pay.provi.com.br Open in urlscan Pro
172.67.74.139  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

35 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request gizele-cader Show response pay.provi.com.br/checkout/	6 KB 3 KB	394ms 349ms	Document text/html	172.67.74.139 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pay.provi.com.br/checkout/gizele-cader?campaign=boleto-parcelado-padrao Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.74.139 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e776953772ac9f46fc2b4ba3f594f77fc362d471f59e375c20ba3a2d0cbd3468 Request headers :method GET :authority pay.provi.com.br :scheme https :path /checkout/gizele-cader?campaign=boleto-parcelado-padrao pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers date Wed, 06 Oct 2021 12:30:12 GMT content-type text/html; charset=utf-8 cache-control public, max-age=0, must-revalidate expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XWFEsZ%2FzXLr8eXZ8G%2BblHodlwf2tnTPOoEEuiNLvkNpE81SYu6Ah%2FFXYxpu8ULUqJcazuLJLGJcx7%2Fw4auOdzzVsO99n1EvHR4bkiNHy%2F1YuTXytegQDjpHLy8qUuyq6Sny3"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary Accept-Encoding cf-cache-status DYNAMIC server cloudflare cf-ray 699ee64b8cea4131-PRG content-encoding gzip
GET H2	200	2.2bc212ea.chunk.css pay.provi.com.br/static/css/	18 KB 2 KB	119ms 119ms	Stylesheet text/css	172.67.74.139 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pay.provi.com.br/static/css/2.2bc212ea.chunk.css Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/checkout/gizele-cader?campaign=boleto-parcelado-padrao Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.74.139 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6fd94510381116788e3d09fd6099d5ed8075a24b43f644b7d238209774fe1599 Request headers :path /static/css/2.2bc212ea.chunk.css pragma no-cache accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority pay.provi.com.br referer https://pay.provi.com.br/checkout/gizele-cader?campaign=boleto-parcelado-padrao :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://pay.provi.com.br/checkout/gizele-cader?campaign=boleto-parcelado-padrao User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Wed, 06 Oct 2021 12:30:12 GMT content-encoding gzip cf-cache-status REVALIDATED cf-bgj minify server cloudflare etag W/"7de066be93157effaac802a98d35b2e7" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oi4gjmXRETFktBK1bQ8TFDEzsGRquFadpXDlma2sXSIknzL5y9mvkPVE%2B1JB9IXy7liQAexrLF8SKNHgRCdmthsX2XHXg8n7wiE5%2FOfzdgd2S646CurNcayqhLwqzigAjCXM"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 cache-control public, max-age=14400, must-revalidate nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 699ee64dde604131-PRG cf-polished origSize=18079
GET H2	200	main.49eed4d5.chunk.css pay.provi.com.br/static/css/	1 KB 770 B	107ms 106ms	Stylesheet text/css	172.67.74.139 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pay.provi.com.br/static/css/main.49eed4d5.chunk.css Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/checkout/gizele-cader?campaign=boleto-parcelado-padrao Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.74.139 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c8845d5c8ee42401212bfcdc21c21e3fce73ed04540c49c7b2e17f5fd5574e33 Request headers :path /static/css/main.49eed4d5.chunk.css pragma no-cache accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority pay.provi.com.br referer https://pay.provi.com.br/checkout/gizele-cader?campaign=boleto-parcelado-padrao :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://pay.provi.com.br/checkout/gizele-cader?campaign=boleto-parcelado-padrao User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Wed, 06 Oct 2021 12:30:12 GMT content-encoding gzip cf-cache-status REVALIDATED cf-bgj minify server cloudflare etag W/"a2dde653ce04786872de570892d2c634" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HRp1Iic%2F01EMLlTciOJtk%2FzgjffVQAys0SlYKMKbGcOhoCVLtWKh9ZZ9B6YAj8pSjMqatFyJrmydx5LcUQRB4eTr1ua2gqPnneptNJDra14gYM1Q1Qcc5kcMStG%2FD6DSkrqS"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 cache-control public, max-age=14400, must-revalidate nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 699ee64dde614131-PRG cf-polished origSize=1152
GET H2	200	tr www.facebook.com/	44 B 313 B	23ms 7ms	Image image/gif	185.60.216.35 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr?id=458929838438421&ev=PageView&noscript=1 Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/checkout/gizele-cader?campaign=boleto-parcelado-padrao Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.60.216.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS edge-star-mini-shv-01-frx5.facebook.com Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.provi.com.br/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Wed, 06 Oct 2021 12:30:12 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 44 expires Wed, 06 Oct 2021 12:30:12 GMT
