prnt.sc Open in urlscan Pro
104.26.15.80 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://prntscr.com/o4wwoc
Effective URL:
https://prnt.sc/o4wwoc
Submission Tags: falconsandbox
Submission: On May 31 via api (May 31st 2021, 12:02:56 pm UTC) from US

Summary HTTP 122 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 30 IPs in 3 countries across 20 domains to perform 122 HTTP transactions. The main IP is 104.26.15.80, located in United States and belongs to CLOUDFLARENET, US. The main domain is prnt.sc.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 18th 2020. Valid for: a year.

This is the only time prnt.sc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 22	104.23.140.12 104.23.140.12	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.26.15.80 104.26.15.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
2	2600:9000:218... 2600:9000:2182:9600:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
2	151.139.242.3 151.139.242.3	33438 (HIGHWINDS2) (HIGHWINDS2)
4	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
2	2620:116:800d... 2620:116:800d:21:36a9:ecb:e518:b308	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c0a::9a	15169 (GOOGLE) (GOOGLE)
1 5	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
13	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2600:9000:218... 2600:9000:2182:7200:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	192.207.255.147 192.207.255.147	62821 (AS-MNX) (AS-MNX)
2	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
5	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
4	13.226.158.204 13.226.158.204	16509 (AMAZON-02) (AMAZON-02)
1	23.37.38.181 23.37.38.181	16625 (AKAMAI-AS) (AKAMAI-AS)
3	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
21	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
2	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2006	15169 (GOOGLE) (GOOGLE)
3 4	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
3 5	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	37.252.172.250 37.252.172.250	29990 (ASN-APPNEX) (ASN-APPNEX)
122	30

22 104.23.140.12 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

prntscr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
st.prntscr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.prntscr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.26.15.80 (United States)

ASN13335 (CLOUDFLARENET, US)

prnt.sc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2182:9600:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.242.3 (United States)

ASN33438 (HIGHWINDS2, US)

cdn.ad4game.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
scontent-frt3-2.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:36a9:ecb:e518:b308 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0a::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2182:7200:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.207.255.147 (United States)

ASN62821 (AS-MNX, US)

ads.ad4game.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.200 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.226.158.204 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-158-204.dus51.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.38.181 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-38-181.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.162 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.18.234.21 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.172.250 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	googlesyndication.com ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	156 KB
22	prntscr.com 2 redirects prntscr.com st.prntscr.com api.prntscr.com	88 KB
14	doubleclick.net 3 redirects stats.g.doubleclick.net securepubads.g.doubleclick.net googleads.g.doubleclick.net googleads4.g.doubleclick.net cm.g.doubleclick.net	163 KB
13	facebook.com www.facebook.com	160 KB
6	casalemedia.com 3 redirects htlb.casalemedia.com dsum-sec.casalemedia.com	5 KB
6	google.com 1 redirects www.google.com adservice.google.com	822 B
6	twitter.com platform.twitter.com syndication.twitter.com	148 KB
4	amazon-adsystem.com c.amazon-adsystem.com	36 KB
4	googletagservices.com www.googletagservices.com	122 KB
4	ad4game.com cdn.ad4game.com ads.ad4game.com	105 KB
3	adnxs.com 2 redirects ib.adnxs.com	3 KB
2	fbcdn.net scontent-frt3-2.xx.fbcdn.net	38 KB
2	quantcount.com rules.quantcount.com pixel.quantcount.com	555 B
2	google.de www.google.de adservice.google.de	272 B
2	facebook.net connect.facebook.net	66 KB
2	consensu.org quantcast.mgr.consensu.org	65 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	prnt.sc prnt.sc	21 KB
1	2mdn.net s0.2mdn.net	76 KB
1	quantserve.com secure.quantserve.com	9 KB
122	20

	Domain	Requested by
21	tpc.googlesyndication.com	securepubads.g.doubleclick.net prnt.sc ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
18	st.prntscr.com	prnt.sc st.prntscr.com
13	www.facebook.com	connect.facebook.net www.facebook.com
10	pagead2.googlesyndication.com	securepubads.g.doubleclick.net ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	www.google.com	1 redirects prnt.sc ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com tpc.googlesyndication.com
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	googleads.g.doubleclick.net	ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com prnt.sc
4	c.amazon-adsystem.com	ads.ad4game.com c.amazon-adsystem.com
4	www.googletagservices.com	ads.ad4game.com securepubads.g.doubleclick.net ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com
4	platform.twitter.com	prnt.sc platform.twitter.com
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net prnt.sc
2	googleads4.g.doubleclick.net	googleads.g.doubleclick.net
2	scontent-frt3-2.xx.fbcdn.net	www.facebook.com
2	syndication.twitter.com	platform.twitter.com prnt.sc
2	ads.ad4game.com	cdn.ad4game.com
2	connect.facebook.net	prnt.sc connect.facebook.net
2	api.prntscr.com	st.prntscr.com
2	cdn.ad4game.com	prnt.sc cdn.ad4game.com
2	quantcast.mgr.consensu.org	prnt.sc quantcast.mgr.consensu.org
2	www.google-analytics.com	prnt.sc www.google-analytics.com
2	prnt.sc	prnt.sc
2	prntscr.com	2 redirects
1	s0.2mdn.net	ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	htlb.casalemedia.com	cdn.ad4game.com
1	pixel.quantcount.com	prnt.sc
1	rules.quantcount.com	secure.quantserve.com
1	www.google.de	prnt.sc
1	stats.g.doubleclick.net	www.google-analytics.com
1	secure.quantserve.com	quantcast.mgr.consensu.org
122	34

This site contains links to these domains. Also see Links.

Domain
app.prntscr.com
prntscr.com
twitter.com
www.facebook.com
www.google.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-18` - `2021-07-18`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
quantcast.mgr.consensu.org Amazon	`2021-04-24` - `2022-05-23`	a year	crt.sh
*.ad4game.com Go Daddy Secure Certificate Authority - G2	`2019-11-17` - `2022-01-16`	2 years	crt.sh
*.google.com GTS CA 1O1	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-04-06` - `2021-07-03`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-05-03` - `2021-07-26`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh

This page contains 14 frames:

Primary Page: https://prnt.sc/o4wwoc
Frame ID: EFE52F416C4253AEA33D7E25C07591FE
Requests: 59 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fprnt.sc
Frame ID: CA3BC103053CEC32A7C772C6A342FD4B
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.06c6ee58c3810956b7509218508c7b56.en.html
Frame ID: C76F94E8978700FC67FF2EA28AFB241A
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?action=like&app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2e92d26f7c4e8%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ffc1e012209987%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fprnt.sc%2Fo4wwoc&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=false&size=small&width=100
Frame ID: A95E891764CE4C229C781B473A25F438
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/comments.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df16237be0ea0d9%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ffc1e012209987%26relation%3Dparent.parent&container_width=340&height=100&href=https%3A%2F%2Fprnt.sc%2Fo4wwoc&locale=en_US&migrated=1&sdk=joey&width=NaN&xid=o4wwoc
Frame ID: 58421D212B0960145C99FBD1AE6E7445
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfddb08df89699%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ffc1e012209987%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
Frame ID: 82D5F9361068173CB2E004F2BC155965
Requests: 12 HTTP requests in this frame

Frame: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: BA11F7A3CE2E2B8310AA81F0720E7B62
Requests: 9 HTTP requests in this frame

Frame: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 96F271C84D4B9AE315860A8B88BF69C7
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/index.html
Frame ID: A0E6BC190A11E11CFC8046856DA28CDB
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIikNxCnheACGMmYy50BMAE&v=APEucNXLa-AlvlRPxvhaSIMhF2mtT5S0R1egyzcvSPsiyOdNYT7YW-nzfx2Hcfu5nrovGp8vsfpA_QQD8v0c4aYmMiznf6YhcHsyg3O3amKRlNwzWWz885wuI50wc8ZrpQhdz_4qZF7ylngrBIAnMgAu7wt4-sQUtp8oYRQomeEnlos8pzUaLPg
Frame ID: E3084AE2B4BAD6144F2B533ED7F3EE1A
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: B89330DDB02ADA94C664F7E2C2425BE8
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: BD2A5454937B5EA0A628A2204BCD7558
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 01B206368DE9C705A9A19B190E61FB4C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 45167B0C87B106F7BFAD9E56B676F6C1
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://prntscr.com/o4wwoc HTTP 301
https://prntscr.com/o4wwoc HTTP 301
https://prnt.sc/o4wwoc Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

