58 B 107ms
46ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=3889981778502259639&x=1&ct=76

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 1537353300119728 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 152ms
151ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1537353300119728?v=2.9.99&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1f29d91e07c72114188d0d5ec2a2166112fd0096b71519a39ed3555c7e30232a

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 22 Mar 2023 18:51:02 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: /SyJkwHMgTBwFFOo3cbJ4eLs8qsBa0P9bkcRWVa6b95WHptplpwNLfBh33LJAN0hS3jx6049H7s68fTB4utztQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 301ms
15ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2059094117621613&ev=PageView&dl=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rl=&if=false&ts=1679511062445&sw=1600&sh=1200&v=2.9.99&r=stable&a=wordpress-6.1.1-3.0.8&ec=0&o=30&cs_est=true&fbp=fb.1.1679511062442.1415161184&it=1679511062066&coo=false&rqm=GET

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 22 Mar 2023 18:51:02 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H/1.1 204 increment Show response
id5-sync.com/api/esp/ 0
329 B 44ms
15ms XHR
text/plain 162.19.138.118
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.118 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533569.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://mestreemfinancas.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://mestreemfinancas.com
date: Wed, 22 Mar 2023 18:51:02 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BA70
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEICrGQ8srrlP5_NzKVoubr4&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEICrGQ8srrlP5_NzKVoubr4&google_cver=1&C=1

43 B
766 B

19ms
18ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEICrGQ8srrlP5_NzKVoubr4&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjX7tzgATAB&v=APEucNUhpVBZ_oyUi8-CQ64nmaeZwfu7i-c_FHF4g_liY5w_mujuPsgdN6W70CHCSKx9Ht4aJuD4F8x0TKfzlLGKkQ0dtlT45SVLA6tjuJy6hV-Si5nhgLxaUvvpeSgE1Q4TsAuowLjAGF791aJc4kVAfepArA7Kn6j3J76kJpsFelg6sS98KUs
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Mar 2023 18:51:02 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 22 Mar 2023 18:51:02 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEICrGQ8srrlP5_NzKVoubr4&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BA70
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZBtOFi.vLAe07NmPzehOvgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEICrGQ8srrlP5_NzKVoubr4&google_cver=1&google_hm=2

43 B
766 B

18ms
18ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEICrGQ8srrlP5_NzKVoubr4&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjX7tzgATAB&v=APEucNUhpVBZ_oyUi8-CQ64nmaeZwfu7i-c_FHF4g_liY5w_mujuPsgdN6W70CHCSKx9Ht4aJuD4F8x0TKfzlLGKkQ0dtlT45SVLA6tjuJy6hV-Si5nhgLxaUvvpeSgE1Q4TsAuowLjAGF791aJc4kVAfepArA7Kn6j3J76kJpsFelg6sS98KUs
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Mar 2023 18:51:02 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEICrGQ8srrlP5_NzKVoubr4&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame BA70
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELoyHvA4cXJqSCPh9vrWc6k&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESELoyHvA4cXJqSCPh9vrWc6k%26google_cver%3D1

43 B
1 KB

26ms
22ms

Image
image/gif

37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESELoyHvA4cXJqSCPh9vrWc6k%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjX7tzgATAB&v=APEucNUhpVBZ_oyUi8-CQ64nmaeZwfu7i-c_FHF4g_liY5w_mujuPsgdN6W70CHCSKx9Ht4aJuD4F8x0TKfzlLGKkQ0dtlT45SVLA6tjuJy6hV-Si5nhgLxaUvvpeSgE1Q4TsAuowLjAGF791aJc4kVAfepArA7Kn6j3J76kJpsFelg6sS98KUs

Protocol

HTTP/1.1

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Mar 2023 18:51:02 GMT
AN-X-Request-Uuid: b1087bc6-b4ec-419a-b2d7-e76178ca7950
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 81.95.5.35; 81.95.5.35; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 22 Mar 2023 18:51:02 GMT
AN-X-Request-Uuid: 601e3937-b8c2-4a1c-a97b-4af68e26d7d6
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESELoyHvA4cXJqSCPh9vrWc6k%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 81.95.5.35; 81.95.5.35; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BA70
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzU1MzIzNzEzNzg4MDg3MTI3NQ%3D%3D

170 B
188 B

23ms
22ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzU1MzIzNzEzNzg4MDg3MTI3NQ%3D%3D

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 22 Mar 2023 18:51:02 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 81.95.5.35; 81.95.5.35; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: d0f0f9d9-265b-46ac-8124-85993787da4c
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzU1MzIzNzEzNzg4MDg3MTI3NQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0CA2 0
56 B 61ms
60ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3571829744338&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0CA2 0
56 B 58ms
58ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3571829744338&version=m202301230201&ct=76&x=1&cor=3889981778502259700

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0CA2 15 KB
11 KB 83ms
82ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C4r8Z8Ag3X7iP1dPnHJiW8NVdYtRd74WMchNVwqflx20rjCOGEDwQGel3zhvBEZRIsE67SsjQas8UgCVaM0ocMqQkwaGLhXK0qV8A9gHJgzVJYC4knu3zFxnPpx1KPUbuF6pzacFPTtuYCGR2JL2afHMt8ld9qUSKlDs4DREqOliDBphU&cry=1&dbm_d=AKAmf-AQ5RzSQJ3oyx3oMozgETdfbekYgYD1P3yMkv5AO89UgaojPuGm3Zsgrk9oVcIXAB2wo6jCWG3XVR-FETzZTxLq9rqFH3cjyy8trPzkL6TtFJWg3kuYCusO3YIo37MECGLXVmFrzuCmsGEZnd9uXU9qCx9iNke-p6jI0gtFvq6zvCFPUcoYMWJo5bgE6ag2JQmlfUHLAep1zdF9Xah-RHs2tx3rY8nZQngIcFMoFlIU9X6EzwNi2hDdemSXGITb9tNaBzMzr40knqdWZzmGWx2d3-pJZjgt7uzAZi74yxs0C_zDblUBgJC8qyxCfZFiUkaQqHJjKnScHpBf53YgU5gRmZW81u4N5HwP8XZ8RyHYl8vmcw8KcwX9PrP_idWk6oYT9U4X_nKgLE-5O5jI5vw9PGZmtTvvq3gY576GRuOHdz2IenlD7RelIQiHMhO2GEbZIwtd_F5B8FVwQOx6ZNUD4bsw-CiyJjAVwUNy219l8ye-mRQYN4EjGdoQT55imtu9IeNh5tvv0DSgpPj0HJgxL4nKhA-Pc55wGcW7eJHfAkUHdvBDw4HG4nQt-bMiaIyrdmcKrlz73DHNIIKJ8y7qmj_iZLOcwC9R_yuoRKZMEW5PKDkJx3DcDC1kABWxnl12-BVmnTVzzcZ6wLUq2WkGQ8HiyTp-QKtvLXxx_AYZZtb8qfJ2kh3w0iiZDepNz-T6-VJGhdRFWpDYoIMokVRu-V1NfQUrg4INJornqWYceUXFwrtUntCEluGwTsk3cp3EYQRug0JKGUpHIVZMSCR5O7D3EI8C_s20o168bp6gV643PNPmvacDhZlYNxtv8H0_kD7m-Ap2oUq81nl20b3Jj0NseYgRk4KT7V_ZOz_TF8wgjO8eePNiR-HCmqhnInp9UX4cTRldeRWpb0f7hjeHYqOO9JQPeOwOM86uHyeGpdN_KTd-dJt9N_MnOPK5qU4GTwDvCu3rTk11lNNyYmcP0JRkCVZ09GCSb_OrciN0Vf-3_81oLfbgS7VFmZFDCJRyl3YgkezLyinySVRqD1DMCmUoYeSAXwSN1va10tzq3LPYQN963YZzR6eyQptqqg6DCKYzU-y-MhasP9TKA6kW_Pv7cdVvFTc3searCMA5i5PoJDXKNzjpPFgDfG0y1OsaMtap7BgGDRzG1GfjUJqDNA26BSEqA_IsSFgX-OxXF3K4WX_5Q2wgwHrT72lmSWdzB6o_pn_ezhiVEqbhRjBaEelVuWUYaSLrUKQDogMF4gjekA3icUrKzc610aE3i_OjuDHzo-B58R9MVojLZGahxTNk0A9Ewp3j9W-eIry5WdEIn28t5-IHgkCINiuQIHYzHldLWYJF4qwogzP3UIQ15RtwHJ4QJr5xIjSfYRBmqPxotNFJqfLubABW9ftiK74gOFI81HlXcJxe5YJ56UIGP8OhYPloH1q2z_dn1uEQb2uzeLsEMlm4gW-ngginQwO0muYm0A_L9gfq-H-5NEw6ec079liU0gYf3SYpBhLNDDcM7D3sbdSu3qAxbgiPZfujSBgSGeMzPo1oLJ3vWie-amRYiYMdSBRc90ZCVH3j96fLIPqYBLwgJsUNP6xL66XeavC_7Dby3WVK4YmXt6er-Sq0_0Y9z1eFFeI1bWrstbf6bMhlxBT3FWHeR3TOsVqP8xUm98X99831oQT2XXMBTWQK1E0Oeoy-9RV3jVvUVswYMrIxqbgIBakdTewWSI2Byn2AoiQHNNHAbx03jVOZS3zs-KXZcPOYPI0586xTRsoVLCp9LbwLS2XzmqcbMhEA0yki1b593WOW8TM0PERbUTQg3FeilC63HIh1QAf3LEi79TnQTxk8jewo6HtHwgKIJJC_2KTjq-AXj7GhBN1Vkuc1FOHtmqcXTHXj0JZOb-BPYcLSxocS6rPirWsMK3YSYlr8tYilYvwWKEtkgoNLTOTRZorG5oeYLJZpy7HLax02IJ7pdCX76fDs3CJg40S8F6gs2tEpv_KjwBoqtExqUjfB8X0vyrKWFejM661S_vkefXr_15bkSlspYHcLhAqORcR5XnzAB6ZpAdS4eYlHbK-snCc3wKpQnuE-q1RtgyC176iKK2syjQBFASvySAhvBQImQH1wsXeAOiWVZEcAQFC-pquYp6p5bIoMVoHgEZEug9cwyC6GWQmt-wIbIEO0K5NUnxTlEC4g97NOrwd9bzmNYRuE4ijy8PArJCNaS53AOgOpPMDlR46YH5gRqBCoKMSgy25daFox2YiGgiO3QTe0wNwqnBNWttJ5QC9rJSMwhBUOcKVGgBpLaL29RV1Z-dwGdxCk_dGfKfi69-RghcAwBBk5lG5TYL7S4xOQnshe5CmUuj7An-idy1tr1IXtbWQvhl6Cx7q5OqCnawp3RBpr8jyamPYs8DJCtii9XBL-BAbHsdPb33jsoi-j8VIXm94-37wsHaDPsGF1eWi-8f1GkSEE0YGvlVr-rbP5c6XcdgtD4yb3qjHMON5zy5sWyGhXLSHNQCsyYHr3FTG2nnMt68cAob_SWG1IOUWwB8qxle8-M33FPOJ_biJpbnrbqj68GodBxfrFvyZ-AbndFIOrphL0RAkmYWzSQnHf3ByGVxEuxpgSNrHYKe6jRwCN1G415lJG8HvMWVF8NwPyu-I2hg_hV2p6QJ2pH29bvo6Y_ZQjvWAhOutuI9806lhiIoZyK4m6UfKNHs10cup6AaWt2k0xlmMnhxz80wz3tBYsvqQYAN7Q1UHW7ySpKzxooejHlVy1H0MR6h7PnL84WjLKmzskEvcisrW9lS6f6h1qu--EE7WJKNNmwIMpuGCgA6S97t-DzzqtLeG66Q7bsz2VHrToKKgVHGpdFwCJNRDFRsoyQSAKkl65Wib_JHi3YFe_6egJlfvkcddrGB0n8sSNU2rrJJscqwiPsXZktS776OrVBGHR0ro_YPAUI5OY4r1VDVbN6LrRsiNf6JMHiYQFaJZFAyrE9C-2i_yoZbNkQcB6or1WQOckWoILNkhD06Dcc33hAoOLjIaXUhXHBjqgp43XIW-AmBuN3rGItrfuTtfF95FGApVenxm-8GMqtYYx9nXOGLfNfAPEJ3wK_qqHPkgocRW1UM-XBVyWDqm_R9J1Y4KdYIxYwjr9HCznHirE10cB1-Cp-sN5-e0wDN9jNao5EM9k1uURbACds-Sm8oc&cid=CAQSPADUE5ymPec1S7-Z8JOYl4VKDkiw0fkyb1TJO9pAKjLpEWf379SEsEIGfuVbqmF8YWblP2KQZrPeoyxB_BgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fmestreemfinancas.com%2F&ds=l&xdt=1&iif=1&cor=3889981778502259700&adk=2307692975&idt=169&cac=0&dtd=6

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21c00ba9650b48539ed287a7e6e73b09f8c4d7dd898473beea676eaf25f3b50c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11440
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rid=esp&cc=1

85 B
203 B

125ms
125ms

Fetch
application/json

34.120.135.53
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rid=esp&cc=1
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Server: 34.120.135.53 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 53.135.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: b5a771fe8f2f55dafa966872c01aa3d3b2d1a4820b68d62d75ac7c77fe227f11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:02 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-t3B9+DaFvtmKuOUbgk6CrI5EBLE"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mestreemfinancas.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Wed, 22 Mar 2023 18:51:02 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://mestreemfinancas.com
location: /esp?url=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 0CA2 41 KB
15 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C4r8Z8Ag3X7iP1dPnHJiW8NVdYtRd74WMchNVwqflx20rjCOGEDwQGel3zhvBEZRIsE67SsjQas8UgCVaM0ocMqQkwaGLhXK0qV8A9gHJgzVJYC4knu3zFxnPpx1KPUbuF6pzacFPTtuYCGR2JL2afHMt8ld9qUSKlDs4DREqOliDBphU&cry=1&dbm_d=AKAmf-AQ5RzSQJ3oyx3oMozgETdfbekYgYD1P3yMkv5AO89UgaojPuGm3Zsgrk9oVcIXAB2wo6jCWG3XVR-FETzZTxLq9rqFH3cjyy8trPzkL6TtFJWg3kuYCusO3YIo37MECGLXVmFrzuCmsGEZnd9uXU9qCx9iNke-p6jI0gtFvq6zvCFPUcoYMWJo5bgE6ag2JQmlfUHLAep1zdF9Xah-RHs2tx3rY8nZQngIcFMoFlIU9X6EzwNi2hDdemSXGITb9tNaBzMzr40knqdWZzmGWx2d3-pJZjgt7uzAZi74yxs0C_zDblUBgJC8qyxCfZFiUkaQqHJjKnScHpBf53YgU5gRmZW81u4N5HwP8XZ8RyHYl8vmcw8KcwX9PrP_idWk6oYT9U4X_nKgLE-5O5jI5vw9PGZmtTvvq3gY576GRuOHdz2IenlD7RelIQiHMhO2GEbZIwtd_F5B8FVwQOx6ZNUD4bsw-CiyJjAVwUNy219l8ye-mRQYN4EjGdoQT55imtu9IeNh5tvv0DSgpPj0HJgxL4nKhA-Pc55wGcW7eJHfAkUHdvBDw4HG4nQt-bMiaIyrdmcKrlz73DHNIIKJ8y7qmj_iZLOcwC9R_yuoRKZMEW5PKDkJx3DcDC1kABWxnl12-BVmnTVzzcZ6wLUq2WkGQ8HiyTp-QKtvLXxx_AYZZtb8qfJ2kh3w0iiZDepNz-T6-VJGhdRFWpDYoIMokVRu-V1NfQUrg4INJornqWYceUXFwrtUntCEluGwTsk3cp3EYQRug0JKGUpHIVZMSCR5O7D3EI8C_s20o168bp6gV643PNPmvacDhZlYNxtv8H0_kD7m-Ap2oUq81nl20b3Jj0NseYgRk4KT7V_ZOz_TF8wgjO8eePNiR-HCmqhnInp9UX4cTRldeRWpb0f7hjeHYqOO9JQPeOwOM86uHyeGpdN_KTd-dJt9N_MnOPK5qU4GTwDvCu3rTk11lNNyYmcP0JRkCVZ09GCSb_OrciN0Vf-3_81oLfbgS7VFmZFDCJRyl3YgkezLyinySVRqD1DMCmUoYeSAXwSN1va10tzq3LPYQN963YZzR6eyQptqqg6DCKYzU-y-MhasP9TKA6kW_Pv7cdVvFTc3searCMA5i5PoJDXKNzjpPFgDfG0y1OsaMtap7BgGDRzG1GfjUJqDNA26BSEqA_IsSFgX-OxXF3K4WX_5Q2wgwHrT72lmSWdzB6o_pn_ezhiVEqbhRjBaEelVuWUYaSLrUKQDogMF4gjekA3icUrKzc610aE3i_OjuDHzo-B58R9MVojLZGahxTNk0A9Ewp3j9W-eIry5WdEIn28t5-IHgkCINiuQIHYzHldLWYJF4qwogzP3UIQ15RtwHJ4QJr5xIjSfYRBmqPxotNFJqfLubABW9ftiK74gOFI81HlXcJxe5YJ56UIGP8OhYPloH1q2z_dn1uEQb2uzeLsEMlm4gW-ngginQwO0muYm0A_L9gfq-H-5NEw6ec079liU0gYf3SYpBhLNDDcM7D3sbdSu3qAxbgiPZfujSBgSGeMzPo1oLJ3vWie-amRYiYMdSBRc90ZCVH3j96fLIPqYBLwgJsUNP6xL66XeavC_7Dby3WVK4YmXt6er-Sq0_0Y9z1eFFeI1bWrstbf6bMhlxBT3FWHeR3TOsVqP8xUm98X99831oQT2XXMBTWQK1E0Oeoy-9RV3jVvUVswYMrIxqbgIBakdTewWSI2Byn2AoiQHNNHAbx03jVOZS3zs-KXZcPOYPI0586xTRsoVLCp9LbwLS2XzmqcbMhEA0yki1b593WOW8TM0PERbUTQg3FeilC63HIh1QAf3LEi79TnQTxk8jewo6HtHwgKIJJC_2KTjq-AXj7GhBN1Vkuc1FOHtmqcXTHXj0JZOb-BPYcLSxocS6rPirWsMK3YSYlr8tYilYvwWKEtkgoNLTOTRZorG5oeYLJZpy7HLax02IJ7pdCX76fDs3CJg40S8F6gs2tEpv_KjwBoqtExqUjfB8X0vyrKWFejM661S_vkefXr_15bkSlspYHcLhAqORcR5XnzAB6ZpAdS4eYlHbK-snCc3wKpQnuE-q1RtgyC176iKK2syjQBFASvySAhvBQImQH1wsXeAOiWVZEcAQFC-pquYp6p5bIoMVoHgEZEug9cwyC6GWQmt-wIbIEO0K5NUnxTlEC4g97NOrwd9bzmNYRuE4ijy8PArJCNaS53AOgOpPMDlR46YH5gRqBCoKMSgy25daFox2YiGgiO3QTe0wNwqnBNWttJ5QC9rJSMwhBUOcKVGgBpLaL29RV1Z-dwGdxCk_dGfKfi69-RghcAwBBk5lG5TYL7S4xOQnshe5CmUuj7An-idy1tr1IXtbWQvhl6Cx7q5OqCnawp3RBpr8jyamPYs8DJCtii9XBL-BAbHsdPb33jsoi-j8VIXm94-37wsHaDPsGF1eWi-8f1GkSEE0YGvlVr-rbP5c6XcdgtD4yb3qjHMON5zy5sWyGhXLSHNQCsyYHr3FTG2nnMt68cAob_SWG1IOUWwB8qxle8-M33FPOJ_biJpbnrbqj68GodBxfrFvyZ-AbndFIOrphL0RAkmYWzSQnHf3ByGVxEuxpgSNrHYKe6jRwCN1G415lJG8HvMWVF8NwPyu-I2hg_hV2p6QJ2pH29bvo6Y_ZQjvWAhOutuI9806lhiIoZyK4m6UfKNHs10cup6AaWt2k0xlmMnhxz80wz3tBYsvqQYAN7Q1UHW7ySpKzxooejHlVy1H0MR6h7PnL84WjLKmzskEvcisrW9lS6f6h1qu--EE7WJKNNmwIMpuGCgA6S97t-DzzqtLeG66Q7bsz2VHrToKKgVHGpdFwCJNRDFRsoyQSAKkl65Wib_JHi3YFe_6egJlfvkcddrGB0n8sSNU2rrJJscqwiPsXZktS776OrVBGHR0ro_YPAUI5OY4r1VDVbN6LrRsiNf6JMHiYQFaJZFAyrE9C-2i_yoZbNkQcB6or1WQOckWoILNkhD06Dcc33hAoOLjIaXUhXHBjqgp43XIW-AmBuN3rGItrfuTtfF95FGApVenxm-8GMqtYYx9nXOGLfNfAPEJ3wK_qqHPkgocRW1UM-XBVyWDqm_R9J1Y4KdYIxYwjr9HCznHirE10cB1-Cp-sN5-e0wDN9jNao5EM9k1uURbACds-Sm8oc&cid=CAQSPADUE5ymPec1S7-Z8JOYl4VKDkiw0fkyb1TJO9pAKjLpEWf379SEsEIGfuVbqmF8YWblP2KQZrPeoyxB_BgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fmestreemfinancas.com%2F&ds=l&xdt=1&iif=1&cor=3889981778502259700&adk=2307692975&idt=169&cac=0&dtd=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 09:39:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 292301
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Mar 2024 09:39:21 GMT

GET
H2

200

adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame 0CA2
Redirect Chain

https://fw.adsafeprotected.com/rfw/bgd/1135760/69474538/xbbe/creative/adj?p=APEucNXYmfPfoTjVmlF1Jd08IEchMLhOXyCx7g9zBnXZB--j0HxovnQ&d=CokBAKAmf-DSJ4I01GV5e23kZ9VX8YhZVDgmsF-zFLrCHeyxnokK7o6PM2dUHbS...
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNXYmfPfoTjVmlF1Jd08IEchMLhOXyCx7g9zBnXZB--j0HxovnQ&d=CokBAKAmf-DSJ4I01GV5e23kZ9VX8YhZVDgmsF-zFLrCHeyxnokK7o6PM2dUHbSgcS7FazX0DGSMXvMbkHdyslnnc...

67 KB
24 KB

120ms
49ms

Script
text/javascript

64.233.167.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNXYmfPfoTjVmlF1Jd08IEchMLhOXyCx7g9zBnXZB--j0HxovnQ&d=CokBAKAmf-DSJ4I01GV5e23kZ9VX8YhZVDgmsF-zFLrCHeyxnokK7o6PM2dUHbSgcS7FazX0DGSMXvMbkHdyslnnc5qUqhWXAo33QVpfSHoDWfbjgYhAA_cTXjccJF1Fgt4kdCFBPV-zKRk3JabK7RQ9HOoTosqoyFYB_oytjBtAzT7j50G1y0bJgZkSmRUAoCZ_4FV1v5TXKPWRqk5VKvl-oYmgTavdCyNQ65NhckK3bsJ_uPLe84Dr61IzPNnJP0U505lUFxR4kPrGphO6ZeJLeNpReeAhrskbgx7-IK29imUa8u4kCcHdW5uEzWUcpgW1r7V60bmCZza1ogL46ZyfaGzRICgRHsArLBA0N18hyz7e8A8yASYMS-meOoJQUPorx-Nyk2Q0vHxGwCVPZoKwPeryHqrtPoIyHlHQUcv_Vb_7yUOinMpmLewfFKaQhepEHZaqePfW5jvNePGNU9Pzpdv08tFJ3P5Ab2BXRXxD2iEw3tchqrnpiZwSE2kj2eDulxwrRPTdh8VwJ0QsAoxutysW_zYpPvqIY_JUMPCKHE8wzkHIslXUPTpU18zotou_e1egItKEpnRvokKz_B8BHMovWY5xN5HCG1Fqt1udyAuZzmmmM9FLnlFkGMk_Vw1lvG3burwYYHIA5MVXH8OUVfLhX6DtsY1ZLB1JRv2JuaUcgNDTSZwFLDNVtekxnwNIBLLJb1ChLwcu3P15_jnyafR_wh_5YQH6Vx7HEvLwUi2qBrduCUPfAKYrt8sh1K-Oy0unASBjg1LHR-8WBFbDu3Hn2wpf76C2arYtDlgWs0TxbGsLPNGdB6SHjpaES-ZmUNyEubpKUJs0GafZ9e1d-V8lmj4_-FkR4KuY9KkqGMxUPSQ4LnGANkvCqucTstVCXzQfVUNhKPGohxYaKFgnazvCL_EIS1QM5GBXwcNVEInHqCinVYaLR70gMzUVDsEEZOfhOR2YFpmzrDNxug47yqhsjvgzhQGOXtQaF-mMTcwxWt0gvzD2Nc3LXWWfBTnYQ968Fbi1UpaMI0oFW_DUb9JNeViXwXU_vi3T5RHjou1mck0rGKds_SwtmaJSRUBfBaA7md45kQ8VCHxRTNBxpUfF6yprbp0ZlYwLbSUYZN5DXpyh2JyURy5ZapQq5NDaSjX-H_AmVws29O5LNu8aEaV-3xg8mYHxL0pWGOro9iVdBzG_qBvx2ON7t229AYX6fNt44mCQfpoW2NAjRITTl_csv9Ip-YEWyBNjqHWba9mqATP6lPUlohw5ie3BiBX-b8Ph0RuUsaLIf7iO2PesUIqb4MgZJNA7yVpyYwsFtJ0fIv0gIwVveF0DFwlJtc5-rvuDF74kdqiqg4sVmNd3d4i63eKlOL655EKAE676QN_Vwk5I0DO6r5VyEyClLrtKFdmvN2pi4ajULfvzE4ORdBkQpoew9iQKXDxlbESLMsVtZSDVVTP-qbh_DeqDy8IXS5zzRwixc8uN-rEjxwc6apSgv08qB6PgIorr301AcAx1XhmEECuGFile8lf9mxaD8zCK4E24AIe6xmSBUKa7mbKw2Lho1yMl5lNnhqDRJmkyHRax39sbeIk2yKrBCmxgQ3P7Bl49X-TiqrHQOla_ds35Q4imN73qfCOUP-THTEq46t-O6gBdgI6cH9MitA0Z4zT8aMcqqnUuF8xChA-uVBxz-xakA_Awyw4mFrfY2kWnM0WQEVI810eVzyC5LLV8V0YGUUNXp1esaXYG0rCT9ZTUcAQaqASGb4vQ6-LVZzP_ZJDNp1_I3NYBbtnet5jB5HMwSNPVRiW70h-zYRKm7_hrPO-PRmJIvneLTt9SpTyh6lrjfeUmo4Xh204qXUEfTRFadDTOS4jkqtWsWndpgglKQ0ILLLSn2gvwiXmHfL0YhNFTt34hjxn165UZJ1BE7eWYGfk31b9HjYbyGhqkyu8fxIrrUTOGGpTLBxu21pRMWruJc_Gn1Z1drVArGbitO6jk-DwoS3w08ZRL2-WPIJ6qU7uznm9JlchIkgqsUuTz6u4Q6_vekezlICVyymOcK9yXWUtXyQzl2TcyCg0Xe1MpF6ZxPB0wZaCyRPzZqix3qgHYBtmza2bDsx-i_h_1VGvwc2eFnyDRYOL6HymobmM1YY3wO8lLGXc1nONRbQAJuWCEpEMQ_4ZqMOpUhacpJLvbdoRG9k2yJ7GwfDgx32na4YaBhcgOHftsUgvkisIYoZHpcjiSScVUxmyjY5ucFGpfQZ0bg8naVY1SD0Cy4fcR07nPTIWA7-VSChgSxucsm4w5WdOon-3M45s-VR0WR29blQd0FZ8upHiiZ4BsASuLKzbJ6IYJ_W9QodeoGWKKQYmbs6sODUMsBV1eM1ipIJgXbV2Ma-lvxOdvVsb2etiBzJALgWTqa_2UOJUaSkyxWPndax_AFPdgVCP5dqgLS57gL1O_9U-wMtgYzkUqWu92wYuXi-Ipq3fbClEw4aU6euqoeUsxcCm-XCC7Cw9Hri6QvAziVqVYHr6exKybqMTQM0YWGAhCg45UpuKwH47vJ967m6bXnafc4M_fNhvNkdCKKIJjR3hcfHNMUZzQAcul_3iqQFxJvhVR1s5KOUuHksEeMP7kyQRf8drYI-eY074s9KFPGDU9YCrGoC4o7TE3IZmxr6oYmncWVPW83ui0oYKBJyx9CUaUfTpxV0zQmj6pXu1nx8f23hPepoY161eRgdCXnaGdOrCup8MhtHyUMTheh6q6wKqG7jNUSis9lK96OCpiJfmHl0sKVr0REX3A8TluDfwXHZGlGB69DEbOVlK_a-YsBxUbefLZUzvKYw4HY4cMZz-66wkbvpKlDwa1_beHvdqwFlJ8BES3YhcFnDwOLq1DNrQ3ju0T1-BpJWiUHvElvftCTN-Og-hDHk71Q_t3Nb-VHT2Cm8bMlLR2TuowANswz8i6Z6ObqlssgE8JbVUNM7Usi1VVwX_ZS-IaqsJ-9l3EQtXEtFY5sr869fgOWZJjCTdIZOun5R_RWSgkUsyGG9wT9wlvTidK1WITICvLkLcBOPfnfzvdvp59dWEwZUJwh35K7pEpB7ikNde-dd0iUL9sBhWyI3UleDkkF_naJuHE9HbM1RtJI8vdaLTZR6lNRr3FNPDsFi_tMkJrKB0NulExlkAhCxeznnhaZ6DMX5qljacoX3efg2R_1vcmjR1vLEEichvFE11949erx8Scl4PAchOw4tLJDbzF2ldTPkSqe348q2inC3kakLAuog81vLDJqetdgjAUHWxiCm5ikxYfKFuiK5c6ZdfLWzTqTbXqPaX625a7t8feyZS7UPmAZuE7EW5Pwbh3kAtaqG292qsFZoNG9ySSVIL7QpOudOjxtU2qIZoQlweGPD3KOP-gPJ1HloaiKXMd-EK09LDPMVt0SYDpc5fRZpuv37ZUBq-KrAO8-PQ66R-T-UWAOMjcaea6kk4BJ_wDyEvNDa-k2PWnGgLel9uTbL-daz7vRdAYesyZDf1Nx_drF1kY34brLWB5plN9-qZpH4MRwZe4u1CZejXYOVLEIOtvqGu1RY54r21mHT0ErMoiBuVKO0xGwFPc2peQ6uNxiQXt70klE-IMVb3MEosVm8Y6WHYfax7TS5W2eg46RJ5pCSWYDHhgXcXzWTp4529UrVk_R4Bj8mruC5c1g0ihWIUr1MsFzpAjZ1fyrdUOyTNvmqp0vtQ9Oj9LqjvKsxjgowBWqFJQglYNq-Zoo-OTjCGVW3DpJrrQkaLO0i0kAdAQfm80X4iDWeakMsMsExzrQcLUT-m9ClfmhOZX2QNuHafikVfxGkIIBBI8ANQTnKY95zVLv5nwk5iXhUoOSLDR-TJvVMk72kAqMukRZ_fv1ISwQgZ-5VuqYXxhZuU_YpBms96jLEH8GAFgAQ&bundleId=