GET H2	200	2.6f4008c6.chunk.js Show response pay.provi.com.br/static/js/	2 MB 736 KB	71ms 70ms	Script application/javascript	172.67.74.139 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pay.provi.com.br/static/js/2.6f4008c6.chunk.js Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/checkout/gizele-cader?campaign=boleto-parcelado-padrao Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.74.139 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6f591f26745e156f9542e1c61b3754e8dbb8b61e36f29eba6a6b293c5daa53c7 Request headers :path /static/js/2.6f4008c6.chunk.js pragma no-cache accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority pay.provi.com.br referer https://pay.provi.com.br/checkout/gizele-cader?campaign=boleto-parcelado-padrao :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://pay.provi.com.br/checkout/gizele-cader?campaign=boleto-parcelado-padrao User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Wed, 06 Oct 2021 12:30:12 GMT content-encoding gzip cf-cache-status REVALIDATED cf-bgj minify server cloudflare etag W/"9883d31b484df39ed66c2609cc286138" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xqJvczkiePXDdOPEuGwpA7mc2FP8puoELOVdz0byUfYVuPukK%2FeKFktQX%2FTQTIH9G6QDaBF28tLrPK9QrGfzqSiGF9o%2BYZWnskK8QYSheOvMg4dCsfIdEAmqrzVnCvY0nWK9"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control public, max-age=14400, must-revalidate nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 699ee64dee624131-PRG cf-polished origSize=2303179
GET H2	200	main.a03e4fc7.chunk.js Show response pay.provi.com.br/static/js/	723 KB 246 KB	90ms 89ms	Script application/javascript	172.67.74.139 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pay.provi.com.br/static/js/main.a03e4fc7.chunk.js Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/checkout/gizele-cader?campaign=boleto-parcelado-padrao Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.74.139 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6f9d54a0dd3ecfae35279b3f8fc04c5fcf02b0cf235fc2fd71bf3414ee1dd449 Request headers :path /static/js/main.a03e4fc7.chunk.js pragma no-cache accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority pay.provi.com.br referer https://pay.provi.com.br/checkout/gizele-cader?campaign=boleto-parcelado-padrao :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://pay.provi.com.br/checkout/gizele-cader?campaign=boleto-parcelado-padrao User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Wed, 06 Oct 2021 12:30:12 GMT content-encoding gzip cf-cache-status REVALIDATED cf-bgj minify server cloudflare etag W/"0a2ae984cdfcaf5ce0ea7161f57e372c" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KNkeswcXac5optE1W6fp0YYEcai5Uq%2FvmS%2FEbjIMw5u1q1IwB0MTbD90HMht3Z%2B1C42LzCra6CTFt1%2BOPThZCiMtcs56h%2FuHpvJoPJtzFW8qUOZnohSyykXycTow%2FrRcKrk9"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control public, max-age=14400, must-revalidate nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 699ee64dee634131-PRG cf-polished origSize=740302
GET H2	200	beacon.min.js Show response static.cloudflareinsights.com/	13 KB 5 KB	65ms 46ms	Script text/javascript	104.16.95.65 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.cloudflareinsights.com/beacon.min.js Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/checkout/gizele-cader?campaign=boleto-parcelado-padrao Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.95.65 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash acd89c8dd5cc9cf47ee574302ec883993c33d419da8840ddb05763b857f1f09f Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.provi.com.br/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Wed, 06 Oct 2021 12:30:12 GMT content-encoding gzip last-modified Wed, 22 Sep 2021 16:39:17 GMT server cloudflare etag W/2021.9.0 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/javascript;charset=UTF-8 access-control-allow-origin * cache-control public, max-age=86400 cross-origin-resource-policy cross-origin cf-ray 699ee64df9d74aa4-FRA
GET H2	200	gtm.js Show response www.googletagmanager.com/	96 KB 38 KB	75ms 39ms	Script application/javascript	142.250.185.104 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-MZN2SQH Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/checkout/gizele-cader?campaign=boleto-parcelado-padrao Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.104 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s49-in-f8.1e100.net Software Google Tag Manager / Resource Hash 59db4432464819bf91b2ab5316c5487fcba1654fdd1b0ddbb71f629ad2f210d9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.provi.com.br/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Wed, 06 Oct 2021 12:30:12 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 38282 x-xss-protection 0 last-modified Wed, 06 Oct 2021 12:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Wed, 06 Oct 2021 12:30:12 GMT
GET H2	200	conversion_async.js Show response www.googleadservices.com/pagead/	37 KB 15 KB	42ms 19ms	Script text/javascript	142.250.185.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googleadservices.com/pagead/conversion_async.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZN2SQH Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s53-in-f2.1e100.net Software cafe / Resource Hash 03b8f9e258f69727a11fc81ce93fbc8d0d5ca96489a1e84463af819efedf0782 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.provi.com.br/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Wed, 06 Oct 2021 12:30:12 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 14399 x-xss-protection 0 server cafe etag 3154747477907843336 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600 timing-allow-origin * expires Wed, 06 Oct 2021 12:30:12 GMT
