URL: https://www.naoconto.com/
Submission: On October 08 via automatic, source certstream-suspicious — Scanned from DE

Summary

This website contacted 42 IPs in 8 countries across 50 domains to perform 149 HTTP transactions. The main IP is 158.69.58.139, located in Montreal, Canada and belongs to OVH, FR. The main domain is www.naoconto.com.
TLS certificate: Issued by R3 on October 8th 2021. Valid for: 3 months.
This is the only time www.naoconto.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
38 158.69.58.139 16276 (OVH)
1 104.26.5.7 13335 (CLOUDFLAR...)
2 104.22.71.197 13335 (CLOUDFLAR...)
3 142.250.185.174 15169 (GOOGLE)
22 205.185.216.42 20446 (HIGHWINDS3)
1 51.81.43.93 16276 (OVH)
3 104.21.79.235 13335 (CLOUDFLAR...)
1 217.22.19.194 42567 (MOJHOST-EU)
2 216.58.212.131 15169 (GOOGLE)
3 158.69.139.226 16276 (OVH)
1 67.202.94.86 32748 (STEADFAST)
1 66.102.1.154 15169 (GOOGLE)
9 95.211.229.245 60781 (LEASEWEB-...)
1 142.250.184.228 15169 (GOOGLE)
3 217.22.19.196 42567 (MOJHOST-EU)
1 216.58.212.161 15169 (GOOGLE)
1 18.195.98.10 16509 (AMAZON-02)
1 104.18.28.199 13335 (CLOUDFLAR...)
7 67.202.105.33 32748 (STEADFAST)
3 143.204.98.4 16509 (AMAZON-02)
1 45.55.96.63 14061 (DIGITALOC...)
3 3 51.210.112.236 16276 (OVH)
2 3 76.223.111.131 16509 (AMAZON-02)
3 10 52.208.103.128 16509 (AMAZON-02)
1 2 104.22.24.87 13335 (CLOUDFLAR...)
2 4 142.250.181.226 15169 (GOOGLE)
2 172.217.23.97 15169 (GOOGLE)
1 208.100.17.185 32748 (STEADFAST)
4 216.58.212.169 15169 (GOOGLE)
1 37.120.165.226 197540 (NETCUP-AS...)
1 6 95.211.229.246 60781 (LEASEWEB-...)
1 6 52.30.140.199 16509 (AMAZON-02)
1 172.67.220.51 13335 (CLOUDFLAR...)
1 185.64.190.78 62713 (AS-PUBMATIC)
4 4 54.36.109.22 16276 (OVH)
1 2 104.111.215.191 16625 (AKAMAI-AS)
2 2 46.228.164.13 56396 (AMOBEE)
2 2 35.227.248.159 15169 (GOOGLE)
1 104.16.91.60 13335 (CLOUDFLAR...)
1 2 34.254.143.3 16509 (AMAZON-02)
2 2 52.18.85.49 16509 (AMAZON-02)
1 51.144.7.192 8075 (MICROSOFT...)
1 34.240.156.207 16509 (AMAZON-02)
1 1 69.169.86.38 29838 (AMC)
1 64.58.232.177 13649 (ASN-VINS)
1 2 18.169.90.17 16509 (AMAZON-02)
1 34.247.104.176 16509 (AMAZON-02)
1 1 54.81.207.173 14618 (AMAZON-AES)
1 1 199.127.207.184 26120 (RHYTHMONE)
1 1 185.29.134.248 30419 (MEDIAMATH...)
2 2 66.155.71.149 13768 (COGECO-PEER1)
2 2 151.101.2.49 54113 (FASTLY)
2 2 37.252.173.22 29990 (ASN-APPNEX)
149 42
Apex Domain
Subdomains
Transfer
38 naoconto.com
www.naoconto.com
456 KB
19 crwdcntrl.net
tags.crwdcntrl.net
sync.crwdcntrl.net
bcp.crwdcntrl.net
50 KB
15 realsrv.com
a.realsrv.com
syndication.realsrv.com
117 KB
11 exdynsrv.com
a.exdynsrv.com
syndication.exdynsrv.com
67 KB
9 tynt.com
cdn.tynt.com
ic.tynt.com
de.tynt.com
8 KB
8 ackcdn.net
s3t3d2y7.ackcdn.net
169 KB
5 doubleclick.net
stats.g.doubleclick.net
cm.g.doubleclick.net
2 KB
4 id5-sync.com
id5-sync.com
6 KB
4 blogger.com
www.blogger.com
321 KB
3 adsrvr.org
match.adsrvr.org
1 KB
3 onaudience.com
pixel.onaudience.com
1 KB
3 blogspot.com
2.bp.blogspot.com
bidvancedisplay.blogspot.com
brandnewadserving.blogspot.com
27 KB
3 dtscout.com
t.dtscout.com
9 KB
3 webstats1.com
webstats1.com
37 KB
3 exosrv.com
ads.exosrv.com
a.exosrv.com
syndication.exosrv.com
26 KB
3 google-analytics.com
www.google-analytics.com
39 KB
2 adnxs.com
secure.adnxs.com
2 KB
2 everesttech.net
sync-tm.everesttech.net
616 B
2 sitescout.com
pixel-sync.sitescout.com
941 B
2 agkn.com
aa.agkn.com
746 B
2 demdex.net
dpm.demdex.net
2 KB
2 exelator.com
loadm.exelator.com
2 KB
2 tapad.com
pixel.tapad.com
916 B
2 turn.com
d.turn.com
855 B
2 bluekai.com
tags.bluekai.com
599 B
2 zeotap.com
spl.zeotap.com
mwzeom.zeotap.com
900 B
2 bidvance.com
go.bidvance.com
1 KB
2 gstatic.com
fonts.gstatic.com
29 KB
2 addtoany.com
static.addtoany.com
27 KB
1 mathtag.com
sync.mathtag.com
615 B
1 videohub.tv
dt-secure.videohub.tv
547 B
1 stackadapt.com
sync.srv.stackadapt.com
620 B
1 ml314.com
ml314.com
422 B
1 mookie1.com
ib.mookie1.com
992 B
1 ib-ibi.com
global.ib-ibi.com
511 B
1 krxd.net
beacon.krxd.net
338 B
1 cintnetworks.com
c.cintnetworks.com
328 B
1 truoptik.com
dmp.truoptik.com
1 pubmatic.com
image6.pubmatic.com
166 B
1 dtssrv.com
a.dtssrv.com
565 B
1 trustiseverything.de
trustiseverything.de
144 KB
1 dtscdn.com
t.dtscdn.com
407 B
1 sharethis.com
pd.sharethis.com
88 B
1 goasrv.com
go.goasrv.com
132 B
1 google.com
www.google.com
522 B
1 amung.us
whos.amung.us
148 B
1 eabids.com
go.eabids.com
2 KB
1 n1internet.com
www.n1internet.com
366 B
1 waust.at
waust.at
4 KB
0 survata.com Failed
px.surveywall-api.survata.com Failed
149 50
Domain Requested by
38 www.naoconto.com www.naoconto.com
10 sync.crwdcntrl.net 3 redirects bcp.crwdcntrl.net
8 s3t3d2y7.ackcdn.net www.naoconto.com
8 syndication.realsrv.com a.realsrv.com
7 ic.tynt.com www.naoconto.com
7 a.realsrv.com www.naoconto.com
a.realsrv.com
a.exosrv.com
6 bcp.crwdcntrl.net 1 redirects tags.crwdcntrl.net
bcp.crwdcntrl.net
6 syndication.exdynsrv.com 1 redirects brandnewadserving.blogspot.com
a.exdynsrv.com
www.naoconto.com
5 a.exdynsrv.com brandnewadserving.blogspot.com
a.exdynsrv.com
4 id5-sync.com 4 redirects
4 www.blogger.com bidvancedisplay.blogspot.com
brandnewadserving.blogspot.com
4 cm.g.doubleclick.net 2 redirects bcp.crwdcntrl.net
3 match.adsrvr.org 2 redirects bcp.crwdcntrl.net
3 pixel.onaudience.com 3 redirects
3 tags.crwdcntrl.net t.dtscout.com
tags.crwdcntrl.net
3 t.dtscout.com waust.at
t.dtscout.com
3 webstats1.com www.naoconto.com
webstats1.com
3 www.google-analytics.com www.naoconto.com
www.google-analytics.com
2 secure.adnxs.com 2 redirects
2 sync-tm.everesttech.net 2 redirects
2 pixel-sync.sitescout.com 2 redirects
2 aa.agkn.com 1 redirects bcp.crwdcntrl.net
2 dpm.demdex.net 2 redirects
2 loadm.exelator.com 1 redirects bcp.crwdcntrl.net
2 pixel.tapad.com 2 redirects
2 d.turn.com 2 redirects
2 tags.bluekai.com 1 redirects bcp.crwdcntrl.net
2 go.bidvance.com go.eabids.com
go.bidvance.com
2 fonts.gstatic.com www.naoconto.com
2 static.addtoany.com www.naoconto.com
static.addtoany.com
1 sync.mathtag.com 1 redirects
1 dt-secure.videohub.tv 1 redirects
1 sync.srv.stackadapt.com 1 redirects
1 ml314.com bcp.crwdcntrl.net
1 ib.mookie1.com bcp.crwdcntrl.net
1 global.ib-ibi.com 1 redirects
1 beacon.krxd.net bcp.crwdcntrl.net
1 c.cintnetworks.com bcp.crwdcntrl.net
1 dmp.truoptik.com bcp.crwdcntrl.net
1 image6.pubmatic.com bcp.crwdcntrl.net
1 a.dtssrv.com t.dtscout.com
1 trustiseverything.de brandnewadserving.blogspot.com
1 brandnewadserving.blogspot.com bidvancedisplay.blogspot.com
1 de.tynt.com cdn.tynt.com
1 bidvancedisplay.blogspot.com go.bidvance.com
1 mwzeom.zeotap.com www.naoconto.com
1 spl.zeotap.com 1 redirects
1 t.dtscdn.com t.dtscout.com
1 syndication.exosrv.com a.exosrv.com
1 cdn.tynt.com waust.at
1 pd.sharethis.com t.dtscout.com
1 2.bp.blogspot.com www.n1internet.com
1 go.goasrv.com go.eabids.com
1 www.google.com www.naoconto.com
1 stats.g.doubleclick.net www.google-analytics.com
1 whos.amung.us waust.at
1 a.exosrv.com ads.exosrv.com
1 go.eabids.com www.naoconto.com
1 ads.exosrv.com www.naoconto.com
1 www.n1internet.com www.naoconto.com
1 waust.at www.naoconto.com
0 px.surveywall-api.survata.com Failed bcp.crwdcntrl.net
149 62
Subject Issuer Validity Valid
naoconto.com
R3
2021-10-08 -
2022-01-06
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-08-04 -
2022-08-03
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
realsrv.com
R3
2021-08-05 -
2021-11-03
3 months crt.sh
n1internet.com
R3
2021-08-24 -
2021-11-22
3 months crt.sh
exosrv.com
R3
2021-08-05 -
2021-11-03
3 months crt.sh
*.eabids.com
R3
2021-08-09 -
2021-11-07
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
*.dtscout.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1
2020-11-03 -
2021-11-03
a year crt.sh
whos.amung.us
Sectigo RSA Domain Validation Secure Server CA
2020-05-21 -
2022-05-21
2 years crt.sh
*.g.doubleclick.net
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
www.google.com
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
*.goasrv.com
R3
2021-08-09 -
2021-11-07
3 months crt.sh
*.bidvance.com
R3
2021-08-09 -
2021-11-07
3 months crt.sh
misc-sni.blogspot.com
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
ackcdn.net
R3
2021-08-05 -
2021-11-03
3 months crt.sh
sharethis.com
Amazon
2021-09-01 -
2022-09-30
a year crt.sh
*.tynt.com
Sectigo RSA Domain Validation Secure Server CA
2021-09-23 -
2022-09-30
a year crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2
2021-04-29 -
2022-05-31
a year crt.sh
t.dtscdn.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1
2020-11-03 -
2021-11-15
a year crt.sh
*.blogger.com
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
exdynsrv.com
R3
2021-08-05 -
2021-11-03
3 months crt.sh
trustiseverything.de
R3
2021-09-18 -
2021-12-17
3 months crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1
2020-12-07 -
2021-12-14
a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2021-03-18 -
2022-04-19
a year crt.sh
*.truoptik.com
Go Daddy Secure Certificate Authority - G2
2020-10-19 -
2021-11-20
a year crt.sh
*.exelator.com
DigiCert TLS RSA SHA256 2020 CA1
2021-06-02 -
2022-06-07
a year crt.sh
*.cintnetworks.com
DigiCert TLS RSA SHA256 2020 CA1
2021-10-04 -
2022-11-04
a year crt.sh
beacon.krxd.net
DigiCert TLS RSA SHA256 2020 CA1
2021-01-13 -
2022-01-07
a year crt.sh
ib.mookie1.com
DigiCert SHA2 High Assurance Server CA
2019-10-07 -
2021-11-12
2 years crt.sh
*.ml314.com
Amazon
2021-01-17 -
2022-02-14
a year crt.sh
odc-pixel-prod-01.oracle.com
DigiCert SHA2 Secure Server CA
2021-04-25 -
2022-04-26
a year crt.sh
*.agkn.com
RapidSSL RSA CA 2018
2020-07-25 -
2022-09-18
2 years crt.sh

This page contains 19 frames:

Primary Page: https://www.naoconto.com/
Frame ID: 2F8C906583B5CD4FD84A5DA0868F2C09
Requests: 71 HTTP requests in this frame

Frame: https://a.realsrv.com/iframe.php?idzone=3345318&size=300x100
Frame ID: 10E48F9B8F6752BFBA65936DAEC12DB3
Requests: 3 HTTP requests in this frame

Frame: https://www.n1internet.com/publicidades/naoconto/index.php
Frame ID: C56A32D510231E5176F1DF27DE91BFDC
Requests: 2 HTTP requests in this frame

Frame: https://ads.exosrv.com/iframe.php?idzone=984366&size=300x250
Frame ID: 3B373B4C65693739862728B41E81276C
Requests: 3 HTTP requests in this frame

Frame: https://a.realsrv.com/iframe.php?idzone=963606&size=300x250
Frame ID: 0BDA2CC9E983C9AFE3EDB72D69652E70
Requests: 3 HTTP requests in this frame

Frame: https://webstats1.com/www/delivery/afr.php?zoneid=39
Frame ID: 8E1DEFD0BD293E993EDD432072A6625F
Requests: 3 HTTP requests in this frame

Frame: https://go.eabids.com/banner.go?spaceid=5427007&keywords=&maincat=
Frame ID: 707C337BA25951736E4CF2F9B1BD45EF
Requests: 2 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.23.html
Frame ID: 88A1B5C181C7F6856C2CB325D5183BB1
Requests: 1 HTTP requests in this frame

Frame: https://a.realsrv.com/nativeads-v2.js
Frame ID: C032A77A19F5D074FAD0F6EF346D3AE7
Requests: 5 HTTP requests in this frame

Frame: https://a.realsrv.com/nativeads-v2.js
Frame ID: 1F2A588B94AE11AD05A407A171E93686
Requests: 7 HTTP requests in this frame

Frame: https://go.bidvance.com/rtb/if.go?xref=X2D659JmXNd9w73eqVHs3NWKHX9SluHSR1ufMzhDNeioGtMHx8gDVh0-AchKR7-DkKoIThZ-Elh2kl3n8ln2CGw67wHt6R46kwmFw6FmAUcm60ukZdVunF1UPfFNH8185vs_R7xOT-koEs19heczBrHjc-Nr7hvz693bSLSRv2fiMKfYIGbrJtfFzfQWQPZzZVrNBJGSEkXEZZesIL8tAzzoU9jwVBXwG-7IX-t7Ww7sGzz5h3RRmQGLePKxjoJ1EcayJEoq-d-sac0JNjjXXewckvrQtF0Riytf_HD3XpC5iShbhUeHyhCxDEKleXWD62Ywwq-caD7lzGJTBJ-Zyt41j-XockWDo5Yl194kznLOAv2XhP8QwUQKXjIYC8mBX9nwbOE4JrTSs5OmpyliFR9_h5agFWOqKpKwfJt_jJLMTTBLjchfHQpIGNotD0cXSdrA_rNVfPfrmCQm9Uu3_TTuNZ2TwyGnNZYlwbMZ3kOTVsLdfRZZr8CAO3vYe_88LuP1MTU_uewub6fkYfAz6tdRKa6Jj8X3L6Rv0s2tJ6rwfcOHIl9l0hT1d4l0vx4UOTfA4_NJaebil6UOdUsAIr5_cNNip8RmnJqE6NI1oGWQ7f4SdCwOCdrnAHaZWaGNXb3kiHdKkQJ44pimd76BzITdtJLDLHEWzkYmJki8M1f25LMFM2C8GN61jO1fmJyQrczihB9tSRclk0yJJHOjbte1x29ejzIfUMa9fZ04puLqnA6ejWFhULPT5gPcKywvcMFGQCDII7HGK0nrY2HTH0naq4mEPKBh78o=
Frame ID: DD946FEE65A5DA9EAE7348BCDF798633
Requests: 2 HTTP requests in this frame

Frame: https://t.dtscout.com/idg/?su=6D001633705423431082B73FB3F61724
Frame ID: DE5DEB1269B7BBFEED15F0CA19EA4C26
Requests: 1 HTTP requests in this frame

Frame: https://a.realsrv.com/nativeads-v2.js
Frame ID: DCAA518E961D532F2A54F6688DDF44A2
Requests: 3 HTTP requests in this frame

Frame: https://bidvancedisplay.blogspot.com/
Frame ID: 1818235DD3B0521F8191A6A5F76A10FA
Requests: 3 HTTP requests in this frame

Frame: https://brandnewadserving.blogspot.com/
Frame ID: AA7403A4B969D23EE4C09D7714C4C92E
Requests: 13 HTTP requests in this frame

Frame: https://a.exdynsrv.com/iframe.php?idzone=4378572&size=300x250
Frame ID: 96472C3839FD19BE1FA6882F80A32251
Requests: 3 HTTP requests in this frame

Frame: https://a.exdynsrv.com/iframe.php?idzone=4374828&size=300x250
Frame ID: 5194F1B252AA3E9A7E56A4D2122A20B1
Requests: 5 HTTP requests in this frame

Frame: https://tags.crwdcntrl.net/lt/shared/2/lt.iframe.html?c=3825
Frame ID: F362190B142447DB8469E90EB78F40DB
Requests: 1 HTTP requests in this frame

Frame: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Frame ID: 3CCA96E6CE9EC50A5D14E86A54EA7F48
Requests: 24 HTTP requests in this frame