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

64.233.167.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wl-in-f154.1e100.net

Software

cafe /

Resource Hash

7e872bcb41e1b99a011cd045d6ab03f2151f126e5b5c999f252016d37bcb87a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23823
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:02 GMT
server: nginx
x-server-name: app13.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNXYmfPfoTjVmlF1Jd08IEchMLhOXyCx7g9zBnXZB--j0HxovnQ&d=CokBAKAmf-DSJ4I01GV5e23kZ9VX8YhZVDgmsF-zFLrCHeyxnokK7o6PM2dUHbSgcS7FazX0DGSMXvMbkHdyslnnc5qUqhWXAo33QVpfSHoDWfbjgYhAA_cTXjccJF1Fgt4kdCFBPV-zKRk3JabK7RQ9HOoTosqoyFYB_oytjBtAzT7j50G1y0bJgZkSmRUAoCZ_4FV1v5TXKPWRqk5VKvl-oYmgTavdCyNQ65NhckK3bsJ_uPLe84Dr61IzPNnJP0U505lUFxR4kPrGphO6ZeJLeNpReeAhrskbgx7-IK29imUa8u4kCcHdW5uEzWUcpgW1r7V60bmCZza1ogL46ZyfaGzRICgRHsArLBA0N18hyz7e8A8yASYMS-meOoJQUPorx-Nyk2Q0vHxGwCVPZoKwPeryHqrtPoIyHlHQUcv_Vb_7yUOinMpmLewfFKaQhepEHZaqePfW5jvNePGNU9Pzpdv08tFJ3P5Ab2BXRXxD2iEw3tchqrnpiZwSE2kj2eDulxwrRPTdh8VwJ0QsAoxutysW_zYpPvqIY_JUMPCKHE8wzkHIslXUPTpU18zotou_e1egItKEpnRvokKz_B8BHMovWY5xN5HCG1Fqt1udyAuZzmmmM9FLnlFkGMk_Vw1lvG3burwYYHIA5MVXH8OUVfLhX6DtsY1ZLB1JRv2JuaUcgNDTSZwFLDNVtekxnwNIBLLJb1ChLwcu3P15_jnyafR_wh_5YQH6Vx7HEvLwUi2qBrduCUPfAKYrt8sh1K-Oy0unASBjg1LHR-8WBFbDu3Hn2wpf76C2arYtDlgWs0TxbGsLPNGdB6SHjpaES-ZmUNyEubpKUJs0GafZ9e1d-V8lmj4_-FkR4KuY9KkqGMxUPSQ4LnGANkvCqucTstVCXzQfVUNhKPGohxYaKFgnazvCL_EIS1QM5GBXwcNVEInHqCinVYaLR70gMzUVDsEEZOfhOR2YFpmzrDNxug47yqhsjvgzhQGOXtQaF-mMTcwxWt0gvzD2Nc3LXWWfBTnYQ968Fbi1UpaMI0oFW_DUb9JNeViXwXU_vi3T5RHjou1mck0rGKds_SwtmaJSRUBfBaA7md45kQ8VCHxRTNBxpUfF6yprbp0ZlYwLbSUYZN5DXpyh2JyURy5ZapQq5NDaSjX-H_AmVws29O5LNu8aEaV-3xg8mYHxL0pWGOro9iVdBzG_qBvx2ON7t229AYX6fNt44mCQfpoW2NAjRITTl_csv9Ip-YEWyBNjqHWba9mqATP6lPUlohw5ie3BiBX-b8Ph0RuUsaLIf7iO2PesUIqb4MgZJNA7yVpyYwsFtJ0fIv0gIwVveF0DFwlJtc5-rvuDF74kdqiqg4sVmNd3d4i63eKlOL655EKAE676QN_Vwk5I0DO6r5VyEyClLrtKFdmvN2pi4ajULfvzE4ORdBkQpoew9iQKXDxlbESLMsVtZSDVVTP-qbh_DeqDy8IXS5zzRwixc8uN-rEjxwc6apSgv08qB6PgIorr301AcAx1XhmEECuGFile8lf9mxaD8zCK4E24AIe6xmSBUKa7mbKw2Lho1yMl5lNnhqDRJmkyHRax39sbeIk2yKrBCmxgQ3P7Bl49X-TiqrHQOla_ds35Q4imN73qfCOUP-THTEq46t-O6gBdgI6cH9MitA0Z4zT8aMcqqnUuF8xChA-uVBxz-xakA_Awyw4mFrfY2kWnM0WQEVI810eVzyC5LLV8V0YGUUNXp1esaXYG0rCT9ZTUcAQaqASGb4vQ6-LVZzP_ZJDNp1_I3NYBbtnet5jB5HMwSNPVRiW70h-zYRKm7_hrPO-PRmJIvneLTt9SpTyh6lrjfeUmo4Xh204qXUEfTRFadDTOS4jkqtWsWndpgglKQ0ILLLSn2gvwiXmHfL0YhNFTt34hjxn165UZJ1BE7eWYGfk31b9HjYbyGhqkyu8fxIrrUTOGGpTLBxu21pRMWruJc_Gn1Z1drVArGbitO6jk-DwoS3w08ZRL2-WPIJ6qU7uznm9JlchIkgqsUuTz6u4Q6_vekezlICVyymOcK9yXWUtXyQzl2TcyCg0Xe1MpF6ZxPB0wZaCyRPzZqix3qgHYBtmza2bDsx-i_h_1VGvwc2eFnyDRYOL6HymobmM1YY3wO8lLGXc1nONRbQAJuWCEpEMQ_4ZqMOpUhacpJLvbdoRG9k2yJ7GwfDgx32na4YaBhcgOHftsUgvkisIYoZHpcjiSScVUxmyjY5ucFGpfQZ0bg8naVY1SD0Cy4fcR07nPTIWA7-VSChgSxucsm4w5WdOon-3M45s-VR0WR29blQd0FZ8upHiiZ4BsASuLKzbJ6IYJ_W9QodeoGWKKQYmbs6sODUMsBV1eM1ipIJgXbV2Ma-lvxOdvVsb2etiBzJALgWTqa_2UOJUaSkyxWPndax_AFPdgVCP5dqgLS57gL1O_9U-wMtgYzkUqWu92wYuXi-Ipq3fbClEw4aU6euqoeUsxcCm-XCC7Cw9Hri6QvAziVqVYHr6exKybqMTQM0YWGAhCg45UpuKwH47vJ967m6bXnafc4M_fNhvNkdCKKIJjR3hcfHNMUZzQAcul_3iqQFxJvhVR1s5KOUuHksEeMP7kyQRf8drYI-eY074s9KFPGDU9YCrGoC4o7TE3IZmxr6oYmncWVPW83ui0oYKBJyx9CUaUfTpxV0zQmj6pXu1nx8f23hPepoY161eRgdCXnaGdOrCup8MhtHyUMTheh6q6wKqG7jNUSis9lK96OCpiJfmHl0sKVr0REX3A8TluDfwXHZGlGB69DEbOVlK_a-YsBxUbefLZUzvKYw4HY4cMZz-66wkbvpKlDwa1_beHvdqwFlJ8BES3YhcFnDwOLq1DNrQ3ju0T1-BpJWiUHvElvftCTN-Og-hDHk71Q_t3Nb-VHT2Cm8bMlLR2TuowANswz8i6Z6ObqlssgE8JbVUNM7Usi1VVwX_ZS-IaqsJ-9l3EQtXEtFY5sr869fgOWZJjCTdIZOun5R_RWSgkUsyGG9wT9wlvTidK1WITICvLkLcBOPfnfzvdvp59dWEwZUJwh35K7pEpB7ikNde-dd0iUL9sBhWyI3UleDkkF_naJuHE9HbM1RtJI8vdaLTZR6lNRr3FNPDsFi_tMkJrKB0NulExlkAhCxeznnhaZ6DMX5qljacoX3efg2R_1vcmjR1vLEEichvFE11949erx8Scl4PAchOw4tLJDbzF2ldTPkSqe348q2inC3kakLAuog81vLDJqetdgjAUHWxiCm5ikxYfKFuiK5c6ZdfLWzTqTbXqPaX625a7t8feyZS7UPmAZuE7EW5Pwbh3kAtaqG292qsFZoNG9ySSVIL7QpOudOjxtU2qIZoQlweGPD3KOP-gPJ1HloaiKXMd-EK09LDPMVt0SYDpc5fRZpuv37ZUBq-KrAO8-PQ66R-T-UWAOMjcaea6kk4BJ_wDyEvNDa-k2PWnGgLel9uTbL-daz7vRdAYesyZDf1Nx_drF1kY34brLWB5plN9-qZpH4MRwZe4u1CZejXYOVLEIOtvqGu1RY54r21mHT0ErMoiBuVKO0xGwFPc2peQ6uNxiQXt70klE-IMVb3MEosVm8Y6WHYfax7TS5W2eg46RJ5pCSWYDHhgXcXzWTp4529UrVk_R4Bj8mruC5c1g0ihWIUr1MsFzpAjZ1fyrdUOyTNvmqp0vtQ9Oj9LqjvKsxjgowBWqFJQglYNq-Zoo-OTjCGVW3DpJrrQkaLO0i0kAdAQfm80X4iDWeakMsMsExzrQcLUT-m9ClfmhOZX2QNuHafikVfxGkIIBBI8ANQTnKY95zVLv5nwk5iXhUoOSLDR-TJvVMk72kAqMukRZ_fv1ISwQgZ-5VuqYXxhZuU_YpBms96jLEH8GAFgAQ&bundleId=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 6E46 91 KB
23 KB 46ms
12ms Script
application/javascript 2600:9000:223f:6200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:6200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 0afa2d721972ae312ad1dd54e47c43ca.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 15736486
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: lSoooRzYqJQZF-rIi47odPuUhZho3OndAoPp9rmxB8HglEkn0N1k2Q==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0CA2 43 B
216 B 397ms
188ms Image
image/gif 2600:1f18:1aca:4280:a733:75de:e8c8:e5e
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=a340315b-f384-17cd-fd0d-8d2dba3b71fd&tv=%7Bc:7CmN9o,pingTime:-3,time:46,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:18%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:46,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B39~0%5D,as:%5B39~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzgdg84+11%7C121*.1135760-69474538%7C1211,idMap:121*,rmeas:1,rend:0,renddet:IMG.us,siq:19%7D&br=c
Requested by: Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:a733:75de:e8c8:e5e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:02 GMT
server: nginx
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012302271541000/ Frame 487F 221 KB
61 KB 77ms
15ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302271541000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ae9552d446982cedbbeb56c92ec7461d79f2e7734efa66bd0633e095b12d645

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 18 Mar 2023 03:24:11 GMT
age: 401211
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61845
x-xss-protection: 0
server: sffe
etag: "4fba9ccee66ca96a"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 17 Mar 2024 03:24:11 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012302271541000/v0/ Frame 487F 15 KB
5 KB 107ms
44ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302271541000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46b2829524e1ffcfacb15998bbe38941bfbf6110ce8f028d8117efcdbd8273fb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 22 Mar 2023 10:06:00 GMT
age: 31502
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5236
x-xss-protection: 0
server: sffe
etag: "cedf9691907d886d"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Mar 2024 10:06:00 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012302271541000/v0/ Frame 487F 94 KB
28 KB 107ms
45ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302271541000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e76a81d16824d3288fd16917a64dd4ed831b530e14f9f9e37b56d014eb585f5e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 22 Mar 2023 10:06:00 GMT
age: 31502
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28954
x-xss-protection: 0
server: sffe
etag: "eb54a928dd76f593"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Mar 2024 10:06:00 GMT

GET
H2 200 amp-animation-0.1.mjs Show response
cdn.ampproject.org/rtv/012302271541000/v0/ Frame 487F 72 KB
16 KB 109ms
47ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302271541000/v0/amp-animation-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ddafac08c28dd6edcc4a9c5658ef4767f9156e75304d2d1d6e9c624b78b0205

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 22 Mar 2023 18:05:11 GMT
age: 2751
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16681
x-xss-protection: 0
server: sffe
etag: "dc42aae9f5ef3ced"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Mar 2024 18:05:11 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012302271541000/v0/ Frame 487F 5 KB
2 KB 93ms
31ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302271541000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

58788a30af68f92836329a22bed11ee437cdcc310cc9697f53d7a06142ad1416

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 17 Mar 2023 22:43:59 GMT
age: 418023
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1898
x-xss-protection: 0
server: sffe
etag: "aaf5c93962f41d5e"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 16 Mar 2024 22:43:59 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012302271541000/v0/ Frame 487F 40 KB
13 KB 94ms
33ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302271541000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b150d9b4151f7cd309c4c7808de642e3030efcdbc40f3bec35ae1c87e17b111a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 22 Mar 2023 10:06:00 GMT
age: 31502
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12965
x-xss-protection: 0
server: sffe
etag: "2e1a930b1f14d060"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 21 Mar 2024 10:06:00 GMT

GET
DATA 200
OK truncated
/ Frame 487F 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f9e9b20211c9edf0ad052066d3c4c27ae46bd1089b8ec3ea6eb3a7d24e1a42b3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pt.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 487F 3 KB
3 KB 20ms
19ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/pt.png

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

744b436600cd35e7898be8843c04c1115c45bf08143d085ac149e8c4f8151e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:12 GMT
x-content-type-options: nosniff
server: cafe
age: 2750
etag: 7735524722462771930
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2886
x-xss-protection: 0
expires: Thu, 23 Mar 2023 18:05:12 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 487F 344 B
368 B 22ms
22ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:11 GMT
x-content-type-options: nosniff
server: cafe
age: 2751
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Thu, 23 Mar 2023 18:05:11 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 487F 0
0 26ms
25ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSkaEZKg5diNWSIKD-mPlRqDu2zPu_NafECrW2XGUM_SszPb_fk7FZ33cKIl7ki0_glTvxzV4jhtrYwnh6c23SBCw_gTA
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 487F 0
0 59ms
58ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CJNL6Fk4bZNP_EsGP9fgPraiQiAn5jdqBa5HenojuDZ-73-GVDhABIKSdl48BYJW6-IGUB6AB_o-mpAPIAQmpAiEo4kwCLLI-4AIAqAMByAMIqgStAk_QYqMd8i9yDNoaUzXPiK-horWxo4iYo0WegcCdP_cg8i-tOEh9XORfp_p9rh_XquEiE-T2PcYd-NtwuNRXTm4GSTnw0MwsqooprWSQHvb4NILB3oAVgWHqA2ifeNpHhFUiWhAsztDDFzsWZwuZbTtiqthGxWAQ5Js625sEFegKglqVPQXVT3Jii2PyLK7Tm5Ky1nMOYwctgTNYBHGMZgj28LFYCxPOFhg6Jqc0lHitu1RkPqGqvBkAUeCZ-uZ_nQixBOaFS-gJjg064u58FMr-D3_hYz9qT6L07SlZTBlZKJ7IRhkWQhbUqzA-W6VTD1NIC8W4rTYx8ORUXp59gz7kXLcozWsCbvKLgljyZA7NPM_cLtdSkQOE_N3kMMyxHrW7s8oPyLXJLKgVAq7ABPjb7ZzMA-AEAZIFBAgEGAGSBQQIBRgEoAYugAfq79lbqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwUQzuT5AtIIEQiA4YAQEAEYHTICqgI6AoBAgAoDyAsB2BMN0BUBmBYBgBcBshceChwIABIUcHViLTg1MTk1NjY0MDE4NTEyMzYY09p-&sigh=tOlw_N7-x2g&uach_m=[UACH]&cid=CAQSOwDUE5ymlcVziBqhbkrcsq8__mT4gOOstgieWOcKDNrC9JhZHaKupI9-8zuCh3HY-tHXGDmeOq21FDRIGAE&template_id=419
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 487F 10 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 10ebe2013540c0d4e93a8d132c7e384a52172bfe6de20963e43c409a6d89879f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ Frame 487F 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ce92043dc86060bfa35affc280667303411c99977cf1639940f9c70231cda7b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 487F 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d331cc394fa5496c0ebc6d08b8a8bdfd297c3b92498c2edff81413c97ca82247

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 487F 9 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 81fa7554f0798e9f2291757a2876e512dadea7f8ab0a0f8fb2bff31f9931eb0f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0CA2 43 B
215 B 364ms
190ms Image
image/gif 2600:1f18:1aca:4280:a733:75de:e8c8:e5e
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=a340315b-f384-17cd-fd0d-8d2dba3b71fd&tv=%7Bc:7CmN9V,pingTime:-6,time:79,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:79,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B72~0%5D,as:%5B72~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzgdg84+11%7C121*.1135760-69474538%7C1211,idMap:121*,rmeas:1,rend:0,renddet:IMG.us,siq:19%7D&tpiLookup=ao:mestreemfinancas.com*%2Cf885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com*&br=c
Requested by: Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:a733:75de:e8c8:e5e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
server: nginx
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 1897808950573752 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 147ms
147ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1897808950573752?v=2.9.99&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8ef645c73a2e07d368aa41f762a2c1c8b94fff9116a06e66f506dce23f8e4fcb

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 22 Mar 2023 18:51:02 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: PF8sIcxGijvKpdY5Im8p3+gKqvk27c19en1ykWYt+/NGRZLT8IaxRCU7YcPoJuJJqtwxtqAbtaLTIlz3CBPKXQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0CA2 43 B
215 B 352ms
189ms Image
image/gif 2600:1f18:1aca:4280:a733:75de:e8c8:e5e
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=a340315b-f384-17cd-fd0d-8d2dba3b71fd&tv=%7Bc:7CmNa7,pingTime:-2,time:91,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:316,beZ:317,mfA:320,cmA:321,inA:322,inZ:325,prA:325,prZ:329,si:335,poA:336,poZ:360,cmZ:360,mfZ:360,loA:395,loZ:398,ltA:407,ltZ:407%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:18%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:91,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B84~0%5D,as:%5B84~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzgdg84+11%7C121*.1135760-69474538%7C1211,idMap:121*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:IMG.us,siq:19,sinceFw:71,readyFired:false%7D&br=c
Requested by: Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:a733:75de:e8c8:e5e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:02 GMT
server: nginx
x-server-name: dt13.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5E1C 22 KB
8 KB 15ms
15ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 363892
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 13:46:10 GMT
expires: Sun, 17 Mar 2024 13:46:10 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 4147 15 KB
6 KB 88ms
29ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=mestreemfinancas.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

aeb779d96af4bfa1b664c203d52fbd9ef573b84a31b34314668325fc784e1b13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mestreemfinancas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:51:02 GMT
server: Kestrel
server-processing-duration-in-ticks: 956729
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 5E1C 36 KB
14 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fb29d4a25891606c32c76a3971a06ceb33d2750c966578813492dec8d38b851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 19:27:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 170637
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14330
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 19 Mar 2024 19:27:05 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 4147
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=mestreemfinancas.com&sn=ChromeSyncframe&so=0&topUrl=mestreemfinancas.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=6-VDLHxQK1FmS1k2QVJ5QlBTdy9KbnRQVVdLd2RkNXhIQ0pmbUdQZlR0S3Z5UUhNNTAyLzU2WmJFcEtFYjhzYjhzZFJDK2hZZjB3aDZJVUw1WHBwNGhwalpvVkRaZkU0UXVxems1N0JJNDhLRGVreStIN1VDbWRtdTIrV3...

454 B
678 B

624ms
78ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=6-VDLHxQK1FmS1k2QVJ5QlBTdy9KbnRQVVdLd2RkNXhIQ0pmbUdQZlR0S3Z5UUhNNTAyLzU2WmJFcEtFYjhzYjhzZFJDK2hZZjB3aDZJVUw1WHBwNGhwalpvVkRaZkU0UXVxems1N0JJNDhLRGVreStIN1VDbWRtdTIrV3F2dE9DaDd4Z1Y1TmJ2bmtzREU1TlcrMHpyaGZ0T2hzMlhOdEN6d2RHZ1ZpNER6T05LQ25kTWZDRFNGdGVYSTJDM050MExZcW55Rk4reUFCbTRHWTRUalh4aVEyRXZRN05qWUFFQy9nYkNXaFFpT0pQbklLa1BINUppT29uSmZHRWxzN205Z0FNN3BqbzFvejQ4Y3kwdWs1REJsMTZ5cExlenc4SDN6d3RXT21zS0wxUGdNaz18&cppv=2

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ad607374c2c044d3ee8bdec9f171f55d720788e422c08257a75a61cc8055d158

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:02 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 42547452
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:02 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=6-VDLHxQK1FmS1k2QVJ5QlBTdy9KbnRQVVdLd2RkNXhIQ0pmbUdQZlR0S3Z5UUhNNTAyLzU2WmJFcEtFYjhzYjhzZFJDK2hZZjB3aDZJVUw1WHBwNGhwalpvVkRaZkU0UXVxems1N0JJNDhLRGVreStIN1VDbWRtdTIrV3F2dE9DaDd4Z1Y1TmJ2bmtzREU1TlcrMHpyaGZ0T2hzMlhOdEN6d2RHZ1ZpNER6T05LQ25kTWZDRFNGdGVYSTJDM050MExZcW55Rk4reUFCbTRHWTRUalh4aVEyRXZRN05qWUFFQy9nYkNXaFFpT0pQbklLa1BINUppT29uSmZHRWxzN205Z0FNN3BqbzFvejQ4Y3kwdWs1REJsMTZ5cExlenc4SDN6d3RXT21zS0wxUGdNaz18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 745515
content-length: 0
expires: 0

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 0CA2 106 KB
37 KB 69ms
20ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
Origin: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2751
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 18:05:11 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230320/r20110914/elements/html/ Frame 0CA2 11 KB
4 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230320/r20110914/elements/html/omrhp.js