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	98 KB 26 KB	27ms 7ms	Script application/x-javascript	185.60.216.19 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/checkout/gizele-cader?campaign=boleto-parcelado-padrao Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.60.216.19 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS xx-fbcdn-shv-01-frx5.fbcdn.net Software / Resource Hash 2bc2179dbcac09de834853fc91b815d3bea8112276b7b789f610078d399bcb47 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.provi.com.br/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers strict-transport-security max-age=31536000; preload; includeSubDomains content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 25967 x-xss-protection 0 pragma public x-fb-debug 4Qw66S2W1GabxWEtnW8lvUperkwFuVXFc2QQQvj2xp1C0kRPdlOLZuuZDAZul9Db6zKzvDuDCMtgYvXMegtm3Q== x-fb-trip-id 917726464 x-frame-options DENY date Wed, 06 Oct 2021 12:30:12 GMT vary Accept-Encoding content-type application/x-javascript; charset=utf-8 cache-control public, max-age=1200 x-fb-rlafr 0 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	Montserrat.c8b6e083.ttf pay.provi.com.br/static/media/	237 KB 110 KB	50ms 50ms	Font application/font-sfnt	172.67.74.139 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pay.provi.com.br/static/media/Montserrat.c8b6e083.ttf Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/static/css/main.49eed4d5.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.74.139 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53 Request headers sec-fetch-mode cors origin https://pay.provi.com.br accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 sec-fetch-dest font cookie _gcl_au=1.1.1325834975.1633523412 :path /static/media/Montserrat.c8b6e083.ttf pragma no-cache user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 accept */* cache-control no-cache :authority pay.provi.com.br referer https://pay.provi.com.br/static/css/main.49eed4d5.chunk.css :scheme https sec-fetch-site same-origin :method GET Referer https://pay.provi.com.br/static/css/main.49eed4d5.chunk.css Origin https://pay.provi.com.br Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Wed, 06 Oct 2021 12:30:12 GMT content-encoding gzip cf-cache-status REVALIDATED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"cf557bf1776cb378d3706604c7c34d38" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tl54UuAY22vDmGEuQvDeDMZE33PnnIOBoON%2FRInT2dm%2FzgPo0PZvKPpQhZnMd0KXkGU5nl1OqBPs5%2Fg0re3vBr6LpgDpHhKVbh36e6MR%2BcXMh%2BOPScDTlqGgzM9b%2B%2FgPUnYL"}],"group":"cf-nel","max_age":604800} content-type application/font-sfnt cache-control public, max-age=14400, must-revalidate cf-ray 699ee64ebeb14131-PRG
GET H2	200	805073073222655 Show response connect.facebook.net/signals/config/	490 KB 144 KB	125ms 124ms	Script application/x-javascript	185.60.216.19 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/805073073222655?v=2.9.47&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.60.216.19 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS xx-fbcdn-shv-01-frx5.fbcdn.net Software / Resource Hash d324b2f130ee0204cd4c9e07d212c1052d00052cb76b4a698c32cbbd84cc8abf Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.provi.com.br/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 x-xss-protection 0 pragma public x-fb-debug xGfJUcTDCnSoIRcZDJWV13ZyIuLmn8H489928mBSiSlmTGToLUjoNr5CxOmYqzKeWOG72K8jNBomMae4jhUXUw== x-fb-trip-id 917726464 x-frame-options DENY cross-origin-opener-policy same-origin-allow-popups cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" date Wed, 06 Oct 2021 12:30:12 GMT strict-transport-security max-age=31536000; preload; includeSubDomains report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/714349266/	2 KB 2 KB	40ms 19ms	Script text/javascript	216.58.212.162 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/714349266/?random=1633523412307&cv=9&fst=1633523412307&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wga40&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fpay.provi.com.br%2Fcheckout%2Fgizele-cader%3Fcampaign%3Dboleto-parcelado-padrao&tiba=Provi&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US), Reverse DNS ams15s22-in-f162.1e100.net Software cafe / Resource Hash 441de8975708577897fd27367e059f4bd2694e8ccf6e9d42c2469f3a0c6f0b3b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.provi.com.br/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Wed, 06 Oct 2021 12:30:12 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1012 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	recorder.js Show response rec.smartlook.com/	28 KB 9 KB	39ms 6ms	Script application/javascript	195.181.174.6 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://rec.smartlook.com/recorder.js Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/static/js/2.6f4008c6.chunk.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 195.181.174.6 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS frankfurt-1.cdn77.com Software CDN77-Turbo / Resource Hash 394653b172e1eb8c527dba3151a9d40522d67cd0ce88f8a7097b4c3347e7080e Security Headers Name Value Strict-Transport-Security max-age=31536000, max-age=31536000 Request headers Referer https://pay.provi.com.br/ Origin https://pay.provi.com.br Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-77-pop frankfurtDE date Wed, 06 Oct 2021 12:30:12 GMT content-encoding br vary Accept-Encoding x-77-nzt-ray yOy3aeYAtRs= x-77-cache HIT x-cache HIT x-age 596 x-77-nzt AcO1rgUzTBXvVAIAAA== x-accel-expires @1633523416 last-modified Wed, 06 Oct 2021 04:08:11 GMT server CDN77-Turbo etag W/"615d212b-6f29" strict-transport-security max-age=31536000, max-age=31536000 content-type application/javascript access-control-allow-origin * cache-control public, max-age=600