122
Requests

99 %
HTTPS

59 %
IPv6

20
Domains

34
Subdomains

30
IPs

3
Countries

1275 kB
Transfer

3563 kB
Size

0
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://app.prntscr.com/translate-lightshot.html
Title: Add your language

Search URL Search Domain Scan URL

URL: https://prntscr.com/gallery.html
Title: Sign in

Search URL Search Domain Scan URL

URL: https://twitter.com/Light_shot

Search URL Search Domain Scan URL

URL: http://www.facebook.com/Lighshot

Search URL Search Domain Scan URL

URL: https://app.prntscr.com/
Title: Captured with Lightshot

Search URL Search Domain Scan URL

URL: http://www.google.com/searchbyimage?image_url=//st.prntscr.com/2021/04/08/1538/img/0_173a7b_211be8ff.png
Title: find similar

Search URL Search Domain Scan URL

URL: https://app.prntscr.com/download.html
Title: Download

Search URL Search Domain Scan URL

URL: https://app.prntscr.com/tutorials.html
Title: Tutorials

Search URL Search Domain Scan URL

URL: https://app.prntscr.com/privacy.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://app.prntscr.com/faq.html
Title: FAQ

Search URL Search Domain Scan URL

URL: https://app.prntscr.com/help.html
Title: Help

Search URL Search Domain Scan URL

URL: https://app.prntscr.com/advertise.html
Title: Advertise

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://prntscr.com/o4wwoc HTTP 301
https://prntscr.com/o4wwoc HTTP 301
https://prnt.sc/o4wwoc Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 102

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOL4ibtwvJ5h-03pgrXg_YE&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOL4ibtwvJ5h-03pgrXg_YE&google_cver=1&C=1

Request Chain 103

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YLTQXWAy99dm8zA6s4JpHgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOL4ibtwvJ5h-03pgrXg_YE&google_cver=1

Request Chain 104

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPZ88yiJMUbnNdSbRTYv4WU&google_cver=1

Request Chain 105

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTM0NDc2ODI5MTE3MzY0Mzk2Ng%3D%3D

Request Chain 113

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

122 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request o4wwoc Show response
prnt.sc/
Redirect Chain

http://prntscr.com/o4wwoc
https://prntscr.com/o4wwoc
https://prnt.sc/o4wwoc

16 KB
5 KB

258ms
192ms

Document
text/html

104.26.15.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://prnt.sc/o4wwoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.15.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6807bcb4d3bf9f958318524a9e5fd19b026a403eefffd40f217d07cd5126008

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: prnt.sc
:scheme: https
:path: /o4wwoc
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
cf-cache-status: DYNAMIC
cf-request-id: 0a63e6fd3400004e258038d000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=kH9%2B0AcNAPewEJCTOUDwebl1csY7wp41DR8xuFbl4HKaFly5E%2BKKearNgjscAWCAJJTdFfXDb3ljLVBhDGiqqRtaIQgwri6TdDMcoRvprJYn4XR2"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 65800ddb88f64e25-FRA
content-encoding: br

Redirect headers

date: Mon, 31 May 2021 12:02:35 GMT
content-type: text/html
location: https://prnt.sc/o4wwoc
cf-cache-status: DYNAMIC
cf-request-id: 0a63e6fb8100004c985818b000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 65800dd8cf1c4c98-AMS

GET
H2 200 main.css
st.prntscr.com/2021/04/08/1538/css/ 57 KB
8 KB 43ms
31ms Stylesheet
text/css 104.23.140.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://st.prntscr.com/2021/04/08/1538/css/main.css
Requested by: Host: prnt.sc
URL: https://prnt.sc/o4wwoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.140.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b67ae2416a166f4238581097d4ce984a69d9662aab12ecc4b2b881c45164e36

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 08 Apr 2021 15:39:37 GMT
server: cloudflare
age: 615
etag: W/"606f23b9-23b6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1800
cf-ray: 65800ddcce2b4c98-AMS
cf-request-id: 0a63e6fe0000004c98ae29a000000001
expires: Mon, 31 May 2021 12:04:25 GMT

GET
H2 200 jquery.1.8.2.min.js Show response
st.prntscr.com/2021/04/08/1538/js/ 91 KB
32 KB 69ms
57ms Script
application/javascript 104.23.140.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://st.prntscr.com/2021/04/08/1538/js/jquery.1.8.2.min.js
Requested by: Host: prnt.sc
URL: https://prnt.sc/o4wwoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.140.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 08 Apr 2021 15:39:37 GMT
server: cloudflare
age: 1745
etag: W/"606f23b9-827c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 65800ddcce2d4c98-AMS
cf-request-id: 0a63e6fe0100004c98b702a000000001
expires: Mon, 31 May 2021 12:03:30 GMT

GET
H2 200 script.mix.js Show response
st.prntscr.com/2021/04/08/1538/js/ 69 KB
23 KB 46ms
34ms Script
application/javascript 104.23.140.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://st.prntscr.com/2021/04/08/1538/js/script.mix.js
Requested by: Host: prnt.sc
URL: https://prnt.sc/o4wwoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.140.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45b8a13dcb32541a7703dec7eba4c4195cb62ed00029c2ea5a0b61fd16864b55

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 08 Apr 2021 15:39:37 GMT
server: cloudflare
age: 825
etag: W/"606f23b9-5e6a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 65800ddcce2e4c98-AMS
cf-request-id: 0a63e6fe0100004c98cbbe2000000001
expires: Mon, 31 May 2021 12:07:20 GMT

GET
H2 200 0_173a7b_211be8ff.png
st.prntscr.com/2021/04/08/1538/img/ 4 KB
4 KB 93ms
47ms Image
image/webp 104.23.140.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.prntscr.com/2021/04/08/1538/img/0_173a7b_211be8ff.png
Requested by: Host: prnt.sc
URL: https://prnt.sc/o4wwoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.140.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a843c8dafb88a35d1f120970c32587ef40a36ca9a5f9908e78c400c17ee4868

Request headers

Origin: https://prnt.sc
Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
cf-cache-status: HIT
age: 1153
cf-polished: origFmt=png, origSize=10350
content-disposition: inline; filename="0_173a7b_211be8ff.webp"
content-length: 3704
cf-request-id: 0a63e6fe8000007329b836e000000001
last-modified: Thu, 08 Apr 2021 15:39:37 GMT
server: cloudflare
etag: "606f23b9-266a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: https://prnt.sc
expires: Mon, 31 May 2021 11:53:51 GMT
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 65800ddd9a857329-AMS
cf-bgj: imgq:100,h2pri

GET
H2 200 o4wwoc
prnt.sc/ 16 KB
16 KB 130ms
129ms Image
text/html 104.26.15.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://prnt.sc/o4wwoc

Requested by

Host: prnt.sc
URL: https://prnt.sc/o4wwoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.15.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

:path: /o4wwoc
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: prnt.sc
referer: https://prnt.sc/o4wwoc
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://prnt.sc/o4wwoc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=AMLsuM8oV3%2F4qcM3XSfnPQeMsvOg7o80hVbkzhZW8Ezf9u6wX1WfNd4JXIhrMp0AR2eGhBtOM9mrdTuDS8mujwU92sQop9vFzfZZVOLYPGyCvhgr"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 65800ddd5d794e25-FRA
cf-request-id: 0a63e6fe5900004e25a2bd2000000001

GET
H2 200 image-helper.js Show response
st.prntscr.com/2021/04/08/1538/js/ 3 KB
1 KB 34ms
34ms Script
application/javascript 104.23.140.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://st.prntscr.com/2021/04/08/1538/js/image-helper.js
Requested by: Host: prnt.sc
URL: https://prnt.sc/o4wwoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.140.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 83817752fb260ff66b3bca1471bb20dbb6a1e6a17174c657efe0912ad161b382

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 08 Apr 2021 15:39:07 GMT
server: cloudflare
age: 758
etag: W/"606f239b-a2f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 65800ddd2ec34c98-AMS
cf-request-id: 0a63e6fe3d00004c988634c000000001
expires: Mon, 31 May 2021 12:08:11 GMT

GET
H2 200 footer-logo.png
st.prntscr.com/2021/04/08/1538/img/ 630 B
878 B 29ms
28ms Image
image/webp 104.23.140.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.prntscr.com/2021/04/08/1538/img/footer-logo.png
Requested by: Host: prnt.sc
URL: https://prnt.sc/o4wwoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.140.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bca2c1abcf4b76a46306bc7f1a607a459371ccf5e7213aae988c33b4dabb1758