Screenshot

Page Title

Não Conto! - Tudo de mais picante que Caiu Na Net

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • require.*\.js

Overall confidence: 100%
Detected patterns
  • addtoany\.com/menu/page\.js

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

149
Requests

97 %
HTTPS

0 %
IPv6

50
Domains

62
Subdomains

42
IPs

8
Countries

1538 kB
Transfer

9181 kB
Size

63
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 92
  • https://pixel.onaudience.com/?partner=137085098&mapped=6D001633705423431082B73FB3F61724 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=xksw9la&ttd_tpi=1 HTTP 302
  • https://pixel.onaudience.com/?partner=147&mapped=d9c2abb0-c5d2-4589-9f8e-3c6a3448428f&icm HTTP 302
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
  • https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=eade51967f708c6f57e7ba85989bf4a3 HTTP 302
  • https://spl.zeotap.com/?zdid=1332&zcluid=fd622c8ada70f5ea HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=08603385-95af-4a4e-7991-be667f31b3bd&reqId=f58dc024-76ac-4757-539e-082a9369096d&zcluid=fd622c8ada70f5ea&zdid=1332 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=08603385-95af-4a4e-7991-be667f31b3bd&reqId=f58dc024-76ac-4757-539e-082a9369096d&zcluid=fd622c8ada70f5ea&zdid=1332&google_tc= HTTP 302
  • https://mwzeom.zeotap.com/mw?google_gid=CAESENT6Y5zPtbwBRm7tAtiEYzQ&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=08603385-95af-4a4e-7991-be667f31b3bd&reqId=f58dc024-76ac-4757-539e-082a9369096d&zcluid=fd622c8ada70f5ea&zdid=1332
Request Chain 110
  • https://syndication.exdynsrv.com/splash.php?idzone=4367528&cookieconsent=true HTTP 302
  • https://syndication.exdynsrv.com/splash.php?idzone=4375726
Request Chain 128
  • https://id5-sync.com/s/19/9.gif?puid=eade51967f708c6f57e7ba85989bf4a3&gdpr=1 HTTP 302
  • https://id5-sync.com/c/19/19/9/1.gif?puid=eade51967f708c6f57e7ba85989bf4a3&gdpr=1&gdpr_consent= HTTP 302
  • https://bcp.crwdcntrl.net/map/c=1882/tp=BKAI/gdpr=1/gdpr_consent=?https://tags.bluekai.com/site/5907?limit=0&id=${masked_profileid}&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F19%2F321%2F8%2F2.gif%3Fpuid%3D%24_BK_UUID%26gdpr%3D1%26gdpr_consent%3D HTTP 302
  • https://tags.bluekai.com/site/5907?limit=0&id=3b762b24c6485f69d94679a40833c802&redir=https://id5-sync.com/c/19/321/8/2.gif?puid=$_BK_UUID&gdpr=1&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/19/321/8/2.gif?puid=$_BK_UUID HTTP 302
  • https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODM4ODY2Ni90LzI/dpuid/ID5-ZHMOmLZav-qNiX5mETBsLHYAG1xtttZfvC3oNcaS9g/url/https%3A%2F%2Fid5-sync.com%2Fc%2F19%2F224%2F7%2F3.gif%3Fpuid%3D%24%21%7BTURN_UUID%7D%26gdpr%3D1%26gdpr_consent%3D&gdpr=1&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/19/224/7/3.gif?puid=8552321638128959053&gdpr=1&gdpr_consent=&gdpr=1&gdpr_consent= HTTP 302
  • https://sync.crwdcntrl.net/map/c=2831/tp=GDMP?https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=${base64_profileid}&google_redir={xENCODEDURL}&id5id=ID5-ZHMOmLZav-qNiX5mETBsLHYAG1xtttZfvC3oNcaS9g HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=ZWFkZTUxOTY3ZjcwOGM2ZjU3ZTdiYTg1OTg5YmY0YTM&google_redir={xENCODEDURL}&id5id=ID5-ZHMOmLZav-qNiX5mETBsLHYAG1xtttZfvC3oNcaS9g
Request Chain 130
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=LOTAME&partner_device_id=eade51967f708c6f57e7ba85989bf4a3&gdpr=1&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPAD%2Ftpid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=LOTAME&partner_device_id=eade51967f708c6f57e7ba85989bf4a3&gdpr=1&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPAD%2Ftpid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
  • https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=9e887eae-a400-4d21-9d86-f55d04bdc314
Request Chain 132
  • https://loadm.exelator.com/load/?p=204&g=260&buid=eade51967f708c6f57e7ba85989bf4a3&j=0 HTTP 302
  • https://loadm.exelator.com/load/?p=204&g=260&buid=eade51967f708c6f57e7ba85989bf4a3&j=0&xl8blockcheck=1
Request Chain 134
  • https://dpm.demdex.net/ibs:dpid=121998&dpuuid=eade51967f708c6f57e7ba85989bf4a3&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D9828%2Ftp%3DADBE%2Ftpid%3D%24%7BDD_UUID%7D HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=121998&dpuuid=eade51967f708c6f57e7ba85989bf4a3&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D9828%2Ftp%3DADBE%2Ftpid%3D%24%7BDD_UUID%7D HTTP 302
  • https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/tpid=73096472898246596503020186392504893101
Request Chain 137
  • https://global.ib-ibi.com/image.sbxx?go=262106&pid=420&xid=eade51967f708c6f57e7ba85989bf4a3 HTTP 302
  • https://ib.mookie1.com/image.sbxx?go=262106&pid=420&xid=eade51967f708c6f57e7ba85989bf4a3
Request Chain 138
  • https://aa.agkn.com/adscores/g.pixel?sid=9202276048 HTTP 302
  • https://bcp.crwdcntrl.net/5/c=368/tp=NEUS/tpid=164861103933000249613
Request Chain 140
  • https://sync.srv.stackadapt.com/sync?nid=lotame HTTP 302
  • https://bcp.crwdcntrl.net/map/c=6569/tp=STKA/tpid=0-3d6f8767-3c99-46fd-630f-7d834ea2c0b8$ip$216.131.114.240
Request Chain 141
  • https://dt-secure.videohub.tv/v1/usync/lo HTTP 303
  • https://bcp.crwdcntrl.net/map/c=6220/tp=TRMR/tpid=CI-5f4ae7a25215e04e8ad69a006a10589d
Request Chain 142
  • https://sync.mathtag.com/sync/img?sync=auto&mt_exid=10040&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D4735%26tp%3DMDMA%26tpid%3D%5BMM_UUID%5D HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=01386160-5dd0-4900-8d24-4ebe87496647
Request Chain 143
  • https://pixel-sync.sitescout.com/connectors/lotame/usersync?redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1389%2Ftp%3DSTSC%2Ftpid%3D%24UUID HTTP 302
  • https://pixel-sync.sitescout.com/connectors/lotame/usersync?cookieQ=1&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1389%2Ftp%3DSTSC%2Ftpid%3D%24UUID HTTP 302
  • https://sync.crwdcntrl.net/map/c=1389/tp=STSC/tpid=a3756f98-31ca-4ac4-a392-e9d1a69dc1d1-61605dd1-5553
Request Chain 144
  • https://sync-tm.everesttech.net/upi/pid/bsTd8NdE?redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1811%2Ftp%3DTBMG%2Ftpid%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/bsTd8NdE?redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1811%2Ftp%3DTBMG%2Ftpid%3D%24%7BTM_USER_ID%7D&_test=YWBd0AAHjWKIJAAT HTTP 302
  • https://sync.crwdcntrl.net/map/c=1811/tp=TBMG/tpid=YWBd0AAHjWKIJAAT&_test=YWBd0AAHjWKIJAAT
Request Chain 148
  • https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzQ4ODM4MC90LzI/dpuid/eade51967f708c6f57e7ba85989bf4a3/url/https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=$!%7BTURN_UUID%7D HTTP 302
  • https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=8552321638128959053
Request Chain 149
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc=281%2Frand=542501236%2Ftpid%3D%24UID%2Ftp%3DANXS HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.crwdcntrl.net%252Fmap%252Fc%3D281%252Frand%3D542501236%252Ftpid%253D%2524UID%252Ftp%253DANXS HTTP 302
  • https://sync.crwdcntrl.net/map/c=281/rand=542501236/tpid=329121845835482116/tp=ANXS

149 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.naoconto.com/
63 KB
13 KB
Document
General
Full URL
https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
e544bc983162f9deeb08c097f4dfd0619c69482f2f8f8fce9b56e8baa09bdd4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
www.naoconto.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Server
nginx
Date
Fri, 08 Oct 2021 15:03:42 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Last-Modified
Fri, 08 Oct 2021 15:00:12 GMT
ETag
W/"40dc10146327a60519833cfd5910a75c"
NGX
HIT
X-Frame-Options
SAMEORIGIN
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Encoding
gzip
lazyload.min.js
www.naoconto.com/wp-content/plugins/w3-total-cache/pub/js/
6 KB
3 KB
Script
General
Full URL
https://www.naoconto.com/wp-content/plugins/w3-total-cache/pub/js/lazyload.min.js
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
1a54a1907a6443e3c81608130bfed4546eb0ce5d0c8897e1d7a3b43d89ecc367
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://www.naoconto.com/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 08 Sep 2021 14:50:05 GMT
Server
nginx
ETag
W/"6138cd9d-1883"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
style.min.css
www.naoconto.com/wp-includes/css/dist/block-library/
79 KB
11 KB
Stylesheet
General
Full URL
https://www.naoconto.com/wp-includes/css/dist/block-library/style.min.css?ver=1.0
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://www.naoconto.com/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 21 Jul 2021 16:24:25 GMT
Server
nginx
ETag
W/"60f84a39-13abe"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
usp.css
www.naoconto.com/wp-content/plugins/sistema-parceiros-ninja-formulario/resources/
2 KB
1 KB
Stylesheet
General
Full URL
https://www.naoconto.com/wp-content/plugins/sistema-parceiros-ninja-formulario/resources/usp.css
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
dcf2719b20b75eaf2c18919a71caf6f76af9bd8fc89a1cae6bc1dd06ef032ebc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://www.naoconto.com/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 27 Dec 2016 03:08:18 GMT
Server
nginx
ETag
W/"5861db22-71e"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
style.css
www.naoconto.com/wp-content/themes/naoconto/
22 KB
5 KB
Stylesheet
General
Full URL
https://www.naoconto.com/wp-content/themes/naoconto/style.css
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
a02e51f29079f8b833f1ffbe65ebb6b61e536879826333b5c255677b770486a4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://www.naoconto.com/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 11 May 2020 19:47:47 GMT
Server
nginx
ETag
W/"5eb9abe3-5923"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
responsive.css
www.naoconto.com/wp-content/themes/naoconto/css/
5 KB
2 KB
Stylesheet
General
Full URL
https://www.naoconto.com/wp-content/themes/naoconto/css/responsive.css?ver=1.0
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
51d9d7a3046e3ba2e7795781119b9b4a620e01ac102747426a7a3d378b3c69b5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://www.naoconto.com/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 17 Jan 2017 12:55:18 GMT
Server
nginx
ETag
W/"587e1436-1331"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
addtoany.min.css
www.naoconto.com/wp-content/plugins/add-to-any/
1 KB
932 B
Stylesheet
General
Full URL
https://www.naoconto.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.0
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
f93483f0aaf24aea4b5534bb8647d22cd9dfcb4d08d2fd1008787bdfb8a6cc47
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://www.naoconto.com/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 06 Oct 2021 16:38:00 GMT
Server
nginx
ETag
W/"615dd0e8-5ef"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.min.js
www.naoconto.com/wp-content/themes/naoconto/js/
90 KB
33 KB
Script
General
Full URL
https://www.naoconto.com/wp-content/themes/naoconto/js/jquery.min.js?ver=1.9.1
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://www.naoconto.com/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 29 Dec 2016 18:20:06 GMT
Server
nginx
ETag
W/"586553d6-169d5"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
addtoany.min.js
www.naoconto.com/wp-content/plugins/add-to-any/
129 B
541 B
Script
General
Full URL
https://www.naoconto.com/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://www.naoconto.com/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 06 Oct 2021 16:38:00 GMT
Server
nginx
ETag
"615dd0e8-81"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
129
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.cookie.js
www.naoconto.com/wp-content/plugins/sistema-parceiros-ninja-formulario/resources/
2 KB
1 KB
Script
General
Full URL
https://www.naoconto.com/wp-content/plugins/sistema-parceiros-ninja-formulario/resources/jquery.cookie.js
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
c1e709dcd9af0c6a91ca1d48a561513c70ecdfc061c78afeaf3defb4d50f8411
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://www.naoconto.com/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 04 Jul 2017 15:55:26 GMT
Server
nginx
ETag
W/"595bba6e-70a"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.parsley.min.js
www.naoconto.com/wp-content/plugins/sistema-parceiros-ninja-formulario/resources/
42 KB
11 KB
Script
General
Full URL
https://www.naoconto.com/wp-content/plugins/sistema-parceiros-ninja-formulario/resources/jquery.parsley.min.js
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
fac8dfdd302f0dd224a4666529d1f485fdea55d55ec948ac2a76a7f54fbb1558
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://www.naoconto.com/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 27 Dec 2016 03:08:18 GMT
Server
nginx
ETag
W/"5861db22-a904"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.usp.core.js
www.naoconto.com/wp-content/plugins/sistema-parceiros-ninja-formulario/resources/
3 KB
1 KB
Script
General
Full URL
https://www.naoconto.com/wp-content/plugins/sistema-parceiros-ninja-formulario/resources/jquery.usp.core.js
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
7e667af5eb6576eb8860742a36dde776a7f0907ef62e46dcf369444a1ffcfa68
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://www.naoconto.com/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 04 Jul 2017 15:56:18 GMT
Server
nginx
ETag
W/"595bbaa2-b7c"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.usp.files.js
www.naoconto.com/wp-content/plugins/sistema-parceiros-ninja-formulario/resources/
771 B
828 B
Script
General
Full URL
https://www.naoconto.com/wp-content/plugins/sistema-parceiros-ninja-formulario/resources/jquery.usp.files.js
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
6ce02cb81b0d233494c33696166486436d3ae1bdd9a8dcfb6e4f988b247eee50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://www.naoconto.com/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 04 Jul 2017 15:56:46 GMT
Server
nginx
ETag
W/"595bbabe-303"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery-functions.js
www.naoconto.com/wp-content/themes/naoconto/js/
510 B
923 B
Script
General
Full URL
https://www.naoconto.com/wp-content/themes/naoconto/js/jquery-functions.js?ver=1.0
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
a5a86a611c9a72b4fa6c6223593b51ea30ac724ab4159a5f8e7826a38644b6b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://www.naoconto.com/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 07 Feb 2017 16:35:26 GMT
Server
nginx
ETag
"5899f74e-1fe"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
510
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
required.js
www.naoconto.com/wp-content/themes/naoconto/js/
647 B
917 B
Script
General
Full URL
https://www.naoconto.com/wp-content/themes/naoconto/js/required.js
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
cff8c5659fe6e64ae4e9a6363370fd87d4b3939ff8d3dc394bad5012d76ab6c5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://www.naoconto.com/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 29 Dec 2016 18:20:07 GMT
Server
nginx
ETag
W/"586553d7-287"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
s.js
waust.at/
8 KB
4 KB
Script
General
Full URL
https://waust.at/s.js
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.5.7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0298a25db873588e37945ece2b90e9f573dda86bfc84ae9f3efb8c3fbdcbce84

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 15:03:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1490
last-modified
Mon, 03 May 2021 17:48:47 GMT
server
cloudflare
etag
W/"6090377f-1ed7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fos%2Bl3q1C%2BA77oz0MqnX0yuM60dGAjuXt5rNHK5kh4%2BHcflxMozr7g1E9Lzk4EhXks02D1AiTBEtIjqaLuTbCgbtmSQuq9sfmNPB%2BQUSOYpsRASrIbxvymHh"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=86400
cf-ray
69b041ed1ff92798-PRG
expires
Sat, 09 Oct 2021 14:38:52 GMT
flexslider.css
www.naoconto.com/wp-content/plugins/ml-slider/assets/sliders/flexslider/
4 KB
2 KB
Stylesheet
General
Full URL
https://www.naoconto.com/wp-content/plugins/ml-slider/assets/sliders/flexslider/flexslider.css?ver=1.0
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
195182403b2e9d2a0779903fdd87cf7b9047f6a8253d9d12f12e991e2714ca36
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://www.naoconto.com/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 27 Aug 2021 15:28:53 GMT
Server
nginx
ETag
W/"612904b5-ea3"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
public.css
www.naoconto.com/wp-content/plugins/ml-slider/assets/metaslider/
7 KB
2 KB
Stylesheet
General
Full URL
https://www.naoconto.com/wp-content/plugins/ml-slider/assets/metaslider/public.css?ver=1.0
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
e72713b875ca0ba2cbbdc49680cd0ff95976dbb3d1ebc0364bce851dbd5abba8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://www.naoconto.com/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 27 Aug 2021 15:28:53 GMT
Server
nginx
ETag
W/"612904b5-1a3e"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.flexslider.min.js
www.naoconto.com/wp-content/plugins/ml-slider/assets/sliders/flexslider/
23 KB
7 KB
Script
General
Full URL
https://www.naoconto.com/wp-content/plugins/ml-slider/assets/sliders/flexslider/jquery.flexslider.min.js?ver=3.23.0
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
25ed4e3f92d17bc60fac51838b1b3650e17a07e289ac1c08b7e37abf03d76360
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://www.naoconto.com/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 27 Aug 2021 15:28:53 GMT
Server
nginx
ETag
W/"612904b5-5d2d"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
page.js
static.addtoany.com/menu/
72 KB
26 KB
Script
General
Full URL
https://static.addtoany.com/menu/page.js
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.71.197 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb8dcc1c739f349114292341d10b77c2a80ab92aabe5dc8863cadeb147021156
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 15:03:42 GMT
via
e3s
x-content-type-options
nosniff
cf-cache-status
HIT
age
152927
p3p
CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Sat, 02 Oct 2021 20:34:44 GMT
server
cloudflare
etag
W/"11ff0-5cd649c35a036"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=172800
cf-ray
69b041ed0caa699b-FRA
cf-bgj
minify
analytics.js
www.google-analytics.com/
48 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.174 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
1005
date
Fri, 08 Oct 2021 14:46:57 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Fri, 08 Oct 2021 16:46:57 GMT
iframe.php
a.realsrv.com/ Frame 10E4
4 KB
2 KB
Document
General
Full URL
https://a.realsrv.com/iframe.php?idzone=3345318&size=300x100
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
nginx /
Resource Hash
62568b8b86cbd37dfce8c97d0cc792af0ff436795c1be256a7f9515d34f09e5f

Request headers

Host
a.realsrv.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.naoconto.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
1316
Content-Type
text/html; charset=UTF-8
Accept-Ranges
bytes
Server
nginx
Cache-Control
max-age=10800
X-HW
1633705422.dop040.fr8.t,1633705422.cds245.fr8.shn,1633705422.dop040.fr8.t,1633705422.cds228.fr8.c
Access-Control-Allow-Origin
*
index.php
www.n1internet.com/publicidades/naoconto/ Frame C56A
264 B
366 B
Document
General
Full URL
https://www.n1internet.com/publicidades/naoconto/index.php
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.81.43.93 , United States, ASN16276 (OVH, FR),
Reverse DNS
deb21030903.servidor101.xyz
Software
/
Resource Hash
4cf635ab95445c9b928e4a779b3752d3b1a0cc32138be5a72f37ab4c2cc08c63
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.n1internet.com
:scheme
https
:path
/publicidades/naoconto/index.php
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.naoconto.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/

Response headers

date
Fri, 08 Oct 2021 15:03:43 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
protected
by MS21091801
x-xss-protection
1; mode=block
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
content-encoding
br
iframe.php
ads.exosrv.com/ Frame 3B37
4 KB
2 KB
Document
General
Full URL
https://ads.exosrv.com/iframe.php?idzone=984366&size=300x250
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
nginx /
Resource Hash
4335fe9589534b7e0d42f5a1cf6f490188a8f459c13755c5bc75165a163853c1

Request headers

Host
ads.exosrv.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.naoconto.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
1315
Content-Type
text/html; charset=UTF-8
Accept-Ranges
bytes
Server
nginx
Cache-Control
max-age=10800
X-HW
1633705422.dop040.fr8.t,1633705422.cds243.fr8.shn,1633705422.dop040.fr8.t,1633705422.cds041.fr8.c
Access-Control-Allow-Origin
*
iframe.php
a.realsrv.com/ Frame 0BDA
4 KB
2 KB
Document
General
Full URL
https://a.realsrv.com/iframe.php?idzone=963606&size=300x250
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
nginx /
Resource Hash
3aa263cb1581ae9536b8f7a8a7d4ae1406da51e87e67a9ca74a9b729c50fb159

Request headers

Host
a.realsrv.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.naoconto.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
1315
Content-Type
text/html; charset=UTF-8
Accept-Ranges
bytes
Server
nginx
Cache-Control
max-age=10800
X-HW
1633705422.dop040.fr8.t,1633705422.cds006.fr8.shn,1633705422.dop040.fr8.t,1633705422.cds228.fr8.c
Access-Control-Allow-Origin
*
afr.php
webstats1.com/www/delivery/ Frame 8E1D
1 KB
1 KB
Document
General
Full URL
https://webstats1.com/www/delivery/afr.php?zoneid=39
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.79.235 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87d69594b0213aa48cf590741bc4688061752f28e11b8e74094de8e580f1fe52
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;

Request headers

:method
GET
:authority
webstats1.com
:scheme
https
:path
/www/delivery/afr.php?zoneid=39
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.naoconto.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/

Response headers

date
Fri, 08 Oct 2021 15:03:43 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
pragma
no-cache
cache-control
no-cache, no-store, must-revalidate
expires
0
access-control-allow-origin
*
p3p
CP="CUR ADM OUR NOR STA NID"
set-cookie
OAGEO=US%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C; path=/ OAID=4c530318b9f390d726eb258991b081ac; expires=Sat, 08-Oct-2022 15:03:43 GMT; Max-Age=31536000; path=/
strict-transport-security
max-age=15768000;
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KVS97WDBqDFaNCqDbiArGH5p6MrYkp1GE7C8TktB5URucyTt4TEniXV9h7cKOAwyDykPwbj72grHSYZxpgLQDTWE3XZJWtwKoXjVG6IVEMUQWU7qZpcaXc7HvDsv5B3n"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
69b041ed5ef0412b-PRG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
banner.go
go.eabids.com/ Frame 707C
3 KB
2 KB
Document
General
Full URL
https://go.eabids.com/banner.go?spaceid=5427007&keywords=&maincat=
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
217.22.19.194 , Netherlands, ASN42567 (MOJHOST-EU, NL),
Reverse DNS
Software
nginx /
Resource Hash
0a717f71433cf5fead2968a7b7118154a1caa7a528f8a5c746f2715f7fffeb4a

Request headers

:method
GET
:authority
go.eabids.com
:scheme
https
:path
/banner.go?spaceid=5427007&keywords=&maincat=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.naoconto.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/

Response headers

server
nginx
date
Fri, 08 Oct 2021 15:03:43 GMT
content-type
text/html; charset=utf-8
expires
Mon, 03 Jul 2001 06:00:00 GMT
last-modified
Fri, 08 10 2021 15:03:42 GMT
cache-control
no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma
no-cache
x-backend-server
nl2-web-202
content-encoding
gzip
truncated
/
68 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
405c318755776d9dd2225a6550ca71d7d9bff73172f66b8b1a57827a66c5399b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
67 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6512e9bcb1e39103ef7a2045c783585ca5dc393074076c82610f995fda1e308c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
67 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
54d80d30fb25aa2c8a193dd739648b836507caff0dd0cee9476da842f7756e31

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
67 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fc3b7760aaf2b535e5eba1305b9833deb2d20ed1f1087eafae46571d2a6fd384