GET H2	200	analytics.js Show response www.google-analytics.com/	48 KB 20 KB	28ms 6ms	Script text/javascript	142.250.185.78 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/static/js/2.6f4008c6.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.78 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f14.1e100.net Software Golfe2 / Resource Hash fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.provi.com.br/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Wed, 11 Aug 2021 00:32:57 GMT server Golfe2 age 6195 date Wed, 06 Oct 2021 10:46:57 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19747 expires Wed, 06 Oct 2021 12:46:57 GMT
GET H2	200	MontserratBold.ade91f47.ttf pay.provi.com.br/static/media/	239 KB 110 KB	97ms 89ms	Font application/font-sfnt	172.67.74.139 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pay.provi.com.br/static/media/MontserratBold.ade91f47.ttf Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/static/css/main.49eed4d5.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.74.139 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c8289a870d238aa042bdfd09364fe6dea524bcd1ea485341878d8c75a32ab444 Request headers sec-fetch-mode cors origin https://pay.provi.com.br accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 sec-fetch-dest font cookie _gcl_au=1.1.1325834975.1633523412 :path /static/media/MontserratBold.ade91f47.ttf pragma no-cache user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 accept */* cache-control no-cache :authority pay.provi.com.br referer https://pay.provi.com.br/static/css/main.49eed4d5.chunk.css :scheme https sec-fetch-site same-origin :method GET Referer https://pay.provi.com.br/static/css/main.49eed4d5.chunk.css Origin https://pay.provi.com.br Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Wed, 06 Oct 2021 12:30:12 GMT content-encoding gzip cf-cache-status REVALIDATED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"1212df24c99170c7e186a79b1b21f300" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nuiAkeTzTQkzNSi09Cr7GwkXHcAErmKAKL2nj15KSEIq4N80pkkiQtrCL7M9rfozetShuiNuHqt3dnoUOTZXgdMB23fTRsqu7Rbl0JBaT2JkNelDYm8NBP%2FtMl95qFWRJGQq"}],"group":"cf-nel","max_age":604800} content-type application/font-sfnt cache-control public, max-age=14400, must-revalidate cf-ray 699ee6506f8a4131-PRG
OPTIONS H2	204	gizele-cader ms-provipay.provi.com.br/v2/courses/	0 0	482ms 436ms	Preflight	104.26.8.233 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ms-provipay.provi.com.br/v2/courses/gizele-cader?limit=6 Protocol H2 Server 104.26.8.233 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Request headers Accept */* Access-Control-Request-Method GET Access-Control-Request-Headers authorization Origin https://pay.provi.com.br User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode cors Response headers date Wed, 06 Oct 2021 12:30:13 GMT content-length 0 x-powered-by Express access-control-allow-origin * access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE vary Access-Control-Request-Headers access-control-allow-headers authorization via 1.1 vegur cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SfEQTjpw4UVDldNPNBKunhMxRfOP0cyulRfXVzLSXO8vE0oD2HSO4GkV7p%2BmG%2FzH9N2FNq8wg%2BqWVDztPW%2FRY7xW9d7VkjaO8lxHWUq5CH1FLQuco%2BbbFuSenr7KUxsbEtY8NLekegpTPw%3D%3D"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 699ee6510e5b4132-PRG
OPTIONS H2	204	gizele-cader ms-provipay.provi.com.br/v2/checkout/	0 0	468ms 422ms	Preflight	104.26.8.233 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ms-provipay.provi.com.br/v2/checkout/gizele-cader?campaignSlug=boleto-parcelado-padrao Protocol H2 Server 104.26.8.233 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Request headers Accept */* Access-Control-Request-Method GET Access-Control-Request-Headers authorization Origin https://pay.provi.com.br User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode cors Response headers date Wed, 06 Oct 2021 12:30:13 GMT content-length 0 x-powered-by Express access-control-allow-origin * access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE vary Access-Control-Request-Headers access-control-allow-headers authorization via 1.1 vegur cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GTdq%2BWfZ8HQ2QdFxY%2Ffkl4nAzCDCcvPILlXpacnzOzhjUR53PzSvuZGixfb7jUSePsF8cyyoKycsZJv8In7%2FCezwDiYRgVWI9wd4x6lopNkmeveUw5f8WTydtLCS30FY5pgAeLLQNgatwg%3D%3D"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 699ee6510e5c4132-PRG