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
cf-cache-status: HIT
age: 779
cf-polished: origFmt=png, origSize=1848
content-disposition: inline; filename="footer-logo.webp"
content-length: 630
cf-request-id: 0a63e6fe5400004c98ae2a1000000001
last-modified: Mon, 05 Sep 2016 15:49:19 GMT
server: cloudflare
etag: "57cd93ff-738"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Mon, 31 May 2021 12:04:22 GMT
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 65800ddd5f0a4c98-AMS
cf-bgj: imgq:100,h2pri

GET
H2 200 jquery.smartbanner.css
st.prntscr.com/2021/04/08/1538/css/ 4 KB
1 KB 29ms
29ms Stylesheet
text/css 104.23.140.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://st.prntscr.com/2021/04/08/1538/css/jquery.smartbanner.css
Requested by: Host: prnt.sc
URL: https://prnt.sc/o4wwoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.140.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d91d13fd8f9d253a8213aeee7ebaa7e073683fc600a3d82902c3c669b8ffdee7

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 08 Apr 2021 15:39:31 GMT
server: cloudflare
age: 1232
etag: W/"606f23b3-ef0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1800
cf-ray: 65800ddd4ee34c98-AMS
cf-request-id: 0a63e6fe4900004c98581ba000000001
expires: Mon, 31 May 2021 12:07:22 GMT

GET
H2 200 jquery.smartbanner.js Show response
st.prntscr.com/2021/04/08/1538/js/ 8 KB
3 KB 36ms
34ms Script
application/javascript 104.23.140.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://st.prntscr.com/2021/04/08/1538/js/jquery.smartbanner.js
Requested by: Host: prnt.sc
URL: https://prnt.sc/o4wwoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.140.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b185d89e437f1591af8c51d5e6dad41d3666e22a81931ee9df22e2cfdacaddb

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 08 Apr 2021 15:39:37 GMT
server: cloudflare
age: 190
etag: W/"606f23b9-aec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 65800ddd5f084c98-AMS
cf-request-id: 0a63e6fe5400004c9867016000000001
expires: Mon, 31 May 2021 12:08:40 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: prnt.sc
URL: https://prnt.sc/o4wwoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 5743
date: Mon, 31 May 2021 10:26:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Mon, 31 May 2021 12:26:52 GMT

GET
H2 200 choice.js Show response
quantcast.mgr.consensu.org/choice/n-ZGqfdsg5894/prnt.sc/ 3 KB
2 KB 54ms
32ms Script
application/javascript 2600:9000:2182:9600:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/choice/n-ZGqfdsg5894/prnt.sc/choice.js
Requested by: Host: prnt.sc
URL: https://prnt.sc/o4wwoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:9600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9bd7952daefc70291b0a0bc163e80b8654b7600d1c590f24fa57a5cb8a218964

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 31 May 2021 12:02:35 GMT
content-encoding: br
last-modified: Wed, 10 Feb 2021 21:13:06 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-C1
etag: W/"9074c1a966aada274b63c92859c4a3ec"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 90dd5141cd2d05c51d479a582cded281.cloudfront.net (CloudFront)
cache-control: max-age=900
cross-origin-resource-policy: cross-origin
x-amz-cf-id: LeFzLAo6bFIQM3rXCMCoF2lSCwfctw70xL2M5hBrQbLuA5GFj_gN0w==

GET
H2 200 page-bg.png
st.prntscr.com/2021/04/08/1538/img/ 5 KB
6 KB 28ms
28ms Image
image/webp 104.23.140.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.prntscr.com/2021/04/08/1538/img/page-bg.png
Requested by: Host: st.prntscr.com
URL: https://st.prntscr.com/2021/04/08/1538/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.140.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86a1b8f94f48c4e82d2616d4c581f10a34ff447a2bd95be08714fa0d19ba3f51

Request headers

Referer: https://st.prntscr.com/2021/04/08/1538/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
cf-cache-status: HIT
age: 140
cf-polished: origFmt=png, origSize=7116
content-disposition: inline; filename="page-bg.webp"
content-length: 5608
cf-request-id: 0a63e6fe5500004c98600d1000000001
last-modified: Thu, 08 Apr 2021 15:39:37 GMT
server: cloudflare
etag: "606f23b9-1a7b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Mon, 31 May 2021 12:05:50 GMT
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 65800ddd5f0c4c98-AMS
cf-bgj: imgq:100,h2pri

GET
H2 200 header-logo.png
st.prntscr.com/2021/04/08/1538/img/ 4 KB
4 KB 32ms
31ms Image
image/webp 104.23.140.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.prntscr.com/2021/04/08/1538/img/header-logo.png
Requested by: Host: st.prntscr.com
URL: https://st.prntscr.com/2021/04/08/1538/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.140.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40ec0b04019845302a5052b4689b5d3477c9717dca73243e5faf7cf98f3af564

Request headers

Referer: https://st.prntscr.com/2021/04/08/1538/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
cf-cache-status: HIT
age: 786
cf-polished: origFmt=png, origSize=7995
content-disposition: inline; filename="header-logo.webp"
content-length: 4148
cf-request-id: 0a63e6fe5f00004c9855903000000001
last-modified: Thu, 08 Apr 2021 15:39:37 GMT
server: cloudflare
etag: "606f23b9-1e52"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Mon, 31 May 2021 12:07:01 GMT
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 65800ddd6f304c98-AMS
cf-bgj: imgq:100,h2pri

GET
H2 200 button-download.png
st.prntscr.com/2021/04/08/1538/img/ 314 B
543 B 33ms
33ms Image
image/webp 104.23.140.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.prntscr.com/2021/04/08/1538/img/button-download.png
Requested by: Host: st.prntscr.com
URL: https://st.prntscr.com/2021/04/08/1538/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.140.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e926f30958d0c21d088e6a671d3356a3c3fab9cc6220b8e408f19d868a7dc5c8

Request headers

Referer: https://st.prntscr.com/2021/04/08/1538/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
cf-cache-status: HIT
age: 1469
cf-polished: origFmt=png, origSize=1404
content-disposition: inline; filename="button-download.webp"
content-length: 314
cf-request-id: 0a63e6fe6600004c98bf828000000001
last-modified: Thu, 08 Apr 2021 15:38:42 GMT
server: cloudflare
etag: "606f2382-57c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Mon, 31 May 2021 12:08:06 GMT
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 65800ddd7f434c98-AMS
cf-bgj: imgq:100,h2pri

GET
H2 200 button-icon-sep.png
st.prntscr.com/2021/04/08/1538/img/ 40 B
220 B 29ms
29ms Image
image/webp 104.23.140.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.prntscr.com/2021/04/08/1538/img/button-icon-sep.png
Requested by: Host: st.prntscr.com
URL: https://st.prntscr.com/2021/04/08/1538/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.140.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b6a1120cc303b1c6ee6d548a5b418c2707b59de0c1f13c8ab870ca4e734b6acc

Request headers

Referer: https://st.prntscr.com/2021/04/08/1538/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
cf-cache-status: HIT
age: 1114
cf-polished: origFmt=png, origSize=928
content-disposition: inline; filename="button-icon-sep.webp"
content-length: 40
cf-request-id: 0a63e6fe7000004c9882b4d000000001
last-modified: Thu, 08 Apr 2021 15:38:42 GMT
server: cloudflare
etag: "606f2382-3a0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Mon, 31 May 2021 12:07:06 GMT
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 65800ddd8f554c98-AMS
cf-bgj: imgq:100,h2pri

GET
H2 200 icon-twitter_gscale.png
st.prntscr.com/2021/04/08/1538/img/ 374 B
560 B 29ms
29ms Image
image/webp 104.23.140.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.prntscr.com/2021/04/08/1538/img/icon-twitter_gscale.png
Requested by: Host: st.prntscr.com
URL: https://st.prntscr.com/2021/04/08/1538/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.140.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5a3a63b2ac124cb9a194ec01ea1f0d3123e4019bf658c6f47a77b4faea84c079

Request headers

Referer: https://st.prntscr.com/2021/04/08/1538/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
cf-cache-status: HIT
age: 1627
cf-polished: origFmt=png, origSize=1535
content-disposition: inline; filename="icon-twitter_gscale.webp"
content-length: 374
cf-request-id: 0a63e6fe7300004c9855904000000001
last-modified: Thu, 08 Apr 2021 15:38:42 GMT
server: cloudflare
etag: "606f2382-5ff"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Mon, 31 May 2021 11:37:26 GMT
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 65800ddd8f5d4c98-AMS
cf-bgj: imgq:100,h2pri