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
66 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4c730360675316a2e7765d587fd00bfa4970daf6d20e5a8b6ede030daefccf4d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/svg+xml
backg.jpg
www.naoconto.com/wp-content/themes/naoconto/img/
43 KB
44 KB
Image
General
Full URL
https://www.naoconto.com/wp-content/themes/naoconto/img/backg.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/wp-content/themes/naoconto/style.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
5d85fa0506a643634412580088faebba43f3d22cec265ea4846226664eee3661
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://www.naoconto.com/wp-content/themes/naoconto/style.css
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/wp-content/themes/naoconto/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 20 Mar 2019 04:50:00 GMT
Server
nginx
ETag
"5c91c678-adf9"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
44537
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
selo.png
www.naoconto.com/wp-content/themes/naoconto/img/
6 KB
6 KB
Image
General
Full URL
https://www.naoconto.com/wp-content/themes/naoconto/img/selo.png
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/wp-content/themes/naoconto/style.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
caf1f0657aef0f9f77f95a83b48bd2a83d3ecc7c22c3fed10b2acb5f781b0f41
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://www.naoconto.com/wp-content/themes/naoconto/style.css
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/wp-content/themes/naoconto/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 20 Mar 2019 04:53:53 GMT
Server
nginx
ETag
"5c91c761-1670"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5744
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
ODelI1aHBYDBqgeIAH2zlNV_2ngZ8dMf8fLgjYEouxg.woff2
fonts.gstatic.com/s/sourcesanspro/v10/
14 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v10/ODelI1aHBYDBqgeIAH2zlNV_2ngZ8dMf8fLgjYEouxg.woff2
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.131 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f131.1e100.net
Software
sffe /
Resource Hash
a769166be88381ff553dd898537609ee8a973c37bd5ba3890d6ea0bb7fc2a41c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.naoconto.com/
Origin
https://www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 08:33:58 GMT
x-content-type-options
nosniff
age
282584
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14624
x-xss-protection
0
last-modified
Mon, 05 Jun 2017 20:31:56 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 05 Oct 2022 08:33:58 GMT
toadOcfmlt9b38dHJxOBGEo0As1BFRXtCDhS66znb_k.woff2
fonts.gstatic.com/s/sourcesanspro/v10/
14 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v10/toadOcfmlt9b38dHJxOBGEo0As1BFRXtCDhS66znb_k.woff2
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.131 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f131.1e100.net
Software
sffe /
Resource Hash
cfa9603baa93612a1b37809e9b2eba09a87ec42ad81ba6c532d2eac56cde5b85
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.naoconto.com/
Origin
https://www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 18:02:21 GMT
x-content-type-options
nosniff
age
248481
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14440
x-xss-protection
0
last-modified
Mon, 05 Jun 2017 20:32:48 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 05 Oct 2022 18:02:21 GMT
CameraHot-Alanna-300x500-1.mp4
www.naoconto.com/wp-content/uploads/2021/09/
43 KB
44 KB
Media
General
Full URL
https://www.naoconto.com/wp-content/uploads/2021/09/CameraHot-Alanna-300x500-1.mp4
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
906c86aa7e5c48334423bfff0a6e43084ce93ac8221b443a8a7f202b0f3e4ee3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
identity;q=1, *;q=0
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
video
Referer
https://www.naoconto.com/
Connection
keep-alive
Range
bytes=0-
Referer
https://www.naoconto.com/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Range
bytes=0-

Response headers

Date
Fri, 08 Oct 2021 15:03:42 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 20 Sep 2021 15:01:22 GMT
Server
nginx
ETag
"6148a242-accd"
X-Frame-Options
SAMEORIGIN
Content-Type
video/mp4
Content-Range
bytes 0-44236/44237
Cache-Control
max-age=315360000
Connection
keep-alive
Content-Length
44237
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
/
t.dtscout.com/i/
7 KB
8 KB
Script
General
Full URL
https://t.dtscout.com/i/?l=https%3A%2F%2Fwww.naoconto.com%2F&j=
Requested by
Host: waust.at
URL: https://waust.at/s.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.69.139.226 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
ip226.ip-158-69-139.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
7aab4d01cb68713080b2f1ab62b1b417f19d16d549e33b1502e8baadbff67643

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
X-T
0.571
Server
nginx/1.10.3 (Ubuntu)
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
no-cache
Connection
close
X-S
mtl1
Expires
Fri, 08 Oct 2021 15:03:42 GMT
12-640x290.jpg
www.naoconto.com/wp-content/uploads/2021/06/
31 KB
31 KB
Image
General
Full URL
https://www.naoconto.com/wp-content/uploads/2021/06/12-640x290.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
cd987675f51e1a77653e3a983bce95bdeccc5d138aad4e4ab68f9a9d88c8b6a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://www.naoconto.com/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 14 Jun 2021 23:05:42 GMT
Server
nginx
ETag
"60c7e0c6-7a01"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
31233
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
cabe-01.jpg
www.naoconto.com/wp-content/uploads/2017/07/
42 KB
42 KB
Image
General
Full URL
https://www.naoconto.com/wp-content/uploads/2017/07/cabe-01.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
c23a78e44228c6a5509bf106a21ed51b26fcd6bda274bd0aa88ec5d943f9eecd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://www.naoconto.com/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 28 Jul 2017 16:33:33 GMT
Server
nginx
ETag
"597b675d-a86a"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43114
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
loirinha-boqueteira-fazendo-sexo-oral-no-amigo-no-meio-da-rua-487584.jpg
www.naoconto.com/wp-content/uploads/2021/08/
7 KB
8 KB
Image
General
Full URL
https://www.naoconto.com/wp-content/uploads/2021/08/loirinha-boqueteira-fazendo-sexo-oral-no-amigo-no-meio-da-rua-487584.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
ad49db676d1dc193c29b10a7812a8c69dc0f1910645af88d04841aa509bf9673
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://www.naoconto.com/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 Aug 2021 18:35:26 GMT
Server
nginx
ETag
"6114186e-1cff"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7423
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
minha-esposa-muito-safada-7965846.jpg
www.naoconto.com/wp-content/uploads/2021/07/
7 KB
7 KB
Image
General
Full URL
https://www.naoconto.com/wp-content/uploads/2021/07/minha-esposa-muito-safada-7965846.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
5272d399b9d8701546ef72041b5eb81c8eba1de96e5d8dd82850d5142e3063b5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://www.naoconto.com/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 26 Jul 2021 16:41:06 GMT
Server
nginx
ETag
"60fee5a2-1ae2"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6882
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
casal-e-flagrado-por-caminhoneiro-transando-dentro-do-carro-78463.jpg
www.naoconto.com/wp-content/uploads/2021/08/
9 KB
9 KB
Image
General
Full URL
https://www.naoconto.com/wp-content/uploads/2021/08/casal-e-flagrado-por-caminhoneiro-transando-dentro-do-carro-78463.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
a41f4165da1d78d05c5044755fa30cb28d8d19b4b3c9eea8be176615a6ea9178
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://www.naoconto.com/
Cookie
_ga=GA1.2.964182437.1633705423; _gid=GA1.2.16303013.1633705423; _gat=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 13 Aug 2021 19:34:24 GMT
Server
nginx
ETag
"6116c940-236f"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
9071
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
a-rabuda-de-quatro-gemendo-levando-rola-no-seu-rabinho-41351.jpg
www.naoconto.com/wp-content/uploads/2021/08/
5 KB
6 KB
Image
General
Full URL
https://www.naoconto.com/wp-content/uploads/2021/08/a-rabuda-de-quatro-gemendo-levando-rola-no-seu-rabinho-41351.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
f5469c9ebe538273608c025eba88f1fdb9c89d52a023b62280c048d6056280ca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://www.naoconto.com/
Cookie
_ga=GA1.2.964182437.1633705423; _gid=GA1.2.16303013.1633705423; _gat=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 Aug 2021 18:39:22 GMT
Server
nginx
ETag
"6114195a-1473"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5235
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
ad-provider.js
a.exosrv.com/ Frame 3B37
84 KB
24 KB
Script
General
Full URL
https://a.exosrv.com/ad-provider.js
Requested by
Host: ads.exosrv.com
URL: https://ads.exosrv.com/iframe.php?idzone=984366&size=300x250
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
nginx /
Resource Hash
78fc2a0b80596cc038ef609a9b35d08be728af67019714f3c8fe846c23c86b02

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.exosrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
Content-Encoding
gzip
Server
nginx
etag
W/"2a822368d2a5205ffd2ef81b481"
X-HW
1633705423.dop040.fr8.t,1633705423.cds218.fr8.shn,1633705423.dop040.fr8.t,1633705423.cds055.fr8.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=10800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
23708
/
whos.amung.us/pingjs/
32 B
148 B
Script
General
Full URL
https://whos.amung.us/pingjs/?k=naocontoblog&t=N%C3%A3o%20Conto!%20-%20Tudo%20de%20mais%20picante%20que%20Caiu%20Na%20Net&c=s&x=https%3A%2F%2Fwww.naoconto.com%2F&y=&a=0&d=1.211&v=27&r=4192
Requested by
Host: waust.at
URL: https://waust.at/s.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.202.94.86 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
amung.us
Software
/
Resource Hash
25bb6debf4a40c3b76fa6bb82797f455aed87d328de1c014db1adf2003d4f39b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 15:03:43 GMT
content-encoding
gzip
content-type
text/javascript;charset=UTF-8
ad-provider.js
a.realsrv.com/ Frame 0BDA
84 KB
24 KB
Script
General
Full URL
https://a.realsrv.com/ad-provider.js
Requested by
Host: a.realsrv.com
URL: https://a.realsrv.com/iframe.php?idzone=963606&size=300x250
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
nginx /
Resource Hash
007e772557ca493d05b91b986e33f183780b819c501553b568832f5fa86a5d59

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.realsrv.com/iframe.php?idzone=963606&size=300x250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
Content-Encoding
gzip
Server
nginx
etag
W/"c9f6484bfa786036ece3e4f2aaa"
X-HW
1633705422.dop040.fr8.t,1633705422.cds245.fr8.shn,1633705422.dop040.fr8.t,1633705423.cds228.fr8.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=10800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
23710
sm.23.html
static.addtoany.com/menu/ Frame 88A1
741 B
577 B
Document
General
Full URL
https://static.addtoany.com/menu/sm.23.html
Requested by
Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.71.197 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
static.addtoany.com
:scheme
https
:path
/menu/sm.23.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.naoconto.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/

Response headers

date
Fri, 08 Oct 2021 15:03:43 GMT
content-type
text/html; charset=utf-8
p3p
CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
last-modified
Wed, 22 Sep 2021 23:42:51 GMT
etag
W/"2e5-5cc9e128a4c38"
cache-control
max-age=315360000, immutable
vary
Accept-Encoding
via
e2s
cf-cache-status
HIT
age
1342475
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
server
cloudflare
cf-ray
69b041ee0fc3699b-FRA
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
collect
www.google-analytics.com/j/
4 B
210 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=454239813&t=pageview&_s=1&dl=https%3A%2F%2Fwww.naoconto.com%2F&ul=en-us&de=UTF-8&dt=N%C3%A3o%20Conto!%20-%20Tudo%20de%20mais%20picante%20que%20Caiu%20Na%20Net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1926365389&gjid=1089587282&cid=964182437.1633705423&tid=UA-11286014-10&_gid=16303013.1633705423&_r=1&_slc=1&z=430751178
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.174 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.naoconto.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:43 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.naoconto.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
6-640x290.jpg
www.naoconto.com/wp-content/uploads/2021/06/
13 KB
13 KB
Image
General
Full URL
https://www.naoconto.com/wp-content/uploads/2021/06/6-640x290.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
39ab3cb7b56fbfe724adf9845d6d49fb59794cc92605714aa31a363b6e789f35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://www.naoconto.com/
Cookie
_ga=GA1.2.964182437.1633705423; _gid=GA1.2.16303013.1633705423; _gat=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 14 Jun 2021 23:05:45 GMT
Server
nginx
ETag
"60c7e0c9-3381"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13185
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
5-640x290.jpg
www.naoconto.com/wp-content/uploads/2021/06/
9 KB
10 KB
Image
General
Full URL
https://www.naoconto.com/wp-content/uploads/2021/06/5-640x290.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
23a3266ccdb426d8217063a3dfff6ba8fbf2a7558ebff93d9e8a83d81b0ec144
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://www.naoconto.com/
Cookie
_ga=GA1.2.964182437.1633705423; _gid=GA1.2.16303013.1633705423; _gat=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 14 Jun 2021 23:05:46 GMT
Server
nginx
ETag
"60c7e0ca-25a7"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
9639
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
10-640x290.jpg
www.naoconto.com/wp-content/uploads/2021/06/
14 KB
15 KB
Image
General
Full URL
https://www.naoconto.com/wp-content/uploads/2021/06/10-640x290.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
175a56080fba5d3171215d60e431dd45e92dc01848f43a0a37ed0853cf6494cc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://www.naoconto.com/
Cookie
_ga=GA1.2.964182437.1633705423; _gid=GA1.2.16303013.1633705423; _gat=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 14 Jun 2021 23:05:43 GMT
Server
nginx
ETag
"60c7e0c7-39a6"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
14758
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
2-640x290.jpg
www.naoconto.com/wp-content/uploads/2021/06/
12 KB
13 KB
Image
General
Full URL
https://www.naoconto.com/wp-content/uploads/2021/06/2-640x290.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
1d41ff3d7b1725f883c9895ce9dfabff286acf48aa1f4a3a76cbf881ff17a87e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://www.naoconto.com/
Cookie
_ga=GA1.2.964182437.1633705423; _gid=GA1.2.16303013.1633705423; _gat=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 14 Jun 2021 23:05:48 GMT
Server
nginx
ETag
"60c7e0cc-315c"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
12636
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
8-640x290.jpg
www.naoconto.com/wp-content/uploads/2021/06/
14 KB
14 KB
Image
General
Full URL
https://www.naoconto.com/wp-content/uploads/2021/06/8-640x290.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
9c7d4665de70746519c22f57686ac3f1e76d9204255a062bfaa7bd1537b37a35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://www.naoconto.com/
Cookie
_ga=GA1.2.964182437.1633705423; _gid=GA1.2.16303013.1633705423; _gat=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 14 Jun 2021 23:05:44 GMT
Server
nginx
ETag
"60c7e0c8-374d"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
14157
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
1-640x290.jpg
www.naoconto.com/wp-content/uploads/2021/06/
16 KB
16 KB
Image
General
Full URL
https://www.naoconto.com/wp-content/uploads/2021/06/1-640x290.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
7fac51a6e219c75619b5b42eca9e3b5250b8fae126cb4758a7d1c17d83dae87d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://www.naoconto.com/
Cookie
_ga=GA1.2.964182437.1633705423; _gid=GA1.2.16303013.1633705423; _gat=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 14 Jun 2021 23:05:49 GMT
Server
nginx
ETag
"60c7e0cd-3e0d"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
15885
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
4-640x290.jpg
www.naoconto.com/wp-content/uploads/2021/06/
16 KB
16 KB
Image
General
Full URL
https://www.naoconto.com/wp-content/uploads/2021/06/4-640x290.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
6267e8428c706c3797e2685f4981eb41e7dbf4ce1d0591b1bdbe6859210ca8a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://www.naoconto.com/
Cookie
_ga=GA1.2.964182437.1633705423; _gid=GA1.2.16303013.1633705423; _gat=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 14 Jun 2021 23:05:46 GMT
Server
nginx
ETag
"60c7e0ca-3fab"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
16299
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
7-640x290.jpg
www.naoconto.com/wp-content/uploads/2021/06/
18 KB
19 KB
Image
General
Full URL
https://www.naoconto.com/wp-content/uploads/2021/06/7-640x290.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
b777137f619e64f81d36d168e35bfb18eecf65371e83493ae122efb38c0c2c9b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://www.naoconto.com/
Cookie
_ga=GA1.2.964182437.1633705423; _gid=GA1.2.16303013.1633705423; _gat=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 14 Jun 2021 23:05:44 GMT
Server
nginx
ETag
"60c7e0c8-4953"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
18771
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
9-640x290.jpg
www.naoconto.com/wp-content/uploads/2021/06/
24 KB
25 KB
Image
General
Full URL
https://www.naoconto.com/wp-content/uploads/2021/06/9-640x290.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
526b6b495c75ff59d747392c2a94de9aa4f4652898141fd6653f061d935f35e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://www.naoconto.com/
Cookie
_ga=GA1.2.964182437.1633705423; _gid=GA1.2.16303013.1633705423; _gat=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 14 Jun 2021 23:05:43 GMT
Server
nginx
ETag
"60c7e0c7-6164"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
24932
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
11-640x290.jpg
www.naoconto.com/wp-content/uploads/2021/06/
13 KB
14 KB
Image
General
Full URL
https://www.naoconto.com/wp-content/uploads/2021/06/11-640x290.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
429ecbc324b2f11737dd4870896dd12ef17ff348b0ac2424acfdb21448867180
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://www.naoconto.com/
Cookie
_ga=GA1.2.964182437.1633705423; _gid=GA1.2.16303013.1633705423; _gat=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 14 Jun 2021 23:05:41 GMT
Server
nginx
ETag
"60c7e0c5-3549"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13641
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
3-640x290.jpg
www.naoconto.com/wp-content/uploads/2021/06/
10 KB
10 KB
Image
General
Full URL
https://www.naoconto.com/wp-content/uploads/2021/06/3-640x290.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
158.69.58.139 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
9c3354db84e8ff80f4c5a5e293ad1cc497989d52c0f5682c2975c5666c6dd26f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
www.naoconto.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://www.naoconto.com/
Cookie
_ga=GA1.2.964182437.1633705423; _gid=GA1.2.16303013.1633705423; _gat=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 14 Jun 2021 23:05:47 GMT
Server
nginx
ETag
"60c7e0cb-2834"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
10292
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
ad-provider.js
a.realsrv.com/ Frame 10E4
84 KB
24 KB
Script
General
Full URL
https://a.realsrv.com/ad-provider.js
Requested by
Host: a.realsrv.com
URL: https://a.realsrv.com/iframe.php?idzone=3345318&size=300x100
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
nginx /
Resource Hash
007e772557ca493d05b91b986e33f183780b819c501553b568832f5fa86a5d59

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.realsrv.com/iframe.php?idzone=3345318&size=300x100
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
Content-Encoding
gzip
Server
nginx
etag
W/"c9f6484bfa786036ece3e4f2aaa"
X-HW
1633705422.dop040.fr8.t,1633705422.cds245.fr8.shn,1633705422.dop040.fr8.t,1633705423.cds228.fr8.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=10800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
23710
collect
stats.g.doubleclick.net/j/
2 B
462 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-11286014-10&cid=964182437.1633705423&jid=1926365389&gjid=1089587282&_gid=16303013.1633705423&_u=IEBAAEAAAAAAAC~&z=1672751778
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.102.1.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wb-in-f154.1e100.net
Software
Golfe2 /
Resource Hash
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.naoconto.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 08 Oct 2021 15:03:43 GMT
content-type
text/plain
access-control-allow-origin
https://www.naoconto.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
api.php
syndication.realsrv.com/v1/ Frame 0BDA
236 B
571 B
XHR
General
Full URL
https://syndication.realsrv.com/v1/api.php
Requested by
Host: a.realsrv.com
URL: https://a.realsrv.com/ad-provider.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
95.211.229.245 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
8bf33f7b9cd2d7a98bfad2ac9923cb22bbc670f988168419d6b5814c075452e9

Request headers

Referer
https://a.realsrv.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
Access-Control-Request-Method
POST
Server
nginx
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
https://a.realsrv.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Encoding
gzip
Access-Control-Allow-Headers
Authorization, Content-Type
api.php
syndication.realsrv.com/v1/ Frame 10E4
237 B
573 B
XHR
General
Full URL
https://syndication.realsrv.com/v1/api.php
Requested by
Host: a.realsrv.com
URL: https://a.realsrv.com/ad-provider.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
95.211.229.245 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
5be6e6a954c6e5b5d9024956e7d05dc42e1605f0ab3739ef4e182842e723d4f9

Request headers

Referer
https://a.realsrv.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
Access-Control-Request-Method
POST
Server
nginx
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
https://a.realsrv.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Encoding
gzip
Access-Control-Allow-Headers
Authorization, Content-Type
ga-audiences
www.google.com/ads/
42 B
522 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-11286014-10&cid=964182437.1633705423&jid=1926365389&_u=IEBAAEAAAAAAAC~&z=1249314258
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:43 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
nativeads-v2.js
a.realsrv.com/ Frame C032
56 KB
16 KB
Script
General
Full URL
https://a.realsrv.com/nativeads-v2.js
Requested by
Host: a.realsrv.com
URL: https://a.realsrv.com/ad-provider.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
nginx /
Resource Hash
7e03b41e7e67ee68b43b89b01571baeef19a6c51ab9c25fbb099711e53609ece

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.realsrv.com/iframe.php?idzone=3345318&size=300x100
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
Content-Encoding
gzip
Server
nginx
etag
W/"a1e32946248eeed232a329f16e3"
X-HW
1633705422.dop040.fr8.t,1633705422.cds245.fr8.shn,1633705422.dop040.fr8.t,1633705423.cds228.fr8.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=10800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
16008
nativeads-v2.js
a.realsrv.com/ Frame 1F2A
56 KB
16 KB
Script
General
Full URL
https://a.realsrv.com/nativeads-v2.js
Requested by
Host: a.realsrv.com
URL: https://a.realsrv.com/ad-provider.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
nginx /
Resource Hash
7e03b41e7e67ee68b43b89b01571baeef19a6c51ab9c25fbb099711e53609ece