GET H2	200	gizele-cader Show response ms-provipay.provi.com.br/v2/courses/	163 B 490 B	507ms 507ms	XHR application/json	104.26.8.233 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ms-provipay.provi.com.br/v2/courses/gizele-cader?limit=6 Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/static/js/2.6f4008c6.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.8.233 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 392612addbaae0677fd58f1767e12250ff341fbf1c59c090759280bd4420704e Request headers Accept application/json, text/plain, */* Referer https://pay.provi.com.br/ Authorization eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRlIjoiMjAyMS0xMC0wNlQxMjozMDoxMi41NzhaIiwiaWF0IjoxNjMzNTIzNDEyfQ.BUxnuzuW9aWttlJysNHxUp_djilFaigwHrezlM5l_Bs Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Wed, 06 Oct 2021 12:30:13 GMT via 1.1 vegur etag W/"a3-BQWPn4BB8pTDSL+TJ/cZRlb65nw" cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" cf-ray 699ee653b84e4132-PRG report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HegEbnaTq2nD93DmL%2FVQNc9n8MGRRg%2BPSrZfPzTUwv7j%2FUhdwkKJPH6XNSQ98aKgav%2Fz6emDHPFV217P%2FA7P9qvj2%2FQwsWmMek0svDUdjzokX9BH%2BfOVQuu2KpdQs7nu7GyCOVGIPRcntA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin * content-encoding gzip
GET H2	200	gizele-cader Show response ms-provipay.provi.com.br/v2/checkout/	495 B 635 B	605ms 605ms	XHR application/json	104.26.8.233 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ms-provipay.provi.com.br/v2/checkout/gizele-cader?campaignSlug=boleto-parcelado-padrao Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/static/js/2.6f4008c6.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.8.233 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 00dd24ad69b543acf2d091e34871c8506b73436d0ac2d13d2d31987135a834b3 Request headers Accept application/json, text/plain, */* Referer https://pay.provi.com.br/ Authorization eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRlIjoiMjAyMS0xMC0wNlQxMjozMDoxMi41NzhaIiwiaWF0IjoxNjMzNTIzNDEyfQ.BUxnuzuW9aWttlJysNHxUp_djilFaigwHrezlM5l_Bs Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Wed, 06 Oct 2021 12:30:13 GMT via 1.1 vegur etag W/"1ef-cWhpX1mrEJo3XHV6DTvhyR0xW34" cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" cf-ray 699ee653a8444132-PRG report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O1CrO3GuvGxRfbUmWAScWgIH0lPTrcLLBNLkGUlD4ZY4rujRxTwjCE%2BUuXHBicspzelvkmqPz63BY1%2FTllSuxI9rMf2c46RNsLW78%2BUn35Uehfpi6OET9Nwbz%2FU3WlOoMjJ4ezf5r5obqw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin * content-encoding gzip
GET H2	200	/ www.google.com/pagead/1p-user-list/714349266/	42 B 569 B	68ms 29ms	Image image/gif	142.250.186.132 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/714349266/?random=1633523412307&cv=9&fst=1633521600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wga40&sendb=1&frm=0&url=https%3A%2F%2Fpay.provi.com.br%2Fcheckout%2Fgizele-cader%3Fcampaign%3Dboleto-parcelado-padrao&tiba=Provi&async=1&fmt=3&is_vtc=1&random=3095402982&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/checkout/gizele-cader?campaign=boleto-parcelado-padrao Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.132 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f4.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.provi.com.br/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Wed, 06 Oct 2021 12:30:12 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ www.facebook.com/tr/	44 B 91 B	16ms 7ms	Image image/gif	185.60.216.35 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=805073073222655&ev=PageView&dl=https%3A%2F%2Fpay.provi.com.br%2Fcheckout%2Fgizele-cader%3Fcampaign%3Dboleto-parcelado-padrao&rl=&if=false&ts=1633523412637&sw=1600&sh=1200&v=2.9.47&r=stable&ec=0&o=30&fbp=fb.2.1633523412634.1058262128&it=1633523412300&coo=false&rqm=GET Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/checkout/gizele-cader?campaign=boleto-parcelado-padrao Protocol H3 Security QUIC, , AES_128_GCM Server 185.60.216.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS edge-star-mini-shv-01-frx5.facebook.com Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.provi.com.br/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Wed, 06 Oct 2021 12:30:12 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin content-length 44 alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 priority u=3,i expires Wed, 06 Oct 2021 12:30:12 GMT
POST H3	200	collect Show response www.google-analytics.com/j/	4 B 24 B	28ms 14ms	XHR text/plain	142.250.185.78 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j93&a=258356211&t=pageview&_s=1&dl=https%3A%2F%2Fpay.provi.com.br%2Fcheckout%2Fgizele-cader%3Fcampaign%3Dboleto-parcelado-padrao&dp=%2Fcheckout%2Fgizele-cader%3Fcampaign%3Dboleto-parcelado-padrao&ul=en-us&de=UTF-8&dt=Catalog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=2076207458&gjid=1592483412&cid=1037018829.1633523413&tid=UA-146320363-13&_gid=1274789801.1633523413&_r=1&_slc=1&z=256097262 Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/static/js/2.6f4008c6.chunk.