GET
H2 200 icon-facebook_gscale.png
st.prntscr.com/2021/04/08/1538/img/ 296 B
480 B 30ms
30ms Image
image/webp 104.23.140.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.prntscr.com/2021/04/08/1538/img/icon-facebook_gscale.png
Requested by: Host: st.prntscr.com
URL: https://st.prntscr.com/2021/04/08/1538/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.140.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a093d2047e1a59b7103810b947780e5f94d865915cb923ebcaa7e50f557c2102

Request headers

Referer: https://st.prntscr.com/2021/04/08/1538/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
cf-cache-status: HIT
age: 1045
cf-polished: origFmt=png, origSize=1325
content-disposition: inline; filename="icon-facebook_gscale.webp"
content-length: 296
cf-request-id: 0a63e6fe7300004c98c42cb000000001
last-modified: Thu, 08 Apr 2021 15:38:42 GMT
server: cloudflare
etag: "606f2382-52d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Mon, 31 May 2021 12:07:27 GMT
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 65800ddd8f5e4c98-AMS
cf-bgj: imgq:100,h2pri

GET
H2 200 async-ajs.min.js Show response
cdn.ad4game.com/ 3 KB
2 KB 79ms
19ms Script
application/javascript 151.139.242.3
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ad4game.com/async-ajs.min.js
Requested by: Host: prnt.sc
URL: https://prnt.sc/o4wwoc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.242.3 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: dc9f7cdaabb3201fd2ead8c0cfd974710305362d0ea77c96069cb189796d6238

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-servername: ads.ad4game.com\ 80\ 81
date: Mon, 31 May 2021 12:02:35 GMT
content-encoding: gzip
referrer-policy: no-referrer
last-modified: Thu, 15 Apr 2021 06:26:15 GMT
server: nginx
x-serveraddr: 10.100.0.151
etag: "6077dc87-ca8"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
x-host: ads.ad4game.com
accept-ranges: bytes
content-length: 1451

GET
H2 200 icon-edit.png
st.prntscr.com/2021/04/08/1538/img/ 214 B
387 B 30ms
29ms Image
image/webp 104.23.140.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.prntscr.com/2021/04/08/1538/img/icon-edit.png
Requested by: Host: st.prntscr.com
URL: https://st.prntscr.com/2021/04/08/1538/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.140.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb09c3720b53d8651d6f5825cf643e6249aefbe82a1ba1417d230cdb9b36cba6

Request headers

Referer: https://st.prntscr.com/2021/04/08/1538/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
cf-cache-status: HIT
age: 521
cf-polished: origFmt=png, origSize=3153
content-disposition: inline; filename="icon-edit.webp"
content-length: 214
cf-request-id: 0a63e6fe8000004c98bdadf000000001
last-modified: Thu, 08 Apr 2021 15:38:42 GMT
server: cloudflare
etag: "606f2382-c51"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Mon, 31 May 2021 12:08:58 GMT
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 65800ddd9f764c98-AMS
cf-bgj: imgq:100,h2pri

GET
H2 200 icon-camera.png
st.prntscr.com/2021/04/08/1538/img/ 158 B
372 B 29ms
28ms Image
image/webp 104.23.140.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.prntscr.com/2021/04/08/1538/img/icon-camera.png
Requested by: Host: st.prntscr.com
URL: https://st.prntscr.com/2021/04/08/1538/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.140.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8bfd2fa3b3b5924e3655bcf9f63427e792bd8572b7ed0992373bdb4b21c7cb89

Request headers

Referer: https://st.prntscr.com/2021/04/08/1538/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
cf-cache-status: HIT
age: 521
cf-polished: origFmt=png, origSize=1089
content-disposition: inline; filename="icon-camera.webp"
content-length: 158
cf-request-id: 0a63e6fe8000004c9886351000000001
last-modified: Thu, 08 Apr 2021 15:38:42 GMT
server: cloudflare
etag: "606f2382-441"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Mon, 31 May 2021 12:11:18 GMT
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 65800ddd9f774c98-AMS
cf-bgj: imgq:100,h2pri

GET
H2 200 icon-abuse.png
st.prntscr.com/2021/04/08/1538/img/ 126 B
303 B 32ms
31ms Image
image/webp 104.23.140.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.prntscr.com/2021/04/08/1538/img/icon-abuse.png
Requested by: Host: st.prntscr.com
URL: https://st.prntscr.com/2021/04/08/1538/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.140.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2875a6fc4266fec00a383377cb4530b6407912897b0727e26249d89c6dfe0359

Request headers

Referer: https://st.prntscr.com/2021/04/08/1538/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
cf-cache-status: HIT
age: 1227
cf-polished: origFmt=png, origSize=327
content-disposition: inline; filename="icon-abuse.webp"
content-length: 126
cf-request-id: 0a63e6fe8300004c9882b4e000000001
last-modified: Thu, 08 Apr 2021 15:38:42 GMT
server: cloudflare
etag: "606f2382-147"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Mon, 31 May 2021 12:11:13 GMT
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 65800ddd9f7f4c98-AMS
cf-bgj: imgq:100,h2pri

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 33ms
15ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=948761665&t=pageview&_s=1&dl=https%3A%2F%2Fprnt.sc%2Fo4wwoc&ul=en-us&de=UTF-8&dt=Screenshot%20by%20Lightshot&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=186415847&gjid=874680591&cid=1411310593.1622462556&tid=UA-12353127-1&_gid=1276166672.1622462556&_r=1&_slc=1&z=724765355

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 31 May 2021 12:02:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://prnt.sc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 204 /
api.prntscr.com/v1/ Frame 0
0 117ms
114ms Preflight 104.23.140.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.prntscr.com/v1/
Protocol: H2
Server: 104.23.140.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://prnt.sc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
access-control-allow-origin: https://prnt.sc
access-control-allow-credentials: true
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-request-id: 0a63e6fe9700007329a916a000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 65800dddba8c7329-AMS

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 8ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: prnt.sc
URL: https://prnt.sc/o4wwoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

223b3bde0338f2f39624e225b02f9481a6a384c1096d8751f2ce54d10ca9ee84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: PnV4AuSfLYyz3yfxmpEnvg==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1778
x-fb-rlafr: 0
x-fb-debug: Yj+S9WWJhhZUyREHAPx4/UdCkB91pdKST5rGCp5EacxPIRbPF4hBTp+ChUaMwi0ZFKTrXxAGI9tCVHPQUX4jOw==
x-fb-trip-id: 686109401
x-fb-content-md5: 9953ebf35deac878b19884b03ea8402c
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Mon, 31 May 2021 12:02:35 GMT
vary: Accept-Encoding
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "842a812f8f4bebeb4d61183653b95ade"
timing-allow-origin: *
expires: Mon, 31 May 2021 12:17:36 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 8ms
7ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: prnt.sc
URL: https://prnt.sc/o4wwoc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67A7) /
Resource Hash: a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 31 May 2021 12:02:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:57:32 GMT
Server: ECS (frb/67A7)
Age: 133
Etag: "9eb59e5602fef4b3ebf6090856ff21db+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28779

POST
H2 200 / Show response
api.prntscr.com/v1/ 92 B
410 B 113ms
113ms XHR
application/json 104.23.140.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.prntscr.com/v1/
Requested by: Host: st.prntscr.com
URL: https://st.prntscr.com/2021/04/08/1538/js/jquery.1.8.2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.140.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9c9935e1daafc929a9866a206e769e084cd83f19d436ca22887adc2798408646

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 31 May 2021 12:02:36 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://prnt.sc
access-control-allow-credentials: true
cf-ray: 65800dde78eb4c98-AMS
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-request-id: 0a63e6ff0b00004c989c952000000001

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
9 KB 32ms
7ms Script
application/javascript 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/n-ZGqfdsg5894/prnt.sc/choice.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
content-encoding: gzip
etag: "WhyxmPkT7L77qVDcrjxwGw=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Mon, 07 Jun 2021 12:02:35 GMT

GET
H2 200 cmp2.js Show response
quantcast.mgr.consensu.org/tcfv2/ 234 KB
64 KB 10ms
9ms Script
text/javascript 2600:9000:2182:9600:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=prnt.sc
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/n-ZGqfdsg5894/prnt.sc/choice.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:9600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2ddef05ee7b0caa6fd9be281a5b4e53ada42bff7814578d748144f2f9181e476

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:07 GMT
content-encoding: gzip
age: 28
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-max-age: 86400
access-control-allow-origin: *
last-modified: Thu, 13 May 2021 19:03:54 GMT
server: AmazonS3
etag: W/"2848b39634e3b71d7b4f01531f83807a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
via: 1.1 90dd5141cd2d05c51d479a582cded281.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-meta-qc-ineu: True
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: 9TrQJwNXVeADizq1PJAoQdmUF8Su8UIOFRW95baZuNgF-eZEST2JcQ==