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.realsrv.com/iframe.php?idzone=963606&size=300x250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
Content-Encoding
gzip
Server
nginx
etag
W/"a1e32946248eeed232a329f16e3"
X-HW
1633705422.dop040.fr8.t,1633705422.cds245.fr8.shn,1633705422.dop040.fr8.t,1633705423.cds228.fr8.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=10800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
16008
imp.go
go.goasrv.com/ Frame 707C
43 B
132 B
Image
General
Full URL
https://go.goasrv.com/imp.go?nr=1&pixel=1&xref=oFXFBKp8Zp7UrhimKS-u2QkoPDS1K33SGjy-M3Au8v6piJmF58qQFuCGxx8cYnJMQbkPbVwm9RN5C3Rb2yJXeQZOaFtfzXNnDCIC3FUy5lti3aj_tW_8_bRKkJh98aDI7I5doPOBk4zzqhJiLooHfomIdaspsxhNxMAbX1-3sXVnn6Irre2tVbQCF8LUNCp9C2eyxtnN7aqM8yV53oqSV2Nvvt3OOMWgkIQDJ_3SoGdcXkIzH5N_7jOfhy_lQJeFZn0Ue2lKL8YS4S3ZCS0O-IidPzzndm7cR3ZgmsRWk92-Uc5Q-p-0kS6UdLed5h7KeQDH_2FNnyjbGlXliJvBBwki8D6LldGPACCiV3jCMBUcv5kVmszdIdRsN9qvlTzZatMANF2PqJ21mj4Tw6DEw1NcZ4suUmieqBSpD3ABWO3bM5HEb6M0Htyk9Qg70DofAk15VsEqn8j2C01PhAx0QZ3-XV9G_dmVIbkak9qJ9OSHMwj6L_a7LN0HFi869f-wnnXHZTYRo4EfvoUwnbBhwFWzGQpJ__yGDBlUiLcw80tEOTXqybexIRyTZdx-EWihy7KdOc_uI_O2psWJ91HvdG2UQxY0TKzBcekGlDBxevtettrgvQL1sufHLIXBwVDNqCO0aCEx4uLGEq20LL_xJUlagColKbrPktxrr6oImxjmyWCO3jEZLnnCf6doh7cDWq_yMTr5kIwmCfhhpUUjoYnnSZEKbTJSzE7j6aO9qFQ25s_eTelu88NukN-lzTrtRCrp5ZB3mU7DthCnVC2IaCn5jFG84vE9bb_fT8XiOl_l_lEAumseQ8AglftN3pJbVZL6OdZzgCkwEfpqqeRpFlt6PDf781YpC_u69BIJ81Xo9-V2C41vtaFwP5CINyZ0_FIkexg488WCkmf-DnAXhAdeu8-QV7FcMRI-3gXmsTQkQF189lwM_DbCT_NuUxQf63A-X86SRUu4kadwNb3Psd4JqUeFhKHyhkMgg4iRspRFjIlOh1qv1PNC3WIep7IQu7q_LCUnZtu88GslxThP7w==
Requested by
Host: go.eabids.com
URL: https://go.eabids.com/banner.go?spaceid=5427007&keywords=&maincat=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.22.19.196 , Netherlands, ASN42567 (MOJHOST-EU, NL),
Reverse DNS
Software
nginx /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://go.eabids.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 15:03:43 GMT
server
nginx
x-backend-server
nl2-go-web-243
content-length
43
content-type
image/gif
if.go
go.bidvance.com/rtb/ Frame DD94
1 KB
1 KB
Document
General
Full URL
https://go.bidvance.com/rtb/if.go?xref=X2D659JmXNd9w73eqVHs3NWKHX9SluHSR1ufMzhDNeioGtMHx8gDVh0-AchKR7-DkKoIThZ-Elh2kl3n8ln2CGw67wHt6R46kwmFw6FmAUcm60ukZdVunF1UPfFNH8185vs_R7xOT-koEs19heczBrHjc-Nr7hvz693bSLSRv2fiMKfYIGbrJtfFzfQWQPZzZVrNBJGSEkXEZZesIL8tAzzoU9jwVBXwG-7IX-t7Ww7sGzz5h3RRmQGLePKxjoJ1EcayJEoq-d-sac0JNjjXXewckvrQtF0Riytf_HD3XpC5iShbhUeHyhCxDEKleXWD62Ywwq-caD7lzGJTBJ-Zyt41j-XockWDo5Yl194kznLOAv2XhP8QwUQKXjIYC8mBX9nwbOE4JrTSs5OmpyliFR9_h5agFWOqKpKwfJt_jJLMTTBLjchfHQpIGNotD0cXSdrA_rNVfPfrmCQm9Uu3_TTuNZ2TwyGnNZYlwbMZ3kOTVsLdfRZZr8CAO3vYe_88LuP1MTU_uewub6fkYfAz6tdRKa6Jj8X3L6Rv0s2tJ6rwfcOHIl9l0hT1d4l0vx4UOTfA4_NJaebil6UOdUsAIr5_cNNip8RmnJqE6NI1oGWQ7f4SdCwOCdrnAHaZWaGNXb3kiHdKkQJ44pimd76BzITdtJLDLHEWzkYmJki8M1f25LMFM2C8GN61jO1fmJyQrczihB9tSRclk0yJJHOjbte1x29ejzIfUMa9fZ04puLqnA6ejWFhULPT5gPcKywvcMFGQCDII7HGK0nrY2HTH0naq4mEPKBh78o=
Requested by
Host: go.eabids.com
URL: https://go.eabids.com/banner.go?spaceid=5427007&keywords=&maincat=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.22.19.196 , Netherlands, ASN42567 (MOJHOST-EU, NL),
Reverse DNS
Software
nginx /
Resource Hash
7acf995b594e2600bcff91aa14032f1f88eb2db34d5cfdfce041523c8b3a14ac

Request headers

:method
GET
:authority
go.bidvance.com
:scheme
https
:path
/rtb/if.go?xref=X2D659JmXNd9w73eqVHs3NWKHX9SluHSR1ufMzhDNeioGtMHx8gDVh0-AchKR7-DkKoIThZ-Elh2kl3n8ln2CGw67wHt6R46kwmFw6FmAUcm60ukZdVunF1UPfFNH8185vs_R7xOT-koEs19heczBrHjc-Nr7hvz693bSLSRv2fiMKfYIGbrJtfFzfQWQPZzZVrNBJGSEkXEZZesIL8tAzzoU9jwVBXwG-7IX-t7Ww7sGzz5h3RRmQGLePKxjoJ1EcayJEoq-d-sac0JNjjXXewckvrQtF0Riytf_HD3XpC5iShbhUeHyhCxDEKleXWD62Ywwq-caD7lzGJTBJ-Zyt41j-XockWDo5Yl194kznLOAv2XhP8QwUQKXjIYC8mBX9nwbOE4JrTSs5OmpyliFR9_h5agFWOqKpKwfJt_jJLMTTBLjchfHQpIGNotD0cXSdrA_rNVfPfrmCQm9Uu3_TTuNZ2TwyGnNZYlwbMZ3kOTVsLdfRZZr8CAO3vYe_88LuP1MTU_uewub6fkYfAz6tdRKa6Jj8X3L6Rv0s2tJ6rwfcOHIl9l0hT1d4l0vx4UOTfA4_NJaebil6UOdUsAIr5_cNNip8RmnJqE6NI1oGWQ7f4SdCwOCdrnAHaZWaGNXb3kiHdKkQJ44pimd76BzITdtJLDLHEWzkYmJki8M1f25LMFM2C8GN61jO1fmJyQrczihB9tSRclk0yJJHOjbte1x29ejzIfUMa9fZ04puLqnA6ejWFhULPT5gPcKywvcMFGQCDII7HGK0nrY2HTH0naq4mEPKBh78o=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://go.eabids.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://go.eabids.com/

Response headers

server
nginx
date
Fri, 08 Oct 2021 15:03:43 GMT
content-type
text/html; charset=utf-8
expires
Mon, 03 Jul 2001 06:00:00 GMT
last-modified
Fri, 08 10 2021 15:03:43 GMT
cache-control
no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma
no-cache
x-backend-server
nl2-go-web-243
content-encoding
gzip
splash.php
syndication.realsrv.com/ Frame C032
3 KB
2 KB
XHR
General
Full URL
https://syndication.realsrv.com/splash.php?native-settings=1&idzone=4011514&cookieconsent=true&p=&max=1&loaded=0
Requested by
Host: a.realsrv.com
URL: https://a.realsrv.com/nativeads-v2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
95.211.229.245 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
c262ad55e3a4b60d496eae3bff9e319c908320e548387d948df108f38c01f4ae

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.realsrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
https://a.realsrv.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
splash.php
syndication.realsrv.com/ Frame 1F2A
3 KB
2 KB
XHR
General
Full URL
https://syndication.realsrv.com/splash.php?native-settings=1&idzone=4011498&cookieconsent=true&p=&max=1&loaded=0
Requested by
Host: a.realsrv.com
URL: https://a.realsrv.com/nativeads-v2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
95.211.229.245 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
3b050e36b5d8bf8b26604266afcfb5f4a19019a38d960c3115e9d6815c0ee25f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.realsrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
https://a.realsrv.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
09.jpg
2.bp.blogspot.com/-C3mY0y9wLr0/W1Yng6hCnQI/AAAAAAAAAJw/FqMuCFM8KFExGh-o72k4tF9A9VdKY_P0ACLcBGAs/s1600/ Frame C56A
21 KB
21 KB
Image
General
Full URL
https://2.bp.blogspot.com/-C3mY0y9wLr0/W1Yng6hCnQI/AAAAAAAAAJw/FqMuCFM8KFExGh-o72k4tF9A9VdKY_P0ACLcBGAs/s1600/09.jpg
Requested by
Host: www.n1internet.com
URL: https://www.n1internet.com/publicidades/naoconto/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.161 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s01-in-f1.1e100.net
Software
fife /
Resource Hash
043b55b624ab3f8e6ee172f17db6732cae4f39b6892b770217fc078716d04bb8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.n1internet.com/publicidades/naoconto/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 13:30:03 GMT
x-content-type-options
nosniff
age
5620
content-disposition
inline;filename="09.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21318
x-xss-protection
0
server
fife
etag
"v9e"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 07 Oct 2021 03:48:17 GMT
splash.php
syndication.realsrv.com/ Frame 1F2A
5 KB
4 KB
XHR
General
Full URL
https://syndication.realsrv.com/splash.php?native-settings=1&idzone=4011498&cookieconsent=true&p=&max=3&loaded=1
Requested by
Host: a.realsrv.com
URL: https://a.realsrv.com/nativeads-v2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
95.211.229.245 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
17cd3a658bc6beaae96c2e4f9637e70232c83d57e759547ce1af3f524b9f9c71

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.realsrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
https://a.realsrv.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
splash.php
syndication.realsrv.com/ Frame C032
3 KB
2 KB
XHR
General
Full URL
https://syndication.realsrv.com/splash.php?native-settings=1&idzone=4011514&cookieconsent=true&p=&max=1&loaded=1
Requested by
Host: a.realsrv.com
URL: https://a.realsrv.com/nativeads-v2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
95.211.229.245 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
47ab9aaca3b68e9a9f785c953ca380647caeff143f44e96fa25b5171e4bad9a0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.realsrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
https://a.realsrv.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
af56735ae63b067aba53560b10a1ea604ea102ed.jpg
s3t3d2y7.ackcdn.net/library/348620/ Frame C032
21 KB
22 KB
Image
General
Full URL
https://s3t3d2y7.ackcdn.net/library/348620/af56735ae63b067aba53560b10a1ea604ea102ed.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
f9757fc5cad313814e0ac20d8877640b78ac57df6cad45eda279c4be2a5f5272

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.realsrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
Last-Modified
Thu, 24 May 2018 11:27:26 GMT
ETag
"1527161246"
X-HW
1633705423.dop040.fr8.t,1633705423.cds289.fr8.shn,1633705423.dop040.fr8.t,1633705423.cds164.fr8.c
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
21862
b966261dddcdb60b0b784dd338ad737efe7466f5.jpg
s3t3d2y7.ackcdn.net/library/348620/ Frame C032
22 KB
22 KB
Image
General
Full URL
https://s3t3d2y7.ackcdn.net/library/348620/b966261dddcdb60b0b784dd338ad737efe7466f5.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
272ff697c2e158481e2ca7fca0b8dc6dcf7dfe597ee2e46cd99c557acb5b631e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.realsrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
Last-Modified
Thu, 24 May 2018 11:27:26 GMT
ETag
"1527161246"
X-HW
1633705423.dop040.fr8.t,1633705423.cds241.fr8.shn,1633705423.dop040.fr8.t,1633705423.cds145.fr8.c
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
22552
18a712f0d2612351ada5d2c5b0fcfb9555b50429.jpg
s3t3d2y7.ackcdn.net/library/348620/ Frame 1F2A
30 KB
30 KB
Image
General
Full URL
https://s3t3d2y7.ackcdn.net/library/348620/18a712f0d2612351ada5d2c5b0fcfb9555b50429.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
8ba12559b38d69b8d7a91ba3427cbc298e2c3c23bddf5192a1f1be6e19d28f0e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.realsrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
Last-Modified
Mon, 13 Mar 2017 15:15:21 GMT
ETag
"1489418121"
X-HW
1633705423.dop040.fr8.t,1633705423.cds247.fr8.shn,1633705423.dop040.fr8.t,1633705423.cds291.fr8.c
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
30464
cc366eaf939134e0c1048f1c32fe9272cc0455c6.jpg
s3t3d2y7.ackcdn.net/library/348620/ Frame 1F2A
25 KB
26 KB
Image
General
Full URL
https://s3t3d2y7.ackcdn.net/library/348620/cc366eaf939134e0c1048f1c32fe9272cc0455c6.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
8e041a1148e3cb51460e7eb8abbdf50fc1fdef3b215e641ad00acbaee2611ad8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.realsrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
Last-Modified
Thu, 24 May 2018 11:27:25 GMT
ETag
"1527161245"
X-HW
1633705423.dop040.fr8.t,1633705423.cds167.fr8.shn,1633705423.cds167.fr8.c
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
25830
af56735ae63b067aba53560b10a1ea604ea102ed.jpg
s3t3d2y7.ackcdn.net/library/348620/ Frame 1F2A
21 KB
22 KB
Image
General
Full URL
https://s3t3d2y7.ackcdn.net/library/348620/af56735ae63b067aba53560b10a1ea604ea102ed.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
f9757fc5cad313814e0ac20d8877640b78ac57df6cad45eda279c4be2a5f5272

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.realsrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
Last-Modified
Thu, 24 May 2018 11:27:26 GMT
ETag
"1527161246"
X-HW
1633705423.dop040.fr8.t,1633705423.cds158.fr8.shn,1633705423.dop040.fr8.t,1633705423.cds164.fr8.c
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
21862
fc29f9ac084dc434bb8138df246be51d0b2f79af.jpg
s3t3d2y7.ackcdn.net/library/348620/ Frame 1F2A
22 KB
22 KB
Image
General
Full URL
https://s3t3d2y7.ackcdn.net/library/348620/fc29f9ac084dc434bb8138df246be51d0b2f79af.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
62f143c00467b26acaf588d89f63212a0a8e1a6047a43697bde4ed9cf58fb6bd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.realsrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
Last-Modified
Fri, 01 Dec 2017 12:46:27 GMT
ETag
"1512132387"
X-HW
1633705423.dop040.fr8.t,1633705423.cds247.fr8.shn,1633705423.dop040.fr8.t,1633705423.cds291.fr8.c
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
22583
/
t.dtscout.com/idg/ Frame DE5D
1 KB
750 B
Document
General
Full URL
https://t.dtscout.com/idg/?su=6D001633705423431082B73FB3F61724
Requested by
Host: t.dtscout.com
URL: https://t.dtscout.com/i/?l=https%3A%2F%2Fwww.naoconto.com%2F&j=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.69.139.226 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
ip226.ip-158-69-139.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
32019bcd8e4622afd99a8fbabcc88425e0b1af84e0c3c93ba5846ec17121b580

Request headers

Host
t.dtscout.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.naoconto.com/
Accept-Encoding
gzip, deflate, br
Cookie
m=1; st=1; oa=1; df=1633705423; l=6D001633705423431082B73FB3F61724
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/

Response headers

Server
nginx/1.10.3 (Ubuntu)
Date
Fri, 08 Oct 2021 15:03:43 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
Expires
Fri, 08 Oct 2021 15:03:42 GMT
Cache-Control
no-cache
Content-Encoding
gzip
dtscout
pd.sharethis.com/pd/
0
88 B
Script
General
Full URL
https://pd.sharethis.com/pd/dtscout
Requested by
Host: t.dtscout.com
URL: https://t.dtscout.com/i/?l=https%3A%2F%2Fwww.naoconto.com%2F&j=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.98.10 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-98-10.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Connection
keep-alive
Date
Fri, 08 Oct 2021 15:03:43 GMT
/
t.dtscout.com/pv/
50 B
318 B
Script
General
Full URL
https://t.dtscout.com/pv/?_a=v&_h=naoconto.com&_ss=2rxcvztxhz&_pv=1&_ls=0&_u1=1&_u3=1&_cc=us&_pl=d&_cbid=2i7w&_cb=_dtspv.c
Requested by
Host: t.dtscout.com
URL: https://t.dtscout.com/i/?l=https%3A%2F%2Fwww.naoconto.com%2F&j=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.69.139.226 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
ip226.ip-158-69-139.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
46813faf98552647526e752b3939874abf326b1991479f18e542a66f56d62dfd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
X-T
0.146
Server
nginx/1.10.3 (Ubuntu)
Transfer-Encoding
chunked
X-C
0
Content-Type
application/javascript
Cache-Control
no-cache
Connection
close
Expires
Fri, 08 Oct 2021 15:03:42 GMT
tc.js
cdn.tynt.com/
17 KB
7 KB
Script
General
Full URL
https://cdn.tynt.com/tc.js
Requested by
Host: waust.at
URL: https://waust.at/s.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.28.199 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2347066080fea31af55c7112dca5245ea3eea67df5f24f1daae09f0870fbce62

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 15:03:43 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 27 Aug 2021 20:58:45 GMT
server
cloudflare
age
237871
etag
W/"61295205-431d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
69b041f06e564a91-FRA
expires
Mon, 11 Oct 2021 15:03:43 GMT
truncated
/
439 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/gif
p
ic.tynt.com/b/
0
227 B
Image
General
Full URL
https://ic.tynt.com/b/p?id=w!naocontoblog&lm=0&ts=1633705423468&dn=TC&iso=0&t=N%C3%A3o%20Conto!%20-%20Tudo%20de%20mais%20picante%20que%20Caiu%20Na%20Net&cu=https%3A%2F%2Fwww.naoconto.com%2F
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip33.67-202-105.static.steadfastdns.net
Software
nginx/1.16.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 15:03:43 GMT
cache-control
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires
"Sat, 26 Jul 1997 05:00:00 GMT"
server
nginx/1.16.1
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
c8e4872cb84b8e5e6fed3fd26e6c4250.jpg
webstats1.com/www/images/ Frame 8E1D
34 KB
35 KB
Image
General
Full URL
https://webstats1.com/www/images/c8e4872cb84b8e5e6fed3fd26e6c4250.jpg
Requested by
Host: webstats1.com
URL: https://webstats1.com/www/delivery/afr.php?zoneid=39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.79.235 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
856d55d5417497e858d7f3629fb043bb083c0bec165848b75d4e549afd49d230
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://webstats1.com/www/delivery/afr.php?zoneid=39
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 15:03:43 GMT
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2292051
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
35182
last-modified
Fri, 16 Jul 2021 18:55:55 GMT
server
cloudflare
etag
"60f1d63b-896e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2Fzx7eExhoEFvre8khV3WSfIeHc0bcMOnXLAC4UYQmnh0XxL6BpS94nxOgqmNsG8GdH21%2FDp%2Bj2VPHFl%2B%2Fb0hva2tYOl%2BvBPbgLy6Yc6J5zPk4rwxO3qH1Q9E6H%2BGKxU"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
69b041f0da7c2798-PRG
expires
Thu, 31 Dec 2037 23:55:55 GMT
lg.php
webstats1.com/www/delivery/ Frame 8E1D
43 B
751 B
Image
General
Full URL
https://webstats1.com/www/delivery/lg.php?bannerid=763&campaignid=5&zoneid=39&loc=https%3A%2F%2Fwww.naoconto.com%2F&cb=0781ce1782
Requested by
Host: webstats1.com
URL: https://webstats1.com/www/delivery/afr.php?zoneid=39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.79.235 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://webstats1.com/www/delivery/afr.php?zoneid=39
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:43 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dmXRZDmtgenkfgp6SomUDQuoqlF1wZRVGlbxAh4%2FjI8hoF3HDS7uHqUtnbh7vYpgFdwR2IJw0UpSzOdfO%2F9AfaTPsCZX8L0T7qe%2B79xoNx0jKMNdGNZfsOwG6AZqjgao"}],"group":"cf-nel","max_age":604800}
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cache-control
no-cache, no-store, must-revalidate
cf-ray
69b041f0da7e2798-PRG
content-type
image/gif
expires
0
api.php
syndication.exosrv.com/v1/ Frame 3B37
236 B
572 B
XHR
General
Full URL
https://syndication.exosrv.com/v1/api.php
Requested by
Host: a.exosrv.com
URL: https://a.exosrv.com/ad-provider.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
95.211.229.245 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
649592d5e5a80db38bf07f722819ce26f9382a2c684c12fe85d3f7b4a4d7263d

Request headers

Referer
https://ads.exosrv.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
Access-Control-Request-Method
POST
Server
nginx
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
https://ads.exosrv.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Encoding
gzip
Access-Control-Allow-Headers
Authorization, Content-Type
nativeads-v2.js
a.realsrv.com/ Frame DCAA
56 KB
16 KB
Script
General
Full URL
https://a.realsrv.com/nativeads-v2.js
Requested by
Host: a.exosrv.com
URL: https://a.exosrv.com/ad-provider.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
nginx /
Resource Hash
7e03b41e7e67ee68b43b89b01571baeef19a6c51ab9c25fbb099711e53609ece