Requested by

Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/1135760/69474538/xbbe/creative/adj?p=APEucNXYmfPfoTjVmlF1Jd08IEchMLhOXyCx7g9zBnXZB--j0HxovnQ&d=CokBAKAmf-DSJ4I01GV5e23kZ9VX8YhZVDgmsF-zFLrCHeyxnokK7o6PM2dUHbSgcS7FazX0DGSMXvMbkHdyslnnc5qUqhWXAo33QVpfSHoDWfbjgYhAA_cTXjccJF1Fgt4kdCFBPV-zKRk3JabK7RQ9HOoTosqoyFYB_oytjBtAzT7j50G1y0bJgZkSmRUAoCZ_4FV1v5TXKPWRqk5VKvl-oYmgTavdCyNQ65NhckK3bsJ_uPLe84Dr61IzPNnJP0U505lUFxR4kPrGphO6ZeJLeNpReeAhrskbgx7-IK29imUa8u4kCcHdW5uEzWUcpgW1r7V60bmCZza1ogL46ZyfaGzRICgRHsArLBA0N18hyz7e8A8yASYMS-meOoJQUPorx-Nyk2Q0vHxGwCVPZoKwPeryHqrtPoIyHlHQUcv_Vb_7yUOinMpmLewfFKaQhepEHZaqePfW5jvNePGNU9Pzpdv08tFJ3P5Ab2BXRXxD2iEw3tchqrnpiZwSE2kj2eDulxwrRPTdh8VwJ0QsAoxutysW_zYpPvqIY_JUMPCKHE8wzkHIslXUPTpU18zotou_e1egItKEpnRvokKz_B8BHMovWY5xN5HCG1Fqt1udyAuZzmmmM9FLnlFkGMk_Vw1lvG3burwYYHIA5MVXH8OUVfLhX6DtsY1ZLB1JRv2JuaUcgNDTSZwFLDNVtekxnwNIBLLJb1ChLwcu3P15_jnyafR_wh_5YQH6Vx7HEvLwUi2qBrduCUPfAKYrt8sh1K-Oy0unASBjg1LHR-8WBFbDu3Hn2wpf76C2arYtDlgWs0TxbGsLPNGdB6SHjpaES-ZmUNyEubpKUJs0GafZ9e1d-V8lmj4_-FkR4KuY9KkqGMxUPSQ4LnGANkvCqucTstVCXzQfVUNhKPGohxYaKFgnazvCL_EIS1QM5GBXwcNVEInHqCinVYaLR70gMzUVDsEEZOfhOR2YFpmzrDNxug47yqhsjvgzhQGOXtQaF-mMTcwxWt0gvzD2Nc3LXWWfBTnYQ968Fbi1UpaMI0oFW_DUb9JNeViXwXU_vi3T5RHjou1mck0rGKds_SwtmaJSRUBfBaA7md45kQ8VCHxRTNBxpUfF6yprbp0ZlYwLbSUYZN5DXpyh2JyURy5ZapQq5NDaSjX-H_AmVws29O5LNu8aEaV-3xg8mYHxL0pWGOro9iVdBzG_qBvx2ON7t229AYX6fNt44mCQfpoW2NAjRITTl_csv9Ip-YEWyBNjqHWba9mqATP6lPUlohw5ie3BiBX-b8Ph0RuUsaLIf7iO2PesUIqb4MgZJNA7yVpyYwsFtJ0fIv0gIwVveF0DFwlJtc5-rvuDF74kdqiqg4sVmNd3d4i63eKlOL655EKAE676QN_Vwk5I0DO6r5VyEyClLrtKFdmvN2pi4ajULfvzE4ORdBkQpoew9iQKXDxlbESLMsVtZSDVVTP-qbh_DeqDy8IXS5zzRwixc8uN-rEjxwc6apSgv08qB6PgIorr301AcAx1XhmEECuGFile8lf9mxaD8zCK4E24AIe6xmSBUKa7mbKw2Lho1yMl5lNnhqDRJmkyHRax39sbeIk2yKrBCmxgQ3P7Bl49X-TiqrHQOla_ds35Q4imN73qfCOUP-THTEq46t-O6gBdgI6cH9MitA0Z4zT8aMcqqnUuF8xChA-uVBxz-xakA_Awyw4mFrfY2kWnM0WQEVI810eVzyC5LLV8V0YGUUNXp1esaXYG0rCT9ZTUcAQaqASGb4vQ6-LVZzP_ZJDNp1_I3NYBbtnet5jB5HMwSNPVRiW70h-zYRKm7_hrPO-PRmJIvneLTt9SpTyh6lrjfeUmo4Xh204qXUEfTRFadDTOS4jkqtWsWndpgglKQ0ILLLSn2gvwiXmHfL0YhNFTt34hjxn165UZJ1BE7eWYGfk31b9HjYbyGhqkyu8fxIrrUTOGGpTLBxu21pRMWruJc_Gn1Z1drVArGbitO6jk-DwoS3w08ZRL2-WPIJ6qU7uznm9JlchIkgqsUuTz6u4Q6_vekezlICVyymOcK9yXWUtXyQzl2TcyCg0Xe1MpF6ZxPB0wZaCyRPzZqix3qgHYBtmza2bDsx-i_h_1VGvwc2eFnyDRYOL6HymobmM1YY3wO8lLGXc1nONRbQAJuWCEpEMQ_4ZqMOpUhacpJLvbdoRG9k2yJ7GwfDgx32na4YaBhcgOHftsUgvkisIYoZHpcjiSScVUxmyjY5ucFGpfQZ0bg8naVY1SD0Cy4fcR07nPTIWA7-VSChgSxucsm4w5WdOon-3M45s-VR0WR29blQd0FZ8upHiiZ4BsASuLKzbJ6IYJ_W9QodeoGWKKQYmbs6sODUMsBV1eM1ipIJgXbV2Ma-lvxOdvVsb2etiBzJALgWTqa_2UOJUaSkyxWPndax_AFPdgVCP5dqgLS57gL1O_9U-wMtgYzkUqWu92wYuXi-Ipq3fbClEw4aU6euqoeUsxcCm-XCC7Cw9Hri6QvAziVqVYHr6exKybqMTQM0YWGAhCg45UpuKwH47vJ967m6bXnafc4M_fNhvNkdCKKIJjR3hcfHNMUZzQAcul_3iqQFxJvhVR1s5KOUuHksEeMP7kyQRf8drYI-eY074s9KFPGDU9YCrGoC4o7TE3IZmxr6oYmncWVPW83ui0oYKBJyx9CUaUfTpxV0zQmj6pXu1nx8f23hPepoY161eRgdCXnaGdOrCup8MhtHyUMTheh6q6wKqG7jNUSis9lK96OCpiJfmHl0sKVr0REX3A8TluDfwXHZGlGB69DEbOVlK_a-YsBxUbefLZUzvKYw4HY4cMZz-66wkbvpKlDwa1_beHvdqwFlJ8BES3YhcFnDwOLq1DNrQ3ju0T1-BpJWiUHvElvftCTN-Og-hDHk71Q_t3Nb-VHT2Cm8bMlLR2TuowANswz8i6Z6ObqlssgE8JbVUNM7Usi1VVwX_ZS-IaqsJ-9l3EQtXEtFY5sr869fgOWZJjCTdIZOun5R_RWSgkUsyGG9wT9wlvTidK1WITICvLkLcBOPfnfzvdvp59dWEwZUJwh35K7pEpB7ikNde-dd0iUL9sBhWyI3UleDkkF_naJuHE9HbM1RtJI8vdaLTZR6lNRr3FNPDsFi_tMkJrKB0NulExlkAhCxeznnhaZ6DMX5qljacoX3efg2R_1vcmjR1vLEEichvFE11949erx8Scl4PAchOw4tLJDbzF2ldTPkSqe348q2inC3kakLAuog81vLDJqetdgjAUHWxiCm5ikxYfKFuiK5c6ZdfLWzTqTbXqPaX625a7t8feyZS7UPmAZuE7EW5Pwbh3kAtaqG292qsFZoNG9ySSVIL7QpOudOjxtU2qIZoQlweGPD3KOP-gPJ1HloaiKXMd-EK09LDPMVt0SYDpc5fRZpuv37ZUBq-KrAO8-PQ66R-T-UWAOMjcaea6kk4BJ_wDyEvNDa-k2PWnGgLel9uTbL-daz7vRdAYesyZDf1Nx_drF1kY34brLWB5plN9-qZpH4MRwZe4u1CZejXYOVLEIOtvqGu1RY54r21mHT0ErMoiBuVKO0xGwFPc2peQ6uNxiQXt70klE-IMVb3MEosVm8Y6WHYfax7TS5W2eg46RJ5pCSWYDHhgXcXzWTp4529UrVk_R4Bj8mruC5c1g0ihWIUr1MsFzpAjZ1fyrdUOyTNvmqp0vtQ9Oj9LqjvKsxjgowBWqFJQglYNq-Zoo-OTjCGVW3DpJrrQkaLO0i0kAdAQfm80X4iDWeakMsMsExzrQcLUT-m9ClfmhOZX2QNuHafikVfxGkIIBBI8ANQTnKY95zVLv5nwk5iXhUoOSLDR-TJvVMk72kAqMukRZ_fv1ISwQgZ-5VuqYXxhZuU_YpBms96jLEH8GAFgAQ&bundleId=&ias_dspID=3&ias_campId=1008772806&ias_pubId=pub-4894209870857905&ias_chanId=1&ias_placementId=18137317859&bidurl=https://mestreemfinancas.com/e-fgts-calamidade/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hAVIS21bAQeeHVMWc24J9u&adsafe_url=https%3A%2F%2Fmestreemfinancas.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fmestreemfinancas.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Ff885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Ff885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=bed&adsafe_jsinfo=,id:a340315b-f384-17cd-fd0d-8d2dba3b71fd,c:7CmN8W,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-67fb65999c-s5h5m,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:4,mot:0,app:0,maw:0,fm:tzgdg84+11%7C121*.1135760-69474538%7C1211,idMap:121*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:18,oid:7e43a67f-c8e2-11ed-8d9c-622cfc0092ae,v:19.8.400,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a3501a3f0a7b6bc47f9f81c7be85b3603816fe2d3026ab4b396127ed9eb8895c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:32:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1130
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4115
x-xss-protection: 0
server: cafe
etag: 1914039858798321668
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Apr 2023 18:32:12 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230320/r20110914/ Frame 0CA2 28 KB
11 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230320/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11f1414c6342d8a5a5124286921298b09b1e776f0aae7bbc4c83b96685166019

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:32:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1130
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10980
x-xss-protection: 0
server: cafe
etag: 17255800071175307161
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Apr 2023 18:32:12 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 938A 1 KB
643 B 10ms
10ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3865
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 17:46:37 GMT
etag: 48472445140208031
expires: Thu, 23 Mar 2023 17:46:37 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 1417078182161683 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 146ms
146ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1417078182161683?v=2.9.99&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

519ae5bc490c0c50483f78dca3697a8dd2be7bad9021bd4efa6e2c659666118e

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 22 Mar 2023 18:51:03 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: /TTLS45xF7Au+jl8iaXujA8aa7mUOBJddAwwu62tB8IX8W+ssSRbiTi3mXLzCPIvdN/nLq+7eHZZHcm9xEomXA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 6196 0
176 B 55ms
23ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mestreemfinancas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Wed, 22 Mar 2023 18:51:03 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/18383144231782500333/DE-DEU_XA-10_0_970x90_BAN-A_HTML5_BOFU-no-SecuretheEnterprise-ZTHubPageBanners_0_105/ Frame 95DB 164 KB
93 KB 40ms
12ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/18383144231782500333/DE-DEU_XA-10_0_970x90_BAN-A_HTML5_BOFU-no-SecuretheEnterprise-ZTHubPageBanners_0_105/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

524052ba3a0afbd0a05bb05748ddc7b0926e484d51ec9a891cf11a55d617a780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 222570
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 95092
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 20 Mar 2023 05:01:33 GMT
expires: Tue, 19 Mar 2024 05:01:33 GMT
last-modified: Wed, 08 Feb 2023 08:44:24 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0CA2 0
0 109ms
57ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsswPYRpg7Txr4kUqyMEBN8ZiVh1vYab6uqqR_sCLK0NPL4oGsj7TeI359BlZ8ynk4LqrKOHPkyk6z4s3lTK5bNjUsn4VhF8IAUwXUGbwXhvgg9qCag0E02QcItpVnOjog4iDI9dcbUwzlgKFkoxqiyVE-EqdSMskqeZXVEnV9gXVA7O8sAxPl0SpJ282QQgozel783mTNQRlwCviCkFbM--&sai=AMfl-YQlfmn59zMZ8W739R82h3vN1MhdVT5YANd7CIrMGGAz7TYlhbHLIiltJ0HKLY9ToqEQuYarr5Sfpk84jXHygQXPxdFcVZJ32vJyj-qrlzPuBtK0IWZxNII7fUFo-Z4Df_J3ypaY8aNN0sSlBRupDRHk-mY&sig=Cg0ArKJSzJt2Kn6d9cptEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=167&cbvp=1&cstd=163&cisv=r20230320.72995&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 22 Mar 2023 18:51:03 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 938A
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEGfV5CsT7t7mT_Ou8Q_D5Pw&google_cver=1&google_push=Aa02lx8M7aHvRo9N5SqGOSLfSkryjATQqmhTxaEGahRaKJnejJ4Ni8M4PE5zXg7cPsgWNYgVxBIlZMaeWyLpgrpA4ltKtp6GpbhRY...
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzYxNjU3NzEzMDIyMTAyNjg2OQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEJdMzNnvlRE1QUQNpfhnW0w&google_cver=1

43 B
398 B

141ms
17ms

Image
image/gif

46.228.164.11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEJdMzNnvlRE1QUQNpfhnW0w&google_cver=1
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Server: 46.228.164.11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEJdMzNnvlRE1QUQNpfhnW0w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 938A
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEFgc12d8YBf6-XRioR5hpCI&google_cver=1&google_push=Aa02lx_CYJdh9VJ6in29el5NLzU7vldwrEH1Q1-UO8CmHwzR4XMysG1eZZvJwAwsB2WGL3NTocqx2FGfScT45mxtQQ4rKZsTVvEEZ...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFgc12d8YBf6-XRioR5hpCI&google_cver=1&google_push=Aa02lx_CYJdh9VJ6in29el5NLzU7vldwrEH1Q1-UO8CmHwzR4XMysG1eZZvJwAwsB2WGL3NTocqx2FGfScT45mxtQQ4rKZsTVvE...

43 B
414 B

183ms
172ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFgc12d8YBf6-XRioR5hpCI&google_cver=1&google_push=Aa02lx_CYJdh9VJ6in29el5NLzU7vldwrEH1Q1-UO8CmHwzR4XMysG1eZZvJwAwsB2WGL3NTocqx2FGfScT45mxtQQ4rKZsTVvEEZppoOakEOV9DDW8WiXWZdZN_7LnS-VI0lk_t9uaBLJk&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx_CYJdh9VJ6in29el5NLzU7vldwrEH1Q1-UO8CmHwzR4XMysG1eZZvJwAwsB2WGL3NTocqx2FGfScT45mxtQQ4rKZsTVvEEZppoOakEOV9DDW8WiXWZdZN_7LnS-VI0lk_t9uaBLJk%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7ac09fb21a73995d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 227
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFgc12d8YBf6-XRioR5hpCI&google_cver=1&google_push=Aa02lx_CYJdh9VJ6in29el5NLzU7vldwrEH1Q1-UO8CmHwzR4XMysG1eZZvJwAwsB2WGL3NTocqx2FGfScT45mxtQQ4rKZsTVvEEZppoOakEOV9DDW8WiXWZdZN_7LnS-VI0lk_t9uaBLJk&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx_CYJdh9VJ6in29el5NLzU7vldwrEH1Q1-UO8CmHwzR4XMysG1eZZvJwAwsB2WGL3NTocqx2FGfScT45mxtQQ4rKZsTVvEEZppoOakEOV9DDW8WiXWZdZN_7LnS-VI0lk_t9uaBLJk%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7ac09fb0dff9995d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 938A
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFrCVjyw-hpszuHlLV8oPwg&google_push=Aa02lx_O5T5rvooejsSTuzVuouPGWS9n7OL4elxX5oLkVfagOx6Kdz-GTd...

170 B
188 B

24ms
24ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFrCVjyw-hpszuHlLV8oPwg&google_push=Aa02lx_O5T5rvooejsSTuzVuouPGWS9n7OL4elxX5oLkVfagOx6Kdz-GTdAfP3bjQJAmzBKNhv7WlvmS4JY3cFaM-QZUfWZIKH4VzldQ-BbA8vrF-nY6I1N_PkRpQ6tNivMdtVmu1P5vCqtg

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-hhn-etou8220033-HHN
pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1679511063.169632,VS0,VE93
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFrCVjyw-hpszuHlLV8oPwg&google_push=Aa02lx_O5T5rvooejsSTuzVuouPGWS9n7OL4elxX5oLkVfagOx6Kdz-GTdAfP3bjQJAmzBKNhv7WlvmS4JY3cFaM-QZUfWZIKH4VzldQ-BbA8vrF-nY6I1N_PkRpQ6tNivMdtVmu1P5vCqtg
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 938A
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEIFPxTnrP7cw4wRXUyEDDIQ&google_cver=1&google_push=Aa02lx8WceJzr6llrRb5j2I6gItLm5-WUdkDKqNtKnRJa45pa4qWdgzxfnFPq0a-n4f4kvf1fLrtIOeZPncpyJ...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxMzQ0NTA4ODg2MTE1NzUyMg%3D%3D&google_push=Aa02lx8WceJzr6llrRb5j2I6gItLm5-WUdkDKqNtKnRJa45pa4qWdgzxfnFPq0a-n4f4kvf1fLrtIOeZPncpyJeWzb...

170 B
188 B

31ms
31ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxMzQ0NTA4ODg2MTE1NzUyMg%3D%3D&google_push=Aa02lx8WceJzr6llrRb5j2I6gItLm5-WUdkDKqNtKnRJa45pa4qWdgzxfnFPq0a-n4f4kvf1fLrtIOeZPncpyJeWzb6Bx_d2To7F_1mIJUZaolhwbUcfKrIo6-NtO7-Zc_w_XSYRb_u45Nk

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxMzQ0NTA4ODg2MTE1NzUyMg%3D%3D&google_push=Aa02lx8WceJzr6llrRb5j2I6gItLm5-WUdkDKqNtKnRJa45pa4qWdgzxfnFPq0a-n4f4kvf1fLrtIOeZPncpyJeWzb6Bx_d2To7F_1mIJUZaolhwbUcfKrIo6-NtO7-Zc_w_XSYRb_u45Nk
Date: Wed, 22 Mar 2023 18:51:03 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 938A
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEHLbWvcTjE1wpKa6ZWQ5CwA&google_cver=1&google_push=Aa02lx-BIhlFiU570ZybgpvRYxYCVX5UfpJJPcJLXIPXZgYOsV94po1bN-9bz5Y5NQnaEWJHO5AExH8_2P8rPdReKLOg...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEHLbWvcTjE1wpKa6ZWQ5CwA&google_cver=1&google_push=Aa02lx-BIhlFiU570ZybgpvRYxYCVX5UfpJJPcJLXIPXZgYOsV94po1bN-9bz5Y5NQnaEWJHO5AExH8_2P8rPd...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aa02lx-BIhlFiU570ZybgpvRYxYCVX5UfpJJPcJLXIPXZgYOsV94po1bN-9bz5Y5NQnaEWJHO5AExH8_2P8rPdReKLOgCsGU4pnwuh-oBNZt4em3uYSPZcMWPvvQUdqnQvfGzL...

170 B
188 B

32ms
31ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aa02lx-BIhlFiU570ZybgpvRYxYCVX5UfpJJPcJLXIPXZgYOsV94po1bN-9bz5Y5NQnaEWJHO5AExH8_2P8rPdReKLOgCsGU4pnwuh-oBNZt4em3uYSPZcMWPvvQUdqnQvfGzLTAv3JRR75L&google_hm=_7QMGgBWSSGVKesIT1n55w==

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aa02lx-BIhlFiU570ZybgpvRYxYCVX5UfpJJPcJLXIPXZgYOsV94po1bN-9bz5Y5NQnaEWJHO5AExH8_2P8rPdReKLOgCsGU4pnwuh-oBNZt4em3uYSPZcMWPvvQUdqnQvfGzLTAv3JRR75L&google_hm=_7QMGgBWSSGVKesIT1n55w==
date: Wed, 22 Mar 2023 18:51:03 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 200 dds
rtb.openx.net/sync/ Frame 938A 43 B
351 B 53ms
20ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESELxYPCnsdi5hfct6QXpyOX4&google_cver=1&google_push=Aa02lx_jPBSDSRZmlnpuUWyEquQJSYpBuqNmZ3DxaMQAbIyeR1R5i65j0danp3FXUDQdN6oHTcFQ4UWpH9CFcFcMfRcJ-NJ8bOqJbn4s4JVVmmxPTPYqHJ1Y0Ji2KrcGnU-clqHh5f0mQsI
Requested by: Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:02 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: h0h1f2c4muc41fncm5mmn3dnt5r3omvq

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 938A
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEItO0pZ2q8dMemqG1o5EhUs&google_cver=1&google_push=Aa02lx99fWSZuK9ryBnQk1DGDdMXetAFaYaWQ6P8uMIU7eIvUMwFzzstDl1rwpOFY9cm1jbG_VTsjj9p8q1i2c1UG...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEItO0pZ2q8dMemqG1o5EhUs&google_cver=1&google_push=Aa02lx99fWSZuK9ryBnQk1DGDdMXetAFaYaWQ6P8uMIU7eIvUMwFzzstDl1rwpOFY9cm1jbG_VTsjj9p8q1i2c1UG...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx99fWSZuK9ryBnQk1DGDdMXetAFaYaWQ6P8uMIU7eIvUMwFzzstDl1rwpOFY9cm1jbG_VTsjj9p8q1i2c1UGT1UP-9SP_07C4NmWcj0NL_LMJVHP9usUWf9v2SoEnubp...

170 B
188 B

23ms
22ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx99fWSZuK9ryBnQk1DGDdMXetAFaYaWQ6P8uMIU7eIvUMwFzzstDl1rwpOFY9cm1jbG_VTsjj9p8q1i2c1UGT1UP-9SP_07C4NmWcj0NL_LMJVHP9usUWf9v2SoEnubpivo8TV5fEc&google_hm=GWrrtGZHYyXCbZvkQcOOfqns

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 22 Mar 2023 18:51:03 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx99fWSZuK9ryBnQk1DGDdMXetAFaYaWQ6P8uMIU7eIvUMwFzzstDl1rwpOFY9cm1jbG_VTsjj9p8q1i2c1UGT1UP-9SP_07C4NmWcj0NL_LMJVHP9usUWf9v2SoEnubpivo8TV5fEc&google_hm=GWrrtGZHYyXCbZvkQcOOfqns
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 938A 0
12 B 22ms
21ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KwQ9Xkfc6TCTepATCbbqceTkHOlwbp5Sz33QZkEYNUNy0g082vWae_mpHGKQCW0yVIDqLI

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:03 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0CA2 43 B
215 B 97ms
95ms Image
image/gif 2600:1f18:1aca:4280:a733:75de:e8c8:e5e
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=a340315b-f384-17cd-fd0d-8d2dba3b71fd&tv=%7Bc:7CmNfW,pingTime:-10,time:452,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTExLjAuNTU2My4xMTAgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1679511063152%7C%7C7365a1e1f2138c26842794c7d3cc6141%7C%7Cddbcd9d17a9a064530ac6d0fa988f97e%7C%7C3f283fff69534f8e497a813dda434390%7C%7Ca20d614eac9cbca26c6407e419df35c0%7C%7Cde8926342ef12c34bcdc65b01b5e8f7c%7C%7C5746d49e6f3edc7c5f9b03767092d6dc%7C%7Cf41d0a18436cc7df785557dba314fae6%7C%7C1663701684%7D
Requested by: Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:a733:75de:e8c8:e5e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
server: nginx
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5E1C 0
20 B 51ms
50ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BQyHJFk4bZIWDJc2S3gPjmKmoDwAAAAA4AeAEAg&bg=!uLulu-_NAAZEjmHWZI47ADkAdvg8WvXKR9Vu0-DZyYFj9JMMvOwr6iGZEzUF8QaO3T2d_NmMGh2uTqlNgpZIyAH8j-r_lfgmt2kCAAAA7FIAAAACaAEHmQM9YjfBpg2QHDyQNu9fIAbv9W_sG6GlzsJYkfX1BwYFUPJPMFewmunt_a46ljUWhQokStPSHD-ZfkxLf9FG8Ti3wFT0IC6Ujmy4_56l3vuGkBdvrxlL3KItEJ4pJLdA_i1yRLU0DFwZ6cOGazvJdq7vjBZyyww7jz1r1bM0ctAgI8v5bpkWewRrwsAtN28XDeESUSvcY8CuxuljenZWkpPd14Q2IdVEVtNVNh2kr5FdkoKuXQquPDWsVEVdUxP7bjfqvW1If17uV7CkqJQXJdk9wtoSntxYMsXVHZK_RbrkVenJL3QMqsAaGXjF3H9UOfx6m2A-L12BTaTQHT-YvhzFfiaRzyr8n0hdZwOc_h7C8vNoeRPN7fqFeya5zdHF4yaPMkbDSmO2p8s4wtOjs-PEAZQB2vgV0CPU-uUKg7mLcAV4VUXVwDTl-lSjYQQ-kPkIKzvdEqGY71UdumKZZEjRf7GDHg9aPb4Yrfgz3LzyQChKOYqaM7269dpeyQaZAxQ3edpV3pTOoaBIvyIC5QfX3Ncha82EJZD3QkDwAM6ovgXrwWMN9zGJICBlM1KRRKw-OLIO3fSQCCnL-0Jm6Z2m0QFxcrgU7b6z4N9_a7nfBS_X0uUQ0TER9cb3INPuBRIm0IZV2ayoRlzOphhKK5e8QYKCQT5nliIKx4f2j97OUCZcr3X9Yd7gDNYnnvb67VGTA8ltzUrM4BuGOYCl6MXSkTNZFohj_m6qhC0m1wTTbRSqBpbefVHUQBWcOu-sGIOzbt4gNh3PnOHEed7D7L8_F7YRDlVvU35-weHHeYtwfTicmDOEwAt_0hTBHFHICZjsv5-LngKmFc2ZZm2iU3qFboCeNQmLUbMdqzxIMxwVmI_pyP0tX6kMoaoI_WpXnhnokE1Yad504xXra34PS7tZQPC6ZAHOrYhS8xplIAWl2MeW73VTP5CyFsFXiVi2U_kD4xzDEG35cHiCahUwFtzGmzDYs_2j7lVF0DVAUk3XLlOay2A6RDtqwZvEkOx6dl8O-GAcjmj9sYncmzIsYZaQX-UZ5roeTvXxpAgGbnAG5j8WiMdPWXav9DfFKFhOfm2wc6jyPp5L7sPKvU95aA

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3909 6 KB
3 KB 12ms
11ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mestreemfinancas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:51:02 GMT
expires: Thu, 21 Mar 2024 18:51:02 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Cisco_Logo_no_TM_Midnight_Blue-RGB.svg.js Show response
s0.2mdn.net/sadbundle/18383144231782500333/DE-DEU_XA-10_0_970x90_BAN-A_HTML5_BOFU-no-SecuretheEnterprise-ZTHubPageBanners_0_105/ Frame 95DB 2 KB
936 B 12ms
12ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/18383144231782500333/DE-DEU_XA-10_0_970x90_BAN-A_HTML5_BOFU-no-SecuretheEnterprise-ZTHubPageBanners_0_105/Cisco_Logo_no_TM_Midnight_Blue-RGB.svg.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18383144231782500333/DE-DEU_XA-10_0_970x90_BAN-A_HTML5_BOFU-no-SecuretheEnterprise-ZTHubPageBanners_0_105/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7d61645f8cbb1f1dead0070107773bba8127040e5dd2f09ed979d0c96e839cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18383144231782500333/DE-DEU_XA-10_0_970x90_BAN-A_HTML5_BOFU-no-SecuretheEnterprise-ZTHubPageBanners_0_105/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 05:01:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 222570
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 907
x-xss-protection: 0
last-modified: Wed, 08 Feb 2023 08:44:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 19 Mar 2024 05:01:33 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6EC5 624 B
242 B 67ms
56ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMj2CRCHtHAYpdOBxQEwAQ&v=APEucNXmTSWM625OlA4KIAw4Dx4LH1yPklbvbRY0UHrfeiwLJ28sKidwOq2lavm7blF8ZSARqE0UqgLkUfyth1WMsALCdUaCP-b5RT_8cZ8KC32_Cl-g5EuA4sMRKiulD_kPQMll8DVjEyJ7tjuYDjre8W8xkCrPmPLKrvngH60xe1LsB4wx82M

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:51:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 3909 78 KB
27 KB 93ms
81ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 22 Mar 2023 18:51:03 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3909 42 B
63 B 56ms
44ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CmkRjKojz0u1The9dp8zydZhPfBeUc1qkkTYYCcRT3TWZ-tn9fDa2bZRN-1ZhWNh2YS3IcSlrS0v2DtcmGIT61v-1NUK5xAcPUvP1OSX3G6xMPP3A

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3909 0
20 B 51ms
46ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=12454590505362250354&x=1&ct=76

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230320/r20110914/client/ Frame 3909 3 KB
1 KB 16ms
12ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230320/r20110914/client/window_focus_fy2021.js

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 16:31:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8368
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Apr 2023 16:31:35 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230320/r20110914/client/ Frame 3909 20 KB
8 KB 17ms
13ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230320/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 11:58:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24752
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Apr 2023 11:58:31 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3909 158 KB
49 KB 28ms
24ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe14bc8a4e294c047589838fd09a3efc81771751a0be03ea8ec99e734e965fd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679312138029146"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Mar 2023 18:51:03 GMT

GET
DATA 200
OK truncated
/ Frame 95DB 73 KB
73 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 24366c51064fc57cb419cc93db561f43bf3461affb1d04deb4d552a7e2ba4956

Request headers

Referer
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0CA2 0
0 58ms
53ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsswPYRpg7Txr4kUqyMEBN8ZiVh1vYab6uqqR_sCLK0NPL4oGsj7TeI359BlZ8ynk4LqrKOHPkyk6z4s3lTK5bNjUsn4VhF8IAUwXUGbwXhvgg9qCag0E02QcItpVnOjog4iDI9dcbUwzlgKFkoxqiyVE-EqdSMskqeZXVEnV9gXVA7O8sAxPl0SpJ282QQgozel783mTNQRlwCviCkFbM--&sai=AMfl-YQlfmn59zMZ8W739R82h3vN1MhdVT5YANd7CIrMGGAz7TYlhbHLIiltJ0HKLY9ToqEQuYarr5Sfpk84jXHygQXPxdFcVZJ32vJyj-qrlzPuBtK0IWZxNII7fUFo-Z4Df_J3ypaY8aNN0sSlBRupDRHk-mY&sig=Cg0ArKJSzJt2Kn6d9cptEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=292&vt=11&dtpt=125&dett=3&cstd=163&cisv=r20230320.72995&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 22 Mar 2023 18:51:03 GMT

GET
H3 200 Zero-Trust-2-Woman-looking-up-and-smiling-Gradient-STE-FY23-Q2.png
s0.2mdn.net/sadbundle/18383144231782500333/DE-DEU_XA-10_0_970x90_BAN-A_HTML5_BOFU-no-SecuretheEnterprise-ZTHubPageBanners_0_105/ Frame 95DB 57 KB
57 KB 10ms
10ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18383144231782500333/DE-DEU_XA-10_0_970x90_BAN-A_HTML5_BOFU-no-SecuretheEnterprise-ZTHubPageBanners_0_105/Zero-Trust-2-Woman-looking-up-and-smiling-Gradient-STE-FY23-Q2.png?