GET
H3-29 200 all.js Show response
connect.facebook.net/en_US/ 218 KB
64 KB 11ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=8000c89f20a4fefbe43701bcea2d00c9&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

18df5571d8a09c9003fc5652687be6c00c55515389e07172a4a659f20cd0b033

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://prnt.sc
Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: g/QMKwtWKsIGQn8pZ41SPQ==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 65814
x-fb-rlafr: 0
x-fb-debug: +tWebqQ7U5Ab2xMkl11MFgwqi37p2WXQGNzug9NqeE5y4pv/Z2IRv4gOxYS64ZcNvMWb9ykTHduUG43yyMCk2w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 66c09ec9894591a096faf5af67147107
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 31 May 2021 12:02:35 GMT
vary: Accept-Encoding
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "e68567d8aa0374fcebd3553a78c61c4f"
timing-allow-origin: *
priority: u=3,i
expires: Tue, 31 May 2022 10:59:55 GMT

GET
H/1.1 200
OK widget_iframe.06c6ee58c3810956b7509218508c7b56.html Show response
platform.twitter.com/widgets/ Frame CA3B 319 KB
103 KB 13ms
7ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fprnt.sc
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BA) /
Resource Hash: 5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://prnt.sc/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://prnt.sc/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 394888
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 31 May 2021 12:02:35 GMT
Etag: "dab7ee9ff99366614e06e117bab5e542+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:54 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67BA)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105298

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
82 B 15ms
15ms XHR
text/plain 2a00:1450:400c:c0a::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-12353127-1&cid=1411310593.1622462556&jid=186415847&gjid=874680591&_gid=1276166672.1622462556&_u=IEBAAEAAAAAAAC~&z=1287082726

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 31 May 2021 12:02:35 GMT
content-type: text/plain
access-control-allow-origin: https://prnt.sc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 30ms
30ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-12353127-1&cid=1411310593.1622462556&jid=186415847&_u=IEBAAEAAAAAAAC~&z=1173076346

Requested by

Host: prnt.sc
URL: https://prnt.sc/o4wwoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 May 2021 12:02:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 29ms
29ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-12353127-1&cid=1411310593.1622462556&jid=186415847&_u=IEBAAEAAAAAAAC~&z=1173076346

Requested by

Host: prnt.sc
URL: https://prnt.sc/o4wwoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 May 2021 12:02:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 36ms
36ms Fetch
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=154822244543652&input_token&origin=1&redirect_uri=https%3A%2F%2Fprnt.sc%2Fo4wwoc&sdk=joey&wants_cookie_data=false

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=8000c89f20a4fefbe43701bcea2d00c9&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: 9Cy1Byfshu7kJw2RtIL9VXvvYr8jvcHIUHHKz8wTLGKANxES8yrQ/SGqTfrombjg4CddO7ah/KVgjiQeKeRCig==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
fb-s: unknown
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 31 May 2021 12:02:35 GMT
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://prnt.sc
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 rules-p-n-ZGqfdsg5894.js Show response
rules.quantcount.com/ 2 B
345 B 31ms
9ms Script
application/javascript 2600:9000:2182:7200:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-n-ZGqfdsg5894.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:7200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 11:07:16 GMT
via: 1.1 e7b88cadf742e342f39f17392af35c4f.cloudfront.net (CloudFront)
server: AmazonS3
age: 3318
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
x-amz-cf-pop: DUS51-C1
content-length: 2
x-amz-cf-id: 13gE8pqUIAL5SamkvmBBW7SbE83wP1XLslSltBJdpvYunqvMhCg0hQ==

GET
H2 200 prebid.js Show response
cdn.ad4game.com/ 261 KB
98 KB 27ms
26ms Script
application/javascript 151.139.242.3
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ad4game.com/prebid.js
Requested by: Host: cdn.ad4game.com
URL: https://cdn.ad4game.com/async-ajs.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.242.3 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: 733f44e4d42f00e0a8c267d516e9f6939d36f65ceb3bf851998475b9f6650d3f

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-servername: ads.ad4game.com\ 80\ 81
date: Mon, 31 May 2021 12:02:35 GMT
content-encoding: gzip
referrer-policy: no-referrer
last-modified: Thu, 15 Apr 2021 06:26:15 GMT
server: nginx
x-serveraddr: 10.100.0.151
etag: "6077dc87-412ac"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
x-host: ads.ad4game.com
accept-ranges: bytes
content-length: 99905

GET
H/1.1 200
OK async-ajs.php Show response
ads.ad4game.com/www/delivery/ 9 KB
3 KB 469ms
123ms Script
text/javascript 192.207.255.147
AS-MNX

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.ad4game.com/www/delivery/async-ajs.php?v=1&cb=a4g4422240&h=0&siteurl=https%3A%2F%2Fprnt.sc%2Fo4wwoc&c=UTF-8&z=60918,70076,60916&b=7&x=7
Requested by: Host: cdn.ad4game.com
URL: https://cdn.ad4game.com/async-ajs.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.207.255.147 , United States, ASN62821 (AS-MNX, US),
Reverse DNS
Software: nginx /
Resource Hash: 57e84e43c4bbcaa159159d7e7ab9771cfda3147300a1a096b2dcefdff0a95a05

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-servername: ads.ad4game.com\ 80\ 81
Pragma: no-cache
Date: Mon, 31 May 2021 12:02:36 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
P3P: CP="CUR ADM OUR NOR STA NID"
X-serveraddr: 10.100.0.151
Cache-Control: no-cache, no-store, must-revalidate
X-host: ads.ad4game.com
Connection: close
Content-Type: text/javascript; charset=UTF-8
Expires: 0

GET
H2 200 settings Show response
syndication.twitter.com/ Frame CA3B 257 B
443 B 186ms
135ms Fetch
application/json 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=92c7ec24b483a63421f5d98f6a1e09307e85f521

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fprnt.sc

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

74a68024cd95156e421483199ca2b204cb4c5f30381352cce69a1f5f7338cd8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:35 GMT
content-encoding: gzip
last-modified: Mon, 31 May 2021 12:02:35 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 367abd1238d323a32802ad4e3b912dd71e6f580b1418bb36fb36da2e08292857
content-length: 177

GET
DATA 200
OK truncated
/ 12 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7969e63563915d7fe34fd5c163295defbf48fff366523cde499b383cdb214be0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel;r=616757934;source=choice;rf=0;a=p-n-ZGqfdsg5894;url=https%3A%2F%2Fprnt.sc%2Fo4wwoc;uh=u;uht=u;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=1;gdpr_consent=;ref=;d=prnt.sc;je=0;sr=1600x...
pixel.quantcount.com/ 35 B
210 B 10ms
9ms Image
image/gif 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantcount.com/pixel;r=616757934;source=choice;rf=0;a=p-n-ZGqfdsg5894;url=https%3A%2F%2Fprnt.sc%2Fo4wwoc;uh=u;uht=u;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=1;gdpr_consent=;ref=;d=prnt.sc;je=0;sr=1600x1200x24;dst=1;et=1622462555892;tzo=-120;ogl=site_name.Lightshot%2Ctitle.Screenshot%2Cimage.%2F%2Fst%252Eprntscr%252Ecom%2F2021%2F04%2F08%2F1538%2Fimg%2F0_173a7b_211be8ff%252Epng%2Cdescription.Captured%20with%20Lightshot%2Curl.https%3A%2F%2Fprnt%252Esc%2Fo4wwoc%2Ctype.website

Requested by

Host: prnt.sc
URL: https://prnt.sc/o4wwoc

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 May 2021 12:02:35 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1 200
OK button.5573c974dc31bbdab5ea7923a0bd5cf3.js Show response
platform.twitter.com/js/ 7 KB
3 KB 7ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.5573c974dc31bbdab5ea7923a0bd5cf3.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67A7) /
Resource Hash: e05edf2ae58e3a9f1d2a84d32a8b216fd0aece46f527b58dcbce75255989ea88

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 31 May 2021 12:02:36 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:56:41 GMT
Server: ECS (frb/67A7)
Age: 394889
Etag: "382be2960021b88f6ce982d997cdbd01+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2294

GET
H/1.1 200
OK tweet_button.06c6ee58c3810956b7509218508c7b56.en.html Show response
platform.twitter.com/widgets/ Frame C76F 32 KB
12 KB 6ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.06c6ee58c3810956b7509218508c7b56.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67A7) /
Resource Hash: 483cc9a5ece5c92d5a2f1ea6e92e7f8bc29844a6c06bf36c0349d70334685dc7