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.exosrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
Content-Encoding
gzip
Server
nginx
etag
W/"a1e32946248eeed232a329f16e3"
X-HW
1633705422.dop040.fr8.t,1633705422.cds245.fr8.shn,1633705422.dop040.fr8.t,1633705423.cds228.fr8.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=10800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
16008
splash.php
syndication.realsrv.com/ Frame DCAA
3 KB
2 KB
XHR
General
Full URL
https://syndication.realsrv.com/splash.php?native-settings=1&idzone=4011498&cookieconsent=true&p=&max=1&loaded=0
Requested by
Host: a.realsrv.com
URL: https://a.realsrv.com/nativeads-v2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
95.211.229.245 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
acd25f566d27eac07c836c319ab3946af25236af2d6da294f03a8b95763fb3e2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.exosrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
https://ads.exosrv.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
lt.min.js
tags.crwdcntrl.net/lt/c/3825/
38 KB
38 KB
Script
General
Full URL
https://tags.crwdcntrl.net/lt/c/3825/lt.min.js
Requested by
Host: t.dtscout.com
URL: https://t.dtscout.com/i/?l=https%3A%2F%2Fwww.naoconto.com%2F&j=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-4.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
dc9dc5abccf3e062029d71dcdc0e04b7cc9a9be96103d07f98b4ff4a5459c668

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 02:56:01 GMT
via
1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
age
93478
x-amz-server-side-encryption
AES256
x-edge-origin-shield-skipped
0
x-cache
Hit from cloudfront
content-length
38929
last-modified
Tue, 16 Mar 2021 13:30:17 GMT
server
AmazonS3
etag
W/"f321a7442b8087eba0d1817aa7dbb5f7"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age: 86400
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-amz-cf-id
V2VPPPqzB_K0xcla38qnSCFANtij0GG-N4KWxrzlchGGDwyjjtAGzg==
/
t.dtscdn.com/widget/
0
407 B
Script
General
Full URL
https://t.dtscdn.com/widget/?d=6D001633705423431082B73FB3F61724&nid=0&p=836148727&t=0&s=1600x1200x24&u=https%3A%2F%2Fwww.naoconto.com%2F&r=
Requested by
Host: t.dtscout.com
URL: https://t.dtscout.com/i/?l=https%3A%2F%2Fwww.naoconto.com%2F&j=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.96.63 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 14:05:26 GMT
X-T
1.52
x-server
web14.ny1.dtscdn.com
Cache-Control
no-cache
Content-Type
application/javascript; charset=UTF-8
Transfer-Encoding
chunked
Expires
Fri, 08 Oct 2021 14:05:25 GMT
mw
mwzeom.zeotap.com/
Redirect Chain
  • https://pixel.onaudience.com/?partner=137085098&mapped=6D001633705423431082B73FB3F61724
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=xksw9la&ttd_tpi=1
  • https://pixel.onaudience.com/?partner=147&mapped=d9c2abb0-c5d2-4589-9f8e-3c6a3448428f&icm
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
  • https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=eade51967f708c6f57e7ba85989bf4a3
  • https://spl.zeotap.com/?zdid=1332&zcluid=fd622c8ada70f5ea
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=08603385-95af-4a4e-7991-be667f31b3bd&reqId=f58dc024-76ac-4757-539e-082a9369096d&zclui...
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=08603385-95af-4a4e-7991-be667f31b3bd&reqId=f58dc024-76ac-4757-539e-082a9369096d&zclu...
  • https://mwzeom.zeotap.com/mw?google_gid=CAESENT6Y5zPtbwBRm7tAtiEYzQ&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=08603385-95af-4a4e-7991-be667f31b3bd&reqId=f58dc024-76ac-4757-539e-082...
95 B
164 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?google_gid=CAESENT6Y5zPtbwBRm7tAtiEYzQ&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=08603385-95af-4a4e-7991-be667f31b3bd&reqId=f58dc024-76ac-4757-539e-082a9369096d&zcluid=fd622c8ada70f5ea&zdid=1332
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.24.87 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 15:03:44 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://www.naoconto.com
access-control-allow-credentials
true
cf-ray
69b041f57a835cb0-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:44 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://mwzeom.zeotap.com/mw?google_gid=CAESENT6Y5zPtbwBRm7tAtiEYzQ&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=08603385-95af-4a4e-7991-be667f31b3bd&reqId=f58dc024-76ac-4757-539e-082a9369096d&zcluid=fd622c8ada70f5ea&zdid=1332
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
469
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
imp.go
go.bidvance.com/ Frame DD94
43 B
131 B
Image
General
Full URL
https://go.bidvance.com/imp.go?nr=1&pixel=1&xref=X2D659JmXNd9w73eqVHs3NWKHX9SluHSR1ufMzhDNeioGtMHx8gDVh0-AchKR7-DkKoIThZ-Elh2kl3n8ln2CGw67wHt6R46kwmFw6FmAUcm60ukZdVunF1UPfFNH8185vs_R7xOT-koEs19heczBrHjc-Nr7hvz693bSLSRv2fiMKfYIGbrJtfFzfQWQPZzZVrNBJGSEkXEZZesIL8tAzzoU9jwVBXwG-7IX-t7Ww7sGzz5h3RRmQGLePKxjoJ1EcayJEoq-d-sac0JNjjXXewckvrQtF0Riytf_HD3XpC5iShbhUeHyhCxDEKleXWD62Ywwq-caD7lzGJTBJ-Zyt41j-XockWDo5Yl194kznLOAv2XhP8QwUQKXjIYC8mBX9nwbOE4JrTSs5OmpyliFR9_h5agFWOqKpKwfJt_jJLMTTBLjchfHQpIGNotD0cXSdrA_rNVfPfrmCQm9Uu3_TTuNZ2TwyGnNZYlwbMZ3kOTVsLdfRZZr8CAO3vYe_88LuP1MTU_uewub6fkYfAz6tdRKa6Jj8X3L6Rv0s2tJ6rwfcOHIl9l0hT1d4l0vx4UOTfA4_NJaebil6UOdUsAIr5_cNNip8RmnJqE6NI1oGWQ7f4SdCwOCdrnAHaZWaGNXb3kiHdKkQJ44pimd76BzITdtJLDLHEWzkYmJki8M1f25LMFM2C8GN61jO1fmJyQrczihB9tSRclk0yJJHOjbte1x29ejzIfUMa9fZ04puLqnA6ejWFhULPT5gPcKywvcMFGQCDII7HGK0nrY2HTH0naq4mEPKBh78o=
Requested by
Host: go.bidvance.com
URL: https://go.bidvance.com/rtb/if.go?xref=X2D659JmXNd9w73eqVHs3NWKHX9SluHSR1ufMzhDNeioGtMHx8gDVh0-AchKR7-DkKoIThZ-Elh2kl3n8ln2CGw67wHt6R46kwmFw6FmAUcm60ukZdVunF1UPfFNH8185vs_R7xOT-koEs19heczBrHjc-Nr7hvz693bSLSRv2fiMKfYIGbrJtfFzfQWQPZzZVrNBJGSEkXEZZesIL8tAzzoU9jwVBXwG-7IX-t7Ww7sGzz5h3RRmQGLePKxjoJ1EcayJEoq-d-sac0JNjjXXewckvrQtF0Riytf_HD3XpC5iShbhUeHyhCxDEKleXWD62Ywwq-caD7lzGJTBJ-Zyt41j-XockWDo5Yl194kznLOAv2XhP8QwUQKXjIYC8mBX9nwbOE4JrTSs5OmpyliFR9_h5agFWOqKpKwfJt_jJLMTTBLjchfHQpIGNotD0cXSdrA_rNVfPfrmCQm9Uu3_TTuNZ2TwyGnNZYlwbMZ3kOTVsLdfRZZr8CAO3vYe_88LuP1MTU_uewub6fkYfAz6tdRKa6Jj8X3L6Rv0s2tJ6rwfcOHIl9l0hT1d4l0vx4UOTfA4_NJaebil6UOdUsAIr5_cNNip8RmnJqE6NI1oGWQ7f4SdCwOCdrnAHaZWaGNXb3kiHdKkQJ44pimd76BzITdtJLDLHEWzkYmJki8M1f25LMFM2C8GN61jO1fmJyQrczihB9tSRclk0yJJHOjbte1x29ejzIfUMa9fZ04puLqnA6ejWFhULPT5gPcKywvcMFGQCDII7HGK0nrY2HTH0naq4mEPKBh78o=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.22.19.196 , Netherlands, ASN42567 (MOJHOST-EU, NL),
Reverse DNS
Software
nginx /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://go.bidvance.com/rtb/if.go?xref=X2D659JmXNd9w73eqVHs3NWKHX9SluHSR1ufMzhDNeioGtMHx8gDVh0-AchKR7-DkKoIThZ-Elh2kl3n8ln2CGw67wHt6R46kwmFw6FmAUcm60ukZdVunF1UPfFNH8185vs_R7xOT-koEs19heczBrHjc-Nr7hvz693bSLSRv2fiMKfYIGbrJtfFzfQWQPZzZVrNBJGSEkXEZZesIL8tAzzoU9jwVBXwG-7IX-t7Ww7sGzz5h3RRmQGLePKxjoJ1EcayJEoq-d-sac0JNjjXXewckvrQtF0Riytf_HD3XpC5iShbhUeHyhCxDEKleXWD62Ywwq-caD7lzGJTBJ-Zyt41j-XockWDo5Yl194kznLOAv2XhP8QwUQKXjIYC8mBX9nwbOE4JrTSs5OmpyliFR9_h5agFWOqKpKwfJt_jJLMTTBLjchfHQpIGNotD0cXSdrA_rNVfPfrmCQm9Uu3_TTuNZ2TwyGnNZYlwbMZ3kOTVsLdfRZZr8CAO3vYe_88LuP1MTU_uewub6fkYfAz6tdRKa6Jj8X3L6Rv0s2tJ6rwfcOHIl9l0hT1d4l0vx4UOTfA4_NJaebil6UOdUsAIr5_cNNip8RmnJqE6NI1oGWQ7f4SdCwOCdrnAHaZWaGNXb3kiHdKkQJ44pimd76BzITdtJLDLHEWzkYmJki8M1f25LMFM2C8GN61jO1fmJyQrczihB9tSRclk0yJJHOjbte1x29ejzIfUMa9fZ04puLqnA6ejWFhULPT5gPcKywvcMFGQCDII7HGK0nrY2HTH0naq4mEPKBh78o=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 15:03:43 GMT
server
nginx
x-backend-server
nl2-go-web-243
content-length
43
content-type
image/gif
/
bidvancedisplay.blogspot.com/ Frame 1818
7 KB
3 KB
Document
General
Full URL
https://bidvancedisplay.blogspot.com/
Requested by
Host: go.bidvance.com
URL: https://go.bidvance.com/rtb/if.go?xref=X2D659JmXNd9w73eqVHs3NWKHX9SluHSR1ufMzhDNeioGtMHx8gDVh0-AchKR7-DkKoIThZ-Elh2kl3n8ln2CGw67wHt6R46kwmFw6FmAUcm60ukZdVunF1UPfFNH8185vs_R7xOT-koEs19heczBrHjc-Nr7hvz693bSLSRv2fiMKfYIGbrJtfFzfQWQPZzZVrNBJGSEkXEZZesIL8tAzzoU9jwVBXwG-7IX-t7Ww7sGzz5h3RRmQGLePKxjoJ1EcayJEoq-d-sac0JNjjXXewckvrQtF0Riytf_HD3XpC5iShbhUeHyhCxDEKleXWD62Ywwq-caD7lzGJTBJ-Zyt41j-XockWDo5Yl194kznLOAv2XhP8QwUQKXjIYC8mBX9nwbOE4JrTSs5OmpyliFR9_h5agFWOqKpKwfJt_jJLMTTBLjchfHQpIGNotD0cXSdrA_rNVfPfrmCQm9Uu3_TTuNZ2TwyGnNZYlwbMZ3kOTVsLdfRZZr8CAO3vYe_88LuP1MTU_uewub6fkYfAz6tdRKa6Jj8X3L6Rv0s2tJ6rwfcOHIl9l0hT1d4l0vx4UOTfA4_NJaebil6UOdUsAIr5_cNNip8RmnJqE6NI1oGWQ7f4SdCwOCdrnAHaZWaGNXb3kiHdKkQJ44pimd76BzITdtJLDLHEWzkYmJki8M1f25LMFM2C8GN61jO1fmJyQrczihB9tSRclk0yJJHOjbte1x29ejzIfUMa9fZ04puLqnA6ejWFhULPT5gPcKywvcMFGQCDII7HGK0nrY2HTH0naq4mEPKBh78o=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f1.1e100.net
Software
GSE /
Resource Hash
8b0f3477e3f27cdad0ca7a87ac7f380e5c91b44414623989973ef9ced922eaf0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
bidvancedisplay.blogspot.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://go.bidvance.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://go.bidvance.com/

Response headers

content-type
text/html; charset=UTF-8
expires
Fri, 08 Oct 2021 15:03:43 GMT
date
Fri, 08 Oct 2021 15:03:43 GMT
cache-control
private, max-age=0
last-modified
Fri, 01 Oct 2021 08:34:29 GMT
etag
W/"7e3c4181b90bdc8427c53a8c61b65a4d0fd3bd95b287cf6b397eba7a7bf4fb88"
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
2686
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
splash.php
syndication.realsrv.com/ Frame DCAA
5 KB
4 KB
XHR
General
Full URL
https://syndication.realsrv.com/splash.php?native-settings=1&idzone=4011498&cookieconsent=true&p=&max=3&loaded=1
Requested by
Host: a.realsrv.com
URL: https://a.realsrv.com/nativeads-v2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
95.211.229.245 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
4e0215276642a04d5e2652b438258f5e67d53c02d9bbaa30fe03ebcf8d879a4d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.exosrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:43 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
https://ads.exosrv.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
v2
de.tynt.com/deb/
4 B
202 B
Script
General
Full URL
https://de.tynt.com/deb/v2?id=w!naocontoblog&dn=TC&cc=1&r=
Requested by
Host: cdn.tynt.com
URL: https://cdn.tynt.com/tc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.100.17.185 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip185.208-100-17.static.steadfastdns.net
Software
/
Resource Hash
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 15:03:43 GMT
cache-control
max-age=86400
content-type
application/javascript
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
content-length
4
expires
Sat, 09 Oct 2021 15:03:44 GMT
p
ic.tynt.com/b/
0
227 B
Image
General
Full URL
https://ic.tynt.com/b/p?id=w!naocontoblog&lm=0&ts=1633705423468&dn=TC&iso=0&t=N%C3%A3o%20Conto!%20-%20Tudo%20de%20mais%20picante%20que%20Caiu%20Na%20Net&cu=https%3A%2F%2Fwww.naoconto.com%2F
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip33.67-202-105.static.steadfastdns.net
Software
nginx/1.16.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 15:03:43 GMT
cache-control
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires
"Sat, 26 Jul 1997 05:00:00 GMT"
server
nginx/1.16.1
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
1394523530-widget_css_bundle.css
www.blogger.com/static/v1/widgets/ Frame 1818
30 KB
7 KB
Stylesheet
General
Full URL
https://www.blogger.com/static/v1/widgets/1394523530-widget_css_bundle.css
Requested by
Host: bidvancedisplay.blogspot.com
URL: https://bidvancedisplay.blogspot.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.169 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f169.1e100.net
Software
sffe /
Resource Hash
71d3b53f5fc2d9ff983184f539a0c8b9991c31af89b3448ab7475c1ef94e6124
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bidvancedisplay.blogspot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 03 Oct 2021 11:59:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
443063
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6667
x-xss-protection
0
last-modified
Sat, 02 Oct 2021 15:50:06 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Mon, 03 Oct 2022 11:59:20 GMT
963277127-widgets.js
www.blogger.com/static/v1/widgets/ Frame 1818
154 KB
154 KB
Script
General
Full URL
https://www.blogger.com/static/v1/widgets/963277127-widgets.js
Requested by
Host: bidvancedisplay.blogspot.com
URL: https://bidvancedisplay.blogspot.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.169 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f169.1e100.net
Software
sffe /
Resource Hash
745ee8325d0778336e2c48e1ad3ff31618ca9dd19114e82e21f3760638866a49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bidvancedisplay.blogspot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 06 Oct 2021 03:43:18 GMT
x-content-type-options
nosniff
age
213625
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
157275
x-xss-protection
0
last-modified
Fri, 01 Oct 2021 14:51:19 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Thu, 06 Oct 2022 03:43:18 GMT
/
brandnewadserving.blogspot.com/ Frame AA74
8 KB
3 KB
Document
General
Full URL
https://brandnewadserving.blogspot.com/
Requested by
Host: bidvancedisplay.blogspot.com
URL: https://bidvancedisplay.blogspot.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f1.1e100.net
Software
GSE /
Resource Hash
68d0b09cd3be99184b8002b120a86c03579a9846dc5761305b7fc62745f35942
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
brandnewadserving.blogspot.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://bidvancedisplay.blogspot.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://bidvancedisplay.blogspot.com/

Response headers

content-type
text/html; charset=UTF-8
expires
Fri, 08 Oct 2021 15:03:44 GMT
date
Fri, 08 Oct 2021 15:03:44 GMT
cache-control
private, max-age=0
last-modified
Sat, 02 Oct 2021 06:46:26 GMT
etag
W/"f85223d78fc7f866711ee7c9caad0bc72429a70734a5112eefdcec18d3f54e3e"
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
2944
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
p
ic.tynt.com/b/
0
227 B
Image
General
Full URL
https://ic.tynt.com/b/p?id=w!naocontoblog&lm=0&ts=1633705423468&dn=TC&iso=0&t=N%C3%A3o%20Conto!%20-%20Tudo%20de%20mais%20picante%20que%20Caiu%20Na%20Net
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip33.67-202-105.static.steadfastdns.net
Software
nginx/1.16.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 15:03:43 GMT
cache-control
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires
"Sat, 26 Jul 1997 05:00:00 GMT"
server
nginx/1.16.1
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
p
ic.tynt.com/b/
0
227 B
Image
General
Full URL
https://ic.tynt.com/b/p?id=w!naocontoblog&lm=0&ts=1633705423468&dn=TC&iso=0
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip33.67-202-105.static.steadfastdns.net
Software
nginx/1.16.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 15:03:44 GMT
cache-control
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires
"Sat, 26 Jul 1997 05:00:00 GMT"
server
nginx/1.16.1
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
1394523530-widget_css_bundle.css
www.blogger.com/static/v1/widgets/ Frame AA74
30 KB
7 KB
Stylesheet
General
Full URL
https://www.blogger.com/static/v1/widgets/1394523530-widget_css_bundle.css
Requested by
Host: brandnewadserving.blogspot.com
URL: https://brandnewadserving.blogspot.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.169 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f169.1e100.net
Software
sffe /
Resource Hash
71d3b53f5fc2d9ff983184f539a0c8b9991c31af89b3448ab7475c1ef94e6124
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://brandnewadserving.blogspot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 03 Oct 2021 11:59:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
443064
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6667
x-xss-protection
0
last-modified
Sat, 02 Oct 2021 15:50:06 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Mon, 03 Oct 2022 11:59:20 GMT
video-slider.js
a.exdynsrv.com/ Frame AA74
35 KB
10 KB
Script
General
Full URL
https://a.exdynsrv.com/video-slider.js
Requested by
Host: brandnewadserving.blogspot.com
URL: https://brandnewadserving.blogspot.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
nginx /
Resource Hash
54027a92a68deb2438218170df0f8733ca15dc7955fe69abd7c6214dd8adfa3a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://brandnewadserving.blogspot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:44 GMT
Content-Encoding
gzip
Server
nginx
etag
W/"03b3a6212cb4fbe535baf9e5004"
X-HW
1633705424.dop040.fr8.shc,1633705424.dop040.fr8.t,1633705424.cds205.fr8.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=10800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
9473
karma.js
trustiseverything.de/karma/ Frame AA74
197 KB
144 KB
Script
General
Full URL
https://trustiseverything.de/karma/karma.js?karma=bs?nosaj=faster.mo
Requested by
Host: brandnewadserving.blogspot.com
URL: https://brandnewadserving.blogspot.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
37.120.165.226 Bodenteich, Germany, ASN197540 (NETCUP-AS netcup GmbH, DE),
Reverse DNS
mail.crypto-webminer.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
a4c449e8f3a16a37f40f9c4694403578ab11ccb6b930cb9b622f32c8da10015e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://brandnewadserving.blogspot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 15:03:40 GMT
content-encoding
gzip
etag
"8041c326d569d71:0"
last-modified
Fri, 25 Jun 2021 15:17:03 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-cache,no-cache
accept-ranges
bytes
content-length
146728
963277127-widgets.js
www.blogger.com/static/v1/widgets/ Frame AA74
154 KB
154 KB
Script
General
Full URL
https://www.blogger.com/static/v1/widgets/963277127-widgets.js
Requested by
Host: brandnewadserving.blogspot.com
URL: https://brandnewadserving.blogspot.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.169 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f169.1e100.net
Software
sffe /
Resource Hash
745ee8325d0778336e2c48e1ad3ff31618ca9dd19114e82e21f3760638866a49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://brandnewadserving.blogspot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 06 Oct 2021 03:43:18 GMT
x-content-type-options
nosniff
age
213626
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
157275
x-xss-protection
0
last-modified
Fri, 01 Oct 2021 14:51:19 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Thu, 06 Oct 2022 03:43:18 GMT
p
ic.tynt.com/b/
0
227 B
Image
General
Full URL
https://ic.tynt.com/b/p?id=w!naocontoblog&lm=0&ts=1633705423468&dn=TC&iso=0
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip33.67-202-105.static.steadfastdns.net
Software
nginx/1.16.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 15:03:44 GMT
cache-control
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires
"Sat, 26 Jul 1997 05:00:00 GMT"
server
nginx/1.16.1
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
iframe.php
a.exdynsrv.com/ Frame 9647
4 KB
2 KB
Document
General
Full URL
https://a.exdynsrv.com/iframe.php?idzone=4378572&size=300x250
Requested by
Host: brandnewadserving.blogspot.com
URL: https://brandnewadserving.blogspot.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
nginx /
Resource Hash
7cf483700f40cd3a8bf766562d4f28238d61271166edbb9b87023faf9a62335d