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

070285ebee20d412be26a168df2b800f399e0eca5234d48280ff7c3d5a1b9097

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18383144231782500333/DE-DEU_XA-10_0_970x90_BAN-A_HTML5_BOFU-no-SecuretheEnterprise-ZTHubPageBanners_0_105/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 05:01:34 GMT
x-content-type-options: nosniff
age: 222569
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58593
x-xss-protection: 0
last-modified: Wed, 08 Feb 2023 08:44:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 19 Mar 2024 05:01:34 GMT

GET
H3 200 Zero-Trust-2-Woman-looking-up-and-smiling-Gradient-STE-FY23-Q2.png
s0.2mdn.net/sadbundle/18383144231782500333/DE-DEU_XA-10_0_970x90_BAN-A_HTML5_BOFU-no-SecuretheEnterprise-ZTHubPageBanners_0_105/ Frame 95DB 57 KB
57 KB 17ms
16ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18383144231782500333/DE-DEU_XA-10_0_970x90_BAN-A_HTML5_BOFU-no-SecuretheEnterprise-ZTHubPageBanners_0_105/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

070285ebee20d412be26a168df2b800f399e0eca5234d48280ff7c3d5a1b9097

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18383144231782500333/DE-DEU_XA-10_0_970x90_BAN-A_HTML5_BOFU-no-SecuretheEnterprise-ZTHubPageBanners_0_105/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 05:01:34 GMT
x-content-type-options: nosniff
age: 222569
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58593
x-xss-protection: 0
last-modified: Wed, 08 Feb 2023 08:44:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 19 Mar 2024 05:01:34 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6EC5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEER1RvgHgpyKvnC8DKjtrGY&google_cver=1

43 B
766 B

10ms
10ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEER1RvgHgpyKvnC8DKjtrGY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMj2CRCHtHAYpdOBxQEwAQ&v=APEucNXmTSWM625OlA4KIAw4Dx4LH1yPklbvbRY0UHrfeiwLJ28sKidwOq2lavm7blF8ZSARqE0UqgLkUfyth1WMsALCdUaCP-b5RT_8cZ8KC32_Cl-g5EuA4sMRKiulD_kPQMll8DVjEyJ7tjuYDjre8W8xkCrPmPLKrvngH60xe1LsB4wx82M
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Mar 2023 18:51:03 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEER1RvgHgpyKvnC8DKjtrGY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6EC5
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZBtOFl9ZHM8Zuf1wW4cdpgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEER1RvgHgpyKvnC8DKjtrGY&google_cver=1

43 B
766 B

12ms
12ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEER1RvgHgpyKvnC8DKjtrGY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMj2CRCHtHAYpdOBxQEwAQ&v=APEucNXmTSWM625OlA4KIAw4Dx4LH1yPklbvbRY0UHrfeiwLJ28sKidwOq2lavm7blF8ZSARqE0UqgLkUfyth1WMsALCdUaCP-b5RT_8cZ8KC32_Cl-g5EuA4sMRKiulD_kPQMll8DVjEyJ7tjuYDjre8W8xkCrPmPLKrvngH60xe1LsB4wx82M
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Mar 2023 18:51:03 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=495
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEER1RvgHgpyKvnC8DKjtrGY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 6EC5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEGWzRG47O82lZ2UcRbmtG9s&google_cver=1

43 B
1 KB

15ms
15ms

Image
image/gif

37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEGWzRG47O82lZ2UcRbmtG9s&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMj2CRCHtHAYpdOBxQEwAQ&v=APEucNXmTSWM625OlA4KIAw4Dx4LH1yPklbvbRY0UHrfeiwLJ28sKidwOq2lavm7blF8ZSARqE0UqgLkUfyth1WMsALCdUaCP-b5RT_8cZ8KC32_Cl-g5EuA4sMRKiulD_kPQMll8DVjEyJ7tjuYDjre8W8xkCrPmPLKrvngH60xe1LsB4wx82M

Protocol

HTTP/1.1

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Mar 2023 18:51:03 GMT
AN-X-Request-Uuid: 1b6fc15d-b15f-493f-88e5-1d4c996ff8f1
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 81.95.5.35; 81.95.5.35; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEGWzRG47O82lZ2UcRbmtG9s&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6EC5
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjUwOTQ3NjQwMDY1NTU0Mjc2OA%3D%3D

170 B
188 B

22ms
21ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjUwOTQ3NjQwMDY1NTU0Mjc2OA%3D%3D

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 22 Mar 2023 18:51:03 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 81.95.5.35; 81.95.5.35; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 20bcef43-7c69-4626-b67c-c52357b6b38a
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjUwOTQ3NjQwMDY1NTU0Mjc2OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 1213417872897242 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 164ms
164ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1213417872897242?v=2.9.99&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

62a8dfc83e39220c06dead3948f5faa65f23e9fa05ade08db7b8204f614e48de

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 22 Mar 2023 18:51:03 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: HuHIzFaLMm+h7fOGXhHcpjbh34crUERwWlRArw1P5Re3JC3i0x8uFGqQ+n+qTzbrAoMJPq1FKBdZAdUCv/un5g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3909 0
20 B 44ms
44ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4211076314622&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3909 0
20 B 45ms
45ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4211076314622&version=m202301230201&ct=76&x=1&cor=12454590505362250000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3909 83 KB
35 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CFYp6aLybR9pGwmrn6MW1RCmaX0U29Rs6LIkqJErDdpJAxxDxuPVMSECB3Q5zPiUGl5Xz5-a2PXDarXB8tEdFucQnKXg&cry=1&dbm_d=AKAmf-Be3cYn1EZN13ho7xfwWPFtvHHJHVhH5-NZL6GRKQvcZLsU8NK-eXjVmDCcno6xbKY1rowvWv9vjlOH8DI4BOisBTVUw032UwAscm7dekQ1_0M6oirfqsIqREWgrHloBkk1fzUOxnccSU86B3tfa8zO2bbPCfge_NOaQGqW0nsjoGGBkGUE_f050V_Kd9TnkMvMVFYNaOw7h-OaCDi6lfFWD--rgC2C76SyvunLohjrl7Db4IinYVULjCDvLH-2YuuMAXcVSE1ZLtOC3poELyASo58uqPbvPNOnujhgdsgyWZlmhFRHWmko0yqRhLHiOtPJOwmFsc8qvbQuKBOkJleednImSy1Bkm3XxFGMNL_M78pFuUUKn3XKBey865pbtSic5En1oDhiErU19nackHOzcT7sY12lEFheZtFw8a4TNr4fmuhj6KNOj14kx00DtIYrQ-BopmL5prfheLslNHtCA15NA_JYy46JMZzyIPp19GzHhlcmdAdGQDBD5AC6GQVwQgR2fDJDpJTyj_Zv7kLEVMO2Gi7JOXTlgjewnAp-ar4eVQmo6wc0YRZN-qu7esOuGPWF4-f3VN5vFx19Ru-uG4xaU0gjEAMo9ManV1e4ENphExkhN735fbymAkI3PAvn9hG0ag4LqA4MMkzanbRVl938mE_8TmZG98LvUki1zKTceeSFr2tesfIXSwXmjV0Emn5ooStzyNkhkm7RJwyP0-34gCppkdFEYfh-Nl5kDD8eW0nXCHI-ibhR6zNO4d-BWVhpdd8d33h4IwaF8c_8LMX_R6FUx3t33jZ26csy6rZ9OdUJvdhHgvALNVtdZAaL1alfafsaoozGrLrbI54hK8Lz8gBBbaR6VKCmzSOP19nnedv7sq0mdgHDQpDiM1HX2DtnF-4NM7rBELujDjLqtbR254DDHZFwCWbI2Umua0QNkswnuKHS4LUfTKiBT79ht7sV2zT7g3bcLh8vfIjJNv6T8Heqw8g6Afug7e_OHQw_1L2o4C2eUGlIeVtPBS0tHGMfmV5_NWhhZq0QWS-jIkEd6NMwwU-qBjHepXDzhiT7CaQfykOw-F5Al1ctwOwKcFuDcc4gjcWY9gusu5kYof09YGnBQ7cdz-PQbGwGCYE7Kn3pR1nALyEGneIl6i9TNhIWD4WTFteqqwQ-hODFEx4qLb8dnAnDYVYUlGPF4nPypp8v69VujqEMeXgZ0igpKrABaZE7dIMsU3LnPlMjAWYewLSd3frR3dzMpvzaRz1NFn_EJKKKIgbLuNn6o4y0cmkPSk1ZdGlYk1IicQgOuUqiwby_s4Z6NGGegk06ogY-owK1SUuThGV1LUBYJJS6ZSdxS4vovb7ajdpAb06aRPqffZTVEP7SQ0yL8jZ9SU2SpXU53PMfteQkx8dt09wqmObVwIhvukUMrfGz1xXEHCuhHcGMfTHb12vJdhPwnh83Z6U-zDTKVer6Vssc9dyGQtCtqS7B3TxDv_QnckTWsGZqlQ5yp1a_RZfLTjpQQUgutUJOlifUp8y3EqzIM-s-yDghzXwcA2CirF75tsRln6qmnSGKxZXWqqPOcNiuPotSDXt5Lt96TTvJ7UFvI62tDI1hjNuLQNx6douIGKN1CtY4DAAGeA-EIzNWK_nQ0leC2J7N41EhhoJFxlDAzOic5tb1QOS8mMFXwaGwgmRmQVVe00SumMGYFnjEYNK4Cq_wWn64U1j2FpVlc-ybG2hx1QGku7LukIgUjvXVnqQBM2OfGL2GA6ZerhNtkSwsFe27kQtfTyvinkSKKF6ITq-s7wkmQlHwyl3ocFTyYwy7kCCm58r3aYjbK1ETdCZCRZuYQk8FMQHVgb7wgXTHFUxvcG241sanDRMwhyMR4IMR6S068cM5HODGdq3BVZOGt0Jk73ivGVKB7xCe7bUretC7FQR9fqsEKCDYDRQp4GZ2r4B1lGc9VXcUWrRuLsXHH571FI_RfpVwbmYvCSnt8_Mc284Mt3VDC94_7v6DkG7rtBsnuuqUExsIEdqxg9hj690-CP6irXlKb1ir7_kcIF6KiXHHmORghgxc6PPVv171WyQsmTJv8t3KVpcBUGDFPDIHLDOXxdo5KrxxjXzTBjaYTcvthwTFxoLuCR-MewWd7zEFcqGZr3Po2fxQHKHR3Ttaj8wlOcAIMs4xSPXzsMWQyMTnVLJpgiPH8LtOkM7Sxwc9sDn0b0PujZh1T0TD6SBuSJicqoR6aF6APukCvfq-lJ2nb80Cn5x8GiUGVKaKFXcfMojUGLiSUJ4KpK8AOkNGVbGt4czDg7Rx9c6uK9UTBVXcvg9i3V8YAE35_xQ0y3s0PlKshwHnmaQrlAQ0gHagAbA4d6r_noQDISzticyByrYYNDOBbuYPVIEM6See_jrluwLj3VyenL9h0zc_uWCDCxxfJAXH7exU85WKh0sH8_bxAwXnGb_WJOXvLri-0wUeMrtDa9nWQpFli5vLBW-mDMdEP7NQNRy2irq_fsQczAxBD2SaojttUycbOLF4p83UU-f7U3_qv0-oWuJyMNYuXof7jB3JPeownJoEnXFB_792uFBt3siLG3wL2FFyMkVaQ2JbV-A0SSF8mUu0aMQcTtHeDLL3d6CAiEzz3PLZtIRd83mw3ciKGckUA0U-IzhoeI6KPscgOvL64_NCoUIjNt41KjlPIbOOwi9UJ6v14mDKeZddIxY6alCO6SxP1MO8yilMGcuh2KhgrI79NFdKDemq5Lj9dGKW0xix3eX4D4mHWmBqp_2Jy6EsF9_AxYhrQ2fR2qea1KZVJoPPYjSx9t7i2R3GututlIDezklSnQ93HCTSaomf-gvhd7SW3_pNdiPRqbtDdNHaf4THMYIYoVl73o6t17dtj0ObvyW-apQQa6eK4V46SPNnEP65nzHbUDQbpUoBiB2Q5LR6f7NT8-ScVGiyAsuO7ekq02aZCdmG4qP-lyBvqr8qwBI0btVTZ532hm4H3uju6_4zh47lUK3BgGrC-ZAhxnx1TU5_GtsdPhKbL_riDiB9xS9zQd_g3peB7pIxsXC5zHKuRbDFi8QEK_Sp0Dici2LASVVShitO1I27DBgkYctn3WeYWtbrBG6XBAaivdf821QwRp-uE185DlyNoV22QYMwrJVPv1sJC04PlwEn8rA-hU1DW3SocbdnSoO_0hv0vsKPl3R9DCL_eM4L0qBrASbCoL0hhqUtqI1iG3Ed9BQeWASL6zHX-zvirb2aA1AhE1W11PByyPPxeCLHjrJfkyR_Ub2c_OVnx_K6sUmsgNqU5VbUIJRhkING0Vg8pfp9JRpJ4XKYZ96hzg9XP7rOUKkfYY_NPMYFKOdeDzBABBBT009s0jqyJFXMfteFIqdSv9FbINA9gYVcATnYkgBQQL4GbkCfc5KsHKvQ9uP5bBffHNQ5CFMIjGaJexfuKjfvh1Egpqxx2zXBRBD9uNxaqKes8L-O3VGv_NJ7iP6zw8vdCC50AhP2XYRZcM9itjKf9OdyhoXGyBrkNFKHc8b3q8EizZqKzpHcfxzEsC5E6uGfx8qKm44ZtMqOdsWyPkDZ-xdxzv4SkqRXgSOHU5AvkfSt-Z-H6iObPh-PX7geTFbh3iLlmEfoJDMm_6QtvjO2QTVmnUA79OnoJQgXMCyF0A3bmzMynYwNFfrD2B90-k7HfRr-CS2vEqtDEGxcnH1Iw_m78LCD3nA&cid=CAQSPADUE5ymYsGZ8hylmegVr-2MRHvVVfrdkaCswcSDZjPfp2axs1piAZpgcAH3uHqdUJtLGkBckKRvmUUr4hgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fmestreemfinancas.com%2F&ds=l&xdt=1&iif=1&cor=12454590505362250000&adk=2228999115&idt=102&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4808dc96023e4e52890426fb17e0d9138bbaa0abcb90894919b0b188b23f39f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35976
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 3909 106 KB
37 KB 12ms
10ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
Origin: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2752
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 18:05:11 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230320/r20110914/elements/html/ Frame 3909 11 KB
4 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230320/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CFYp6aLybR9pGwmrn6MW1RCmaX0U29Rs6LIkqJErDdpJAxxDxuPVMSECB3Q5zPiUGl5Xz5-a2PXDarXB8tEdFucQnKXg&cry=1&dbm_d=AKAmf-Be3cYn1EZN13ho7xfwWPFtvHHJHVhH5-NZL6GRKQvcZLsU8NK-eXjVmDCcno6xbKY1rowvWv9vjlOH8DI4BOisBTVUw032UwAscm7dekQ1_0M6oirfqsIqREWgrHloBkk1fzUOxnccSU86B3tfa8zO2bbPCfge_NOaQGqW0nsjoGGBkGUE_f050V_Kd9TnkMvMVFYNaOw7h-OaCDi6lfFWD--rgC2C76SyvunLohjrl7Db4IinYVULjCDvLH-2YuuMAXcVSE1ZLtOC3poELyASo58uqPbvPNOnujhgdsgyWZlmhFRHWmko0yqRhLHiOtPJOwmFsc8qvbQuKBOkJleednImSy1Bkm3XxFGMNL_M78pFuUUKn3XKBey865pbtSic5En1oDhiErU19nackHOzcT7sY12lEFheZtFw8a4TNr4fmuhj6KNOj14kx00DtIYrQ-BopmL5prfheLslNHtCA15NA_JYy46JMZzyIPp19GzHhlcmdAdGQDBD5AC6GQVwQgR2fDJDpJTyj_Zv7kLEVMO2Gi7JOXTlgjewnAp-ar4eVQmo6wc0YRZN-qu7esOuGPWF4-f3VN5vFx19Ru-uG4xaU0gjEAMo9ManV1e4ENphExkhN735fbymAkI3PAvn9hG0ag4LqA4MMkzanbRVl938mE_8TmZG98LvUki1zKTceeSFr2tesfIXSwXmjV0Emn5ooStzyNkhkm7RJwyP0-34gCppkdFEYfh-Nl5kDD8eW0nXCHI-ibhR6zNO4d-BWVhpdd8d33h4IwaF8c_8LMX_R6FUx3t33jZ26csy6rZ9OdUJvdhHgvALNVtdZAaL1alfafsaoozGrLrbI54hK8Lz8gBBbaR6VKCmzSOP19nnedv7sq0mdgHDQpDiM1HX2DtnF-4NM7rBELujDjLqtbR254DDHZFwCWbI2Umua0QNkswnuKHS4LUfTKiBT79ht7sV2zT7g3bcLh8vfIjJNv6T8Heqw8g6Afug7e_OHQw_1L2o4C2eUGlIeVtPBS0tHGMfmV5_NWhhZq0QWS-jIkEd6NMwwU-qBjHepXDzhiT7CaQfykOw-F5Al1ctwOwKcFuDcc4gjcWY9gusu5kYof09YGnBQ7cdz-PQbGwGCYE7Kn3pR1nALyEGneIl6i9TNhIWD4WTFteqqwQ-hODFEx4qLb8dnAnDYVYUlGPF4nPypp8v69VujqEMeXgZ0igpKrABaZE7dIMsU3LnPlMjAWYewLSd3frR3dzMpvzaRz1NFn_EJKKKIgbLuNn6o4y0cmkPSk1ZdGlYk1IicQgOuUqiwby_s4Z6NGGegk06ogY-owK1SUuThGV1LUBYJJS6ZSdxS4vovb7ajdpAb06aRPqffZTVEP7SQ0yL8jZ9SU2SpXU53PMfteQkx8dt09wqmObVwIhvukUMrfGz1xXEHCuhHcGMfTHb12vJdhPwnh83Z6U-zDTKVer6Vssc9dyGQtCtqS7B3TxDv_QnckTWsGZqlQ5yp1a_RZfLTjpQQUgutUJOlifUp8y3EqzIM-s-yDghzXwcA2CirF75tsRln6qmnSGKxZXWqqPOcNiuPotSDXt5Lt96TTvJ7UFvI62tDI1hjNuLQNx6douIGKN1CtY4DAAGeA-EIzNWK_nQ0leC2J7N41EhhoJFxlDAzOic5tb1QOS8mMFXwaGwgmRmQVVe00SumMGYFnjEYNK4Cq_wWn64U1j2FpVlc-ybG2hx1QGku7LukIgUjvXVnqQBM2OfGL2GA6ZerhNtkSwsFe27kQtfTyvinkSKKF6ITq-s7wkmQlHwyl3ocFTyYwy7kCCm58r3aYjbK1ETdCZCRZuYQk8FMQHVgb7wgXTHFUxvcG241sanDRMwhyMR4IMR6S068cM5HODGdq3BVZOGt0Jk73ivGVKB7xCe7bUretC7FQR9fqsEKCDYDRQp4GZ2r4B1lGc9VXcUWrRuLsXHH571FI_RfpVwbmYvCSnt8_Mc284Mt3VDC94_7v6DkG7rtBsnuuqUExsIEdqxg9hj690-CP6irXlKb1ir7_kcIF6KiXHHmORghgxc6PPVv171WyQsmTJv8t3KVpcBUGDFPDIHLDOXxdo5KrxxjXzTBjaYTcvthwTFxoLuCR-MewWd7zEFcqGZr3Po2fxQHKHR3Ttaj8wlOcAIMs4xSPXzsMWQyMTnVLJpgiPH8LtOkM7Sxwc9sDn0b0PujZh1T0TD6SBuSJicqoR6aF6APukCvfq-lJ2nb80Cn5x8GiUGVKaKFXcfMojUGLiSUJ4KpK8AOkNGVbGt4czDg7Rx9c6uK9UTBVXcvg9i3V8YAE35_xQ0y3s0PlKshwHnmaQrlAQ0gHagAbA4d6r_noQDISzticyByrYYNDOBbuYPVIEM6See_jrluwLj3VyenL9h0zc_uWCDCxxfJAXH7exU85WKh0sH8_bxAwXnGb_WJOXvLri-0wUeMrtDa9nWQpFli5vLBW-mDMdEP7NQNRy2irq_fsQczAxBD2SaojttUycbOLF4p83UU-f7U3_qv0-oWuJyMNYuXof7jB3JPeownJoEnXFB_792uFBt3siLG3wL2FFyMkVaQ2JbV-A0SSF8mUu0aMQcTtHeDLL3d6CAiEzz3PLZtIRd83mw3ciKGckUA0U-IzhoeI6KPscgOvL64_NCoUIjNt41KjlPIbOOwi9UJ6v14mDKeZddIxY6alCO6SxP1MO8yilMGcuh2KhgrI79NFdKDemq5Lj9dGKW0xix3eX4D4mHWmBqp_2Jy6EsF9_AxYhrQ2fR2qea1KZVJoPPYjSx9t7i2R3GututlIDezklSnQ93HCTSaomf-gvhd7SW3_pNdiPRqbtDdNHaf4THMYIYoVl73o6t17dtj0ObvyW-apQQa6eK4V46SPNnEP65nzHbUDQbpUoBiB2Q5LR6f7NT8-ScVGiyAsuO7ekq02aZCdmG4qP-lyBvqr8qwBI0btVTZ532hm4H3uju6_4zh47lUK3BgGrC-ZAhxnx1TU5_GtsdPhKbL_riDiB9xS9zQd_g3peB7pIxsXC5zHKuRbDFi8QEK_Sp0Dici2LASVVShitO1I27DBgkYctn3WeYWtbrBG6XBAaivdf821QwRp-uE185DlyNoV22QYMwrJVPv1sJC04PlwEn8rA-hU1DW3SocbdnSoO_0hv0vsKPl3R9DCL_eM4L0qBrASbCoL0hhqUtqI1iG3Ed9BQeWASL6zHX-zvirb2aA1AhE1W11PByyPPxeCLHjrJfkyR_Ub2c_OVnx_K6sUmsgNqU5VbUIJRhkING0Vg8pfp9JRpJ4XKYZ96hzg9XP7rOUKkfYY_NPMYFKOdeDzBABBBT009s0jqyJFXMfteFIqdSv9FbINA9gYVcATnYkgBQQL4GbkCfc5KsHKvQ9uP5bBffHNQ5CFMIjGaJexfuKjfvh1Egpqxx2zXBRBD9uNxaqKes8L-O3VGv_NJ7iP6zw8vdCC50AhP2XYRZcM9itjKf9OdyhoXGyBrkNFKHc8b3q8EizZqKzpHcfxzEsC5E6uGfx8qKm44ZtMqOdsWyPkDZ-xdxzv4SkqRXgSOHU5AvkfSt-Z-H6iObPh-PX7geTFbh3iLlmEfoJDMm_6QtvjO2QTVmnUA79OnoJQgXMCyF0A3bmzMynYwNFfrD2B90-k7HfRr-CS2vEqtDEGxcnH1Iw_m78LCD3nA&cid=CAQSPADUE5ymYsGZ8hylmegVr-2MRHvVVfrdkaCswcSDZjPfp2axs1piAZpgcAH3uHqdUJtLGkBckKRvmUUr4hgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fmestreemfinancas.com%2F&ds=l&xdt=1&iif=1&cor=12454590505362250000&adk=2228999115&idt=102&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a3501a3f0a7b6bc47f9f81c7be85b3603816fe2d3026ab4b396127ed9eb8895c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:32:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1131
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4115
x-xss-protection: 0
server: cafe
etag: 1914039858798321668
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Apr 2023 18:32:12 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230320/r20110914/ Frame 3909 28 KB
11 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230320/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11f1414c6342d8a5a5124286921298b09b1e776f0aae7bbc4c83b96685166019

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:32:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1131
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10980
x-xss-protection: 0
server: cafe
etag: 17255800071175307161
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Apr 2023 18:32:12 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3909 41 KB
15 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 09:39:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 292302
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Mar 2024 09:39:21 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 30A6 1 KB
643 B 15ms
12ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3866
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 17:46:37 GMT
etag: 48472445140208031
expires: Thu, 23 Mar 2023 17:46:37 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

pvs.gif Show response
ssl.hurra.com/ Frame 3909
Redirect Chain

https://ssl.hurra.com/pvs.gif?cid=397&tid=37148
https://ssl.hurra.com/pvs.gif?bd3p=1&cid=397&tid=37148

43 B
275 B

19ms
16ms

Script
image/gif

62.144.160.15
ECOTEL

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.hurra.com/pvs.gif?bd3p=1&cid=397&tid=37148

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

62.144.160.15 Düsseldorf, Germany, ASN12312 (ECOTEL, DE),

Reverse DNS

Software

nginx /

Resource Hash

f4eef8263281c0b26486637831251059757bc3fdc4c3a48045a8ef8646b36e8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
strict-transport-security: max-age=31536000
server: nginx
p3p: CP="NOI CUR OUR STP", policyref="/w3c/p3p.xml"
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
expires: Fri, 10 Apr 1973 05:00:00 GMT