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://prnt.sc/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://prnt.sc/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 394889
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 31 May 2021 12:02:36 GMT
Etag: "a87932e0f094e1fb4cced05f7d97ab94+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:47 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67A7)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 12228

GET
DATA 200
OK truncated
/ Frame C76F 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
375 B 140ms
139ms Image
image/gif 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fprnt.sc%2Fo4wwoc%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22light_shot%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1622462556215%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: prnt.sc
URL: https://prnt.sc/o4wwoc

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Mon, 31 May 2021 12:02:36 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 367abd1238d323a32802ad4e3b912dd71e6f580b1418bb36fb36da2e08292857
x-transaction: e47c8c5938237fc0
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 62 KB
21 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: ads.ad4game.com
URL: https://ads.ad4game.com/www/delivery/async-ajs.php?v=1&cb=a4g4422240&h=0&siteurl=https%3A%2F%2Fprnt.sc%2Fo4wwoc&c=UTF-8&z=60918,70076,60916&b=7&x=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc7930c46bc124f85f2f4e68bf9ccd0456d77c48759cd3e301b040e3dcdf57fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "888 / 488 of 1000 / last-modified: 1622153417"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21427
x-xss-protection: 0
expires: Mon, 31 May 2021 12:02:36 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 123 KB
33 KB 78ms
29ms Script
application/javascript 13.226.158.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: ads.ad4game.com
URL: https://ads.ad4game.com/www/delivery/async-ajs.php?v=1&cb=a4g4422240&h=0&siteurl=https%3A%2F%2Fprnt.sc%2Fo4wwoc&c=UTF-8&z=60918,70076,60916&b=7&x=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.158.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-204.dus51.r.cloudfront.net
Software: Server /
Resource Hash: 5b6f3806c04b7c91d2ee5cf8f42b31343a9d33ea62ad9d0506cfa1be078477d3

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 30 May 2021 16:30:52 GMT
content-encoding: gzip
server: Server
age: 70304
etag: 6bda376aea84df42909484ff0d20f22a
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 e5dcf90f3787d486ad40e46070021460.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-version-id: 7iV2kGh8hACCLQM7XX9BldZxc25jPH1q
x-amz-cf-id: W-ksXHU9M8MFarZ_6WAFNcph_6fCWUeSrV30ZtVwMq8z3Ovt3vgQXw==

GET
H/1.1 200
OK bid Show response
ads.ad4game.com/v1/ 5 KB
2 KB 553ms
326ms XHR
application/json 192.207.255.147
AS-MNX

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.ad4game.com/v1/bid?if=0&siteurl=https%3A%2F%2Fprnt.sc%2Fo4wwoc&size=970x90%3B970x90%3B300x250&id=25cc93035588d%3B3878216480caae%3B498c0e487175ef&zoneId=60918%3B70076%3B60916&gdpr=%5Bobject%20Object%5D
Requested by: Host: cdn.ad4game.com
URL: https://cdn.ad4game.com/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.207.255.147 , United States, ASN62821 (AS-MNX, US),
Reverse DNS
Software: nginx /
Resource Hash: 1a019a3624e7868eb18ddc0b8c2ef7a50d26006ad4e05d96c609ead07c1ca366

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 31 May 2021 12:02:36 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://prnt.sc
Transfer-Encoding: chunked
Connection: close
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Application-Context: application:12061

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 24 B
363 B 152ms
97ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=619471&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%225fc6149c647691%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fprnt.sc%2Fo4wwoc%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A3%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allU%22%3A3%2C%22ren%22%3Afalse%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22indexexchange.com%22%2C%22sid%22%3A%22193578%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A1%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22647726647a7f2d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22619471%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22710937557000e9%22%2C%22ext%22%3A%7B%22siteID%22%3A%22619471%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%228e0a6516e8ed31%22%2C%22ext%22%3A%7B%22siteID%22%3A%22610018%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%7D
Requested by: Host: cdn.ad4game.com
URL: https://cdn.ad4game.com/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: bc1d3b1d6637a1573ac4c8b53a4b16feb39d1f7de2b1b480f69ee1d1a7d283dc

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 31 May 2021 12:02:36 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[NL], RC:[], CN:[EU], CIP:[159.48.55.6], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
content-type: application/json
access-control-allow-origin: https://prnt.sc
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 44
x-ak-client-geo: 12
expires: Mon, 31 May 2021 12:02:36 GMT

GET
H2 200 pubads_impl_2021052401.js Show response
securepubads.g.doubleclick.net/gpt/ 309 KB
109 KB 33ms
33ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052401.js?31061298

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

sffe /

Resource Hash

6aa7181afe0bea9dc4e90e1d040c0b27be388088f6a5ec3d195c60229fe3c9b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 May 2021 08:37:29 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110966
x-xss-protection: 0
expires: Mon, 31 May 2021 12:02:36 GMT

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
297 B 134ms
133ms XHR
text/plain 13.226.158.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=852e3ca3-c387-44e4-a5c1-67c46495a8c4&u=https%3A%2F%2Fprnt.sc%2Fo4wwoc
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.158.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-204.dus51.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:36 GMT
via: 1.1 e5dcf90f3787d486ad40e46070021460.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: DUS51-C1
x-cache: Miss from cloudfront
access-control-allow-origin: https://prnt.sc
cache-control: max-age=86087, s-maxage=86400
access-control-allow-credentials: true
x-amz-cf-id: gg1OPhkUIlTZTQLP7up3Yd7xQnUpTj5BLohAt2TTMw5-xbUqa3UebA==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
365 B 57ms
57ms XHR
text/javascript 13.226.158.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fprnt.sc%2Fo4wwoc&pid=IBJYxOXx8b922&cb=0&ws=1600x1200&v=7.65.00&t=2000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22970x90%22%5D%2C%22sn%22%3A%22%2F60257202%2F60918%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22970x90%22%5D%2C%22sn%22%3A%22%2F60257202%2F70076%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F60257202%2F60916%22%7D%5D&cfgv=0&pubid=852e3ca3-c387-44e4-a5c1-67c46495a8c4&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.158.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-204.dus51.r.cloudfront.net
Software: Server /
Resource Hash: 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:36 GMT
via: 1.1 e5dcf90f3787d486ad40e46070021460.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: DUS51-C1
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://prnt.sc
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: qDD2p_GzuKWiWevqkag7GhJ_LrPWXWY1ooEU5auB2LugmzIvSqsp6A==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 75ms
28ms XHR
application/javascript 13.226.158.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.158.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-204.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: eEYYOb32LZFr6yGAi8hXG4401uAIPew2
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 45704
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 07 Apr 2021 05:49:36 GMT
server: AmazonS3
date: Sun, 30 May 2021 23:21:07 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: pp-LqgZ480CZIZEJpJlywCSgGlHYLr7hy9ohtA8xIT4BSmMDntVn_A==

GET
H2 200 like.php
www.facebook.com/plugins/ Frame A95E 0
0 24ms
23ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?action=like&app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2e92d26f7c4e8%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ffc1e012209987%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fprnt.sc%2Fo4wwoc&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=false&size=small&width=100

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=8000c89f20a4fefbe43701bcea2d00c9&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /plugins/like.php?action=like&app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2e92d26f7c4e8%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ffc1e012209987%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fprnt.sc%2Fo4wwoc&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=false&size=small&width=100
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://prnt.sc/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://prnt.sc/

Response headers

pragma: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT
cache-control: private, no-cache, no-store, must-revalidate
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
content-type: text/html;charset=utf-8
x-content-type-options: nosniff
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
x-fb-debug: NsGENpYuyUK71hJWn2hD4fRTeAgD+ojzIiFg2JqwNMwNPSNNHz22H396KlxhPj45b1+8op7rOBeAabikfoCwAA==
content-length: 0
date: Mon, 31 May 2021 12:02:36 GMT
priority: u=3,i
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H2 200 comments.php
www.facebook.com/plugins/ Frame 5842 0
0 25ms
23ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/comments.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df16237be0ea0d9%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ffc1e012209987%26relation%3Dparent.parent&container_width=340&height=100&href=https%3A%2F%2Fprnt.sc%2Fo4wwoc&locale=en_US&migrated=1&sdk=joey&width=NaN&xid=o4wwoc