Request headers

Host
a.exdynsrv.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://brandnewadserving.blogspot.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://brandnewadserving.blogspot.com/

Response headers

Date
Fri, 08 Oct 2021 15:03:44 GMT
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
1317
Content-Type
text/html; charset=UTF-8
Accept-Ranges
bytes
Server
nginx
Cache-Control
max-age=10800
X-HW
1633705424.dop040.fr8.t,1633705424.cds143.fr8.shn,1633705424.dop040.fr8.t,1633705424.cds203.fr8.c
Access-Control-Allow-Origin
*
ad-provider.js
a.exdynsrv.com/ Frame 9647
84 KB
24 KB
Script
General
Full URL
https://a.exdynsrv.com/ad-provider.js
Requested by
Host: a.exdynsrv.com
URL: https://a.exdynsrv.com/iframe.php?idzone=4378572&size=300x250
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
nginx /
Resource Hash
2e68298e283c3c9a93306b565c7b0c16100c4e3faced7cd1d649e2219aa09816

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.exdynsrv.com/iframe.php?idzone=4378572&size=300x250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:44 GMT
Content-Encoding
gzip
Server
nginx
etag
W/"da94fa894df5be1ff9e1abeab97"
X-HW
1633705424.dop040.fr8.shc,1633705424.dop040.fr8.t,1633705424.cds124.fr8.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=10800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
23711
splash.php
syndication.exdynsrv.com/ Frame AA74
Redirect Chain
  • https://syndication.exdynsrv.com/splash.php?idzone=4367528&cookieconsent=true
  • https://syndication.exdynsrv.com/splash.php?idzone=4375726
5 KB
3 KB
XHR
General
Full URL
https://syndication.exdynsrv.com/splash.php?idzone=4375726
Requested by
Host: brandnewadserving.blogspot.com
URL: https://brandnewadserving.blogspot.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
95.211.229.246 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
c3d6319423ef3ff3eee189c33e86f52024330302f2ec084a6a9b91bdea1f6519

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://brandnewadserving.blogspot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:44 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
https://brandnewadserving.blogspot.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/xml;charset=UTF-8

Redirect headers

Date
Fri, 08 Oct 2021 15:03:44 GMT
Server
nginx
Access-Control-Allow-Origin
https://brandnewadserving.blogspot.com
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location
https://syndication.exdynsrv.com/splash.php?idzone=4375726
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/xml;charset=UTF-8
api.php
syndication.exdynsrv.com/v1/ Frame 9647
298 B
595 B
XHR
General
Full URL
https://syndication.exdynsrv.com/v1/api.php
Requested by
Host: a.exdynsrv.com
URL: https://a.exdynsrv.com/ad-provider.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
95.211.229.246 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
acad9ad0bd2f0273e71971a4ba205ee39146e230397b3d684e1e4c5b9bf523b1

Request headers

Referer
https://a.exdynsrv.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Fri, 08 Oct 2021 15:03:44 GMT
Access-Control-Request-Method
POST
Server
nginx
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
https://a.exdynsrv.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Encoding
gzip
Access-Control-Allow-Headers
Authorization, Content-Type
analytics.js
www.google-analytics.com/ Frame AA74
48 KB
19 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.174 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://brandnewadserving.blogspot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
1007
date
Fri, 08 Oct 2021 14:46:57 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Fri, 08 Oct 2021 16:46:57 GMT
iframe.php
a.exdynsrv.com/ Frame 5194
4 KB
2 KB
Document
General
Full URL
https://a.exdynsrv.com/iframe.php?idzone=4374828&size=300x250
Requested by
Host: a.exdynsrv.com
URL: https://a.exdynsrv.com/ad-provider.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
nginx /
Resource Hash
46de71e15435d484e2a7bfd6ef6a81a85335e1fca88cd8efa9821ca7f02a2ec9

Request headers

Host
a.exdynsrv.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://a.exdynsrv.com/iframe.php?idzone=4378572&size=300x250
Accept-Encoding
gzip, deflate, br
Cookie
__uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2261605dd036a5c8.78922436847919108%22%3B%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CDEU%7C4367528%7C48502888%7C0%7C%7C511%7C52%7C2%7C40%7C0%7C0%7C0%7C4569%7C2905330%7C2925533%7C0%7C0%7C2%7C2%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Cbrandnewadserving.blogspot.com%7C%7C%7C0%7C0%7C0%7C93%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://a.exdynsrv.com/iframe.php?idzone=4378572&size=300x250

Response headers

Date
Fri, 08 Oct 2021 15:03:44 GMT
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
1317
Content-Type
text/html; charset=UTF-8
Accept-Ranges
bytes
Server
nginx
Cache-Control
max-age=10800
X-HW
1633705424.dop040.fr8.shc,1633705424.dop040.fr8.t,1633705424.cds229.fr8.c
Access-Control-Allow-Origin
*
p
ic.tynt.com/b/
0
227 B
Image
General
Full URL
https://ic.tynt.com/b/p?id=w!naocontoblog&lm=0&ts=1633705423468&dn=TC&iso=0
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip33.67-202-105.static.steadfastdns.net
Software
nginx/1.16.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 15:03:44 GMT
cache-control
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires
"Sat, 26 Jul 1997 05:00:00 GMT"
server
nginx/1.16.1
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
07e8d03bfd7749d72b8c66a959ffe060c9e193e2.mp4
s3t3d2y7.ackcdn.net/library/249996/ Frame AA74
6 MB
0
Media
General
Full URL
https://s3t3d2y7.ackcdn.net/library/249996/07e8d03bfd7749d72b8c66a959ffe060c9e193e2.mp4
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash

Request headers

Referer
https://brandnewadserving.blogspot.com/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Range
bytes=0-

Response headers

Date
Fri, 08 Oct 2021 15:03:44 GMT
Last-Modified
Wed, 21 Nov 2018 02:45:16 GMT
Access-Control-Allow-Origin
*
ETag
"1542768316"
X-HW
1633705423.dop040.fr8.t,1633705423.cds247.fr8.shn,1633705424.dop040.fr8.t,1633705424.cds227.fr8.c
Content-Type
video/mp4
Content-Range
bytes 0-11879174/11879175
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
11879175
ad-provider.js
a.exdynsrv.com/ Frame 5194
84 KB
24 KB
Script
General
Full URL
https://a.exdynsrv.com/ad-provider.js
Requested by
Host: a.exdynsrv.com
URL: https://a.exdynsrv.com/iframe.php?idzone=4374828&size=300x250
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
nginx /
Resource Hash
2e68298e283c3c9a93306b565c7b0c16100c4e3faced7cd1d649e2219aa09816

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.exdynsrv.com/iframe.php?idzone=4374828&size=300x250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:44 GMT
Content-Encoding
gzip
Server
nginx
etag
W/"da94fa894df5be1ff9e1abeab97"
X-HW
1633705424.dop040.fr8.shc,1633705424.dop040.fr8.t,1633705424.cds124.fr8.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=10800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
23711
api.php
syndication.exdynsrv.com/v1/ Frame 5194
1 KB
1 KB
XHR
General
Full URL
https://syndication.exdynsrv.com/v1/api.php
Requested by
Host: a.exdynsrv.com
URL: https://a.exdynsrv.com/ad-provider.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
95.211.229.246 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
1019560eaf6ea6f32022b146382926f3520a2bb3cd4940ede30084ab75548c6f

Request headers

Referer
https://a.exdynsrv.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Fri, 08 Oct 2021 15:03:44 GMT
Access-Control-Request-Method
POST
Server
nginx
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
https://a.exdynsrv.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Encoding
gzip
Access-Control-Allow-Headers
Authorization, Content-Type
vregister.php
syndication.exdynsrv.com/ Frame AA74
0
794 B
Image
General
Full URL
https://syndication.exdynsrv.com/vregister.php?a=vimp&tracking_event=impression&idzone=4375726&f3cea881c56540ab0b717b2a3711ec97=tsVuZ8uHLjt48NvDxq48fXDn66dNdlTlK8E.fLj23cefHdx49N3Lpw1tTWS104ZgAo64G42JXrGHnM.vLXVBW4u_NVXKxI5nx5c5JrYHKuO6RzXA2w3a5TXBU5Tny6efPntrgbnsZjgqfcpz78.nLx01wN1QVuZ.eHXl24a4G8ZpXM.nPv178u2uBtpitx6anDPrx464G2mJJ2IHpc.nLxx8ceWuBu1imBiuCaXPp468OXjz21wNzVZ9OGuBtmma6pynPlrgbbctgacz4a4G2mKaYHKc.GuBuCqfPp17eddVjOfDXaxHY5nw3cOOuexmOCp9ylelitzPzw1z2MxwVPuUrtWU0uStYZgona2mJJ2IHpV2rKaXJWsM0TwNbl7T7Erzi9cy89jMcFT7lOfDd47ctbl7T7Erzi9cy8rld01MWfHWw2vXhO5nx8a3ZqZGK89cDcrld01MWfHW1NZLXTgvNTA9BKxHmACjrfrrnXvXdmpuYpbcbXdmpz1wNz0zN2NVrtMVuPTU4Z8eHLXPTA1BK8vJM25Hn01v11z1Z8ddTVLjkq9LlU0dlcE0ueuypyleBvPtx7cOrbfDn2Y6teN3fx55cunPt46d_PHzx4eNdlMa77FT.bnbj26uuNNMN8ejrXLl17cnWmenbo3w68O_XXBJPS5VVBNKvVWxXZVnw1wST0uVVQTSrwS2sRwNr0uMVTS58tdLjrlLlK9UFbi781VcrEjmbNLErcrlzDdTlNsEr25mOZ6qeavc1NJrYbZjmaiz4a4G5nXXKc.GuBuNiVuCV5edh5zPhrcvcasrgmlXrgkcz4buHHXA22xWw05LW5Tny1wNtMU0wOUr1TWUtOZ8Ncs1TVME9efDXBK1M9LBXMvJM25nw11uVVryTNuZ8NdLj0E0q7zk0rEji8DefLzw68.fDXPTNfgvVWxXZVnt464G52Ka5XKc.GtqCvBd5yaViRxeBvPl55devPnrlcrYasgrwXnpmvwXrwnczfmqrgle1yuVsNWQV4Lz0zX4LtuVNUwT1wTS52zy62G2Y5mol7XKc9cEk9LlVUE0q7Eca8EtrEcDa9LjFU0tWfLXVYzyz4a6rGeefDXU1TBPWvXhO5nrqapgnrXlYkcz11NUwT1r2uU562aZrqnKV7XKc_PPXbTnw1wS1uUysR58Ncsy7tkrdWfDXA3S5VPNLVBa4vGxhNZXnw1wNyWR1wYzSuZ8NdlTlK7TE88Er2fjXZU5Su0xPPBK8u7S5RY5K1hnx6dOGtyRiCNeCqfPhrtssgbz49ufPvw69OXTjy6dO_frx89e3Htw6tt8ObbfJnXXBI5VWxJPnx7c.ffh16cumtqaaKBxqaWpyWvPjA--
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
95.211.229.246 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://brandnewadserving.blogspot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:44 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
Access-Control-Allow-Credentials
true
Connection
keep-alive
cimp.php
syndication.exdynsrv.com/ Frame 5194
0
250 B
XHR
General
Full URL
https://syndication.exdynsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1PWW7DUAi8Si+QJwZ4W76TC7TKAeLltfmwU9VV5EocvthdQEIMzGiAiXEAHag8AUeSo6oxUoAgABpYyU7niykMLNP9cRsXhGm0iJJLsizKRa1S5ESmkrVw8SVMNUuuyWJMqUJ8ScZGnhpT3ZpARHCpnS/Pdnk5+aQkNjhNiFaO5P1mbiBXOaB106eedBxzjmjNSZWQvKLJ0LjPXbTN6BrGdfial49H6O/T7vtjWfPu8Dsw9tPFrztgBxwd2dt9+bzNr/Z4n825O9Gjyr/sL2FdR5T9k3YVarjGpEM3oHX9KJ2A8zcmJsg1YgEAAA==
Requested by
Host: a.exdynsrv.com
URL: https://a.exdynsrv.com/ad-provider.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
95.211.229.246 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.exdynsrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Fri, 08 Oct 2021 15:03:44 GMT
Content-Encoding
gzip
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
925033d2584fafdd733394525e1681dc91c46432.jpg
s3t3d2y7.ackcdn.net/library/518786/ Frame 5194
25 KB
25 KB
Image
General
Full URL
https://s3t3d2y7.ackcdn.net/library/518786/925033d2584fafdd733394525e1681dc91c46432.jpg
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
e7647c9fc9e17bd98d973d2e05919305ca2f1d43053e5a997e09d9f6954b1a1b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.exdynsrv.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:44 GMT
Last-Modified
Fri, 21 May 2021 09:49:59 GMT
ETag
"1621590599"
X-HW
1633705423.dop040.fr8.t,1633705423.cds289.fr8.shn,1633705424.dop040.fr8.t,1633705424.cds204.fr8.c
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
25271
p
ic.tynt.com/b/
0
227 B
Image
General
Full URL
https://ic.tynt.com/b/p?id=w!naocontoblog&lm=0&ts=1633705423468&dn=TC&iso=0
Requested by
Host: www.naoconto.com
URL: https://www.naoconto.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip33.67-202-105.static.steadfastdns.net
Software
nginx/1.16.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 15:03:44 GMT
cache-control
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires
"Sat, 26 Jul 1997 05:00:00 GMT"
server
nginx/1.16.1
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
optimus_rules.json
tags.crwdcntrl.net/lt/c/3825/
4 KB
1 KB
XHR
General
Full URL
https://tags.crwdcntrl.net/lt/c/3825/optimus_rules.json
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/3825/lt.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-4.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9933d7066a22669cd5d48d0051aa5f2d7ea91bad0a9223f3d7884e93c3ca8a28

Request headers

Referer
https://www.naoconto.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 08 Oct 2021 02:42:27 GMT
content-encoding
gzip
age
44478
x-amz-server-side-encryption
AES256
x-edge-origin-shield-skipped
0
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Tue, 16 Mar 2021 13:30:17 GMT
server
AmazonS3
etag
W/"6db43f44304c37d76768275ee4f01ba4"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
via
1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
cache-control
max-age: 86400
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
6WT9LtDRy-cY1tDcF3KTzAHWh2tq8ZJHzpLmAoXgyGQTo-e4hpB8gQ==
data
bcp.crwdcntrl.net/6/
307 B
1 KB
XHR
General
Full URL
https://bcp.crwdcntrl.net/6/data
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/3825/lt.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.140.199 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-140-199.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
3273c7b450218a028c16b51faad12ad2c3070cd79362c567626c647eaf0bdb17

Request headers

Referer
https://www.naoconto.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:44 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://www.naoconto.com
cache-control
no-cache
x-server
10.45.22.238
access-control-allow-credentials
true
content-type
application/json;charset=utf-8
content-length
307
expires
0
a
a.dtssrv.com/
0
565 B
Ping
General
Full URL
https://a.dtssrv.com/a?i=6D001633705423431082B73FB3F61724&k=lotpano&v=e3559731c7c35695775d2539ec7116d53938b8a5139e0d05ff74bde9d576b9d3
Requested by
Host: t.dtscout.com
URL: https://t.dtscout.com/i/?l=https%3A%2F%2Fwww.naoconto.com%2F&j=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.220.51 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.naoconto.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 08 Oct 2021 15:03:44 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pCa5IJjej6JM5RqdcXDpH7QQGJjAezZ6ioQn%2BUlKsQfIpQKtCWXbXF%2BKltki%2FaV7F2QM1Rr2BR6LoAi%2BVhmmLVTZ%2FHOz%2FgAgcgshFMN6v8WaZFVzv%2Fv43%2BnD472OqJo%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cf-ray
69b041f8cfa4412b-PRG
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
lt.iframe.html
tags.crwdcntrl.net/lt/shared/2/ Frame F362
2 KB
1 KB
Document
General
Full URL
https://tags.crwdcntrl.net/lt/shared/2/lt.iframe.html?c=3825
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/3825/lt.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-4.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
63cf7a38baaaaebc012cfc355797544949b60c040b5da57560f26d88502d1372

Request headers

:method
GET
:authority
tags.crwdcntrl.net
:scheme
https
:path
/lt/shared/2/lt.iframe.html?c=3825
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.naoconto.com/
accept-encoding
gzip, deflate, br
cookie
_cc_dc=1; _cc_id=eade51967f708c6f57e7ba85989bf4a3; _cc_cc="ACZ4XmNQSE1MSTU1tDQzTzM3sEg2SzM1TzVPSrQwtbSwTEozSTRmAILEhNgLIBoCePffb2Rn%2FCjL8J%2BRkeH4piksMPbHz5Yw5vI%2FhXAVRw8xw9iXTj1ig7F377ssAGN%2FaLgPZx9ePAdu4vQT6jAl75YghNdseMoNE5%2F4cYI2jA0AHl9CPA%3D%3D"; _cc_aud="ABR4XmNgYGBITIi9AKQggJmBgWsGmLmoFUQyPqwHkgBfjQUc"
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.naoconto.com/

Response headers

content-type
text/html
last-modified
Mon, 01 Feb 2021 20:35:17 GMT
x-amz-server-side-encryption
AES256
server
AmazonS3
x-edge-origin-shield-skipped
0
content-encoding
gzip
date
Fri, 08 Oct 2021 01:33:40 GMT
cache-control
max-age: 86400
etag
W/"6fcf4f5197ab24c92d090f6ac8d87e01"
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
drwicAHG67FFP20mT_HJ2W9SOSkI3gndRxphpFvZQy75nhsLuekcLQ==
age
48605
pixels
bcp.crwdcntrl.net/ Frame 3CCA
4 KB
4 KB
Document
General
Full URL
https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/shared/2/lt.iframe.html?c=3825
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.140.199 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-140-199.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2deb6b902d790d788fdc701f82dd8d37df5c10c1a3a6c041b964bdbcbbd07ea2

Request headers

:method
GET
:authority
bcp.crwdcntrl.net
:scheme
https
:path
/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://tags.crwdcntrl.net/
accept-encoding
gzip, deflate, br
cookie
_cc_dc=1; _cc_id=eade51967f708c6f57e7ba85989bf4a3; _cc_cc="ACZ4XmNQSE1MSTU1tDQzTzM3sEg2SzM1TzVPSrQwtbSwTEozSTRmAILEhNgLIBoCePffb2Rn%2FCjL8J%2BRkeH4piksMPbHz5Yw5vI%2FhXAVRw8xw9iXTj1ig7F377ssAGN%2FaLgPZx9ePAdu4vQT6jAl75YghNdseMoNE5%2F4cYI2jA0AHl9CPA%3D%3D"; _cc_aud="ABR4XmNgYGBITIi9AKQggJmBgWsGmLmoFUQyPqwHkgBfjQUc"
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://tags.crwdcntrl.net/

Response headers

date
Fri, 08 Oct 2021 15:03:44 GMT
content-type
text/html
content-length
3684
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control
no-cache
pragma
no-cache
expires
0
x-server
10.45.10.135
server
Jetty(9.4.38.v20210224)
UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 3CCA
0
166 B
Image
General
Full URL
https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&rd=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D240%2Ftp%3DPUBM%2Ftpid%3D%23PM_USER_ID
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 15:03:43 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
pixel
cm.g.doubleclick.net/ Frame 3CCA
Redirect Chain
  • https://id5-sync.com/s/19/9.gif?puid=eade51967f708c6f57e7ba85989bf4a3&gdpr=1
  • https://id5-sync.com/c/19/19/9/1.gif?puid=eade51967f708c6f57e7ba85989bf4a3&gdpr=1&gdpr_consent=
  • https://bcp.crwdcntrl.net/map/c=1882/tp=BKAI/gdpr=1/gdpr_consent=?https://tags.bluekai.com/site/5907?limit=0&id=${masked_profileid}&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F19%2F321%2F8%2F2.gif%3Fpui...
  • https://tags.bluekai.com/site/5907?limit=0&id=3b762b24c6485f69d94679a40833c802&redir=https://id5-sync.com/c/19/321/8/2.gif?puid=$_BK_UUID&gdpr=1&gdpr_consent=
  • https://id5-sync.com/c/19/321/8/2.gif?puid=$_BK_UUID
  • https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODM4ODY2Ni90LzI/dpuid/ID5-ZHMOmLZav-qNiX5mETBsLHYAG1xtttZfvC3oNcaS9g/url/https%3A%2F%2Fid5-sync.com%2Fc%2F19%2F224%2F7%2F3.gif%3Fpuid%3D%24%21%7BTURN_...
  • https://id5-sync.com/c/19/224/7/3.gif?puid=8552321638128959053&gdpr=1&gdpr_consent=&gdpr=1&gdpr_consent=
  • https://sync.crwdcntrl.net/map/c=2831/tp=GDMP?https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=${base64_profileid}&google_redir={xENCODEDURL}&id5id=ID5-ZHMOmLZav-qNiX5mETBsLHYAG1x...
  • https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=ZWFkZTUxOTY3ZjcwOGM2ZjU3ZTdiYTg1OTg5YmY0YTM&google_redir={xENCODEDURL}&id5id=ID5-ZHMOmLZav-qNiX5mETBsLHYAG1xtttZfvC3oNcaS9g
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=ZWFkZTUxOTY3ZjcwOGM2ZjU3ZTdiYTg1OTg5YmY0YTM&google_redir={xENCODEDURL}&id5id=ID5-ZHMOmLZav-qNiX5mETBsLHYAG1xtttZfvC3oNcaS9g
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:45 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:45 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=ZWFkZTUxOTY3ZjcwOGM2ZjU3ZTdiYTg1OTg5YmY0YTM&google_redir={xENCODEDURL}&id5id=ID5-ZHMOmLZav-qNiX5mETBsLHYAG1xtttZfvC3oNcaS9g
cache-control
no-cache
x-server
10.45.6.195
content-length
0
expires
0
generic
match.adsrvr.org/track/cmf/ Frame 3CCA
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=lotame&ttd_tpi=1&gdpr=1
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a97adde81b00f2ca4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:44 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
tpid=9e887eae-a400-4d21-9d86-f55d04bdc314
sync.crwdcntrl.net/map/c=10158/tp=TPAD/ Frame 3CCA
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=LOTAME&partner_device_id=eade51967f708c6f57e7ba85989bf4a3&gdpr=1&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPAD%2Ftp...
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=LOTAME&partner_device_id=eade51967f708c6f57e7ba85989bf4a3&gdpr=1&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPA...
  • https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=9e887eae-a400-4d21-9d86-f55d04bdc314
49 B
264 B
Image
General
Full URL
https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=9e887eae-a400-4d21-9d86-f55d04bdc314
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.103.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-103-128.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:44 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.12.57
content-type
image/gif
content-length
49
expires
0