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.78 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f14.1e100.net Software Golfe2 / Resource Hash aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://pay.provi.com.br/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Wed, 06 Oct 2021 12:30:12 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://pay.provi.com.br cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	collect www.google-analytics.com/	35 B 55 B	21ms 9ms	Image image/gif	142.250.185.78 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j93&a=258356211&t=pageview&_s=2&dl=https%3A%2F%2Fpay.provi.com.br%2Fcheckout%2Fgizele-cader%3Fcampaign%3Dboleto-parcelado-padrao&dp=%2Fcheckout%2Fgizele-cader%3Fcampaign%3Dboleto-parcelado-padrao&ul=en-us&de=UTF-8&dt=Checkout&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=&gjid=&cid=1037018829.1633523413&tid=UA-146320363-13&_gid=1274789801.1633523413&z=244316398 Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/checkout/gizele-cader?campaign=boleto-parcelado-padrao Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.78 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f14.1e100.net Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.provi.com.br/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Tue, 05 Oct 2021 18:22:53 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 65239 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	2 B 462 B	67ms 22ms	XHR text/plain	173.194.76.155 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-146320363-13&cid=1037018829.1633523413&jid=2076207458&gjid=1592483412&_gid=1274789801.1633523413&_u=IEBAAEAAAAAAAC~&z=2021730490 Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/static/js/2.6f4008c6.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.194.76.155 , United States, ASN15169 (GOOGLE, US), Reverse DNS ws-in-f155.1e100.net Software Golfe2 / Resource Hash 6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://pay.provi.com.br/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Wed, 06 Oct 2021 12:30:12 GMT content-type text/plain access-control-allow-origin https://pay.provi.com.br cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	rum Show response cloudflareinsights.com/cdn-cgi/	0 77 B	20ms 19ms	XHR text/plain	104.16.95.65 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cloudflareinsights.com/cdn-cgi/rum Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/static/js/2.6f4008c6.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.95.65 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Referer https://pay.provi.com.br/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 content-type application/json Response headers date Wed, 06 Oct 2021 12:30:12 GMT content-encoding gzip x-content-type-options nosniff server cloudflare x-frame-options DENY access-control-allow-methods POST,OPTIONS content-type text/plain access-control-allow-origin https://pay.provi.com.br access-control-max-age 86400 access-control-allow-credentials true cf-ray 699ee651c9024e80-FRA vary Origin
OPTIONS H2	200	rum cloudflareinsights.com/cdn-cgi/	0 0	65ms 16ms	Preflight text/plain	104.16.95.65 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cloudflareinsights.com/cdn-cgi/rum Protocol H2 Server 104.16.95.65 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers content-type Origin https://pay.provi.com.br User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode cors Response headers date Wed, 06 Oct 2021 12:30:12 GMT content-type text/plain access-control-allow-origin https://pay.provi.com.br access-control-allow-methods POST,OPTIONS access-control-allow-headers Content-Type access-control-max-age 86400 vary Origin access-control-allow-credentials true server cloudflare cf-ray 699ee651a8d24e80-FRA x-frame-options DENY x-content-type-options nosniff content-encoding gzip
GET H3	200	ga-audiences www.google.com/ads/	42 B 63 B	46ms 30ms	Image image/gif	142.250.186.132 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-146320363-13&cid=1037018829.1633523413&jid=2076207458&_u=IEBAAEAAAAAAAC~&z=388268642 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.132 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f4.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.provi.com.br/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Wed, 06 Oct 2021 12:30:12 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ www.facebook.com/tr/	44 B 88 B	7ms 7ms	Image image/gif	185.60.216.35 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=805073073222655&ev=Microdata&dl=https%3A%2F%2Fpay.provi.com.br%2Fcheckout%2Fgizele-cader%3Fcampaign%3Dboleto-parcelado-padrao&rl=&if=false&ts=1633523413140&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Provi%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22Provi%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fpay.provi.com.br%2F%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fprovi.com.br%2Ficons%2Ficon-512x512.png%22%2C%22og%3Adescription%22%3A%22Acreditamos%20que%20as%20pessoas%20podem%20fazer%20coisas%20incr%C3%ADveis%20se%20tiverem%20o%20incentivo%20certo%20no%20momento%20correto.%20Alavanque%20sua%20carreira.%20Conte%20com%20a%20Provi!%22%2C%22og%3Alocale%22%3A%22pt_BR%22%2C%22og%3Asite_name%22%3A%22ProviPay%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.47&r=stable&ec=1&o=30&fbp=fb.2.1633523412634.1058262128&it=1633523412300&coo=false&es=automatic&tm=3&rqm=GET Protocol H3 Security QUIC, , AES_128_GCM Server 185.60.216.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS edge-star-mini-shv-01-frx5.facebook.com Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.provi.com.br/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Wed, 06 Oct 2021 12:30:13 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin content-length 44 alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 priority u=3,i expires Wed, 06 Oct 2021 12:30:13 GMT