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=8000c89f20a4fefbe43701bcea2d00c9&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /plugins/comments.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df16237be0ea0d9%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ffc1e012209987%26relation%3Dparent.parent&container_width=340&height=100&href=https%3A%2F%2Fprnt.sc%2Fo4wwoc&locale=en_US&migrated=1&sdk=joey&width=NaN&xid=o4wwoc
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://prnt.sc/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://prnt.sc/

Response headers

report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: text/html;charset=utf-8
x-content-type-options: nosniff
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
content-security-policy-report-only: default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/;
x-xss-protection: 0
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
pragma: no-cache
x-fb-debug: YTsgMO7JRpsvPZRfyxfpwY1IN9l44u7jYJhfAdWT1bYWf6M+CYaSUhPYpYtQwTfsrHLK9uBlZVE0xXm0RlNMDA==
content-length: 0
date: Mon, 31 May 2021 12:02:36 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H2 200 like_box.php Show response
www.facebook.com/plugins/ Frame 82D5 48 KB
15 KB 71ms
70ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfddb08df89699%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ffc1e012209987%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=8000c89f20a4fefbe43701bcea2d00c9&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

73f34e79e46b915c476863d756929f3aeb82ad2c0df24714bb15caf95af5bd25

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfddb08df89699%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ffc1e012209987%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://prnt.sc/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://prnt.sc/

Response headers

cache-control: private, no-cache, no-store, must-revalidate
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
cross-origin-opener-policy-report-only: same-origin-allow-popups;report-to="coop_report"
x-xss-protection: 0
content-encoding: br
x-content-type-options: nosniff
report-to: {"group":"coop_report","max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"include_subdomains":true}
strict-transport-security: max-age=15552000; preload
expires: Sat, 01 Jan 2000 00:00:00 GMT
vary: Accept-Encoding
pragma: no-cache
x-fb-rlafr: 0
content-type: text/html; charset="utf-8"
x-fb-debug: 7a4F+fptWjS/wLuIjoF7qmtTLpvKIfbbLgbrYkHKvH6VSfHutJNE/LlKx7mnGL91a4BD0sRuwR8EkJKfJSHrow==
date: Mon, 31 May 2021 12:02:36 GMT
priority: u=3,i
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H3-29 200 5XdCPi2qnWo.css
www.facebook.com/rsrc.php/v3/yo/l/0,cross/ Frame 82D5 18 KB
5 KB 8ms
6ms Stylesheet
text/css 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3/yo/l/0,cross/5XdCPi2qnWo.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfddb08df89699%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ffc1e012209987%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a0be26a38f4c076a9bee84f35d0e96c0fd2f23cf2f10e056850249d0b678f3c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.facebook.com
Referer: https://www.facebook.com/plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfddb08df89699%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ffc1e012209987%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 30 May 2021 17:06:46 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: fkyVXgd9WOZ2VJ5qvU5hCg==
cross-origin-resource-policy: cross-origin
content-length: 4631
x-fb-rlafr: 0
x-fb-debug: 5bCIeOzakiuAgpS2EAN0rI3regbw8MkFEv2QlzF1Q6oNlREOc5yvcILt2jRVWlCzKLEYKwkNQpjCtNBbi+YTyw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Mon, 30 May 2022 17:06:46 GMT

GET
H3-29 200 ggzcJLJkhSr.css
www.facebook.com/rsrc.php/v3/y2/l/0,cross/ Frame 82D5 3 KB
1 KB 9ms
7ms Stylesheet
text/css 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3/y2/l/0,cross/ggzcJLJkhSr.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b3408a1b744ce1351e9554b861c45480f39e54c059f3b11f4e77f9f13564ba4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.facebook.com
Referer: https://www.facebook.com/plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfddb08df89699%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ffc1e012209987%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 21:31:49 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: ywe+5CCuBA6nTAXpv0OCFQ==
cross-origin-resource-policy: cross-origin
content-length: 1102
x-fb-rlafr: 0
x-fb-debug: nl9zIMcqcteQnWOm3cQ7sSvnzT4T1EQ/zh1xCxE2tQPuCP1E32IlNYiD3mVPuxJmOolNmtWLYkElguw+6F0D+w==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 26 May 2022 21:31:49 GMT

GET
H3-29 200 rRdpQF5MU4a.js Show response
www.facebook.com/rsrc.php/v3/y2/r/ Frame 82D5 293 KB
80 KB 9ms
7ms Script
application/x-javascript 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3/y2/r/rRdpQF5MU4a.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

abb06a0b1c3e20d177c9487ed38d050957aff6039a3c6fa5dfe1e1b92425ec69

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.facebook.com
Referer: https://www.facebook.com/plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfddb08df89699%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ffc1e012209987%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 01:07:44 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: CVgGlvs5c6fw4bV6J57pWw==
cross-origin-resource-policy: cross-origin
content-length: 81394
x-fb-rlafr: 0
x-fb-debug: 4ufP1wk0NFlp6brtAP7FJRBwCIocH3+8jP/DPYw8gXE/RcObvKVNxh3bm4c4vUFTHJuzXXHpIXsruRiRRJsFIg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 27 May 2022 01:07:44 GMT

GET
H3-29 200 l35Ih3ZMabZ.js Show response
www.facebook.com/rsrc.php/v3/y2/r/ Frame 82D5 63 KB
19 KB 13ms
11ms Script
application/x-javascript 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3/y2/r/l35Ih3ZMabZ.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

11d3c19422f3aed2dfb0d718d09bfb98ae6611505bd3cb136ea8efeba4f5444b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.facebook.com
Referer: https://www.facebook.com/plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfddb08df89699%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ffc1e012209987%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 21:21:03 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: c8DhBOu83qeoHdEnVT4k2A==
cross-origin-resource-policy: cross-origin
content-length: 19665
x-fb-rlafr: 0
x-fb-debug: YaY1dZVvCtJhLZGPJJej7E7iDUydouUrL8LKq4h6XtbRhlW+5VNaL93aKPSuRXF2vjoLIN8qrBDJV7VS4RRsyw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 27 May 2022 21:21:03 GMT

GET
H3-29 200 E_Gl3BdgcOh.js Show response
www.facebook.com/rsrc.php/v3iEpO4/yw/l/en_US/ Frame 82D5 126 KB
35 KB 13ms
11ms Script
application/x-javascript 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3iEpO4/yw/l/en_US/E_Gl3BdgcOh.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d09f54d072f2734fc8a3c27ab293e06a10f564a6ae5557d17972cf51d68e19af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.facebook.com
Referer: https://www.facebook.com/plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfddb08df89699%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ffc1e012209987%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 16:53:05 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: igf0WSmG2b+bEy59/WZ4bQ==
cross-origin-resource-policy: cross-origin
content-length: 35958
x-fb-rlafr: 0
x-fb-debug: bmAs+VP8Tm0vJzR8gJmsy5Ozc+7k31YrdItj6qGQvGJTOYBP6nUfe+UkS15Uypa33i9YSNLQhkyy18yRr3z93g==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 26 May 2022 16:53:05 GMT

GET
H3-29 200 IEOQM8FL8ot.js Show response
www.facebook.com/rsrc.php/v3/yr/r/ Frame 82D5 5 KB
2 KB 13ms
12ms Script
application/x-javascript 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3/yr/r/IEOQM8FL8ot.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

908edfa9f7ec9fd5cb6b2159b5cb305d9c2c88601c8bf00a23bb0e96fcea1e21

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.facebook.com
Referer: https://www.facebook.com/plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfddb08df89699%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ffc1e012209987%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 12:53:09 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: mrvV7Xg6Liq29ANLrbPdkw==
cross-origin-resource-policy: cross-origin
content-length: 1630
x-fb-rlafr: 0
x-fb-debug: Bt26QlI9GasaUKkt4arOaxUrX/VvSAGFzMFTfsjor0IspRwKLJ3uDwyx/DAEHov1piYFk+m6Q1iUFiBMbt/oDw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 26 May 2022 12:53:09 GMT

GET
H3-29 200 q3JF3hLjbAD.js Show response
www.facebook.com/rsrc.php/v3/yc/r/ Frame 82D5 2 KB
849 B 13ms
12ms Script
application/x-javascript 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3/yc/r/q3JF3hLjbAD.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ec05ca405d0d682ad632a5e8fb5a05f817734fa108f07bdbff4afaaf6c8f11b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.facebook.com
Referer: https://www.facebook.com/plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfddb08df89699%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ffc1e012209987%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 16:53:01 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 1ETliEs92UIU/fKzQa5sDA==
cross-origin-resource-policy: cross-origin
content-length: 797
x-fb-rlafr: 0
x-fb-debug: WGwBiPkCLA39xetYaOb79Ty0a9v6EalMhtY5P5aACkWuJrensz0pqCiOlbgQztVcx0MxPO7OzGvnp+PtgdH67w==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 26 May 2022 16:53:01 GMT