Redirect headers

location: https://ssl.hurra.com/pvs.gif?bd3p=1&cid=397&tid=37148
date: Wed, 22 Mar 2023 18:51:03 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
server: nginx
content-length: 0
p3p: CP="NOI CUR OUR STP", policyref="/w3c/p3p.xml"

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/5679832485042972162/ Frame 595A 100 KB
20 KB 14ms
13ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5679832485042972162/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1103d670c9b03db734d17c618cfb9d16cb4ca438b6bf005150a0b2039ffdb3df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 2751
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 20535
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:05:12 GMT
expires: Thu, 21 Mar 2024 18:05:12 GMT
last-modified: Fri, 15 Jul 2022 06:27:36 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3909 0
0 56ms
55ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu2pf7K_HN7zLard_VicebTHif9gJvyKPMIMl0qOGoP_ucgXPln5kqQYxoEfwxqWyv-J7xNJ5KVDdHKqkP13C5lEaSEFP4jcCI1Z9j86UBf8PJTev47zpYX-IHUZIfpR54WOeFliIVPcCYDSCHwO_c6YFLenNz2yBXfhvGyZxxhrLdg97R0APP7p-2hIirA9vdwshtPcb3O45T7Y9QFIM5R3scqt9esNSRkYStH5piGXWh3nzccLJ3uWdhP2DCbpTgbBMIuAj4u3mj_mEmDZ6jyOBH0X7d-A0gGeAJx1HssTTbPTQZgvFYp4IM8b6wZHRSEZlKNjIi1KmVqM2bJXY7WuDIcF5IzcOgts9-NycHEehgk5Ox_ZU1KVrkRQwgDkKf6h_AcGGN_L48v7mNTEo6dCRqbXYo0CyhHBROEsQZ23v0v_UQDi3KuLWSSITKWJJtRRrLh7IdujrbdVCwTNEG_3NHuRumRiAcwy7iEtzhoOZmOlzu_zqspfYwOimlX_KMOAbICexxchRZuSEoxUbUqorjKOxyC-yaOz_U1iF8DZa55JzcZttHNfNxNmB6TjFtvxc4OXkHwVmLCdnX1yu8lZOQ9PwNx7_dqEXVE92WanRR5t7zGtCsZG7gYNRLuSJPv_qQVv-kNYGwAs2mbyjEudKL7clS62MU8-2pytt1KPpBtewx55iWpyguOtYkic1JNIHHiNQEfe4xOgd3owUTXo0w85yxTWZs8rPDcZRH4O8xeHzyRG1qfpuh-jmO3OvDrvteoaUyhRsqYQPXzzNUMCT7fW8nD4z1Bj8N0XaIj83RvldRt1HG5xVbmoCBmejWY36phpcA78h9tKHkhHzolvecVPQ2EPTYlODUpNXyylE9Nh_9f5pi87iQ4dZcVzGpQ19dzx1ayD2_EfHNviERQF09gKo6ZsHkIu6mgy37-Lg79JNPmh_IRynlAchQhLjVPvIRjlB1HnTnsP6bx-3RnEJ2FcMou7_QehC9dO28qx6KFVZIKcytbSJdUmQykDPM7liaB1g02vo11sEDuRKnguu3UyuMmVrBJo6XMj03h87c-oP1S_lpKqaWdE67COjDfknrcXnSSU3jX0h1-rVfhnM6GpeMSB8nwNaJ1BBRgdql_WYhlKOl8h8q7Pb1ST-2sZ0IC81ufBnkdkYKGTbBMe8RvXI8PmMD0ehUryMTeICkDBilRGRygahQtbYHKZ_PLk69tzQMoFcztow0sx_8e5UDYCS2hSFR8D-WkPWeeJxiQhxzohIZH1UPmQCEd5ip34tMz7i75o-GC05i2eTs9u11-uWAiCumsFJgEIsS9GsDoP9bGRtwuihDeh7s&sai=AMfl-YTr5aa_p6r6XsDCcGK8RDbKBEGTMnIy7NzFRRUnFwSqNObtGuJGxIpLbzeByaRfVr3UFmYZmgrnE78nw60wiponZRvAhDFj-1qDs0O5wjNbdPsT7dJwNNbLf5wHNZV02nDgEVG11zJYSzJsonV-2bPGFiAGiVGnp1o21QFR6wVUMsUwuIoy9c72oWGe0oKfbtEB-WxD-s8JLMUic2yNz7upWYsR2LPvs2HJm3cU4ZfaWSDPe5kjx6fSt3q1N1zksZS0T34&sig=Cg0ArKJSzPgRxpgS95QgEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=43&cbvp=1&cstd=41&cisv=r20230320.80633&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 22 Mar 2023 18:51:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 22 Mar 2023 18:51:03 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 92F8 22 KB
8 KB 13ms
12ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 363893
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 13:46:10 GMT
expires: Sun, 17 Mar 2024 13:46:10 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3909 0
20 B 46ms
46ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodarir&v=30&d=1&s=1&f=0.01&bgai=BKoXeF04bZIWYFcTGx_AP5eGzmAkAAAAAOAHgBAI

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 30A6
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAH6BM4Nt_btcBaW7-lyp68&google_cver=1&google_push=Aa02lx_pRyYPjeq1mUsdJuLXSx1KPwt1yVaXT0mQ_3ddtC4cVTkx2a_QI-zqeZNoO_VaZ332vLOW5KpV58XPgGHDOC6CPuYCz3d8n...
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzU0NDUxOTUzNjE4MzA5ODkzMw==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEJdMzNnvlRE1QUQNpfhnW0w&google_cver=1

43 B
398 B

141ms
18ms

Image
image/gif

46.228.164.11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEJdMzNnvlRE1QUQNpfhnW0w&google_cver=1
Requested by: Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 46.228.164.11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEJdMzNnvlRE1QUQNpfhnW0w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 30A6
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEAgBFCyTXloH1006nzMNjbg&google_cver=1&google_push=Aa02lx_NJ9dBXIvJeOiUd-0XWtvzQ2VaKnyFTQkmCEHMoZJCBzcdrqrm-xFlM1TJEj9aVxPPpN0eA5P6o9LVAUn2...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aa02lx_NJ9dBXIvJeOiUd-0XWtvzQ2VaKnyFTQkmCEHMoZJCBzcdrqrm-xFlM1TJEj9aVxPPpN0eA5P6o9LVAUn2dYrOHtXzXp2QrZUAPBcYG-76T_ia9O...

170 B
188 B

26ms
24ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aa02lx_NJ9dBXIvJeOiUd-0XWtvzQ2VaKnyFTQkmCEHMoZJCBzcdrqrm-xFlM1TJEj9aVxPPpN0eA5P6o9LVAUn2dYrOHtXzXp2QrZUAPBcYG-76T_ia9OyVUrvkwgh5RRlKVBilKGirdt0

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 22 Mar 2023 18:51:03 GMT
Server: MT3 668 4401257 master zrh-pixel-x15 config_version:"unknown"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aa02lx_NJ9dBXIvJeOiUd-0XWtvzQ2VaKnyFTQkmCEHMoZJCBzcdrqrm-xFlM1TJEj9aVxPPpN0eA5P6o9LVAUn2dYrOHtXzXp2QrZUAPBcYG-76T_ia9OyVUrvkwgh5RRlKVBilKGirdt0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 22 Mar 2023 18:51:02 GMT

GET
H2 200 i.match
a.tribalfusion.com/ Frame 30A6 43 B
385 B 202ms
198ms Image
image/gif 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEDSjUvnDOGGDo2EkijEr25Y&google_cver=1&google_push=Aa02lx_97o_E5jHPnRsLPnS9bYp7M5t8A0yURs0PLniAe7bd2nhV8AFgg-Y1jTcFlZId2WpOWoHgOLHRjrDDcDcax0nHwi3fYynBQqL79wkfl2-zCeOIfFNDt2_wRzmH9Y_ohqaBdWbTsmKi&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx_97o_E5jHPnRsLPnS9bYp7M5t8A0yURs0PLniAe7bd2nhV8AFgg-Y1jTcFlZId2WpOWoHgOLHRjrDDcDcax0nHwi3fYynBQqL79wkfl2-zCeOIfFNDt2_wRzmH9Y_ohqaBdWbTsmKi%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7ac09fb29b38995d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 30A6
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESECso_g2Z2dHaNDpbu-rufDI&google_cver=1&google_push=Aa02lx_k5DLgJ7Cs1Oa5RaaDybkKpR7B8DuhkM_R1vnQCj3Ifeq_DNQONr66pK683ZobErCm8yQV3OjVCAgrrdrZKJ0bpyTY6waun_...
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=F1BB52E6DE744CCEA99EC7DB806D18AA&google_push=Aa02lx_k5DLgJ7Cs1Oa5RaaDybkKpR7B8DuhkM_R1vnQCj3Ifeq_DNQONr66pK683ZobErCm8yQV3OjVCAgrrdr...

170 B
188 B

21ms
21ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=F1BB52E6DE744CCEA99EC7DB806D18AA&google_push=Aa02lx_k5DLgJ7Cs1Oa5RaaDybkKpR7B8DuhkM_R1vnQCj3Ifeq_DNQONr66pK683ZobErCm8yQV3OjVCAgrrdrZKJ0bpyTY6waun_ye3aJefNwW-TWpe9VeDDVN0_uAWOSIuN2BO_LVgLdp

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 22 Mar 2023 18:51:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=F1BB52E6DE744CCEA99EC7DB806D18AA&google_push=Aa02lx_k5DLgJ7Cs1Oa5RaaDybkKpR7B8DuhkM_R1vnQCj3Ifeq_DNQONr66pK683ZobErCm8yQV3OjVCAgrrdrZKJ0bpyTY6waun_ye3aJefNwW-TWpe9VeDDVN0_uAWOSIuN2BO_LVgLdp
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Tue, 21 Mar 2023 18:51:03 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 30A6
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=y9-tjvwlRA60jCTCeS3U2w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

29ms
29ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=y9-tjvwlRA60jCTCeS3U2w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aa02lx9_t1XEDYD3ye1BmuDx90IKcGcnf1hMfso8LyT7OfnY5R3b7Ygar9FS1BSRC07iVx-dG3y81jdRAY7-hCatk76Ft6VKfvSTxSZ4dtmmXQoQmZOVp9JYi5-zpJK_Q5nSTFUI-SUOfJE3

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=y9-tjvwlRA60jCTCeS3U2w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aa02lx9_t1XEDYD3ye1BmuDx90IKcGcnf1hMfso8LyT7OfnY5R3b7Ygar9FS1BSRC07iVx-dG3y81jdRAY7-hCatk76Ft6VKfvSTxSZ4dtmmXQoQmZOVp9JYi5-zpJK_Q5nSTFUI-SUOfJE3
date: Wed, 22 Mar 2023 18:51:02 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 30A6
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFrzxeXCbICfgwoFNo4WC2Q&google_cver=1&google_push=Aa02lx-dVXieczWM5FRbr7oRhSCUGqPNBYnSNOoPHFiJB0gmAfNkpiG6pcUaBAQSZMBw9DYN6aF...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZLMUlVSU0tRC1KRjlB&google_push=Aa02lx-dVXieczWM5FRbr7oRhSCUGqPNBYnSNOoPHFiJB0gmAfNkpiG6pcUaBAQSZMBw9DYN6aF6AyORXLPI5fnXUcYGhE7IjAlJm6z3e...

170 B
188 B

31ms
30ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZLMUlVSU0tRC1KRjlB&google_push=Aa02lx-dVXieczWM5FRbr7oRhSCUGqPNBYnSNOoPHFiJB0gmAfNkpiG6pcUaBAQSZMBw9DYN6aF6AyORXLPI5fnXUcYGhE7IjAlJm6z3eewRDKPFlfyWWkO2eXv7tmIOCbI-6eS_tumnrJ65

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZLMUlVSU0tRC1KRjlB&google_push=Aa02lx-dVXieczWM5FRbr7oRhSCUGqPNBYnSNOoPHFiJB0gmAfNkpiG6pcUaBAQSZMBw9DYN6aF6AyORXLPI5fnXUcYGhE7IjAlJm6z3eewRDKPFlfyWWkO2eXv7tmIOCbI-6eS_tumnrJ65
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: c1913d0f161dfd12bb229b87994a2d1d
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 30A6
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEM...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=Aa02lx_Qp307NFk81UMDLFqV18kDCtB3vnbuhD7nuZwTGwjEOKwUcE4AHBwDmyDRJOmlniT2oaqH-9CuI-BuDY3CKyuSFgJRB446CzxWpvCEDA5zZ2w1Dcld7L1nFslgdhY...
https://sync.targeting.unrulymedia.com/csync/RX-7b90ebed-29dc-4aa7-8ca9-53ee7716a650-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAa02lx_Qp307NFk81UMDLFqV1...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=Aa02lx_Qp307NFk81UMDLFqV18kDCtB3vnbuhD7nuZwTGwjEOKwUcE4AHBwDmyDRJOmlniT2oaqH-9CuI-BuDY3CKyuSFgJRB446CzxWpvCEDA5zZ2w1Dcld7L1nFslgdhY3O4NT...

170 B
188 B

24ms
23ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=Aa02lx_Qp307NFk81UMDLFqV18kDCtB3vnbuhD7nuZwTGwjEOKwUcE4AHBwDmyDRJOmlniT2oaqH-9CuI-BuDY3CKyuSFgJRB446CzxWpvCEDA5zZ2w1Dcld7L1nFslgdhY3O4NTTGJqPDY&google_hm=A3uQ6-0p3EqnjKlT7ncWplA

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=Aa02lx_Qp307NFk81UMDLFqV18kDCtB3vnbuhD7nuZwTGwjEOKwUcE4AHBwDmyDRJOmlniT2oaqH-9CuI-BuDY3CKyuSFgJRB446CzxWpvCEDA5zZ2w1Dcld7L1nFslgdhY3O4NTTGJqPDY&google_hm=A3uQ6-0p3EqnjKlT7ncWplA
date: Wed, 22 Mar 2023 18:51:03 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX7b90ebed29dc4aa78ca953ee7716a650003
content-type: text/html

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 30A6 0
12 B 63ms
61ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IKxcBnYTGxmCOPuHK0gmxLMFOFHYaH1-4mMMuMqoGaF2NRPMCF_j2QeZa7kjC3tQrDqfvV

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:03 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 92F8 36 KB
14 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fb29d4a25891606c32c76a3971a06ceb33d2750c966578813492dec8d38b851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 19:27:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 170638
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14330
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 19 Mar 2024 19:27:05 GMT

GET
H3 200 2740767399393350 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 157ms
157ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2740767399393350?v=2.9.99&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c0147cfaf9052893e9a24a1dc6b565de3281b23436ab4d312b883e3cd40eec7d

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 22 Mar 2023 18:51:03 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: jMpJlLVh3DoVOfWgQfqFdlAqmi8XeT3zRQeOI4rerZTN+AfR2C/vQHMsqgO7nXS5LYjwD8kin6ylVspc5oLiwQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 595A 29 KB
10 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5679832485042972162/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5679832485042972162/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2752
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 18:05:11 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3909 0
0 48ms
48ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu2pf7K_HN7zLard_VicebTHif9gJvyKPMIMl0qOGoP_ucgXPln5kqQYxoEfwxqWyv-J7xNJ5KVDdHKqkP13C5lEaSEFP4jcCI1Z9j86UBf8PJTev47zpYX-IHUZIfpR54WOeFliIVPcCYDSCHwO_c6YFLenNz2yBXfhvGyZxxhrLdg97R0APP7p-2hIirA9vdwshtPcb3O45T7Y9QFIM5R3scqt9esNSRkYStH5piGXWh3nzccLJ3uWdhP2DCbpTgbBMIuAj4u3mj_mEmDZ6jyOBH0X7d-A0gGeAJx1HssTTbPTQZgvFYp4IM8b6wZHRSEZlKNjIi1KmVqM2bJXY7WuDIcF5IzcOgts9-NycHEehgk5Ox_ZU1KVrkRQwgDkKf6h_AcGGN_L48v7mNTEo6dCRqbXYo0CyhHBROEsQZ23v0v_UQDi3KuLWSSITKWJJtRRrLh7IdujrbdVCwTNEG_3NHuRumRiAcwy7iEtzhoOZmOlzu_zqspfYwOimlX_KMOAbICexxchRZuSEoxUbUqorjKOxyC-yaOz_U1iF8DZa55JzcZttHNfNxNmB6TjFtvxc4OXkHwVmLCdnX1yu8lZOQ9PwNx7_dqEXVE92WanRR5t7zGtCsZG7gYNRLuSJPv_qQVv-kNYGwAs2mbyjEudKL7clS62MU8-2pytt1KPpBtewx55iWpyguOtYkic1JNIHHiNQEfe4xOgd3owUTXo0w85yxTWZs8rPDcZRH4O8xeHzyRG1qfpuh-jmO3OvDrvteoaUyhRsqYQPXzzNUMCT7fW8nD4z1Bj8N0XaIj83RvldRt1HG5xVbmoCBmejWY36phpcA78h9tKHkhHzolvecVPQ2EPTYlODUpNXyylE9Nh_9f5pi87iQ4dZcVzGpQ19dzx1ayD2_EfHNviERQF09gKo6ZsHkIu6mgy37-Lg79JNPmh_IRynlAchQhLjVPvIRjlB1HnTnsP6bx-3RnEJ2FcMou7_QehC9dO28qx6KFVZIKcytbSJdUmQykDPM7liaB1g02vo11sEDuRKnguu3UyuMmVrBJo6XMj03h87c-oP1S_lpKqaWdE67COjDfknrcXnSSU3jX0h1-rVfhnM6GpeMSB8nwNaJ1BBRgdql_WYhlKOl8h8q7Pb1ST-2sZ0IC81ufBnkdkYKGTbBMe8RvXI8PmMD0ehUryMTeICkDBilRGRygahQtbYHKZ_PLk69tzQMoFcztow0sx_8e5UDYCS2hSFR8D-WkPWeeJxiQhxzohIZH1UPmQCEd5ip34tMz7i75o-GC05i2eTs9u11-uWAiCumsFJgEIsS9GsDoP9bGRtwuihDeh7s&sai=AMfl-YTr5aa_p6r6XsDCcGK8RDbKBEGTMnIy7NzFRRUnFwSqNObtGuJGxIpLbzeByaRfVr3UFmYZmgrnE78nw60wiponZRvAhDFj-1qDs0O5wjNbdPsT7dJwNNbLf5wHNZV02nDgEVG11zJYSzJsonV-2bPGFiAGiVGnp1o21QFR6wVUMsUwuIoy9c72oWGe0oKfbtEB-WxD-s8JLMUic2yNz7upWYsR2LPvs2HJm3cU4ZfaWSDPe5kjx6fSt3q1N1zksZS0T34&sig=Cg0ArKJSzPgRxpgS95QgEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=206&vt=11&dtpt=163&dett=3&cstd=41&cisv=r20230320.80633&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 22 Mar 2023 18:51:03 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/5679832485042972162/ Frame 595A 3 KB
1 KB 12ms
10ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5679832485042972162/logo.svg

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9f03509718beb4070d2850b743d60a459a91d5c2510a0698675f1f2132e55468

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5679832485042972162/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2750
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1469
x-xss-protection: 0
last-modified: Fri, 15 Jul 2022 06:27:36 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Mar 2024 18:05:13 GMT

GET
H3 200 cta-text.svg
s0.2mdn.net/sadbundle/5679832485042972162/ Frame 595A 7 KB
2 KB 15ms
12ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5679832485042972162/cta-text.svg

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b824042a7108079234121c8a6e471f11b166bd4bacf85fb9cab29a9341eb647

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5679832485042972162/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2750
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2257
x-xss-protection: 0
last-modified: Fri, 15 Jul 2022 06:27:36 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Mar 2024 18:05:13 GMT

GET
H3 200 text2.svg
s0.2mdn.net/sadbundle/5679832485042972162/ Frame 595A 8 KB
3 KB 14ms
12ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5679832485042972162/text2.svg

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72def4e68fd499ad2d5345f3c286c6d1d88bc598a3b45b4455391cd7b1592134

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5679832485042972162/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2750
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2612
x-xss-protection: 0
last-modified: Fri, 15 Jul 2022 06:27:36 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Mar 2024 18:05:13 GMT

GET
H3 200 text1.svg
s0.2mdn.net/sadbundle/5679832485042972162/ Frame 595A 10 KB
3 KB 16ms
14ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5679832485042972162/text1.svg

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1057b8ed3ef6806faf71741bc9476f2db6f027f62e347f4ef8f9d690360b7f17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5679832485042972162/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2750
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3047
x-xss-protection: 0
last-modified: Fri, 15 Jul 2022 06:27:36 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Mar 2024 18:05:13 GMT

GET
H3 200 img2.jpg
s0.2mdn.net/sadbundle/5679832485042972162/ Frame 595A 16 KB
16 KB 17ms
15ms Image
image/jpeg 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5679832485042972162/img2.jpg

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9cb4e74076459ccc3bb09de541dfa85d7d37a9cb250384019de24696e11da40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5679832485042972162/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:13 GMT
x-content-type-options: nosniff
age: 2750
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16103
x-xss-protection: 0
last-modified: Fri, 15 Jul 2022 06:27:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Mar 2024 18:05:13 GMT

GET
H3 200 img1.jpg
s0.2mdn.net/sadbundle/5679832485042972162/ Frame 595A 10 KB
10 KB 18ms
16ms Image
image/jpeg 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5679832485042972162/img1.jpg

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5201146d9345f8638a180ba79f59d3fd3f269b95e1c47c4226773871b2b3d56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5679832485042972162/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:13 GMT
x-content-type-options: nosniff
age: 2750
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10450
x-xss-protection: 0
last-modified: Fri, 15 Jul 2022 06:27:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Mar 2024 18:05:13 GMT

GET
DATA 200
OK truncated
/ Frame 595A 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 92F8 0
20 B 52ms
50ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BKoXeF04bZIWYFcTGx_AP5eGzmAkAAAAAOAHgBAI&bg=!urmlue3NAAZEjmHWZI47ADkAdvg8WnZyVxGG9fWYHHxfWrCJ7MI5qtEQRcYFyEqDXRwGrCNTBrLowp3Dd6CAD7WueziqRHNCagkCAAAAkVIAAAACaAEHCgBfshucFsmKby_116byfCDZxXMk9dRP6TyjO64IvaVF65PcwfJyvpWY-EQ0znxTORW85SylgHDqmKDhw-LEOqzPaFRDuD4iVQWDHe-oDoMFPKBXvZFfde14gop56-uZrNeZAvWLjmopmoa26qXEtjWwVGvVUcPYS_E7D6k4KKH_gF5lTAJOhIxw1FBGWnupvXW1OCfcWg_mleEQtdKrLY-sk8iJ6LMLeNOTUGeCCVC2aqRmOT0GAA39rJGowUiU7fNDEO54TdnXnBIyV0D6BYRgwyvM-kt7z7Wlc2NZQKmunDRdHEDrKXnbga2H0s6RZlmbJPS-fiMkwMKIN6lieFvDtjd158Es-i2mjQE16mEOLuguFkAL6X8e88fyGysXuv3FRRO__nmTmf9FlDbGpTWuzAMsrKc8OdCkiSBnzuPsfBas7ztUx21xMJMnjdm1Ed4nS1bN6KinzlX9r5fVT4TYr8Q0xYhX0suDbLfnIEr0eFiL90YtvLudSQm6_SydxFHrMk2irI5d3IqhduOyl1fZxua0gsIS0AUeJx5uQ7lBSr-xH8Y8quKukcstKpaNqfkkwyXRGT4lgNNK5qa_EvoFBPRVSpgJSw_DI_-3WYNKxPJYxSYvElzi-SAhhVtHZXpKFz-Hl_A6D697krDc27ZKWvRUebb2RQrk7daAc32p4IbRKhg8IfSoQkCizh4HqqUWA_XY4k8G2CWSZq39bAywHFGyWa05om0ZrJ5lAgdjUeGTvPo_uNSjPKcf2GoeXgFleN10e1AAVAek82yJXHPxPghAOCMc5ysQu9yu5ku_dts_f-nxpp2L85u0fwqIcilRnAC_BaEW8yxCrnDvGlidO6FBIx5PrDRzivLj2TvIRXJ9abAKH7n5aLSWrn2_MAO6eury4tBhMHfzj6iFTRJ4UuUom6XW1XfbuGI944sp9Prg9XRXTimfmVsvDaWrLXmLLpuMEVMzgPDnFbEP2lEQ50zCHaxT-T22FZueFE9JWmKzFxlyYp-SZs0PrKJAWFIFqj0Vfeg-k2Dh22khF1A943M0QsFbAGhDhY_eTt0HCz3Guv_KsR47Gy3ug1Suk9QHsOAdClpfJcwfURjkEd3xqoFq0VZXlVFF18QstUm8T_-b4J8Kwb4o

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame DB67 6 KB
3 KB 10ms
9ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mestreemfinancas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:51:02 GMT
expires: Thu, 21 Mar 2024 18:51:02 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame DB67 4 KB
732 B 21ms
20ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 22 Mar 2023 18:51:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 22 Mar 2023 17:00:54 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 22 Mar 2023 18:51:03 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 49E2 624 B
242 B 52ms
50ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMY57Hh4QEwAQ&v=APEucNUFmEfchAwPmD-UEATHaruhMEHwdSzxG7a4Qmew4vgUU_5T1mJlzsalui1Xz3BvRA5SoshtWCFxJRWqNWNMDoOtX_FkTZdnDcFc_kPBqlBtRnUrLGknEr1h8K0QEh6Ntw2XioMclp61Atz5yDubRdob5OC-v7sx0rxeyEwZvgRZuOU8BhE

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:51:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 43C0 78 KB
27 KB 59ms
56ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 22 Mar 2023 18:51:03 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230320/r20110914/client/ Frame 43C0 3 KB
1 KB 13ms
10ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230320/r20110914/client/window_focus_fy2021.js

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 16:31:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8368
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Apr 2023 16:31:35 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230320/r20110914/client/ Frame 43C0 20 KB
8 KB 13ms
10ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230320/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 11:58:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24752
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Apr 2023 11:58:31 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 43C0 0
0 22ms
19ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQngKF5ZG2POmRLaMVQbzrHUAVXGwE6hMYdwmNohwyw5eliWLdVI7qi2Y-vRx1NszoK9G0SoYeRMF65yjnB4UvE6GBgGg
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 43C0 158 KB
48 KB 122ms
119ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe14bc8a4e294c047589838fd09a3efc81771751a0be03ea8ec99e734e965fd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679312138029146"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Mar 2023 18:51:03 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 43C0 42 B
63 B 46ms
44ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B4994VODBvv3n3etNpBdQaB79VcmcstmQYNjGckFzuhZjtiZxSgve_U-ohycilREeEYtj1TMkHBd24OnkSt6VI3iit4k-l360EHANWw0zJItmOYxQ

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 43C0 0
20 B 46ms
43ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=16374913502880818389&x=1&ct=76

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230320/r20110914/elements/html/ Frame DB67 20 KB
8 KB 13ms
11ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230320/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0102fdfbd0b06f4718e32f6586659557a6234c0111940c1fa3d697c42b067c1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 18:58:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85975
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8563
x-xss-protection: 0
server: cafe
etag: 3720302941478166528
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Apr 2023 18:58:08 GMT

GET
H3 200 9038410082867569 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 156ms
156ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/9038410082867569?v=2.9.99&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2e3fca3b6adcefb77b53a3088ac08e65951566785a9bfc895bbcccd05745c863

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 22 Mar 2023 18:51:03 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: zPUjbaA1Tr1KZ3kCs7kTZ7K2ZFD2YJlU/xahqlBu6nWien/gKHix2G3oNUP0MmtrR1KBhsp0xUoy9tha1l24Iw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 49E2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEATydRkdqtW-378Ifpl2B3w&google_cver=1