OPTIONS H2	204	gizele-cader ms-provipay.provi.com.br/v2/courses/	0 0	406ms 406ms	Preflight	104.26.8.233 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ms-provipay.provi.com.br/v2/courses/gizele-cader?limit=6 Protocol H2 Server 104.26.8.233 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Request headers Accept */* Access-Control-Request-Method GET Access-Control-Request-Headers authorization Origin https://pay.provi.com.br User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode cors Response headers date Wed, 06 Oct 2021 12:30:14 GMT content-length 0 x-powered-by Express access-control-allow-origin * access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE vary Access-Control-Request-Headers access-control-allow-headers authorization via 1.1 vegur cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ldKRxCB1Z10WeKtPoG%2Bz%2BKYX6dAsuv1nSXaypz8rE4yU8ia8xBYf%2F%2FE8BxMapszpkmF5giON%2BHmYT339u0iFcLnxaje%2BvMJU7uLVL7TdVU8W7QLfzvU3mXnfSj9FnV1yUsRL2Oe3N6WazA%3D%3D"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 699ee657cb7f4132-PRG
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 40acdd721cc5be6336927211e8da3b9d3225a452c12652d408f2c07a8d9d06ac Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Content-Type image/png
OPTIONS H2	204	gizele-cader ms-provipay.provi.com.br/v2/checkout/	0 0	119ms 119ms	Preflight	104.26.8.233 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ms-provipay.provi.com.br/v2/checkout/gizele-cader?campaignSlug=boleto-parcelado-padrao Protocol H2 Server 104.26.8.233 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Request headers Accept */* Access-Control-Request-Method GET Access-Control-Request-Headers authorization Origin https://pay.provi.com.br User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode cors Response headers date Wed, 06 Oct 2021 12:30:13 GMT content-length 0 x-powered-by Express access-control-allow-origin * access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE vary Access-Control-Request-Headers access-control-allow-headers authorization via 1.1 vegur cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fXezdTZJTJT%2BaFERxfpwwvhtQIg1CFLTG4cvXiJ4maljfnyuJqmzrpGHoxTgePXUOZWPVJ%2B7tLKoXSEVz0EL8MLNwrk0%2F2Jrvo7w24di%2FJteaInv%2FdBWhhyJt6AbHHz31syoNFQ3RKr2KQ%3D%3D"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 699ee657cb804132-PRG
GET H3	200	collect www.google-analytics.com/	35 B 55 B	7ms 6ms	Image image/gif	142.250.185.78 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j93&a=258356211&t=pageview&_s=3&dl=https%3A%2F%2Fpay.provi.com.br%2Fcheckout%2Fgizele-cader%3Fcampaign%3Dboleto-parcelado-padrao&dp=%2Fcheckout%2Fgizele-cader%3Fcampaign%3Dboleto-parcelado-padrao&ul=en-us&de=UTF-8&dt=Catalog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEBAAEABAAAAAC~&jid=&gjid=&cid=1037018829.1633523413&uid=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRlIjoiMjAyMS0xMC0wNlQxMjozMDoxMi41NzhaIiwiaWF0IjoxNjMzNTIzNDEyfQ.BUxnuzuW9aWttlJysNHxUp_djilFaigwHrezlM5l_Bs&tid=UA-146320363-13&_gid=1274789801.1633523413&z=912348301 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.78 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f14.1e100.net Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.provi.com.br/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Tue, 05 Oct 2021 18:22:53 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 65240 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H3	200	collect www.google-analytics.com/	35 B 55 B	7ms 7ms	Image image/gif	142.250.185.78 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j93&a=258356211&t=pageview&_s=4&dl=https%3A%2F%2Fpay.provi.com.br%2Fcheckout%2Fgizele-cader%3Fcampaign%3Dboleto-parcelado-padrao&dp=%2Fcheckout%2Fgizele-cader%3Fcampaign%3Dboleto-parcelado-padrao&ul=en-us&de=UTF-8&dt=Checkout&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEBAAEABAAAAAC~&jid=&gjid=&cid=1037018829.1633523413&uid=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRlIjoiMjAyMS0xMC0wNlQxMjozMDoxMi41NzhaIiwiaWF0IjoxNjMzNTIzNDEyfQ.BUxnuzuW9aWttlJysNHxUp_djilFaigwHrezlM5l_Bs&tid=UA-146320363-13&_gid=1274789801.1633523413&z=1947828394 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.78 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f14.1e100.net Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://pay.provi.com.br/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Tue, 05 Oct 2021 18:22:53 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 65240 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	gizele-cader Show response ms-provipay.provi.com.br/v2/courses/	163 B 433 B	191ms 191ms	XHR application/json	104.26.8.233 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ms-provipay.provi.com.br/v2/courses/gizele-cader?limit=6 Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/static/js/2.6f4008c6.