Redirect headers

location
https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=9e887eae-a400-4d21-9d86-f55d04bdc314
date
Fri, 08 Oct 2021 15:03:44 GMT
via
1.1 google
alt-svc
clear
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
sync.gif
dmp.truoptik.com/f2d2e39fc16bc9cc/ Frame 3CCA
0
0
Image
General
Full URL
https://dmp.truoptik.com/f2d2e39fc16bc9cc/sync.gif?cbp=tpid&cbk=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10832%2Ftp%3DTRUP
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.91.60 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

/
loadm.exelator.com/load/ Frame 3CCA
Redirect Chain
  • https://loadm.exelator.com/load/?p=204&g=260&buid=eade51967f708c6f57e7ba85989bf4a3&j=0
  • https://loadm.exelator.com/load/?p=204&g=260&buid=eade51967f708c6f57e7ba85989bf4a3&j=0&xl8blockcheck=1
0
751 B
Image
General
Full URL
https://loadm.exelator.com/load/?p=204&g=260&buid=eade51967f708c6f57e7ba85989bf4a3&j=0&xl8blockcheck=1
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.143.3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-143-3.eu-west-1.compute.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 15:03:44 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

Redirect headers

date
Fri, 08 Oct 2021 15:03:44 GMT
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location
https://loadm.exelator.com/load/?p=204&g=260&buid=eade51967f708c6f57e7ba85989bf4a3&j=0&xl8blockcheck=1
cache-control
no-cache
access-control-allow-credentials
true
content-type
image/gif
content-length
0
t
px.surveywall-api.survata.com/ Frame 3CCA
0
0

tpid=73096472898246596503020186392504893101
sync.crwdcntrl.net/map/c=9828/tp=ADBE/ Frame 3CCA
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=121998&dpuuid=eade51967f708c6f57e7ba85989bf4a3&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D9828%2Ftp%3DADBE%2Ftpid%3D%24%7BDD_UUID%7D
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=121998&dpuuid=eade51967f708c6f57e7ba85989bf4a3&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D9828%2Ftp%3DADBE%2Ftpid%3D%24%7BDD_UUID%7D
  • https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/tpid=73096472898246596503020186392504893101
49 B
265 B
Image
General
Full URL
https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/tpid=73096472898246596503020186392504893101
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.103.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-103-128.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:44 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.19.190
content-type
image/gif
content-length
49
expires
0

Redirect headers

DCS
dcs-prod-irl1-2-v018-0bb0f02a6.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
9y4+DTkTTI8=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/tpid=73096472898246596503020186392504893101
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
identity
c.cintnetworks.com/ Frame 3CCA
0
328 B
Image
General
Full URL
https://c.cintnetworks.com/identity?a=5461&id=Lotame:eade51967f708c6f57e7ba85989bf4a3
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.144.7.192 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:44 GMT
Vary
Origin
P3P
CP="This is not a P3P policy! See https://cint.com/cookie-usage/ for more info."
Arr-Disable-Session-Affinity
true
Cache-Control
max-age=60, private, must-revalidate
Access-Control-Allow-Credentials
true
Keep-Alive
timeout=5
Content-Length
0
usermatch.gif
beacon.krxd.net/ Frame 3CCA
0
338 B
Image
General
Full URL
https://beacon.krxd.net/usermatch.gif?partner=lotame&partner_uid=eade51967f708c6f57e7ba85989bf4a3
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.240.156.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-240-156-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 15:03:44 GMT
cache-control
private, no-cache, no-store
x-request-time
D=96 t=1633705424
x-served-by
beacon-n004-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
image.sbxx
ib.mookie1.com/ Frame 3CCA
Redirect Chain
  • https://global.ib-ibi.com/image.sbxx?go=262106&pid=420&xid=eade51967f708c6f57e7ba85989bf4a3
  • https://ib.mookie1.com/image.sbxx?go=262106&pid=420&xid=eade51967f708c6f57e7ba85989bf4a3
120 B
992 B
Image
General
Full URL
https://ib.mookie1.com/image.sbxx?go=262106&pid=420&xid=eade51967f708c6f57e7ba85989bf4a3
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.58.232.177 , United States, ASN13649 (ASN-VINS, US),
Reverse DNS
be31-199.crrt01.las04.flexential.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
42b601bc0d93dfca6e350b46d113bf8e7ff9e40a87a0c57ab9b3c9c219062423

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 Oct 2021 15:03:45 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
p3p
CP=\"DSP COR ADM DEV PSA PSD OUR\", CP="DSP COR ADM DEV PSA PSD OUR"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
X-Server
LAS12
Content-Type
image/png
Content-Length
120
Expires
-1

Redirect headers

Date
Fri, 08 Oct 2021 15:04:00 GMT
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Location
https://ib.mookie1.com:443/image.sbxx?go=262106&pid=420&xid=eade51967f708c6f57e7ba85989bf4a3
p3p
CP="DSP COR ADM DEV PSA PSD OUR"
Access-Control-Allow-Origin
*
Cache-Control
private
X-Server
NY07
Content-Type
text/html; charset=utf-8
Content-Length
217
tpid=164861103933000249613
bcp.crwdcntrl.net/5/c=368/tp=NEUS/ Frame 3CCA
Redirect Chain
  • https://aa.agkn.com/adscores/g.pixel?sid=9202276048
  • https://bcp.crwdcntrl.net/5/c=368/tp=NEUS/tpid=164861103933000249613
49 B
510 B
Image
General
Full URL
https://bcp.crwdcntrl.net/5/c=368/tp=NEUS/tpid=164861103933000249613
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.140.199 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-140-199.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:44 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.7.87
content-type
image/gif
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:44 GMT
server
AAWebServer
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location
https://bcp.crwdcntrl.net/5/c=368/tp=NEUS/tpid=164861103933000249613
cache-control
no-cache, no-store, must-revalidate
content-length
0
expires
0
utsync.ashx
ml314.com/ Frame 3CCA
43 B
422 B
Image
General
Full URL
https://ml314.com/utsync.ashx?eid=50146&et=0&fp=eade51967f708c6f57e7ba85989bf4a3&gdpr=1
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.247.104.176 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-104-176.eu-west-1.compute.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 Oct 2021 15:03:44 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
p3P
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
0,Sat, 09 Oct 2021 11:03:44 GMT
tpid=0-3d6f8767-3c99-46fd-630f-7d834ea2c0b8$ip$216.131.114.240
bcp.crwdcntrl.net/map/c=6569/tp=STKA/ Frame 3CCA
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=lotame
  • https://bcp.crwdcntrl.net/map/c=6569/tp=STKA/tpid=0-3d6f8767-3c99-46fd-630f-7d834ea2c0b8$ip$216.131.114.240
49 B
265 B
Image
General
Full URL
https://bcp.crwdcntrl.net/map/c=6569/tp=STKA/tpid=0-3d6f8767-3c99-46fd-630f-7d834ea2c0b8$ip$216.131.114.240
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.140.199 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-140-199.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:45 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.31.118
content-type
image/gif
content-length
49
expires
0

Redirect headers

Location
https://bcp.crwdcntrl.net/map/c=6569/tp=STKA/tpid=0-3d6f8767-3c99-46fd-630f-7d834ea2c0b8$ip$216.131.114.240
Date
Fri, 08 Oct 2021 15:03:45 GMT
Connection
keep-alive
Content-Length
130
Content-Type
text/html; charset=utf-8
tpid=CI-5f4ae7a25215e04e8ad69a006a10589d
bcp.crwdcntrl.net/map/c=6220/tp=TRMR/ Frame 3CCA
Redirect Chain
  • https://dt-secure.videohub.tv/v1/usync/lo
  • https://bcp.crwdcntrl.net/map/c=6220/tp=TRMR/tpid=CI-5f4ae7a25215e04e8ad69a006a10589d
49 B
265 B
Image
General
Full URL
https://bcp.crwdcntrl.net/map/c=6220/tp=TRMR/tpid=CI-5f4ae7a25215e04e8ad69a006a10589d
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.140.199 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-140-199.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:45 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.22.238
content-type
image/gif
content-length
49
expires
0

Redirect headers

Location
https://bcp.crwdcntrl.net/map/c=6220/tp=TRMR/tpid=CI-5f4ae7a25215e04e8ad69a006a10589d
Date
Fri, 08 Oct 2021 15:03:45 GMT
useSecure
true
Server
nginx/1.20.1
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
qmap
sync.crwdcntrl.net/ Frame 3CCA
Redirect Chain
  • https://sync.mathtag.com/sync/img?sync=auto&mt_exid=10040&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D4735%26tp%3DMDMA%26tpid%3D%5BMM_UUID%5D
  • https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=01386160-5dd0-4900-8d24-4ebe87496647
49 B
264 B
Image
General
Full URL
https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=01386160-5dd0-4900-8d24-4ebe87496647
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.103.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-103-128.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:44 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.27.78
content-type
image/gif
content-length
49
expires
0

Redirect headers

Date
Fri, 08 Oct 2021 15:03:44 GMT
Server
MT3 3984 0e3af3b master cdg-pixel-x26 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=01386160-5dd0-4900-8d24-4ebe87496647
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Fri, 08 Oct 2021 15:03:43 GMT
tpid=a3756f98-31ca-4ac4-a392-e9d1a69dc1d1-61605dd1-5553
sync.crwdcntrl.net/map/c=1389/tp=STSC/ Frame 3CCA
Redirect Chain
  • https://pixel-sync.sitescout.com/connectors/lotame/usersync?redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1389%2Ftp%3DSTSC%2Ftpid%3D%24UUID
  • https://pixel-sync.sitescout.com/connectors/lotame/usersync?cookieQ=1&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1389%2Ftp%3DSTSC%2Ftpid%3D%24UUID
  • https://sync.crwdcntrl.net/map/c=1389/tp=STSC/tpid=a3756f98-31ca-4ac4-a392-e9d1a69dc1d1-61605dd1-5553
49 B
264 B
Image
General
Full URL
https://sync.crwdcntrl.net/map/c=1389/tp=STSC/tpid=a3756f98-31ca-4ac4-a392-e9d1a69dc1d1-61605dd1-5553
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.103.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-103-128.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:45 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.13.85
content-type
image/gif
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:44 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://sync.crwdcntrl.net/map/c=1389/tp=STSC/tpid=a3756f98-31ca-4ac4-a392-e9d1a69dc1d1-61605dd1-5553
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
tpid=YWBd0AAHjWKIJAAT&_test=YWBd0AAHjWKIJAAT
sync.crwdcntrl.net/map/c=1811/tp=TBMG/ Frame 3CCA
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/bsTd8NdE?redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1811%2Ftp%3DTBMG%2Ftpid%3D%24%7BTM_USER_ID%7D
  • https://sync-tm.everesttech.net/ct/upi/pid/bsTd8NdE?redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1811%2Ftp%3DTBMG%2Ftpid%3D%24%7BTM_USER_ID%7D&_test=YWBd0AAHjWKIJAAT
  • https://sync.crwdcntrl.net/map/c=1811/tp=TBMG/tpid=YWBd0AAHjWKIJAAT&_test=YWBd0AAHjWKIJAAT
49 B
265 B
Image
General
Full URL
https://sync.crwdcntrl.net/map/c=1811/tp=TBMG/tpid=YWBd0AAHjWKIJAAT&_test=YWBd0AAHjWKIJAAT
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.103.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-103-128.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:45 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.14.221
content-type
image/gif
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:45 GMT
via
1.1 varnish
server
Varnish
x-timer
S1633705425.052716,VS0,VE0
x-served-by
cache-hhn4049-HHN
x-cache
HIT
location
https://sync.crwdcntrl.net/map/c=1811/tp=TBMG/tpid=YWBd0AAHjWKIJAAT&_test=YWBd0AAHjWKIJAAT
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
pixel
cm.g.doubleclick.net/ Frame 3CCA
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=${base64_profileid}
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:44 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
5907
tags.bluekai.com/site/ Frame 3CCA
62 B
304 B
Image
General
Full URL
https://tags.bluekai.com/site/5907?limit=0&id=3b762b24c6485f69d94679a40833c802
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.215.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-215-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 15:03:45 GMT
Connection
keep-alive
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Content-Length
62
Content-Type
image/gif
g.json
aa.agkn.com/adscores/ Frame 3CCA
103 B
415 B
Script
General
Full URL
https://aa.agkn.com/adscores/g.json?sid=9202507693
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.169.90.17 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-169-90-17.eu-west-2.compute.amazonaws.com
Software
AAWebServer /
Resource Hash
e1ce17fd79478fbb0830c687ff4046c86993acb5fd14fc35b4fd29bed00ce94a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:44 GMT
server
AAWebServer
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control
no-cache, no-store, must-revalidate
content-type
application/json
content-length
103
expires
0
tpid=8552321638128959053
sync.crwdcntrl.net/map/c=10915/tp=TRNN/ Frame 3CCA
Redirect Chain
  • https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzQ4ODM4MC90LzI/dpuid/eade51967f708c6f57e7ba85989bf4a3/url/https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=$!%7BTURN_UUID%7D
  • https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=8552321638128959053
49 B
264 B
Image
General
Full URL
https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=8552321638128959053
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.103.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-103-128.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:45 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.19.29
content-type
image/gif
content-length
49
expires
0

Redirect headers

location
https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=8552321638128959053
pragma
no-cache
date
Fri, 08 Oct 2021 15:03:44 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
tp=ANXS
sync.crwdcntrl.net/map/c=281/rand=542501236/tpid=329121845835482116/ Frame 3CCA
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc=281%2Frand=542501236%2Ftpid%3D%24UID%2Ftp%3DANXS
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.crwdcntrl.net%252Fmap%252Fc%3D281%252Frand%3D542501236%252Ftpid%253D%2524UID%252Ftp%253DANXS
  • https://sync.crwdcntrl.net/map/c=281/rand=542501236/tpid=329121845835482116/tp=ANXS
49 B
264 B
Image
General
Full URL
https://sync.crwdcntrl.net/map/c=281/rand=542501236/tpid=329121845835482116/tp=ANXS
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=136%2C135%2C116%2C106%2C104%2C100%2C95%2C94%2C92%2C80%2C78%2C65%2C61%2C54%2C45%2C38%2C33%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.103.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-103-128.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 15:03:45 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.17.85
content-type
image/gif
content-length
49
expires
0

Redirect headers

Pragma
no-cache
Date
Fri, 08 Oct 2021 15:03:45 GMT
X-Proxy-Origin
216.131.114.240; 216.131.114.240; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
e4d89bc0-efcb-4612-83dd-80b7526e8f79
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://sync.crwdcntrl.net/map/c=281/rand=542501236/tpid=329121845835482116/tp=ANXS
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
91abd95d-48c3-4e56-8b00-e33b1ad82b25
https://brandnewadserving.blogspot.com/ Frame AA74
191 KB
0
Other
General
Full URL
blob:https://brandnewadserving.blogspot.com/91abd95d-48c3-4e56-8b00-e33b1ad82b25
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
98fca6974ed8e6f0ff7d97130b2bfd9287da803aa6947390a1b2624e51a20b27

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Length
195845
Content-Type
text/javascript
db5c5bba-4694-4f0f-8e8b-cccb04e40c57
https://brandnewadserving.blogspot.com/ Frame AA74
191 KB
0
Other
General
Full URL
blob:https://brandnewadserving.blogspot.com/db5c5bba-4694-4f0f-8e8b-cccb04e40c57
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
98fca6974ed8e6f0ff7d97130b2bfd9287da803aa6947390a1b2624e51a20b27

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Length
195845
Content-Type
text/javascript
24674573-b5df-4015-877c-6801316566a9
https://brandnewadserving.blogspot.com/ Frame AA74
191 KB
0
Other
General
Full URL
blob:https://brandnewadserving.blogspot.com/24674573-b5df-4015-877c-6801316566a9
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
98fca6974ed8e6f0ff7d97130b2bfd9287da803aa6947390a1b2624e51a20b27

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Length
195845
Content-Type
text/javascript
b792fd53-5668-4220-8a43-bdcdbf41cbbc
https://brandnewadserving.blogspot.com/ Frame AA74
191 KB
0
Other
General
Full URL
blob:https://brandnewadserving.blogspot.com/b792fd53-5668-4220-8a43-bdcdbf41cbbc
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
98fca6974ed8e6f0ff7d97130b2bfd9287da803aa6947390a1b2624e51a20b27

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Length
195845
Content-Type
text/javascript

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
px.surveywall-api.survata.com
URL
https://px.surveywall-api.survata.com/t

Verdicts & Comments Add Verdict or Comment

210 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| onbeforexrselect boolean| originAgentCluster string| usp_case_sensitivity string| usp_challenge_response object| ParsleyConfig function| $ function| jQuery object| Validator object| ParsleyUI object| ParsleyExtend function| psly function| Parsley object| ParsleyUtils object| ParsleyValidator object| a2a_config object| a2a_localize string| GoogleAnalyticsObject function| ga object| _wau object| jQuery191011615583307879707 function| metaslider_67687 function| timer_metaslider_67687 number| w3tc_lazyload object| lazyLoadOptions function| _toConsumableArray function| _nonIterableSpread function| _iterableToArray function| _arrayWithoutHoles function| _extends function| _typeof function| LazyLoad object| WAU_ren function| WAU_small function| WAU_small_request function| WAU_r_s function| WAU_insert function| WAU_legacy_b function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_lrs function| WAU_cps function| docReady object| a2a object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| a object| cv object| _dtspv object| x string| x1 string| x2 object| Tynt object| _33Across function| __uspapi object| lotame_3825 number| char function| lotameIsCompatible function| lt3825_ba function| lt3825_b undefined| lt3825_c undefined| lt3825_ca undefined| lt3825_d function| lt3825_e function| lt3825_da function| lt3825_ea object| lt3825_fa object| lt3825_ object| lt3825_4 function| lt3825_aa function| lt3825_a function| lt3825_f function| lt3825_g function| lt3825_h function| lt3825_i function| lt3825_j function| lt3825_l function| lt3825_ga function| lt3825_k function| lt3825_m function| lt3825_n function| lt3825_o function| lt3825_p function| lt3825_q function| lt3825_r function| lt3825_s function| lt3825_t function| lt3825_u function| lt3825_ha function| lt3825_ia function| lt3825_w function| lt3825_ja function| lt3825_x function| lt3825_y function| lt3825_v function| lt3825_z function| lt3825_A function| lt3825_B function| lt3825_C function| lt3825_D function| lt3825_E function| lt3825_F function| lt3825_G function| lt3825_H function| lt3825_I function| lt3825_J function| lt3825_L function| lt3825_M function| lt3825_N function| lt3825_K function| lt3825_ka function| lt3825_la function| lt3825_P function| lt3825_O function| lt3825_Q function| lt3825_R function| lt3825_S function| lt3825_T function| lt3825_ma function| lt3825_na function| lt3825_oa function| lt3825_pa function| lt3825_U function| lt3825_V function| lt3825_W function| lt3825_qa function| lt3825_sa function| lt3825_ra function| lt3825_X function| lt3825_ta function| lt3825_ua function| lt3825_Y function| lt3825_Z function| lt3825__ function| lt3825_va function| lt3825_wa function| lt3825_xa function| lt3825_ya function| lt3825_0 function| lt3825_za function| lt3825_Aa function| lt3825_Ba function| lt3825_1 function| lt3825_Da function| lt3825_Ca function| lt3825_Ea function| lt3825_Fa function| lt3825_Ga function| lt3825_Ha function| lt3825_2 function| lt3825_3 function| lt3825_Ia function| lt3825_Ja function| lt3825_Ka function| lt3825_La function| lt3825_Ma function| lt3825_Na function| lt3825_Oa function| lt3825_Pa function| lt3825_Qa function| lt3825_5 function| lt3825_6 function| lt3825_Ta function| lt3825_Ua function| lt3825_Sa function| lt3825_Ra function| lt3825_Wa function| lt3825_Va function| lt3825_Ya function| lt3825_Xa function| lt3825_7 function| lt3825_Za function| lt3825__a function| lt3825_0a function| lt3825_1a function| lt3825_2a function| lt3825_4a function| lt3825_7a function| lt3825_6a function| lt3825_3a function| lt3825_9a function| lt3825_5a function| lt3825_8a function| lt3825_ab function| lt3825_$a function| lt3825_bb function| lt3825_8 function| lt3825_cb function| lt3825_db function| lt3825_eb function| lt3825_fb function| lt3825_gb function| lt3825_hb function| lt3825_ib function| lt3825_kb function| lt3825_$ function| lt3825_jb function| lt3825_lb function| lt3825_9