43 B
766 B

11ms
11ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEATydRkdqtW-378Ifpl2B3w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMY57Hh4QEwAQ&v=APEucNUFmEfchAwPmD-UEATHaruhMEHwdSzxG7a4Qmew4vgUU_5T1mJlzsalui1Xz3BvRA5SoshtWCFxJRWqNWNMDoOtX_FkTZdnDcFc_kPBqlBtRnUrLGknEr1h8K0QEh6Ntw2XioMclp61Atz5yDubRdob5OC-v7sx0rxeyEwZvgRZuOU8BhE
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Mar 2023 18:51:03 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=493
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEATydRkdqtW-378Ifpl2B3w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 49E2
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZBtOFl9ZHM8Zuf1wW4cdpgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEATydRkdqtW-378Ifpl2B3w&google_cver=1

43 B
766 B

12ms
12ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEATydRkdqtW-378Ifpl2B3w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMY57Hh4QEwAQ&v=APEucNUFmEfchAwPmD-UEATHaruhMEHwdSzxG7a4Qmew4vgUU_5T1mJlzsalui1Xz3BvRA5SoshtWCFxJRWqNWNMDoOtX_FkTZdnDcFc_kPBqlBtRnUrLGknEr1h8K0QEh6Ntw2XioMclp61Atz5yDubRdob5OC-v7sx0rxeyEwZvgRZuOU8BhE
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Mar 2023 18:51:03 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=492
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEATydRkdqtW-378Ifpl2B3w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 49E2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEE3mphcpX1WZ7E6YRVcRuy0&google_cver=1

43 B
1 KB

11ms
11ms

Image
image/gif

37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEE3mphcpX1WZ7E6YRVcRuy0&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMY57Hh4QEwAQ&v=APEucNUFmEfchAwPmD-UEATHaruhMEHwdSzxG7a4Qmew4vgUU_5T1mJlzsalui1Xz3BvRA5SoshtWCFxJRWqNWNMDoOtX_FkTZdnDcFc_kPBqlBtRnUrLGknEr1h8K0QEh6Ntw2XioMclp61Atz5yDubRdob5OC-v7sx0rxeyEwZvgRZuOU8BhE

Protocol

HTTP/1.1

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Mar 2023 18:51:03 GMT
AN-X-Request-Uuid: 74f80e77-f5f0-4eaf-a7fb-03b11302c68a
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 81.95.5.35; 81.95.5.35; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEE3mphcpX1WZ7E6YRVcRuy0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 49E2
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjUwOTQ3NjQwMDY1NTU0Mjc2OA%3D%3D

170 B
188 B

28ms
28ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjUwOTQ3NjQwMDY1NTU0Mjc2OA%3D%3D

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 22 Mar 2023 18:51:03 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 81.95.5.35; 81.95.5.35; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 3119e32b-47ed-4b70-914c-1fb4e9a9e47a
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjUwOTQ3NjQwMDY1NTU0Mjc2OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 43C0 0
20 B 46ms
45ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3439152404321&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 43C0 0
20 B 46ms
45ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3439152404321&version=m202301230201&ct=76&x=1&cor=16374913502880820000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 43C0 109 KB
41 KB 70ms
70ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DZo3Cl_l5nAQYVD3K4jB5k3puhYnn3n0Qt4i-PXatnCKbffzbdVI6R13AZp9JHpWp6MT0xzmy2emaz_My_a2uvdv5maIzMdKde5lWNwpJooCqrONBVHYlHo3PYuSeDnJQB9Ds5h6n8w1gGA-rJy7masOH2h-aZX9LVD0alRUSd645lUzY&dbm_d=AKAmf-CdpbNZJzrp1wwaz_M_DvoOKVOprnaFxpAAHc6Ygfwi_iOKndackvz2p1DW2eLAJt6ZkpVg56gfRq0UL4aW6bqFhOG8GViX9MSUZgnZdNKHaeXPSKaJsLKpBNzn9QNyr3fOPR8vqP8AcAdedAVx7M38QiAmO9fmn3Pg5IIbRGglTqJk8d3yBPRBWWEJ0DtE1sRBBvXy_PX2wyGYaAP0b9XkpJnrg96HMj5FHqD64mLk_maB5B46j-puTUaiTfS5SkD8YqJPZA7h16IETFwQ16aL9I_fs-yM0Ymd5wsUZMTPLkhfpQV87oG5ehHFtnHF9P3SP-bqWw1r5F8_wvwMPM-1u4lQWlVx4KCa795VryUubrOsRKl3fdOZD6CnTnm8e488PVifSiMwiqDWqXnG9ql6YNjM-8q0nKdK8qsLib330emtPJxYS5LAfKGwALSPrWaJCUjmZvI4co8ebgSth3Yzd6RBYO70dpdFXc7Q0TB7-A2vTmKv-7uOtefDZ248MSxmQrcNx5tih8zpS6kALDBatFqVW97x1X-_uq22LobLDytvHUPtH59hmp_CrBevZwSv5dqo0FATd469ieYhIt6o-Y2SibepMTT4fPX2Wnr_t1epWKztsXp2HdgGxzUZAwjHJzNWXW2qeQVCYLRK8-i-itYPnMFxANBQiuc8vwDqJMesE9VxIGinhjGnggsG3458FC_7ij5Mr84wWbagZlLSzi_8TpK5Jnm-ApTB1GssVRADJYnmBG-0V5ksYUGYHevzBjf7KXjRxMnZQpP__rkBZ8V5GPGhKIseS3vgnCy2IH6WwqQD9BTeRM_tcPcGO4U6g048gPcTBTw_UcIQw7YUTrVxq2DffBasYNZ9c_OZt9ZRgz6wOobgnWptG9xpW-7R108wmdiqu7Zj_N1hzK3DnCUrfApAMorWHeianmFsdOd1lAC2dr7SVHaXxKOHvzrsnb6DWlMDAOihn1ofRvSewxPwUV316gf3Uvv1ydNGqu0HJfJRR-mG_z9iD6ouxyJF0q4nC0DQYr1wL5Jjm5ufc7W4H3-9TCJKzv7yiCZU_EnqrA6uBCOj2anTvTYFTUSPB0fmedVYjZwLXxksQ4vIzBbSDAPwb2X-iJqCDMcOd0syE5rLC-QvQt5X62hpisH5k4R3wK8vkeV1atfsz5Bx6EBMhF6vZQANzp7gQJSpNkbCl6j2c3z7b8xEFa_M1hrwBhlsKRaJh69VCb5uxHILE_GDc6qc6_O15b1cuQa8MUP462Tkvgq6fybW7J1uxjCudDJNXL6LaWBsOgjP9z3Ok0teklKwyhBKqmsRst4ar7gWnWYgd6sMwbJ-KqGuVbqgMUe_mtJmaLMCkLLKOvXPpszm1fkwfGzfNcGdZE7sUpvFKZcU8MMRtzeX4kvwGRiR1N27Sx73hkMruP7HWtxiJf8QbtDtq3YFFqnnELpLzTeXq1KD88tmQMYdIvhxzSSTrAeicgcutEs_I8KYawEdj7lpqLS10OGPxLdQtxflxGWtooebftWf3jUfcomxg1IEy65ugKJ0SFKPQMDoclA3G4_KdVNwRqaAMChK3IRHJdLmGr94qyaEpmFZCYDac2AiGC9S8TwGICv8PYX3ZFI3l0hbiifVS0x23cN77aX6mZGBn_pIA43pFdSrGKEV7WFBsqBeFVjQC8zcL6JlMFnTI3gCN-shvp81KcU0blxrhh1qj2jV-SV6g_RvbXyq-2q626UdIJyHrohSPp8QfVtB50j0xNlpDRW0hEG-tCYCgVZwiG0i990DbxCre9Nt_M_u1mt2iVgIOP1w35fGEJt9iK0WuAYR48PuHJV0E6NRUe0C507lwTdTlDW2KPVF71NeOAF7WJojQgx52HTBWq7m7_xjrL94KN_oE6AeT5hhHuCfJdNdMZFRKdWr3pOVYbZue3H3ZtJZ13JXwGNn0LIdiFJx7hDt1s75dyneyLNVQ_tzvXiDXXMONNKU9-6y556ap1MWcwebvZUOKtAofoIvgEeAEldxVc68lGY3AEM-cSUgp4XQmqNufx1BODGFd0kf2u-eEfvWTLaGajiTT0ZNSQdbObFm7UhfDntViaP_mtB0cwkDfbA3k4vi-8jSd51HsUys1vTU-WjZi-mqngP_ZC_mknm6wq1igIsTO9s-YMBD9nImZIJrvjReWP3Ro94fYCH1OF2hLpVgagRfuTYSVSSraR1UxoyHFPRqSYZmGGyjwUUXriTGwHBWR3srCRs2c5PseUJDy66pIHsvg1OA6XSoaz0EFiQGAh7C0rT2GW9fXh8FFFWKLeLPe0n6Fi1cN_4x0RpdSjSc2U7Uup17a5QQsaZd6lCkjAMrBNi2qqYEGidjCfhdeodWnD_WGemX65bjkul7kuwDe0BhpCDx6Z7oUKPJLSEyKRhA0EuymeTDthe0FrrD3UDzSNwx9nV5BKXJRujf583oI4lrFLG_SbxvS5ZhYuwmKB1_rSgbJAeeXlr_5DGu8dp4RH24q9ep1i7CAsI4DTcCH0ZVJkFPT-YfjTfCLjBa0EWiZ9j3WNV-yKVElfF5RpmqhoXDmXQ25RqzxpCELd4Z-T_zmlB_MDnaJHDYym8nBSXINVrSp8nmhq8Tmvtlp9mKG3GD-FcH3zXD-5ym2nCKzFSrxWuZ54HzQ_iJ9opc-7iWjzRjWUzT9Z5kgFPWQsG4_QyKX1EYmHrok_wGWVhMrew2mo02M3KycLnUgK2eRmGE0FEq_A806rCl1xZtUAbXVaeTuk0Ij9R9Y5rHuPcPimUxf-4lJueFjIlphy9s-iZyF9lkzOuzE4TaMZhDvhgU2vNEQj3UrxZZzf_Oh5nhnHs7vL_uIQm99K_Lepm_i4tXhJeW8ltT1WOdsb1Osh8s0kqnFEK8J9DDJ0T6LEAQyyiQrXotAH18oIM28BX1Hi2JvyPJyfO2iiRlqGFF1gr0fM2siNpTGIrSIyIMPvZREvhmXbp3vVV5sJDH_wihfrEW5ARbyDuXEHa8O5YDt7FUiL3MU-ucboxC-1-fh_3BPj6HEQ_33qvM471NN7iaIDJ6_I8Ens_LFnOyMtwcfjxdIqq5j3lBJZwsgTVB857Pptj-dCfANh3Yxkh_6A4LZRuIkD_Xpc4FmWiymLTF7_QlkCCo0Kh23TEC92wdOwB-Nv5kbBXlw7I7B3Ly9aEKQUWXfyuK95BYgc0HHyaWKY31FFvCTi2S1d05p2iCaGF0RrKdnbrKePXSSYoRqyNPetrv0FSvAgpTvvylKMA6qdcAor0S9OEMKSmL7Tmzl513O97HpW4AKniuzXR4AL_FO0pYcnHhcljRF4dxO_Zh0crnlX8qOgOgYVa6gO_EwSKUCiX8GjI2dpLWJd7qn1xte9qxC4KLSxgU6-QAQg5F7tju8mljnKwK9zrypTYlr7ajAlKzrsFGQhSEWo5-r7b-0gWauRLlHbuF-ftLWuUr7M8rUpZpjRz306JuO_TLkT6DOYBl8tNG_EAiUCOcJlKjcOseJ6LYtDRHZs0c_RpD2B_k0r0nHPwOS3Ioe3f3CreLufFGszFmk5vR53W5gshxe7I4J_kjgT904hWEP_iVxTH4f44VNnXW4nFlfjkP_9g--j8ZcIOe6l6JrQwPr7IQi8y06ROr_CoU5FdnuRMfqugbOuSw_ocXpk2iTkkmJlF84N9sIfNevaTo3YicQVJMT_rvCV8lnvuJ58YCIuZ69Nau8JfSgf3LF2a8GQ8bnQeD5Vdsk-nzeEZUgJQbKdgOsRntFWEo1ECOAoaZCoy9q-DX0ccK-adse7Z6&cid=CAQSPADUE5ymQzKdogFqJNtYalhSHT7ytFhczvybDvto2aPZBDj_wOvBGKJbFEQwf3g6HDCkY1GQDSNV7hmzzBgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fmestreemfinancas.com%2F&ds=l&xdt=1&iif=1&cor=16374913502880820000&adk=521587874&idt=67&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

481634786372faabfc8ec7d5d189fca926d79d21f08389563e7bdb605143d1b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41745
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1356883/69659741/ Frame 43C0 242 KB
73 KB 31ms
31ms Script
application/javascript 2a05:d018:dd0:6881:e518:8fca:7301:8eac
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1356883/69659741/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010506911&ias_pubId=pub-4894209870857905&ias_chanId=1&ias_placementId=19753436792&bidurl=https://mestreemfinancas.com/e-fgts-calamidade/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0g72OFfph9mlZzwJ5M6y_cC
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:dd0:6881:e518:8fca:7301:8eac Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 41c5e8097ad887b0e61183a6ea31537458acfb01c4287195774e0b7e936109ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 html_obb_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 43C0 169 KB
59 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_obb_rendering_lib_200_276.js

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd2056d3c5a5f9a087647154dc26dbed362a61b733a6cbc8d9e5330b4f4d4284

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
Origin: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2752
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60459
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 18:05:11 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230320/r20110914/elements/html/ Frame 43C0 11 KB
4 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230320/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DZo3Cl_l5nAQYVD3K4jB5k3puhYnn3n0Qt4i-PXatnCKbffzbdVI6R13AZp9JHpWp6MT0xzmy2emaz_My_a2uvdv5maIzMdKde5lWNwpJooCqrONBVHYlHo3PYuSeDnJQB9Ds5h6n8w1gGA-rJy7masOH2h-aZX9LVD0alRUSd645lUzY&dbm_d=AKAmf-CdpbNZJzrp1wwaz_M_DvoOKVOprnaFxpAAHc6Ygfwi_iOKndackvz2p1DW2eLAJt6ZkpVg56gfRq0UL4aW6bqFhOG8GViX9MSUZgnZdNKHaeXPSKaJsLKpBNzn9QNyr3fOPR8vqP8AcAdedAVx7M38QiAmO9fmn3Pg5IIbRGglTqJk8d3yBPRBWWEJ0DtE1sRBBvXy_PX2wyGYaAP0b9XkpJnrg96HMj5FHqD64mLk_maB5B46j-puTUaiTfS5SkD8YqJPZA7h16IETFwQ16aL9I_fs-yM0Ymd5wsUZMTPLkhfpQV87oG5ehHFtnHF9P3SP-bqWw1r5F8_wvwMPM-1u4lQWlVx4KCa795VryUubrOsRKl3fdOZD6CnTnm8e488PVifSiMwiqDWqXnG9ql6YNjM-8q0nKdK8qsLib330emtPJxYS5LAfKGwALSPrWaJCUjmZvI4co8ebgSth3Yzd6RBYO70dpdFXc7Q0TB7-A2vTmKv-7uOtefDZ248MSxmQrcNx5tih8zpS6kALDBatFqVW97x1X-_uq22LobLDytvHUPtH59hmp_CrBevZwSv5dqo0FATd469ieYhIt6o-Y2SibepMTT4fPX2Wnr_t1epWKztsXp2HdgGxzUZAwjHJzNWXW2qeQVCYLRK8-i-itYPnMFxANBQiuc8vwDqJMesE9VxIGinhjGnggsG3458FC_7ij5Mr84wWbagZlLSzi_8TpK5Jnm-ApTB1GssVRADJYnmBG-0V5ksYUGYHevzBjf7KXjRxMnZQpP__rkBZ8V5GPGhKIseS3vgnCy2IH6WwqQD9BTeRM_tcPcGO4U6g048gPcTBTw_UcIQw7YUTrVxq2DffBasYNZ9c_OZt9ZRgz6wOobgnWptG9xpW-7R108wmdiqu7Zj_N1hzK3DnCUrfApAMorWHeianmFsdOd1lAC2dr7SVHaXxKOHvzrsnb6DWlMDAOihn1ofRvSewxPwUV316gf3Uvv1ydNGqu0HJfJRR-mG_z9iD6ouxyJF0q4nC0DQYr1wL5Jjm5ufc7W4H3-9TCJKzv7yiCZU_EnqrA6uBCOj2anTvTYFTUSPB0fmedVYjZwLXxksQ4vIzBbSDAPwb2X-iJqCDMcOd0syE5rLC-QvQt5X62hpisH5k4R3wK8vkeV1atfsz5Bx6EBMhF6vZQANzp7gQJSpNkbCl6j2c3z7b8xEFa_M1hrwBhlsKRaJh69VCb5uxHILE_GDc6qc6_O15b1cuQa8MUP462Tkvgq6fybW7J1uxjCudDJNXL6LaWBsOgjP9z3Ok0teklKwyhBKqmsRst4ar7gWnWYgd6sMwbJ-KqGuVbqgMUe_mtJmaLMCkLLKOvXPpszm1fkwfGzfNcGdZE7sUpvFKZcU8MMRtzeX4kvwGRiR1N27Sx73hkMruP7HWtxiJf8QbtDtq3YFFqnnELpLzTeXq1KD88tmQMYdIvhxzSSTrAeicgcutEs_I8KYawEdj7lpqLS10OGPxLdQtxflxGWtooebftWf3jUfcomxg1IEy65ugKJ0SFKPQMDoclA3G4_KdVNwRqaAMChK3IRHJdLmGr94qyaEpmFZCYDac2AiGC9S8TwGICv8PYX3ZFI3l0hbiifVS0x23cN77aX6mZGBn_pIA43pFdSrGKEV7WFBsqBeFVjQC8zcL6JlMFnTI3gCN-shvp81KcU0blxrhh1qj2jV-SV6g_RvbXyq-2q626UdIJyHrohSPp8QfVtB50j0xNlpDRW0hEG-tCYCgVZwiG0i990DbxCre9Nt_M_u1mt2iVgIOP1w35fGEJt9iK0WuAYR48PuHJV0E6NRUe0C507lwTdTlDW2KPVF71NeOAF7WJojQgx52HTBWq7m7_xjrL94KN_oE6AeT5hhHuCfJdNdMZFRKdWr3pOVYbZue3H3ZtJZ13JXwGNn0LIdiFJx7hDt1s75dyneyLNVQ_tzvXiDXXMONNKU9-6y556ap1MWcwebvZUOKtAofoIvgEeAEldxVc68lGY3AEM-cSUgp4XQmqNufx1BODGFd0kf2u-eEfvWTLaGajiTT0ZNSQdbObFm7UhfDntViaP_mtB0cwkDfbA3k4vi-8jSd51HsUys1vTU-WjZi-mqngP_ZC_mknm6wq1igIsTO9s-YMBD9nImZIJrvjReWP3Ro94fYCH1OF2hLpVgagRfuTYSVSSraR1UxoyHFPRqSYZmGGyjwUUXriTGwHBWR3srCRs2c5PseUJDy66pIHsvg1OA6XSoaz0EFiQGAh7C0rT2GW9fXh8FFFWKLeLPe0n6Fi1cN_4x0RpdSjSc2U7Uup17a5QQsaZd6lCkjAMrBNi2qqYEGidjCfhdeodWnD_WGemX65bjkul7kuwDe0BhpCDx6Z7oUKPJLSEyKRhA0EuymeTDthe0FrrD3UDzSNwx9nV5BKXJRujf583oI4lrFLG_SbxvS5ZhYuwmKB1_rSgbJAeeXlr_5DGu8dp4RH24q9ep1i7CAsI4DTcCH0ZVJkFPT-YfjTfCLjBa0EWiZ9j3WNV-yKVElfF5RpmqhoXDmXQ25RqzxpCELd4Z-T_zmlB_MDnaJHDYym8nBSXINVrSp8nmhq8Tmvtlp9mKG3GD-FcH3zXD-5ym2nCKzFSrxWuZ54HzQ_iJ9opc-7iWjzRjWUzT9Z5kgFPWQsG4_QyKX1EYmHrok_wGWVhMrew2mo02M3KycLnUgK2eRmGE0FEq_A806rCl1xZtUAbXVaeTuk0Ij9R9Y5rHuPcPimUxf-4lJueFjIlphy9s-iZyF9lkzOuzE4TaMZhDvhgU2vNEQj3UrxZZzf_Oh5nhnHs7vL_uIQm99K_Lepm_i4tXhJeW8ltT1WOdsb1Osh8s0kqnFEK8J9DDJ0T6LEAQyyiQrXotAH18oIM28BX1Hi2JvyPJyfO2iiRlqGFF1gr0fM2siNpTGIrSIyIMPvZREvhmXbp3vVV5sJDH_wihfrEW5ARbyDuXEHa8O5YDt7FUiL3MU-ucboxC-1-fh_3BPj6HEQ_33qvM471NN7iaIDJ6_I8Ens_LFnOyMtwcfjxdIqq5j3lBJZwsgTVB857Pptj-dCfANh3Yxkh_6A4LZRuIkD_Xpc4FmWiymLTF7_QlkCCo0Kh23TEC92wdOwB-Nv5kbBXlw7I7B3Ly9aEKQUWXfyuK95BYgc0HHyaWKY31FFvCTi2S1d05p2iCaGF0RrKdnbrKePXSSYoRqyNPetrv0FSvAgpTvvylKMA6qdcAor0S9OEMKSmL7Tmzl513O97HpW4AKniuzXR4AL_FO0pYcnHhcljRF4dxO_Zh0crnlX8qOgOgYVa6gO_EwSKUCiX8GjI2dpLWJd7qn1xte9qxC4KLSxgU6-QAQg5F7tju8mljnKwK9zrypTYlr7ajAlKzrsFGQhSEWo5-r7b-0gWauRLlHbuF-ftLWuUr7M8rUpZpjRz306JuO_TLkT6DOYBl8tNG_EAiUCOcJlKjcOseJ6LYtDRHZs0c_RpD2B_k0r0nHPwOS3Ioe3f3CreLufFGszFmk5vR53W5gshxe7I4J_kjgT904hWEP_iVxTH4f44VNnXW4nFlfjkP_9g--j8ZcIOe6l6JrQwPr7IQi8y06ROr_CoU5FdnuRMfqugbOuSw_ocXpk2iTkkmJlF84N9sIfNevaTo3YicQVJMT_rvCV8lnvuJ58YCIuZ69Nau8JfSgf3LF2a8GQ8bnQeD5Vdsk-nzeEZUgJQbKdgOsRntFWEo1ECOAoaZCoy9q-DX0ccK-adse7Z6&cid=CAQSPADUE5ymQzKdogFqJNtYalhSHT7ytFhczvybDvto2aPZBDj_wOvBGKJbFEQwf3g6HDCkY1GQDSNV7hmzzBgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fmestreemfinancas.com%2F&ds=l&xdt=1&iif=1&cor=16374913502880820000&adk=521587874&idt=67&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a3501a3f0a7b6bc47f9f81c7be85b3603816fe2d3026ab4b396127ed9eb8895c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:32:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1131
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4115
x-xss-protection: 0
server: cafe
etag: 1914039858798321668
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Apr 2023 18:32:12 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230320/r20110914/ Frame 43C0 28 KB
11 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230320/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11f1414c6342d8a5a5124286921298b09b1e776f0aae7bbc4c83b96685166019

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:32:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1131
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10980
x-xss-protection: 0
server: cafe
etag: 17255800071175307161
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 05 Apr 2023 18:32:12 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 43C0 41 KB
15 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 09:39:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 292302
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Mar 2024 09:39:21 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2F80 1 KB
643 B 10ms
10ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3866
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 17:46:37 GMT
etag: 48472445140208031
expires: Thu, 23 Mar 2023 17:46:37 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/8960813517719584162/ Frame CC3D 104 KB
26 KB 22ms
22ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8960813517719584162/index.html?e=69&leftOffset=0&topOffset=0&c=btfVq0qUz1&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_obb_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1eea8603562c2f18b9fbbced671ceffa333d1a28e70723648371ff8f10a42ec8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:51:03 GMT
expires: Thu, 21 Mar 2024 18:51:03 GMT
last-modified: Tue, 07 Jun 2022 13:05:15 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 249F 22 KB
8 KB 15ms
14ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 363893
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 13:46:10 GMT
expires: Sun, 17 Mar 2024 13:46:10 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dpixel
cms.quantserve.com/ Frame 2F80 35 B
464 B 51ms
13ms Image
image/gif 2620:116:800d:21:de2e:c7b3:55c0:d5a0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPoDVfRiSOrP2CWsZIjS_kE&google_cver=1&google_push=Aa02lx8Z4lSZwSdQHyztc5f3y-FfnoNoo7ZWbEerP17ElIFzB_qlFXGUzH0kMblqxYCS2MOlKGJCT2T2V1Qon1rUQ-leOBRANEH9

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:de2e:c7b3:55c0:d5a0 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:04 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2F80
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEMtSzNGo_BiaXVe5uPRGKOs&google_cver=1&google_push=Aa02lx-3yoyAspHSjN7xgBdZQR7x50F1kx4fI_zX1BvFZ4quSnulmrBYYj8gAyWKJ7wUPEO1Zi64-8k072D_-ukx...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=I5tkG04YQACfH6La_sXQlQ&google_push=Aa02lx-3yoyAspHSjN7xgBdZQR7x50F1kx4fI_zX1BvFZ4quSnulmrBYYj8gAyWKJ7wUPEO1Zi64-8k072D_-ukx9WJH5F8F...

170 B
188 B

22ms
20ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=I5tkG04YQACfH6La_sXQlQ&google_push=Aa02lx-3yoyAspHSjN7xgBdZQR7x50F1kx4fI_zX1BvFZ4quSnulmrBYYj8gAyWKJ7wUPEO1Zi64-8k072D_-ukx9WJH5F8Fj7eZQQ

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 22 Mar 2023 18:51:03 GMT
Server: MT3 668 4401257 master zrh-pixel-x30 config_version:"unknown"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=I5tkG04YQACfH6La_sXQlQ&google_push=Aa02lx-3yoyAspHSjN7xgBdZQR7x50F1kx4fI_zX1BvFZ4quSnulmrBYYj8gAyWKJ7wUPEO1Zi64-8k072D_-ukx9WJH5F8Fj7eZQQ
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 22 Mar 2023 18:51:02 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2F80
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEPHNsyPMhAoiFeD2oSKMmlw&google_cver=1&google_push=Aa02lx9Mp-0Le-LzvP89rlBl-h4mNIUF35FPQlQ6zjannO0RzotwOJy8AFxrbtpLolHk8Rb5FXW4aT6g6iy...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aa02lx9Mp-0Le-LzvP89rlBl-h4mNIUF35FPQlQ6zjannO0RzotwOJy8AFxrbtpLolHk8Rb5FXW4aT6g6iyxVBCmwpvzUCwTyQwzqA&google_hm=y04OJ34eQ5WrHtC6mR...