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.8.233 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 392612addbaae0677fd58f1767e12250ff341fbf1c59c090759280bd4420704e Request headers Accept application/json, text/plain, */* Referer https://pay.provi.com.br/ Authorization eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRlIjoiMjAyMS0xMC0wNlQxMjozMDoxMi41NzhaIiwiaWF0IjoxNjMzNTIzNDEyfQ.BUxnuzuW9aWttlJysNHxUp_djilFaigwHrezlM5l_Bs Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Wed, 06 Oct 2021 12:30:14 GMT via 1.1 vegur etag W/"a3-BQWPn4BB8pTDSL+TJ/cZRlb65nw" cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" cf-ray 699ee65a4d4a4132-PRG report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U2CBjWLCcCZLYENA0etCODX7nMdZhHf%2FQu0LjI%2B9KbTO6oo2LWf8XxnC3OtvO4DpO7HyekZMJqGP%2B%2FH90AOZAn1nPMmkYT0Qcvi2y0jcyxFq8%2B8LPObT00kDBwLwkTBKAz%2BIzC2HgJOqFQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin * content-encoding gzip
GET H2	200	gizele-cader Show response ms-provipay.provi.com.br/v2/checkout/	495 B 627 B	220ms 220ms	XHR application/json	104.26.8.233 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ms-provipay.provi.com.br/v2/checkout/gizele-cader?campaignSlug=boleto-parcelado-padrao Requested by Host: pay.provi.com.br URL: https://pay.provi.com.br/static/js/2.6f4008c6.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.8.233 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 00dd24ad69b543acf2d091e34871c8506b73436d0ac2d13d2d31987135a834b3 Request headers Accept application/json, text/plain, */* Referer https://pay.provi.com.br/ Authorization eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRlIjoiMjAyMS0xMC0wNlQxMjozMDoxMi41NzhaIiwiaWF0IjoxNjMzNTIzNDEyfQ.BUxnuzuW9aWttlJysNHxUp_djilFaigwHrezlM5l_Bs Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Wed, 06 Oct 2021 12:30:14 GMT via 1.1 vegur etag W/"1ef-cWhpX1mrEJo3XHV6DTvhyR0xW34" cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" cf-ray 699ee6588c004132-PRG report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9gu3kV8ludGcRiBD5p00bj3zSLJBNJB1mDPRCm%2FfD3znXC4sdkPLYiVKEKUgWIf2OQ%2FIUsRJpnmMczHn3t8sI9g63TpMBxcgQiWeI9HNq3BuobzyO05Z7GbNpfH9wQRU3gegv2%2FXbSfDKw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin * content-encoding gzip

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster object| dataLayer undefined| head undefined| script undefined| scriptGTM undefined| noScript undefined| faceBookImg undefined| gtag object| google_tag_manager object| google_tag_data function| fbq function| _fbq object| webpackJsonpfe_provi_pay function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| __SENTRY__ object| regeneratorRuntime number| 2f1acc6c3a606b082e5eef5e54414ffb function| setImmediate function| clearImmediate function| smartlook string| GoogleAnalyticsObject function| ga function| Payment function| JSEncrypt object| __cfBeacon object| JSON3 object| gaplugins object| gaGlobal object| gaData

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.provi.com.br/	1970-01-19 23:54:59	Name: _gcl_au Value: 1.1.1325834975.1633523412
			.doubleclick.net/	1970-01-19 21:45:24	Name: test_cookie Value: CheckForPermission
			.provi.com.br/	1970-01-19 23:54:59	Name: _fbp Value: fb.2.1633523412634.1058262128
			.provi.com.br/	1970-01-20 15:16:35	Name: _ga Value: GA1.3.1037018829.1633523413
			.provi.com.br/	1970-01-19 21:46:49	Name: _gid Value: GA1.3.1274789801.1633523413
			.provi.com.br/	1970-01-19 21:45:23	Name: _gat Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cloudflareinsights.com
connect.facebook.net
googleads.g.doubleclick.net
ms-provipay.provi.com.br
pay.provi.com.br
rec.smartlook.com
static.cloudflareinsights.com
stats.g.doubleclick.net
www.facebook.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
104.16.95.65
104.26.8.233
142.250.185.104
142.250.185.226
142.250.185.78
142.250.186.132
172.67.74.139
173.194.76.155
185.60.216.19
185.60.216.35
195.181.174.6
216.58.212.162
00dd24ad69b543acf2d091e34871c8506b73436d0ac2d13d2d31987135a834b3
03b8f9e258f69727a11fc81ce93fbc8d0d5ca96489a1e84463af819efedf0782
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
2bc2179dbcac09de834853fc91b815d3bea8112276b7b789f610078d399bcb47
392612addbaae0677fd58f1767e12250ff341fbf1c59c090759280bd4420704e
394653b172e1eb8c527dba3151a9d40522d67cd0ce88f8a7097b4c3347e7080e
40acdd721cc5be6336927211e8da3b9d3225a452c12652d408f2c07a8d9d06ac
421f26b23e2be6b98373d32acd3cb2897b154d4bf0a77d26534ce476e4cbed53
441de8975708577897fd27367e059f4bd2694e8ccf6e9d42c2469f3a0c6f0b3b
59db4432464819bf91b2ab5316c5487fcba1654fdd1b0ddbb71f629ad2f210d9
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
6f591f26745e156f9542e1c61b3754e8dbb8b61e36f29eba6a6b293c5daa53c7
6f9d54a0dd3ecfae35279b3f8fc04c5fcf02b0cf235fc2fd71bf3414ee1dd449
6fd94510381116788e3d09fd6099d5ed8075a24b43f644b7d238209774fe1599
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
acd89c8dd5cc9cf47ee574302ec883993c33d419da8840ddb05763b857f1f09f
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
c8289a870d238aa042bdfd09364fe6dea524bcd1ea485341878d8c75a32ab444
c8845d5c8ee42401212bfcdc21c21e3fce73ed04540c49c7b2e17f5fd5574e33
d324b2f130ee0204cd4c9e07d212c1052d00052cb76b4a698c32cbbd84cc8abf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e776953772ac9f46fc2b4ba3f594f77fc362d471f59e375c20ba3a2d0cbd3468
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62