63 Cookies

Domain/Path Name / Value
.naoconto.com/ Name: _ga
Value: GA1.2.964182437.1633705423
.naoconto.com/ Name: _gid
Value: GA1.2.16303013.1633705423
.naoconto.com/ Name: _gat
Value: 1
.realsrv.com/ Name: __uvt
Value: a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2261605dcf367244.085298353018973221%22%3B%7D
.dtscout.com/ Name: m
Value: 1
.dtscout.com/ Name: st
Value: 1
.dtscout.com/ Name: oa
Value: 1
.dtscout.com/ Name: df
Value: 1633705423
.dtscout.com/ Name: l
Value: 6D001633705423431082B73FB3F61724
.naoconto.com/ Name: __dtsu
Value: 6D001633705423431082B73FB3F61724
.naoconto.com/ Name: lotame_domain_check
Value: naoconto.com
.realsrv.com/ Name: c-tag
Value: %7B%22tag-banner%22%3A%22v3%7C%7CDEU%7C4011498%7C40980835%7C0%7C%7C508%7C52%7C2%7C40%7C0%7C0%7C0%7C4569%7C2905330%7C2925533%7C0%7C0%7C2%7C2%7C0%7C0%7C1%7C0%7C0%7C1%7C61605dcf367244.085298353018973221%7C%7C0%7Cads.exosrv.com%7C%7C%7C0%7C0%7C0%7C93%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
.onaudience.com/ Name: cookie
Value: fd622c8ada70f5ea
.onaudience.com/ Name: done_redirects147
Value: 1
.adsrvr.org/ Name: TDID
Value: d9c2abb0-c5d2-4589-9f8e-3c6a3448428f
.adsrvr.org/ Name: TDCPM
Value: CAEYBSABKAIyCwi-373V8Z2FOhAFOAE.
.onaudience.com/ Name: done_redirects104
Value: 1
.dtscdn.com/ Name: uid
Value: 6D001633705423431082B73FB3F61724
.crwdcntrl.net/ Name: _cc_dc
Value: 1
.crwdcntrl.net/ Name: _cc_id
Value: eade51967f708c6f57e7ba85989bf4a3
.onaudience.com/ Name: done_redirects219
Value: 1
.zeotap.com/ Name: zc
Value: 08603385-95af-4a4e-7991-be667f31b3bd
.zeotap.com/ Name: zsc
Value: %D8%3F%F5%13%3D%CF%23%E8%80i%85%EE%FA%13P%E7%F8%F0%81%A3%BC%16%16j%D9%FE%E00%9A%2B9M%1E%AC%E4%D3%E5%08%8C%B2+%D9%9C%1F%ED%88%1F%E6%AF+%81W0Vm%5B%B28%9C%9Aa%23.%04%5BxX%04P%C4%06%E2%849b%0A%DB3%A5%C5%1D%F8%7C
.doubleclick.net/ Name: IDE
Value: AHWqTUmyi6hG-no7PJgIUmNUavf0v_HYy7uxVfllXZw4Af_zpJEkesNmCtoInoZp3LE
.exdynsrv.com/ Name: __uvt
Value: a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2261605dd036a5c8.78922436847919108%22%3B%7D
.exdynsrv.com/ Name: c-tag
Value: %7B%22tag-video%22%3A%22v3%7C%7CDEU%7C4375726%7C48502896%7C0%7C%7C511%7C52%7C2%7C40%7C0%7C0%7C0%7C4569%7C2905330%7C2925533%7C0%7C0%7C2%7C2%7C0%7C0%7C1%7C0%7C0%7C1%7C61605dd036a5c8.78922436847919108%7C%7C0%7Cbrandnewadserving.blogspot.com%7C%7C%7C0%7C0%7C0%7C93%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
.exdynsrv.com/ Name: impressions
Value: x%9C%7D%CEM%0A%021%0C%86%E1%BBt%3D%85%7C%F9k%E2U%C4%1B%0C%EE%5C%89w7E%A4%C3%08n%C3%937y61q%11%E92%2C%D3H%DA%E5%8A%0D5r%C6+%DD%1AT%A9%DD%B6%A6%EE%CA%E2%DDm0%87%D3%82%82%60%3B%40K.%D3%AB%E7%23%3C%FE%40v0%CF%22%06%F0%03%EF%8F%7D%9FL%92%92%BD%1B%28%AB%EB%8B%292e%F5%24kshW%26K%80%CE%F0%DB%83%B2WO%0B%0B%C9%E1lZ%C4%F1%BF%82%19%D53%A9%DE%D03%9Cn2%0E%04%B8k%18q%E4%FAo%90%29%EB%87%BD%DEx%0BK%F8
.crwdcntrl.net/ Name: _cc_cc
Value: "ACZ4XmNQSE1MSTU1tDQzTzM3sEg2SzM1TzVPSrQwtbSwTEozSTRmAILEhNgLIBoCePffb2Rn%2FCjL8J%2BRkeH4piksMPbHz5Yw5vI%2FhXAVRw8xw9iXTj1ig7F377ssAGN%2FaLgPZx9ePAdu4vQT6jAl75YghNdseMoNE5%2F4cYI2jA0AHl9CPA%3D%3D"
.naoconto.com/ Name: _cc_id
Value: eade51967f708c6f57e7ba85989bf4a3
.naoconto.com/ Name: panoramaId_expiry
Value: 1634310224640
.naoconto.com/ Name: panoramaId
Value: e3559731c7c35695775d2539ec7116d53938b8a5139e0d05ff74bde9d576b9d3
.tapad.com/ Name: TapAd_TS
Value: 1633705424812
.tapad.com/ Name: TapAd_DID
Value: 9e887eae-a400-4d21-9d86-f55d04bdc314
.id5-sync.com/ Name: cf
Value:
.id5-sync.com/ Name: cip
Value:
.id5-sync.com/ Name: cnac
Value:
.id5-sync.com/ Name: car
Value:
.id5-sync.com/ Name: gdpr
Value:
.id5-sync.com/ Name: callback
Value:
.id5-sync.com/ Name: id5
Value: 5f513d43-e97b-412c-b8f7-4872d50262d9#1633705419810#2
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
.agkn.com/ Name: ab
Value: 0001%3Aja89jyObPtlj%2F4mf3t5X8kF08ER61DLe
.exelator.com/ Name: EE
Value: "2576b11a24ce401acc11d8aa5b147b71"
.krxd.net/ Name: _kuid_
Value: OaKarJaN
.demdex.net/ Name: demdex
Value: 73096472898246596503020186392504893101
.exelator.com/ Name: ud
Value: "eJxrXxzq6XKLQcHI1NwsydAw0cgkOdXEwDAxOdnQMMUiMdE0ydDEPMnccHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq0yNJ4SX5RZvoiF9fFRSlpDItKik8F7zMwBwBvZClt"
.crwdcntrl.net/ Name: _cc_aud
Value: "ABR4XmNgYGBITIi9AKQggJmBYVErmMk1A0QyPqwHkgBjMAUc"
.dpm.demdex.net/ Name: dpm
Value: 73096472898246596503020186392504893101
.mathtag.com/ Name: uuid
Value: 01386160-5dd0-4900-8d24-4ebe87496647
.adnxs.com/ Name: uuid2
Value: 329121845835482116
.sitescout.com/ Name: ssi
Value: a3756f98-31ca-4ac4-a392-e9d1a69dc1d1#1633705425005
.sitescout.com/ Name: _ssuma
Value: eyI3IjoxNjMzNzA1NDI1MDMyfQ
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YWBd0AAHjWKIJAAT
.turn.com/ Name: uid
Value: 8552321638128959053
.id5-sync.com/ Name: 3pi
Value: 224#1633705420103#1997618277|321#1633705420075#-1897356074|19#1633705419825#302993297#eade51967f708c6f57e7ba85989bf4a3|398#1633705420103#1998683128
global.ib-ibi.com/ Name: ASP.NET_SessionId
Value: 4jsmxqxaftyaoi1lntdqmh4a
.videohub.tv/ Name: UIXX_UPDT
Value: "UILO=1633705425142"
.videohub.tv/ Name: uid
Value: CI-5f4ae7a25215e04e8ad69a006a10589d
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-3d6f8767-3c99-46fd-630f-7d834ea2c0b8.RqgdK9X8lvJFta2KckEaA1R8DKWUquHWzC4z9s60eXU
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3A0-3d6f8767-3c99-46fd-630f-7d834ea2c0b8%24ip%24216.131.114.240.ydIyK8gq3FIpkjkdq1BFxGCf7Dt7vHC0xappzCaMMjs
ib.mookie1.com/ Name: ASP.NET_SessionId
Value: l40gqb4pp1axhqrk3hkllbha
.ib.mookie1.com/ Name: ibkukiuno
Value: s=cd466da3-98b1-436e-bb92-b3450396c590&h=&v=7139002243&l=-8585679014594308311&op=&hl=0&vlu=3&tcs=1&dcc=-8585679014594308311
.ib.mookie1.com/ Name: ibkukinet
Value: 3632493296=-8585679014594308311

2 Console Messages

Source Level URL
Text
network error URL: https://px.surveywall-api.survata.com/t
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://dmp.truoptik.com/f2d2e39fc16bc9cc/sync.gif?cbp=tpid&cbk=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10832%2Ftp%3DTRUP
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2.bp.blogspot.com
a.dtssrv.com
a.exdynsrv.com
a.exosrv.com
a.realsrv.com
aa.agkn.com
ads.exosrv.com
bcp.crwdcntrl.net
beacon.krxd.net
bidvancedisplay.blogspot.com
brandnewadserving.blogspot.com
c.cintnetworks.com
cdn.tynt.com
cm.g.doubleclick.net
d.turn.com
de.tynt.com
dmp.truoptik.com
dpm.demdex.net
dt-secure.videohub.tv
fonts.gstatic.com
global.ib-ibi.com
go.bidvance.com
go.eabids.com
go.goasrv.com
ib.mookie1.com
ic.tynt.com
id5-sync.com
image6.pubmatic.com
loadm.exelator.com
match.adsrvr.org
ml314.com
mwzeom.zeotap.com
pd.sharethis.com
pixel-sync.sitescout.com
pixel.onaudience.com
pixel.tapad.com
px.surveywall-api.survata.com
s3t3d2y7.ackcdn.net
secure.adnxs.com
spl.zeotap.com
static.addtoany.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.crwdcntrl.net
sync.mathtag.com
sync.srv.stackadapt.com
syndication.exdynsrv.com
syndication.exosrv.com
syndication.realsrv.com
t.dtscdn.com
t.dtscout.com
tags.bluekai.com
tags.crwdcntrl.net
trustiseverything.de
waust.at
webstats1.com
whos.amung.us
www.blogger.com
www.google-analytics.com
www.google.com
www.n1internet.com
www.naoconto.com
px.surveywall-api.survata.com
104.111.215.191
104.16.91.60
104.18.28.199
104.21.79.235
104.22.24.87
104.22.71.197
104.26.5.7
142.250.181.226
142.250.184.228
142.250.185.174
143.204.98.4
151.101.2.49
158.69.139.226
158.69.58.139
172.217.23.97
172.67.220.51
18.169.90.17
18.195.98.10
185.29.134.248
185.64.190.78
199.127.207.184
205.185.216.42
208.100.17.185
216.58.212.131
216.58.212.161
216.58.212.169
217.22.19.194
217.22.19.196
34.240.156.207
34.247.104.176
34.254.143.3
35.227.248.159
37.120.165.226
37.252.173.22
45.55.96.63
46.228.164.13
51.144.7.192
51.210.112.236
51.81.43.93
52.18.85.49
52.208.103.128
52.30.140.199
54.36.109.22
54.81.207.173
64.58.232.177
66.102.1.154
66.155.71.149
67.202.105.33
67.202.94.86
69.169.86.38
76.223.111.131
95.211.229.245
95.211.229.246
007e772557ca493d05b91b986e33f183780b819c501553b568832f5fa86a5d59
0298a25db873588e37945ece2b90e9f573dda86bfc84ae9f3efb8c3fbdcbce84
043b55b624ab3f8e6ee172f17db6732cae4f39b6892b770217fc078716d04bb8
0a717f71433cf5fead2968a7b7118154a1caa7a528f8a5c746f2715f7fffeb4a
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
1019560eaf6ea6f32022b146382926f3520a2bb3cd4940ede30084ab75548c6f
175a56080fba5d3171215d60e431dd45e92dc01848f43a0a37ed0853cf6494cc
17cd3a658bc6beaae96c2e4f9637e70232c83d57e759547ce1af3f524b9f9c71
195182403b2e9d2a0779903fdd87cf7b9047f6a8253d9d12f12e991e2714ca36
1a54a1907a6443e3c81608130bfed4546eb0ce5d0c8897e1d7a3b43d89ecc367
1d41ff3d7b1725f883c9895ce9dfabff286acf48aa1f4a3a76cbf881ff17a87e
2347066080fea31af55c7112dca5245ea3eea67df5f24f1daae09f0870fbce62
23a3266ccdb426d8217063a3dfff6ba8fbf2a7558ebff93d9e8a83d81b0ec144
25bb6debf4a40c3b76fa6bb82797f455aed87d328de1c014db1adf2003d4f39b
25ed4e3f92d17bc60fac51838b1b3650e17a07e289ac1c08b7e37abf03d76360
272ff697c2e158481e2ca7fca0b8dc6dcf7dfe597ee2e46cd99c557acb5b631e
2deb6b902d790d788fdc701f82dd8d37df5c10c1a3a6c041b964bdbcbbd07ea2
2e68298e283c3c9a93306b565c7b0c16100c4e3faced7cd1d649e2219aa09816
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
32019bcd8e4622afd99a8fbabcc88425e0b1af84e0c3c93ba5846ec17121b580
3273c7b450218a028c16b51faad12ad2c3070cd79362c567626c647eaf0bdb17
39ab3cb7b56fbfe724adf9845d6d49fb59794cc92605714aa31a363b6e789f35
3aa263cb1581ae9536b8f7a8a7d4ae1406da51e87e67a9ca74a9b729c50fb159
3b050e36b5d8bf8b26604266afcfb5f4a19019a38d960c3115e9d6815c0ee25f
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
405c318755776d9dd2225a6550ca71d7d9bff73172f66b8b1a57827a66c5399b
429ecbc324b2f11737dd4870896dd12ef17ff348b0ac2424acfdb21448867180
42b601bc0d93dfca6e350b46d113bf8e7ff9e40a87a0c57ab9b3c9c219062423
4335fe9589534b7e0d42f5a1cf6f490188a8f459c13755c5bc75165a163853c1
46813faf98552647526e752b3939874abf326b1991479f18e542a66f56d62dfd
46de71e15435d484e2a7bfd6ef6a81a85335e1fca88cd8efa9821ca7f02a2ec9
47ab9aaca3b68e9a9f785c953ca380647caeff143f44e96fa25b5171e4bad9a0
4c730360675316a2e7765d587fd00bfa4970daf6d20e5a8b6ede030daefccf4d
4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080
4cf635ab95445c9b928e4a779b3752d3b1a0cc32138be5a72f37ab4c2cc08c63
4e0215276642a04d5e2652b438258f5e67d53c02d9bbaa30fe03ebcf8d879a4d
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
51d9d7a3046e3ba2e7795781119b9b4a620e01ac102747426a7a3d378b3c69b5
526b6b495c75ff59d747392c2a94de9aa4f4652898141fd6653f061d935f35e4
5272d399b9d8701546ef72041b5eb81c8eba1de96e5d8dd82850d5142e3063b5
54027a92a68deb2438218170df0f8733ca15dc7955fe69abd7c6214dd8adfa3a
54d80d30fb25aa2c8a193dd739648b836507caff0dd0cee9476da842f7756e31
5be6e6a954c6e5b5d9024956e7d05dc42e1605f0ab3739ef4e182842e723d4f9
5d85fa0506a643634412580088faebba43f3d22cec265ea4846226664eee3661
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
62568b8b86cbd37dfce8c97d0cc792af0ff436795c1be256a7f9515d34f09e5f
6267e8428c706c3797e2685f4981eb41e7dbf4ce1d0591b1bdbe6859210ca8a1
62f143c00467b26acaf588d89f63212a0a8e1a6047a43697bde4ed9cf58fb6bd
63cf7a38baaaaebc012cfc355797544949b60c040b5da57560f26d88502d1372
649592d5e5a80db38bf07f722819ce26f9382a2c684c12fe85d3f7b4a4d7263d
6512e9bcb1e39103ef7a2045c783585ca5dc393074076c82610f995fda1e308c
68d0b09cd3be99184b8002b120a86c03579a9846dc5761305b7fc62745f35942
6ce02cb81b0d233494c33696166486436d3ae1bdd9a8dcfb6e4f988b247eee50
71d3b53f5fc2d9ff983184f539a0c8b9991c31af89b3448ab7475c1ef94e6124
745ee8325d0778336e2c48e1ad3ff31618ca9dd19114e82e21f3760638866a49
78fc2a0b80596cc038ef609a9b35d08be728af67019714f3c8fe846c23c86b02
7aab4d01cb68713080b2f1ab62b1b417f19d16d549e33b1502e8baadbff67643
7acf995b594e2600bcff91aa14032f1f88eb2db34d5cfdfce041523c8b3a14ac
7cf483700f40cd3a8bf766562d4f28238d61271166edbb9b87023faf9a62335d
7e03b41e7e67ee68b43b89b01571baeef19a6c51ab9c25fbb099711e53609ece
7e667af5eb6576eb8860742a36dde776a7f0907ef62e46dcf369444a1ffcfa68
7fac51a6e219c75619b5b42eca9e3b5250b8fae126cb4758a7d1c17d83dae87d
856d55d5417497e858d7f3629fb043bb083c0bec165848b75d4e549afd49d230
87d69594b0213aa48cf590741bc4688061752f28e11b8e74094de8e580f1fe52
8b0f3477e3f27cdad0ca7a87ac7f380e5c91b44414623989973ef9ced922eaf0
8ba12559b38d69b8d7a91ba3427cbc298e2c3c23bddf5192a1f1be6e19d28f0e
8bf33f7b9cd2d7a98bfad2ac9923cb22bbc670f988168419d6b5814c075452e9
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e041a1148e3cb51460e7eb8abbdf50fc1fdef3b215e641ad00acbaee2611ad8
906c86aa7e5c48334423bfff0a6e43084ce93ac8221b443a8a7f202b0f3e4ee3
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
98fca6974ed8e6f0ff7d97130b2bfd9287da803aa6947390a1b2624e51a20b27
9933d7066a22669cd5d48d0051aa5f2d7ea91bad0a9223f3d7884e93c3ca8a28
9c3354db84e8ff80f4c5a5e293ad1cc497989d52c0f5682c2975c5666c6dd26f
9c7d4665de70746519c22f57686ac3f1e76d9204255a062bfaa7bd1537b37a35
a02e51f29079f8b833f1ffbe65ebb6b61e536879826333b5c255677b770486a4
a41f4165da1d78d05c5044755fa30cb28d8d19b4b3c9eea8be176615a6ea9178
a4c449e8f3a16a37f40f9c4694403578ab11ccb6b930cb9b622f32c8da10015e
a5a86a611c9a72b4fa6c6223593b51ea30ac724ab4159a5f8e7826a38644b6b9
a769166be88381ff553dd898537609ee8a973c37bd5ba3890d6ea0bb7fc2a41c
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
acad9ad0bd2f0273e71971a4ba205ee39146e230397b3d684e1e4c5b9bf523b1
acd25f566d27eac07c836c319ab3946af25236af2d6da294f03a8b95763fb3e2
ad49db676d1dc193c29b10a7812a8c69dc0f1910645af88d04841aa509bf9673
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b777137f619e64f81d36d168e35bfb18eecf65371e83493ae122efb38c0c2c9b
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c1e709dcd9af0c6a91ca1d48a561513c70ecdfc061c78afeaf3defb4d50f8411
c23a78e44228c6a5509bf106a21ed51b26fcd6bda274bd0aa88ec5d943f9eecd
c262ad55e3a4b60d496eae3bff9e319c908320e548387d948df108f38c01f4ae
c3d6319423ef3ff3eee189c33e86f52024330302f2ec084a6a9b91bdea1f6519
caf1f0657aef0f9f77f95a83b48bd2a83d3ecc7c22c3fed10b2acb5f781b0f41
cb8dcc1c739f349114292341d10b77c2a80ab92aabe5dc8863cadeb147021156
cd987675f51e1a77653e3a983bce95bdeccc5d138aad4e4ab68f9a9d88c8b6a1
cfa9603baa93612a1b37809e9b2eba09a87ec42ad81ba6c532d2eac56cde5b85
cff8c5659fe6e64ae4e9a6363370fd87d4b3939ff8d3dc394bad5012d76ab6c5
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
dc9dc5abccf3e062029d71dcdc0e04b7cc9a9be96103d07f98b4ff4a5459c668
dcf2719b20b75eaf2c18919a71caf6f76af9bd8fc89a1cae6bc1dd06ef032ebc
e1ce17fd79478fbb0830c687ff4046c86993acb5fd14fc35b4fd29bed00ce94a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e544bc983162f9deeb08c097f4dfd0619c69482f2f8f8fce9b56e8baa09bdd4f
e72713b875ca0ba2cbbdc49680cd0ff95976dbb3d1ebc0364bce851dbd5abba8
e7647c9fc9e17bd98d973d2e05919305ca2f1d43053e5a997e09d9f6954b1a1b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5469c9ebe538273608c025eba88f1fdb9c89d52a023b62280c048d6056280ca
f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac
f93483f0aaf24aea4b5534bb8647d22cd9dfcb4d08d2fd1008787bdfb8a6cc47
f9757fc5cad313814e0ac20d8877640b78ac57df6cad45eda279c4be2a5f5272
fac8dfdd302f0dd224a4666529d1f485fdea55d55ec948ac2a76a7f54fbb1558
fc3b7760aaf2b535e5eba1305b9833deb2d20ed1f1087eafae46571d2a6fd384
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62