170 B
188 B

38ms
36ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aa02lx9Mp-0Le-LzvP89rlBl-h4mNIUF35FPQlQ6zjannO0RzotwOJy8AFxrbtpLolHk8Rb5FXW4aT6g6iyxVBCmwpvzUCwTyQwzqA&google_hm=y04OJ34eQ5WrHtC6mRhrOiM

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:03 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aa02lx9Mp-0Le-LzvP89rlBl-h4mNIUF35FPQlQ6zjannO0RzotwOJy8AFxrbtpLolHk8Rb5FXW4aT6g6iyxVBCmwpvzUCwTyQwzqA&google_hm=y04OJ34eQ5WrHtC6mRhrOiM
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2F80
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESENTa8QoxS_n00qBpqd_fK4E&google_cver=1&google_push=Aa02lx-YrDb5Eb5iBZq5sPL3x8xty6vekIZCi04aYXS-XuE2E6xycUv6Ib9WEPRl2n_XaqIasghrqhIFs2ZNsMm2...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=0ZclDvN2TH6v6FRvRnuKiA2&google_push=Aa02lx-YrDb5Eb5iBZq5sPL3x8xty6vekIZCi04aYXS-XuE2E6xycUv6Ib9WEPRl2n_XaqIasghrqhIFs2ZNsMm2fRBhgZ0BqBiB9Q

170 B
188 B

29ms
29ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=0ZclDvN2TH6v6FRvRnuKiA2&google_push=Aa02lx-YrDb5Eb5iBZq5sPL3x8xty6vekIZCi04aYXS-XuE2E6xycUv6Ib9WEPRl2n_XaqIasghrqhIFs2ZNsMm2fRBhgZ0BqBiB9Q

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 22 Mar 2023 18:51:04 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=0ZclDvN2TH6v6FRvRnuKiA2&google_push=Aa02lx-YrDb5Eb5iBZq5sPL3x8xty6vekIZCi04aYXS-XuE2E6xycUv6Ib9WEPRl2n_XaqIasghrqhIFs2ZNsMm2fRBhgZ0BqBiB9Q
x-host: tde-deliveryengine-production-86c874c4d8-dcm58
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2F80
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEAzMZ4oJYxtLkv8T644h9gA&google_cver=1&google_push=Aa02lx8lSKsKeDb-flh_q5keB8qBa-wFgHEmHQzwrx2B3GvMSCzcMiNIXiav-6ttD6wgfsipvL3nMpzbz4GA...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx8lSKsKeDb-flh_q5keB8qBa-wFgHEmHQzwrx2B3GvMSCzcMiNIXiav-6ttD6wgfsipvL3nMpzbz4GAZ4LpNdNYKZtusJ8cGA

170 B
188 B

25ms
23ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx8lSKsKeDb-flh_q5keB8qBa-wFgHEmHQzwrx2B3GvMSCzcMiNIXiav-6ttD6wgfsipvL3nMpzbz4GAZ4LpNdNYKZtusJ8cGA

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx8lSKsKeDb-flh_q5keB8qBa-wFgHEmHQzwrx2B3GvMSCzcMiNIXiav-6ttD6wgfsipvL3nMpzbz4GAZ4LpNdNYKZtusJ8cGA
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2F80
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEB...
https://sync.targeting.unrulymedia.com/csync/RX-7b90ebed-29dc-4aa7-8ca9-53ee7716a650-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAa02lx-jc5cgBALVXe-uocs4V...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=Aa02lx-jc5cgBALVXe-uocs4VboF1B-MpCIAyUAqRoSKpJPn2MrojWnyoS8Umh9XO1C7JUDKlwhKJ4KmLPoPoIaTcXLvoXtsyGs0&google_hm=A3uQ6-0p3EqnjKlT7ncWplA

170 B
188 B

23ms
22ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=Aa02lx-jc5cgBALVXe-uocs4VboF1B-MpCIAyUAqRoSKpJPn2MrojWnyoS8Umh9XO1C7JUDKlwhKJ4KmLPoPoIaTcXLvoXtsyGs0&google_hm=A3uQ6-0p3EqnjKlT7ncWplA

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=Aa02lx-jc5cgBALVXe-uocs4VboF1B-MpCIAyUAqRoSKpJPn2MrojWnyoS8Umh9XO1C7JUDKlwhKJ4KmLPoPoIaTcXLvoXtsyGs0&google_hm=A3uQ6-0p3EqnjKlT7ncWplA
date: Wed, 22 Mar 2023 18:51:04 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX7b90ebed29dc4aa78ca953ee7716a650003
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2F80
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEPAhNQtbte8DQaU8sQKlIQ8&google_cver=1&google_push=Aa02lx_LQGXVfUHMTRKdUIGAGeBFiS_H1ajBhBqBsBbXR497Hb3pltC135D_g0JQicDxpqDIVfdiqwqZ7RQTGWNY4EYovQMFrR...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=Aa02lx_LQGXVfUHMTRKdUIGAGeBFiS_H1ajBhBqBsBbXR497Hb3pltC135D_g0JQicDxpqDIVfdiqwqZ7RQTGWNY4EYovQMFrRg...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDIxMzUyNzI3MTExMjk4MTAyMzUwMg%3D%3D&google_push=Aa02lx_LQGXVfUHMTRKdUIGAGeBFiS_H1ajBhBqBsBbXR497Hb3pltC1...

170 B
188 B

39ms
26ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDIxMzUyNzI3MTExMjk4MTAyMzUwMg%3D%3D&google_push=Aa02lx_LQGXVfUHMTRKdUIGAGeBFiS_H1ajBhBqBsBbXR497Hb3pltC135D_g0JQicDxpqDIVfdiqwqZ7RQTGWNY4EYovQMFrRgbEQ

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDIxMzUyNzI3MTExMjk4MTAyMzUwMg%3D%3D&google_push=Aa02lx_LQGXVfUHMTRKdUIGAGeBFiS_H1ajBhBqBsBbXR497Hb3pltC135D_g0JQicDxpqDIVfdiqwqZ7RQTGWNY4EYovQMFrRgbEQ
date: Wed, 22 Mar 2023 18:51:04 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 2F80 0
12 B 22ms
21ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IjtZTcyGQR3WcwjvbwNVGuBbBbn5vk-UNPKQwHduylnIxazLycdfGn3KWOFOiMavOD3Qme

Requested by

Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:03 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 507317848148093 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 164ms
163ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/507317848148093?v=2.9.99&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9b2a32cad15696155a3c1874a48fa11fc6d73278569e387df98f19ac1029f65f

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: XyEJIO8GxBpsYIKvXn0SGXWqAfDnH+40mKm2uljfz5mrPLah/hsHNYpkuthJjAsICwQ+e5qsxn7MSypReoEXrg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame CC3D 118 KB
40 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8960813517719584162/index.html?e=69&leftOffset=0&topOffset=0&c=btfVq0qUz1&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8960813517719584162/index.html?e=69&leftOffset=0&topOffset=0&c=btfVq0qUz1&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2752
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 18:05:11 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 43C0
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1356883/69659741/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010506911&ias_pubId=pub-4894209870857905&ias_chanId=1&ias_placementId=19753436792&bidurl=ht...
https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}

1 KB
1 KB

27ms
25ms

Script
application/javascript

2600:9000:223f:6200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}
Requested by: Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2600:9000:223f:6200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 18:43:35 GMT
x-amz-version-id: ml8sLXd95uD59cm.BnrTx99uclgxfFZ2
content-encoding: gzip
via: 1.1 0afa2d721972ae312ad1dd54e47c43ca.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 86850
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 21 Mar 2023 18:43:33 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: OY9RlTT-aHtEws8fmKg2bpCMATmMIBOt8P8HUEgAQktXUEwY3aSb3Q==

Redirect headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:04 GMT
server: nginx
x-server-name: app13.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 8C64 91 KB
23 KB 17ms
16ms Script
application/javascript 2600:9000:223f:6200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:6200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 0afa2d721972ae312ad1dd54e47c43ca.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 15736488
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: nmf6ZP47YgZrwe3A0nWsU49lTpXGOK9XUkcJ9Yg9C48EsDIU6So8NA==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 43C0 43 B
215 B 98ms
98ms Image
image/gif 2600:1f18:1aca:4280:a733:75de:e8c8:e5e
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1356883&asId=bd26adf8-cb1a-e9f4-7c36-079ef3b820e6&tv=%7Bc:7CmNuv,pingTime:-3,time:55,type:v,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:18%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:55,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B50~0%5D,as:%5B50~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzgdgt2+11%7C1211%7C1212%7C1213%7C1214%7C1215%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C171*.1356883-69659741%7C1711%7C1712%7C1713%7C1714,idMap:171*,rmeas:1,rend:0,renddet:IMG.us,siq:19%7D&br=c
Requested by: Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:a733:75de:e8c8:e5e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:04 GMT
server: nginx
x-server-name: dt29.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 43C0 43 B
215 B 98ms
97ms Image
image/gif 2600:1f18:1aca:4280:a733:75de:e8c8:e5e
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1356883&asId=bd26adf8-cb1a-e9f4-7c36-079ef3b820e6&tv=%7Bc:7CmNux,pingTime:-6,time:57,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:57,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B51~0%5D,as:%5B51~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzgdgt2+11%7C1211%7C1212%7C1213%7C1214%7C1215%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C171*.1356883-69659741%7C1711%7C1712%7C1713%7C1714,idMap:171*,rmeas:1,rend:0,renddet:IMG.us,siq:19%7D&tpiLookup=ao:mestreemfinancas.com*%2Cf885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com*&br=c
Requested by: Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:a733:75de:e8c8:e5e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:04 GMT
server: nginx
x-server-name: dt30.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 249F 36 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fb29d4a25891606c32c76a3971a06ceb33d2750c966578813492dec8d38b851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 19:27:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 170639
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14330
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 19 Mar 2024 19:27:05 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 43C0 43 B
215 B 117ms
102ms Image
image/gif 2600:1f18:1aca:4280:a733:75de:e8c8:e5e
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1356883&asId=bd26adf8-cb1a-e9f4-7c36-079ef3b820e6&tv=%7Bc:7CmNuQ,pingTime:-2,time:76,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:289,beZ:290,mfA:292,cmA:293,inA:294,inZ:297,prA:298,prZ:302,si:308,poA:309,poZ:328,cmZ:328,mfZ:328,loA:347,loZ:350,ltA:366,ltZ:366%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:320.480,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:18%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:76,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B70~0%5D,as:%5B70~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzgdg84+11%7C121.1135760-69474538%7C1211%7C1212%7C1213%7C1214%7C1215%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C171*.1356883-69659741%7C1711%7C1712%7C1713%7C1714,idMap:171*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:IMG.us,siq:19,sinceFw:56,readyFired:true%7D&br=c
Requested by: Host: f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:a733:75de:e8c8:e5e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:04 GMT
server: nginx
x-server-name: dt08.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 487F 42 B
64 B 75ms
61ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv2fH4F9XEgnAd01sgYig4U6I2_8tWOY19-T73V4eu-uvT5JhzHch6xwrib0TkIsKG4_QisS6MXCFDd4K6sIDE83Dr8pL1NoaxuiR7aDCFzEouZHejtVrD7mImhin8DmVP8nFAthQ&sai=AMfl-YTHKeBWRP98qCWiKosKuqzvV5FTFBmQRLb39kuGc7zopZ5xMldTzzM9A-ZzyLJNM2GuWtBkJaEq327_UFPql0jgqIwDUCm9oPp75SLGOZw95alcnlWZ41-CCgg&sig=Cg0ArKJSzFNhtsfMfaRnEAE&cid=CAQSOwDUE5ymlcVziBqhbkrcsq8__mT4gOOstgieWOcKDNrC9JhZHaKupI9-8zuCh3HY-tHXGDmeOq21FDRIGAE&id=ampim&o=240,832&d=1120,250&ss=1600,1200&bs=1600,1200&mcvt=1026&mtos=0,0,1026,1026,1026&tos=0,0,1026,0,0&tfs=283&tls=1309&g=100&h=100&tt=1309&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame CC3D 7 KB
6 KB 89ms
56ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1204baf842898cf9275b19117ddcfb350e54619323f0929b9445f507bda2c32d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5792
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame CC3D 17 KB
6 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 22 Mar 2023 18:51:04 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 43C0 7 KB
6 KB 55ms
55ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=latest&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_obb_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e469c9fea251e6731b52450ff31be067417e0f9ce6a66a0185e9d87f2e72a251

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5696
x-xss-protection: 0

GET
H3 200 886845122549418 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 159ms
158ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/886845122549418?v=2.9.99&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9bacbd0edab95080f2f4082ed4322eaedfddb040e8a4976194f5429b03182a7d

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: YrU5agiCLtwmDeiCClO7XAUfq3ej1PtCfoYLxffxfyT6gBxRt/1Zprtyy0yYh1AeWRxAS0roXiPW/2rF05Dwvw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 logo_w_320x480.png
s0.2mdn.net/sadbundle/8960813517719584162/ Frame CC3D 2 KB
2 KB 16ms
14ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8960813517719584162/logo_w_320x480.png

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9afd56b5a5cba5cbe5030fe73e75dd4ea7d69e77e123d0975db1d043d6ec7065

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8960813517719584162/index.html?e=69&leftOffset=0&topOffset=0&c=btfVq0qUz1&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 21:45:46 GMT
x-content-type-options: nosniff
age: 75918
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2152
x-xss-protection: 0
last-modified: Tue, 07 Jun 2022 13:05:15 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 20 Mar 2024 21:45:46 GMT

GET
H3 200 logo_b_320x480.png
s0.2mdn.net/sadbundle/8960813517719584162/ Frame CC3D 2 KB
2 KB 15ms
13ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8960813517719584162/logo_b_320x480.png

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

109bfbbc2459ea41ac6e46ebff41f0b604e91d0e65b7ae14f637adf722bd59bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8960813517719584162/index.html?e=69&leftOffset=0&topOffset=0&c=btfVq0qUz1&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:12 GMT
x-content-type-options: nosniff
age: 2752
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2139
x-xss-protection: 0
last-modified: Tue, 07 Jun 2022 13:05:15 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Mar 2024 18:05:12 GMT

GET
H3 200 60026183_20220510011748988_L663_21MY_PHEV_122_GLHD_320x480.jpg
s0.2mdn.net/ads/richmedia/studio/60026183/ Frame CC3D 47 KB
47 KB 19ms
17ms Image
image/jpeg 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60026183/60026183_20220510011748988_L663_21MY_PHEV_122_GLHD_320x480.jpg

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee8a0612a4fe2193511a1879dbef5407a33b02688f74a45b3d6684564d4bb2cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8960813517719584162/index.html?e=69&leftOffset=0&topOffset=0&c=btfVq0qUz1&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:13 GMT
x-content-type-options: nosniff
age: 2751
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48433
x-xss-protection: 0
last-modified: Tue, 10 May 2022 08:17:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 18:05:13 GMT

GET
H3 200 n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js Show response
pagead2.googlesyndication.com/bg/ Frame D58D 36 KB
14 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fb29d4a25891606c32c76a3971a06ceb33d2750c966578813492dec8d38b851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 19:27:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 170639
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14330
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 19 Mar 2024 19:27:05 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 249F 0
20 B 50ms
49ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BX5KPF04bZM7IMbCVjuwPsN2ykAIAAAAAOAHgBAI&bg=!vr2lvenNAAZEjmHWZI47ADkAdvg8WoYwdDBi3O-o2gY85ntRo-Ueqgk9n0x1LUCZS4Gse1sZNw7BNnK1n0cV2Gs6kcI3TAyCy2UCAAAAbVIAAAACaAEHmQNAg9CauYaKvF7rL04yei9pqyHpXGK1cVggWl-gAxu3uRgyJGhk3iqzXteVh95f6SNI3S9tqDPSo9pka2_OLfokFeNkoWgtHEpZiW_iQlNX2o22OogTYv1Uhb4b-c2yh_9ZNuuqu6e3JiPzDG4Llg22be0xGqDQMrlHkaXUwu_Qe0wp-UnTl7_dQ2I3yT-FbItG3yR9eSGc8EsZy_g_zxr680zy8e4MFV8Sq7z85PMFr6J9PlUaJG46b-OKA_wk1T1FkxVLVV4-hHJlq8jccppS4w4M0bFv91ifWpNTalg4PjvRL28pskD9Kdmwmlk9F8FuPvyD7qowdRIYdRanVp7nyZcin6niY9htqrx8pJPpZLvUITgjjijqTkLofKKcL1aEuolosrBrHpWvNJUlP-3DiwIk3xwA0Tl4xXY7dlPD74S8BfGkh5o143Zmz0W8Q0DPdTPPGAH4T-6qkGnsT3ZVC0AsQY_f6QcJIH4p8RqVHkhMR61xGeVId7JV0i8m6UJ3KdqyCA6XBTdiwHnbG5qynmfLk5CP8vXtcWEH_wrFJteWbE6S_JfTJn_eIh5aeuGQbgYadh9X5su5nUzKh3IzZvlp9bNi5LJfuT-ML-Dpb2Hzp3xn-RmQSaVgK-lwnga9o0LBJtQ-kSgdbTqdL8ydmCYXo6qookfGb5xmuCVKlYCM9--Dl2Nsm_Clv1O8lPcAx0y7ZuZW9cDVUq7kncIG96tnFkMiAO1jedBbmGJMjxn9COYf78Bjli0zT1J7WFX7Gr7YhumKltycJw7tiTGFI-C1uBoj2pRBv8hy6UeL0XO5pAh7C2Th6aKneGCwIi7-aUcWPpTyDWl67pbYIl1txzsTLdMS0SiBUme0tiIv3V2ENpzo_6ZenPvLtQqmABywIEBLgjDiy79DIGAZoz4OJLnKbNukJkxx-bD2R6-6ujwvRtjkkO1xjRVWNWAW26IrSkrZ0pB2meTXOQzAk043ljrENThGjiBQTUek4XkE4KHWDFxkH04N_peEP__JgHYCOYC80OueOehbqnHEPDxVW37e-EyM17WxXXxli1f-pE3qpG2BFq43LULYizaz-BWbPLBcImX5MqFMHpQ-zW4kiw

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0CA2 0
20 B 42ms
42ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3571829744338&version=m202301230201&ct=76&x=1&cor=3889981778502259700

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 43C0 17 KB
6 KB 58ms
52ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_obb_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 22 Mar 2023 18:51:04 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 43C0 43 B
215 B 102ms
102ms Image
image/gif 2600:1f18:1aca:4280:a733:75de:e8c8:e5e
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1356883&asId=bd26adf8-cb1a-e9f4-7c36-079ef3b820e6&tv=%7Bc:7CmNzK,pingTime:-10,time:380,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTExLjAuNTU2My4xMTAgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1679511064379%7C%7Cda46cdd4d8c59642089b94208ba27a85%7C%7Cddbcd9d17a9a064530ac6d0fa988f97e%7C%7C585cb70e367cb56363cd165ac6953d0c%7C%7C9d6e8101decbf2436147749a750a6fc5%7C%7C3b288d9b1863958efb3ed81b9d8f6374%7C%7C0d14f4e4101fa78ea5668b62c594466e%7C%7Cff7cf46fa80a7b444dd86b3ccd756023%7C%7C1663701684%7D
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:a733:75de:e8c8:e5e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:04 GMT
server: nginx
x-server-name: dt31.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js Show response
pagead2.googlesyndication.com/bg/ Frame A76F 36 KB
14 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fb29d4a25891606c32c76a3971a06ceb33d2750c966578813492dec8d38b851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 19:27:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 170639
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14330
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 19 Mar 2024 19:27:05 GMT

GET
H3 200 851723189461274 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 155ms
155ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/851723189461274?v=2.9.99&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d46f30d2b3ac588c7e79e47a4deff21dc581dff071db9266684fa587c93f7a27

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: Cwnr59pdOVqbiwiSbkVMVpK9yDTyS9D+1FHr5591KOwasCbVAljyOdQEigtYe/Yia3JQbp7vU71vimVKKbBPCQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
54 B 16ms
8ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1537353300119728&ev=PageView&dl=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rl=&if=false&ts=1679511064651&sw=1600&sh=1200&v=2.9.99&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1679511062442.1415161184&it=1679511062066&coo=false&rqm=GET

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 40ms
31ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1897808950573752&ev=PageView&dl=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rl=&if=false&ts=1679511064652&sw=1600&sh=1200&v=2.9.99&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1679511062442.1415161184&it=1679511062066&coo=false&rqm=GET

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 40ms
32ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1417078182161683&ev=PageView&dl=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rl=&if=false&ts=1679511064653&sw=1600&sh=1200&v=2.9.99&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1679511062442.1415161184&it=1679511062066&coo=false&rqm=GET

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 41ms
32ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1213417872897242&ev=PageView&dl=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rl=&if=false&ts=1679511064654&sw=1600&sh=1200&v=2.9.99&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1679511062442.1415161184&it=1679511062066&coo=false&rqm=GET

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 41ms
32ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2740767399393350&ev=PageView&dl=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rl=&if=false&ts=1679511064655&sw=1600&sh=1200&v=2.9.99&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1679511062442.1415161184&it=1679511062066&coo=false&rqm=GET

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 41ms
33ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=9038410082867569&ev=PageView&dl=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rl=&if=false&ts=1679511064657&sw=1600&sh=1200&v=2.9.99&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1679511062442.1415161184&it=1679511062066&coo=false&rqm=GET

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 41ms
33ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=507317848148093&ev=PageView&dl=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rl=&if=false&ts=1679511064657&sw=1600&sh=1200&v=2.9.99&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1679511062442.1415161184&it=1679511062066&coo=false&rqm=GET

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 41ms
34ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=886845122549418&ev=PageView&dl=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rl=&if=false&ts=1679511064658&sw=1600&sh=1200&v=2.9.99&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1679511062442.1415161184&it=1679511062066&coo=false&rqm=GET

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 41ms
34ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=851723189461274&ev=PageView&dl=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rl=&if=false&ts=1679511064659&sw=1600&sh=1200&v=2.9.99&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1679511062442.1415161184&it=1679511062066&coo=false&rqm=GET

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 41ms
34ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2059094117621613&ev=ViewContent&dl=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rl=&if=false&ts=1679511064660&sw=1600&sh=1200&v=2.9.99&r=stable&a=wordpress-6.1.1-3.0.8&ec=1&o=30&fbp=fb.1.1679511062442.1415161184&it=1679511062066&coo=false&rqm=GET

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 42ms
35ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1537353300119728&ev=ViewContent&dl=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rl=&if=false&ts=1679511064660&sw=1600&sh=1200&v=2.9.99&r=stable&ec=1&o=30&fbp=fb.1.1679511062442.1415161184&it=1679511062066&coo=false&rqm=GET

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 42ms
35ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1897808950573752&ev=ViewContent&dl=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rl=&if=false&ts=1679511064660&sw=1600&sh=1200&v=2.9.99&r=stable&ec=1&o=30&fbp=fb.1.1679511062442.1415161184&it=1679511062066&coo=false&rqm=GET

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 42ms
36ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1417078182161683&ev=ViewContent&dl=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rl=&if=false&ts=1679511064661&sw=1600&sh=1200&v=2.9.99&r=stable&ec=1&o=30&fbp=fb.1.1679511062442.1415161184&it=1679511062066&coo=false&rqm=GET

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 42ms
36ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1213417872897242&ev=ViewContent&dl=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rl=&if=false&ts=1679511064661&sw=1600&sh=1200&v=2.9.99&r=stable&ec=1&o=30&fbp=fb.1.1679511062442.1415161184&it=1679511062066&coo=false&rqm=GET

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 42ms
36ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2740767399393350&ev=ViewContent&dl=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rl=&if=false&ts=1679511064661&sw=1600&sh=1200&v=2.9.99&r=stable&ec=1&o=30&fbp=fb.1.1679511062442.1415161184&it=1679511062066&coo=false&rqm=GET

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 42ms
37ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=9038410082867569&ev=ViewContent&dl=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rl=&if=false&ts=1679511064662&sw=1600&sh=1200&v=2.9.99&r=stable&ec=1&o=30&fbp=fb.1.1679511062442.1415161184&it=1679511062066&coo=false&rqm=GET

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 42ms
37ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=507317848148093&ev=ViewContent&dl=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rl=&if=false&ts=1679511064663&sw=1600&sh=1200&v=2.9.99&r=stable&ec=1&o=30&fbp=fb.1.1679511062442.1415161184&it=1679511062066&coo=false&rqm=GET

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 43ms
37ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=886845122549418&ev=ViewContent&dl=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rl=&if=false&ts=1679511064663&sw=1600&sh=1200&v=2.9.99&r=stable&ec=1&o=30&fbp=fb.1.1679511062442.1415161184&it=1679511062066&coo=false&rqm=GET

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 43ms
38ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=851723189461274&ev=ViewContent&dl=https%3A%2F%2Fmestreemfinancas.com%2Fe-fgts-calamidade%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3D3_active_email_1090&rl=&if=false&ts=1679511064664&sw=1600&sh=1200&v=2.9.99&r=stable&ec=1&o=30&fbp=fb.1.1679511062442.1415161184&it=1679511062066&coo=false&rqm=GET

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 22 Mar 2023 18:51:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 200 / Show response
www.facebook.com/tr/ Frame FCE6 0
52 B 220ms
219ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://mestreemfinancas.com
Referer: https://mestreemfinancas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://mestreemfinancas.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:51:04 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 firebase-app.js Show response
www.gstatic.com/firebasejs/8.3.1/ 20 KB
7 KB 41ms
12ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.3.1/firebase-app.js

Requested by

Host: script.joinads.me
URL: https://script.joinads.me/push-notification.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0aade4473b4c7427f41a5b3aeacddf7a2e3532f2b7fece88a77644ec0e27d81a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2753
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6586
x-xss-protection: 0
last-modified: Thu, 18 Mar 2021 20:14:48 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 21 Mar 2024 18:05:11 GMT

GET
H2 200 firebase-analytics.js Show response
www.gstatic.com/firebasejs/8.3.1/ 35 KB
11 KB 62ms
33ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.3.1/firebase-analytics.js

Requested by

Host: script.joinads.me
URL: https://script.joinads.me/push-notification.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b5bda00a5ec63e26748b9f40cf1356b3823db279199d74813874255c748657d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2753
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10746
x-xss-protection: 0
last-modified: Thu, 18 Mar 2021 20:14:43 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 21 Mar 2024 18:05:11 GMT

GET
H2 200 firebase-auth.js Show response
www.gstatic.com/firebasejs/8.3.1/ 173 KB
173 KB 53ms
24ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.3.1/firebase-auth.js

Requested by

Host: script.joinads.me
URL: https://script.joinads.me/push-notification.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0460dfa53507eb6b050b3035d367ab5ddd0d2c7ccb31fe7a68fc6ac1cfbb2c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:48 GMT
x-content-type-options: nosniff
age: 2716
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 177065
x-xss-protection: 0
last-modified: Thu, 18 Mar 2021 20:14:55 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 21 Mar 2024 18:05:48 GMT

GET
H2 200 firebase-firestore.js Show response
www.gstatic.com/firebasejs/8.3.1/ 320 KB
89 KB 42ms
14ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.3.1/firebase-firestore.js

Requested by

Host: script.joinads.me
URL: https://script.joinads.me/push-notification.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d73b123cd2ef3afda65cb6e76579341b1bb1f27faddb0dfc54875e7a05b0114b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:06:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2653
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 90517
x-xss-protection: 0
last-modified: Thu, 18 Mar 2021 20:14:48 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 21 Mar 2024 18:06:51 GMT

GET
H2 200 firebase-messaging.js Show response
www.gstatic.com/firebasejs/8.3.1/ 40 KB
11 KB 59ms
31ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.3.1/firebase-messaging.js

Requested by

Host: script.joinads.me
URL: https://script.joinads.me/push-notification.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5243470d2be31f9aaf768f030f06b894aad081801460b75f6b396aca06fd8dda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2753
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10884
x-xss-protection: 0
last-modified: Thu, 18 Mar 2021 20:14:56 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 21 Mar 2024 18:05:11 GMT

GET
H2 200 openbridge_plugin.js Show response
mestreemfinancas.com/wp-content/plugins/official-facebook-pixel/js/ 182 KB
73 KB 129ms
128ms Script
application/javascript 108.179.193.123
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mestreemfinancas.com/wp-content/plugins/official-facebook-pixel/js/openbridge_plugin.js
Requested by: Host: mestreemfinancas.com
URL: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.193.123 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 108-179-193-123.unifiedlayer.com
Software: Apache /
Resource Hash: 761aeff2e8803ba4c48511b4424f2bef7ec26194f4decf3ed8d2741d52952871

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/e-fgts-calamidade/?utm_source=active&utm_medium=email&utm_campaign=3_active_email_1090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:04 GMT
content-encoding: gzip
last-modified: Thu, 09 Feb 2023 17:58:53 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 60ms
59ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023032101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f54724039cfdeed1b6ab281cf9aeefc748904a6de5cf178e0f4e325f12a5840e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11351
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032101.js?cb=31073317

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 22 Mar 2023 18:51:05 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3591 13 KB
5 KB 10ms
10ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mestreemfinancas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 6534
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 17:02:11 GMT
expires: Thu, 21 Mar 2024 17:02:11 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1AD9 783 B
535 B 22ms
21ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

41e4517cd542cc357df57a7a97761d3c037448cd91a0ae20d16c6fa56129dbe4

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-yAQQOEX-2MAI0X8QkLsZhA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mestreemfinancas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-yAQQOEX-2MAI0X8QkLsZhA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:51:05 GMT
expires: Wed, 22 Mar 2023 18:51:05 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 3591 36 KB
14 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fb29d4a25891606c32c76a3971a06ceb33d2750c966578813492dec8d38b851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 20 Mar 2023 19:27:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 170640
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14330
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 19 Mar 2024 19:27:05 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1AD9 0
0 45ms
44ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2023032101&jk=2008483173985985&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 1796 0
18 B 11ms
11ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://mestreemfinancas.com
Referer: https://mestreemfinancas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://mestreemfinancas.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:51:05 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H3 200 / Show response
www.facebook.com/tr/ Frame A35D 0
15 B 12ms
11ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://mestreemfinancas.com
Referer: https://mestreemfinancas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://mestreemfinancas.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:51:05 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 94BE 0
15 B 15ms
11ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://mestreemfinancas.com
Referer: https://mestreemfinancas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://mestreemfinancas.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:51:05 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 4E60 0
15 B 15ms
12ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://mestreemfinancas.com
Referer: https://mestreemfinancas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://mestreemfinancas.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:51:05 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 1C7D 0
15 B 15ms
12ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://mestreemfinancas.com
Referer: https://mestreemfinancas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://mestreemfinancas.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:51:05 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 9486 0
15 B 15ms
11ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://mestreemfinancas.com
Referer: https://mestreemfinancas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://mestreemfinancas.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:51:05 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 0EAE 0
15 B 15ms
12ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://mestreemfinancas.com
Referer: https://mestreemfinancas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://mestreemfinancas.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:51:05 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 43C0 0
20 B 49ms
45ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3439152404321&version=m202301230201&ct=76&x=1&cor=16374913502880820000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame D47F 0
15 B 12ms
11ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://mestreemfinancas.com
Referer: https://mestreemfinancas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://mestreemfinancas.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:51:05 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H3 200 / Show response
www.facebook.com/tr/ Frame C0CE 0
15 B 11ms
10ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://mestreemfinancas.com
Referer: https://mestreemfinancas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://mestreemfinancas.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:51:05 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3591 0
10 B 10ms
10ms Image
text/plain 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?0Q_lMw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:05 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3909 0
20 B 46ms
45ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4211076314622&version=m202301230201&ct=76&x=1&cor=12454590505362250000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 18:51:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 49ms
48ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2023032101&jk=2008483173985985&bg=!vr2lvenNAAZEjmHWZI47ADkAdvg8WjEgcTfRYqKC0VfgTPNewrybGuS81igPT6ZAuK2XATFwRi442bAgzVzjIzj5TBe89uxbR3ECAAABFFIAAAADaAEHmQKsEYAKuo4Ds_y8l-2kSYGwrm5Z3CntZz-FX5mrPMcF0alsB6NbOTzO2DuX4-BBD_wvS2p2uRi6HEaiPPU_SJ-J8u3hsa28WuoElqlXPEdBGTIkQa853pL3OswJTMVa5g8dhpwhOa1lMHjBB1lif0LPedgrSTR50VAcZf8q6OK2RY_ynmyduebUOEFPqOxEgOsCJH8fUL7qASp94xWYzlt2ze3Hq-ASp24ZqoEzQS-H0TDOgiTSSdMf9aiaSMRng26KcJHmfZZmTMxAbWm4PBEV5o5G6YXlV0LrKenfPnfrvXilMfD5AdSgVrBljA3KCzCsC9a1P77iHyONgGZftsSjvFqeUlT5rU5v_0_qUAkBQfFlNOHY9EjlZmpShip5hJncbYYEAIIbvlT0t1sZWWgNfpft7Qg1xGrEsXDbT_Xw6GFeTtBcSZ_HDyPg5krdyU5cjMDIUNndB_ymqCdtwXzBjBiBXhjXLFooJ9nZhUnOnkzcTYrilg9FTUxgDKtMGzLJwWIInMHiSDxCsyV1yuCCN7Oki5AHjU20Lzw1yZtUka6uGNafO5wH2F5iV260V8OUQ1bvL4rMcu4pFm5IAokmIewWiqpMPEWOpMzZRhRua3yHYMKmf664NLboxuPXSDTDBGIWqTfAotwClusBd2uCKju41G2N1D0tdabwopI3-sEWKams7ZNpbt8YROQXW3BeLDBiHBF8YRb_CrY4UYaGQhnkIG5vRo3RkJctm1MbymxJ-_tx8HI0oipB4zMBkot9Ku_eV9uIDGsiGzHw3dGeN55NDNADDO4XvDsXSiQcWNVTIZiZcc4V09fvJEV3I3hXyEASIZqYJfPID6mK4EPBvJFIyXEgB3rEr96pQN1dwlkpw_OTPY2uirmIsTDTUufvhhemdjKUOanozozn
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H2 200 script-push.js Show response
script.joinads.me/ 1 KB
1 KB 20ms
20ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.joinads.me/script-push.js
Requested by: Host: script.joinads.me
URL: https://script.joinads.me/push-notification.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3cb238c7630ba8bd60ede523b57d4b3619086b3c54c04297662d2fddc65c6c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mestreemfinancas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:51:06 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 694655
cf-polished: origSize=1468
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 01 Apr 2021 12:59:37 GMT
server: cloudflare
etag: W/"6065c3b9-5bc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qyalsXWtUo13DvCmKwmzULz8HJy7y1Xo0W3COghYclD8EXIPHqOlVsvp5278wEQpe5bhzxt3PTvuAQX8W%2F7H9zVebytpXMU06KsxqlIDmfPTWyPSOffrGCnFi6vra0Q8FpKAPWBtI6QsTgnwxlFMIA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31104000
cf-ray: 7ac09fc858a49a0c-FRA
expires: Fri, 08 Mar 2024 17:53:31 GMT

Verdicts & Comments Add Verdict or Comment

77 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

40 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.mestreemfinancas.com/	1970-01-20 12:41:27	Name: _gcl_au Value: 1.1.638489972.1679511062
.mestreemfinancas.com/	1970-01-20 20:07:51	Name: _ga Value: GA1.2.1814452370.1679511062
.mestreemfinancas.com/	1970-01-20 10:33:17	Name: _gid Value: GA1.2.400817542.1679511062
.mestreemfinancas.com/	1970-01-20 10:31:51	Name: _gat_gtag_UA_165983883_5 Value: 1
.mestreemfinancas.com/	1970-01-20 12:41:27	Name: _fbp Value: fb.1.1679511062442.1415161184
.casalemedia.com/	1970-01-20 19:17:27	Name: CMID Value: ZBtOFl9ZHM8Zuf1wW4cdpgAA
.casalemedia.com/	1970-01-20 12:41:27	Name: CMPS Value: 3243
.casalemedia.com/	1970-01-20 12:41:27	Name: CMPRO Value: 3243
.adnxs.com/	1970-01-20 12:41:27	Name: uuid2 Value: 6509476400655542768
.openx.net/	1970-01-20 19:17:27	Name: i Value: d9ae29e3-f244-42cd-8ba2-0039b26414ae\|1679511062
.criteo.com/	1970-01-20 19:53:27	Name: uid Value: 474c896f-528e-41d3-aa65-6554098767e4
.adfarm1.adition.com/	1970-01-20 12:41:27	Name: UserID1 Value: 7213445088861157522
.lijit.com/	1970-01-20 19:17:27	Name: ljt_reader Value: GWrrtGZHYyXCbZvkQcOOfqns
.bidswitch.net/	1970-01-20 19:17:27	Name: tuuid Value: ffb40c1a-0056-4921-9529-eb084f59f9e7
.bidswitch.net/	1970-01-20 19:17:27	Name: c Value: 1679511063
.bidswitch.net/	1970-01-20 19:17:27	Name: tuuid_lu Value: 1679511063
.everesttech.net/	1970-01-20 19:17:27	Name: everest_g_v2 Value: g_surferid~ZBtOFwAACbLT0gBa
.bidswitch.net/	1970-01-20 10:31:51	Name: google_push Value: Aa02lx-BIhlFiU570ZybgpvRYxYCVX5UfpJJPcJLXIPXZgYOsV94po1bN-9bz5Y5NQnaEWJHO5AExH8_2P8rPdReKLOgCsGU4pnwuh-oBNZt4em3uYSPZcMWPvvQUdqnQvfGzLTAv3JRR75L
.pubmatic.com/	1970-01-20 10:33:17	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-20 19:17:27	Name: KADUSERCOOKIE Value: CBDFAD8E-FC25-440E-B48C-24C2792DD4DB
.1rx.io/	1970-01-20 19:17:27	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-7b90ebed-29dc-4aa7-8ca9-53ee7716a650-003%22%7D
.simpli.fi/	1970-01-20 19:18:53	Name: suid Value: F1BB52E6DE744CCEA99EC7DB806D18AA
.mathtag.com/	1970-01-20 19:57:46	Name: uuid Value: 239b641b-4e18-4000-9f1f-a2dafec5d095
.mathtag.com/	1970-01-20 11:15:03	Name: mt_mop Value: 4:1679511064
.mestreemfinancas.com/	1970-01-20 19:53:27	Name: cto_bundle Value: 2ZUVYl91eGdVdlVrZWYycm4zUXg4eUxaYlRJQmlzMlBXeVlWVWFHbjRHM21rUktzdFFJVkJJc2xTZHpsajUxT3BRcjAzYzBTQnQ0RHJRbERDYXhvUDlZYXJMMjBLZFQ3clVCSmVsNyUyRllnMmMxOVZ1RnY2WHVaQTNWZSUyQlVJaGNDTmtYakt2c1YzUjRLQ0JEaDBiWVElMkZIWkRaNWFvTCUyRm41UTRHSm9LdWdpNiUyQkNPdmRRJTNE
.targeting.unrulymedia.com/	1970-01-20 19:17:27	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-7b90ebed-29dc-4aa7-8ca9-53ee7716a650-003%22%7D
.tribalfusion.com/	1970-01-20 12:41:27	Name: ANON_ID Value: aQns6Eo0P8fCmTN83vUDEsfoMa0GnikZctaIFbwR9Ru49j6XdnAm4J18XvfKwBwUreWrhUuxjZaFmaMWyiOowb
.doubleclick.net/	1970-01-20 19:53:27	Name: IDE Value: AHWqTUlekcWeep1FCP3xTSZ9ZrHHAxV8FmfTG8HUKQwoFSwKNdAF-UQwnycJ2zV1ji0
.mestreemfinancas.com/	1970-01-20 19:53:27	Name: __gads Value: ID=b075f4c4a629333b:T=1679511062:S=ALNI_MbjlZcFiKfGGtx0P4uAYP6VfyDIpQ
.mestreemfinancas.com/	1970-01-20 19:53:27	Name: __gpi Value: UID=00000bf1f67777a1:T=1679511062:RT=1679511062:S=ALNI_MYszqjH8adKZy2YqiHGvqP2gL8S_A
.hurra.com/	1970-01-20 19:17:27	Name: __uu Value: N0hC4vI2MghM-E-Pzzzzzzzz
.turn.com/	1970-01-20 14:51:03	Name: uid Value: 3544519536183098933
.hurra.com/	1970-01-20 11:15:03	Name: pvs Value: N0hC4vk2MlVSUU3Bzzzzzzzz:C397G37148:1679511063
.adnxs.com/	1970-01-20 12:41:27	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GTxf2xyZ!]td08i_iqf!oN/@E'zz<Z0QA9(kR=$Uwdxk)vA3tzD^nQN-<hx^2J8ER[TD._*PlZ[C[-kX-9C-gs
.3lift.com/	1970-01-20 12:41:27	Name: tluid Value: 4213527271112981023502
.quantserve.com/	1970-01-20 12:41:27	Name: d Value: EHkBCQHJKIEA
.quantserve.com/	1970-01-20 20:02:05	Name: mc Value: 641b4e18-001fd-c5caf-eadac
.travelaudience.com/	1970-01-20 20:03:31	Name: _tracker Value: %7B%22UUID%22%3A%22D197250E-F376-4C7E-AFE8-546F467B8A88%22%7D
.ctnsnet.com/	1970-01-20 19:17:27	Name: cid_cb4e0e277e1e4395ab1ed0ba99186b3a Value: 1
.ctnsnet.com/	1970-01-20 19:17:27	Name: gid_CAESEPHNsyPMhAoiFeD2oSKMmlw Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Message: Refused to execute script from 'https://ssl.hurra.com/pvs.gif?bd3p=1&cid=397&tid=37148' because its MIME type ('image/gif') is not executable.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
ad.turn.com
ads.travelaudience.com
adservice.google.com
adservice.google.de
ap.lijit.com
bid.g.doubleclick.net
cdn.ampproject.org
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
eb2.3lift.com
f885e50c9f8abb0f772aec5abab12d62.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
gcm.ctnsnet.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
id5-sync.com
image6.pubmatic.com
link.mestreemfinancas.com
mestreemfinancas.com
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
onetag-sys.com
pagead2.googlesyndication.com
pixel.rubiconproject.com
r.turn.com
rtb.openx.net
s.tribalfusion.com
s0.2mdn.net
script.joinads.me
securepubads.g.doubleclick.net
ssl.hurra.com
static.adsafeprotected.com
static.criteo.net
supertrabalhocom.lt.acemlnb.com
sync-tm.everesttech.net
sync.1rx.io
sync.mathtag.com
sync.targeting.unrulymedia.com
tpc.googlesyndication.com
um.simpli.fi
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
108.179.193.123
137.184.92.206
142.250.184.226
142.250.185.194
151.101.194.49
162.19.138.118
172.217.16.194
178.250.0.157
185.29.132.245
185.80.39.216
198.47.127.19
213.19.147.44
216.52.2.48
2600:1f18:1aca:4280:a733:75de:e8c8:e5e
2600:9000:223f:6200:8:48e:53c0:93a1
2600:9000:2250:2200:a:e047:752:b361
2606:4700:10::6816:3556
2606:4700::6810:5614
2606:4700::6812:18ad
2620:116:800d:21:de2e:c7b3:55c0:d5a0
2a00:1450:4001:810::2006
2a00:1450:4001:810::200a
2a00:1450:4001:810::200e
2a00:1450:4001:812::2002
2a00:1450:4001:813::2002
2a00:1450:4001:827::2001
2a00:1450:4001:828::2002
2a00:1450:4001:829::2002
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2001
2a00:1450:4001:830::2004
2a00:1450:4001:831::2001
2a02:2638:3::3
2a02:2638::1c
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a05:d018:dd0:6881:e518:8fca:7301:8eac
2a06:98c1:3120::3
3.68.12.190
34.102.146.192
34.120.135.53
34.237.157.157
34.91.62.186
35.186.193.173
35.186.253.211
35.190.0.66
35.244.159.8
37.252.171.52
46.228.164.11
51.89.9.253
62.144.160.15
64.233.167.154
69.173.144.139
76.223.111.18
85.114.159.93
0102fdfbd0b06f4718e32f6586659557a6234c0111940c1fa3d697c42b067c1c
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
0249bb451c88404547895e0bf6f864612756386473cddc798d978742c65af546
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0468af8d74ba377eec707308168b6bfcd146fe0a2669a11a9af0128ad85b3bc2
070285ebee20d412be26a168df2b800f399e0eca5234d48280ff7c3d5a1b9097
0a19fce040b8127f3e2e3ed609f7800153be329d6420b53295fb79a4f40012ec
0aade4473b4c7427f41a5b3aeacddf7a2e3532f2b7fece88a77644ec0e27d81a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ce92043dc86060bfa35affc280667303411c99977cf1639940f9c70231cda7b
1057b8ed3ef6806faf71741bc9476f2db6f027f62e347f4ef8f9d690360b7f17
109bfbbc2459ea41ac6e46ebff41f0b604e91d0e65b7ae14f637adf722bd59bf
10ebe2013540c0d4e93a8d132c7e384a52172bfe6de20963e43c409a6d89879f
1103d670c9b03db734d17c618cfb9d16cb4ca438b6bf005150a0b2039ffdb3df
11f1414c6342d8a5a5124286921298b09b1e776f0aae7bbc4c83b96685166019
1204baf842898cf9275b19117ddcfb350e54619323f0929b9445f507bda2c32d
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
133f35fbfc23c0d8cf814176860427bd6a02da9278de3de662da11d9602d8582
1c1fef6e6b4f9832603850b9b6562e74d9a6a3700ba836efe88facc577121e8b
1eb5539a4bb7605f12dd1838a9b1fe811a5227a9033fb36294f458be3c00d42f
1eea8603562c2f18b9fbbced671ceffa333d1a28e70723648371ff8f10a42ec8
1f29d91e07c72114188d0d5ec2a2166112fd0096b71519a39ed3555c7e30232a
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
21c00ba9650b48539ed287a7e6e73b09f8c4d7dd898473beea676eaf25f3b50c
24366c51064fc57cb419cc93db561f43bf3461affb1d04deb4d552a7e2ba4956
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4
2cab8542374fa964a89c3101eeeb0810d15c106b57b6edd05d0c5ee02305d589
2d4fa7a21f3e64c02dff32fa9860b0c781e5ffbf19dc5308b548a1c725f45b94
2e3fca3b6adcefb77b53a3088ac08e65951566785a9bfc895bbcccd05745c863
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
39d0fd9943a1069718bb60c51587b8a2b7711d562766565fafd8ac6050e44cdb
41c5e8097ad887b0e61183a6ea31537458acfb01c4287195774e0b7e936109ef
41e4517cd542cc357df57a7a97761d3c037448cd91a0ae20d16c6fa56129dbe4
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46b2829524e1ffcfacb15998bbe38941bfbf6110ce8f028d8117efcdbd8273fb
46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143
4808dc96023e4e52890426fb17e0d9138bbaa0abcb90894919b0b188b23f39f0
481634786372faabfc8ec7d5d189fca926d79d21f08389563e7bdb605143d1b0
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ddafac08c28dd6edcc4a9c5658ef4767f9156e75304d2d1d6e9c624b78b0205
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
519ae5bc490c0c50483f78dca3697a8dd2be7bad9021bd4efa6e2c659666118e
5201146d9345f8638a180ba79f59d3fd3f269b95e1c47c4226773871b2b3d56b
524052ba3a0afbd0a05bb05748ddc7b0926e484d51ec9a891cf11a55d617a780
5243470d2be31f9aaf768f030f06b894aad081801460b75f6b396aca06fd8dda
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
58788a30af68f92836329a22bed11ee437cdcc310cc9697f53d7a06142ad1416
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
598b8c1110efc26823b59e938c43fe2e5342f4fe834e8ceba5263c1db3c2ad36
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5ae9552d446982cedbbeb56c92ec7461d79f2e7734efa66bd0633e095b12d645
5b1546ae8f493de03b1ca99f9f955a20785679be18625354b363f2f8311f421b
5cd1d3f62af07b4c29a844781688aadb6d84f30986e2c2aa5fd2d581ea517ed1
5dfdf00359b7743919a732ae8eb80536ff206faaf16a99fcdd3f967aca1f81e7
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62a8dfc83e39220c06dead3948f5faa65f23e9fa05ade08db7b8204f614e48de
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6f6cbfd83a95c022441310a35df83064f8b0f531f876fc04de49df8a08ddd78a
71fc1599035adc6bc34df2117b8631285905f97737ba730af28644ee6a0d8dde
72def4e68fd499ad2d5345f3c286c6d1d88bc598a3b45b4455391cd7b1592134
73fb2fa0d192c9fe74aaef182a6dbc31c29e7cc863038f0d69eac0d5c8ae204f
744b436600cd35e7898be8843c04c1115c45bf08143d085ac149e8c4f8151e3d
761aeff2e8803ba4c48511b4424f2bef7ec26194f4decf3ed8d2741d52952871
775a02c37772954d38fe41b802b94a0ee37dccb98a03827cdef3eddd2abc13d1
7abd36a2f651330420d86187c125331d679408d1be7b6cd93efa64e08eaf80c7
7b096cfae2525b059116d8b86e549bf6ae43fdcc78a90c72a3a42236d5caac52
7b64a84c219d901e94b497f2374a5eabfa89a26b3c2891c774979dea81bb66d4
7b824042a7108079234121c8a6e471f11b166bd4bacf85fb9cab29a9341eb647
7e86f52cb0d423805ec541a4bccae5156a01fbe36355e6d798a450593212651f
7e872bcb41e1b99a011cd045d6ab03f2151f126e5b5c999f252016d37bcb87a9
808af092ebf9a3f9ffa55a0fcb1ec1809ac1a12ffa602e01e4ea91da1d2b5475
81fa7554f0798e9f2291757a2876e512dadea7f8ab0a0f8fb2bff31f9931eb0f
83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff
8815bb9ff3d050c94b7d94e9e4508741d34c09b5681feded23f96c9ae9c765bf
8e8dcc9716ccad1d70ea280e235e73bf05f1e71f1a3fcaa4be7eff8fc29ebfb5
8ef645c73a2e07d368aa41f762a2c1c8b94fff9116a06e66f506dce23f8e4fcb
94ec0fa3d27f5df859328b02585a0e0aeb265ed1f42883cb4a79a376c7d7d819
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9afd56b5a5cba5cbe5030fe73e75dd4ea7d69e77e123d0975db1d043d6ec7065
9b2a32cad15696155a3c1874a48fa11fc6d73278569e387df98f19ac1029f65f
9bacbd0edab95080f2f4082ed4322eaedfddb040e8a4976194f5429b03182a7d
9f03509718beb4070d2850b743d60a459a91d5c2510a0698675f1f2132e55468
9fb29d4a25891606c32c76a3971a06ceb33d2750c966578813492dec8d38b851
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a3501a3f0a7b6bc47f9f81c7be85b3603816fe2d3026ab4b396127ed9eb8895c
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a6d72c44ca09f0eb3e1af89f282ea5c1e94669f87d89cc6cab10925771c11cf2
a72da021ce55690ffbd77addc203b06896ed0f1168f2828d2cd9c47713341a2f
a9cb4e74076459ccc3bb09de541dfa85d7d37a9cb250384019de24696e11da40
ad607374c2c044d3ee8bdec9f171f55d720788e422c08257a75a61cc8055d158
aeb779d96af4bfa1b664c203d52fbd9ef573b84a31b34314668325fc784e1b13
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b150d9b4151f7cd309c4c7808de642e3030efcdbc40f3bec35ae1c87e17b111a
b2c4851cdcc609fc0e6ed89f471c4d3a74642a88787ced1514c9980b2f51fd95
b5a771fe8f2f55dafa966872c01aa3d3b2d1a4820b68d62d75ac7c77fe227f11
b5bda00a5ec63e26748b9f40cf1356b3823db279199d74813874255c748657d2
b651d87ef113cba0c8ec8a33bfdb694171effeba56b20be12e3c77fc15f6ae9f
c0147cfaf9052893e9a24a1dc6b565de3281b23436ab4d312b883e3cd40eec7d
c04d8a64a12d2baec77efe2a99b335351d98df781d96dde282b10a751e1b9be2
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a
c7d61645f8cbb1f1dead0070107773bba8127040e5dd2f09ed979d0c96e839cf
c7fc8dae04703101d705fac5268f8900d96149d6b2d3fdd6c1fac249ed16cf1b
ca7154cdda62b535ceaba9ad2a2b2217ff49de94c069a2c4e89733f3f06b3651
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
cd2056d3c5a5f9a087647154dc26dbed362a61b733a6cbc8d9e5330b4f4d4284
d0460dfa53507eb6b050b3035d367ab5ddd0d2c7ccb31fe7a68fc6ac1cfbb2c2
d1b72a1ff662e22169f01bfd19d219cefd08c0cec018bd9afaa6a5cfb0c5946e
d331cc394fa5496c0ebc6d08b8a8bdfd297c3b92498c2edff81413c97ca82247
d46f30d2b3ac588c7e79e47a4deff21dc581dff071db9266684fa587c93f7a27
d73b123cd2ef3afda65cb6e76579341b1bb1f27faddb0dfc54875e7a05b0114b
d881bb10f298a49857a8a6b4e0b375f57a24a7cce2833b9c17d75b1f19befb3a
e0f0d6d71e313ae3ee40517ae4df4806d42aacf7720c5c0220506c247796c4f7
e100b78565f86a5cedf791f8ce4d3a7d39b6597f6070090d5fd38bfdf004ede5
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e2f7d2878965ad61dcecd013500c1d038c5d6a8311a2da6299510566272e70f0
e31e1cfb470365c46c451ae94f3a5f9bac9df96a0f403f044f851228a5bf1667
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3cb238c7630ba8bd60ede523b57d4b3619086b3c54c04297662d2fddc65c6c4
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e469c9fea251e6731b52450ff31be067417e0f9ce6a66a0185e9d87f2e72a251
e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e6b4122b94b82886e32952c07c78d342647b3a38a2834f4489e0922308a95eab
e76a81d16824d3288fd16917a64dd4ed831b530e14f9f9e37b56d014eb585f5e
ea420d765b3a2def39c1b5ae6ec17b209cd156ab21fa8a8716159bb05ed655e7
ecf785fe496796d2e4b026d58de7ea89a471d19255b06b3fefc5576db5a69dbc
ee8a0612a4fe2193511a1879dbef5407a33b02688f74a45b3d6684564d4bb2cc
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f30769ea0b80a5d900c5f0de30b1aad1ab461195e69223d5ef63c2c5de8b6c1a
f4eef8263281c0b26486637831251059757bc3fdc4c3a48045a8ef8646b36e8f
f54724039cfdeed1b6ab281cf9aeefc748904a6de5cf178e0f4e325f12a5840e
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f9e9b20211c9edf0ad052066d3c4c27ae46bd1089b8ec3ea6eb3a7d24e1a42b3
fe14bc8a4e294c047589838fd09a3efc81771751a0be03ea8ec99e734e965fd2
fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c

mestreemfinancas.com Open in urlscan Pro 108.179.193.123 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

274 Requests

87 %HTTPS

48 %IPv6

45 Domains

63 Subdomains

44 IPs

7 Countries

4032 kBTransfer

11169 kBSize

40 Cookies

0 Outgoing links

Page URL History

Redirected requests

274 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

mestreemfinancas.com Open in urlscan Pro
108.179.193.123 Public Scan

Screenshot
Live screenshot

Full Image

274
Requests

87 %
HTTPS

48 %
IPv6

45
Domains

63
Subdomains

44
IPs

7
Countries

4032 kB
Transfer

11169 kB
Size

40
Cookies

274 HTTP transactions
7 data transactions