GET
H2 200 10380207_10152455232975761_8123100998967752904_o.png
scontent-frt3-2.xx.fbcdn.net/v/t31.18172-0/p130x130/ Frame 82D5 36 KB
36 KB 6ms
6ms Image
image/png 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent-frt3-2.xx.fbcdn.net/v/t31.18172-0/p130x130/10380207_10152455232975761_8123100998967752904_o.png?_nc_cat=1&ccb=1-3&_nc_sid=dd9801&_nc_ohc=2nMOTtsgHK0AX95QaXl&_nc_ht=scontent-frt3-2.xx&tp=30&oh=9e8a01e93caac2cf0673395c1742af15&oe=60D8CE64
Requested by: Host: www.facebook.com
URL: https://www.facebook.com/plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfddb08df89699%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ffc1e012209987%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: 7f0c0d5e15ee4b3a06964f2256fc37be30934a62b0e0bf61a00eb0aa47969eb6

Request headers

Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haystack-needlechecksum: 591433749
date: Mon, 31 May 2021 12:02:36 GMT
x-fb-trip-id: 686109401
last-modified: Thu, 22 May 2014 08:24:07 GMT
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: X-FB-CEC-Video-Limit
cache-control: max-age=1209600, no-transform
cross-origin-resource-policy: cross-origin
x-needle-checksum: 1994070467
x-fb-config-version-olb-prod: 1109
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 37042

GET
H2 200 277895_10151200062570761_1904128644_o.jpg
scontent-frt3-2.xx.fbcdn.net/v/t31.18172-1/cp0/p50x50/ Frame 82D5 1 KB
1 KB 7ms
7ms Image
image/jpeg 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent-frt3-2.xx.fbcdn.net/v/t31.18172-1/cp0/p50x50/277895_10151200062570761_1904128644_o.jpg?_nc_cat=1&ccb=1-3&_nc_sid=dbb9e7&_nc_ohc=T3CX9JAAkwgAX-s5ww-&_nc_ht=scontent-frt3-2.xx&tp=27&oh=82e1cda451637e844d8abb5a9b462838&oe=60DB562D
Requested by: Host: www.facebook.com
URL: https://www.facebook.com/plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfddb08df89699%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ffc1e012209987%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: fe0b009af4d6be99bb24436d2b2c67706fa3698e059d8df3bfa9f9c8857b42ae

Request headers

Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haystack-needlechecksum: 3015587832
date: Mon, 31 May 2021 12:02:36 GMT
x-fb-trip-id: 686109401
last-modified: Wed, 22 Aug 2012 00:00:00 GMT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: X-FB-CEC-Video-Limit
cache-control: max-age=1209600, no-transform
cross-origin-resource-policy: cross-origin
x-needle-checksum: 1162695912
x-fb-config-version-olb-prod: 1112
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1288

GET
H3-29 200 ApcBOUT5FoS.png
www.facebook.com/rsrc.php/v3/y_/r/ Frame 82D5 573 B
623 B 7ms
6ms Image
image/png 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/rsrc.php/v3/y_/r/ApcBOUT5FoS.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/rsrc.php/v3/yo/l/0,cross/5XdCPi2qnWo.css?_nc_x=Ij3Wp8lg5Kz

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

641e03dfeee60c05e0794bace5fc58d2fba409fee529a114459e44cee0d9d069

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/rsrc.php/v3/yo/l/0,cross/5XdCPi2qnWo.css?_nc_x=Ij3Wp8lg5Kz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fb-debug: w/fMw0DrZxMGtf9Rccu7AJFTGyVkaSrXrJYBtFb9Rae0RW9TqOQo46iFEoGQpGDqHpN1xqeFzUfMy6Ol1QGAYg==
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: Y/eW3MWFNJnkcpEqoXzG3Q==
date: Fri, 28 May 2021 23:34:54 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
priority: u=3,i
timing-allow-origin: *
content-length: 573
x-fb-rlafr: 0
expires: Sat, 28 May 2022 23:34:54 GMT

GET
H3-29 200 SohvyHf9bqU.js Show response
www.facebook.com/rsrc.php/v3/yR/r/ Frame 82D5 7 KB
2 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3/yR/r/SohvyHf9bqU.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/rsrc.php/v3/y2/r/rRdpQF5MU4a.js?_nc_x=Ij3Wp8lg5Kz

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d175d400e6415cd2d5a76e744971ca96e79124b57fe873d184b93837d9dfe681

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.facebook.com
Referer: https://www.facebook.com/plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfddb08df89699%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ffc1e012209987%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 12:53:09 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: riaa4M39g865Cd4IB5wjSA==
cross-origin-resource-policy: cross-origin
content-length: 2093
x-fb-rlafr: 0
x-fb-debug: 1J1lDMj/XZlK2RvzerRJfRP37+2Ki3J8Twf0svLkfQzk9ZeO4oQpPPw5n97uErvhekIuMRn1x/r6KVWVxy7jBA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 26 May 2022 12:53:09 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 17ms
16ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=prnt.sc

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052401.js?31061298

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 31 May 2021 12:02:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 15ms
15ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=prnt.sc

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052401.js?31061298

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 31 May 2021 12:02:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 93 KB
31 KB 690ms
686ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=556579552043843&correlator=2579342723500517&output=ldjh&impl=fifs&eid=31060437%2C31061298%2C31061180%2C44743002&vrg=2021052401&ptt=17&gdpr=1&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210531&iu_parts=60257202%2C60918%2C70076%2C60916&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=970x90%2C970x90%2C300x250&prev_scp=amznbid%3D2%26amznp%3D2%26hb_format_a4g%3Dbanner%26hb_source_a4g%3Dclient%26hb_size_a4g%3D970x90%26hb_pb_a4g%3D0.04%26hb_adid_a4g%3D25cc93035588d%26hb_bidder_a4g%3Da4g%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D970x90%26hb_pb%3D0.04%26hb_adid%3D25cc93035588d%26hb_bidder%3Da4g%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%26hb_format_a4g%3Dbanner%26hb_source_a4g%3Dclient%26hb_size_a4g%3D300x250%26hb_pb_a4g%3D0.01%26hb_adid_a4g%3D498c0e487175ef%26hb_bidder_a4g%3Da4g%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D300x250%26hb_pb%3D0.01%26hb_adid%3D498c0e487175ef%26hb_bidder%3Da4g&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1622462556&dt=1622462556919&dlt=1622462555628&idt=791&frm=20&biw=1600&bih=1200&oid=3&adxs=315%2C315%2C315&adys=70%2C448%2C570&adks=1432691387%2C3120184932%2C4042975291&ucis=1%7C2%7C3&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fprnt.sc%2Fo4wwoc&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x90%7C970x90%7C300x250&msz=970x-1%7C970x-1%7C300x-1&ga_vid=1411310593.1622462556&ga_sid=1622462557&ga_hid=948761665&ga_fc=false&fws=0%2C0%2C0&ohw=0%2C0%2C0&btvi=0%7C0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052401.js?31061298

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

9e116fbacdd49f4786ad3f0753be61b1df9444103efa9400cfd7e798ae9d0f43

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMOC-4Lw8_ACFTOGgwcdxjQObQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/10254323191026231966/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMOC-4Lw8_ACFTOGgwcdxjQObQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/10254323191026231966/index.html
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
google-creative-id: -2,-1,-1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32175
x-xss-protection: 0
google-lineitem-id: -2,-1,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
date: Mon, 31 May 2021 12:02:37 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://prnt.sc
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 31ms
13ms Other
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052401.js?31061298
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ 0
0 9ms
6ms Other
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052401.js?31061298
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 container.html Show response
ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BA11 6 KB
3 KB 21ms
6ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052401.js?31061298

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://prnt.sc/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://prnt.sc/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 31 May 2021 12:02:36 GMT
expires: Tue, 31 May 2022 12:02:36 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 96F2 6 KB
3 KB 17ms
7ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052401.js?31061298

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://prnt.sc/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://prnt.sc/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 31 May 2021 12:02:36 GMT
expires: Tue, 31 May 2022 12:02:36 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052401.js?31061298

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f359cea41f7e97a585f44c7c318c4f2314b2981060da1623e39d8d348ff9150

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622028727180027"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27990
x-xss-protection: 0
expires: Mon, 31 May 2021 12:02:37 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 22ms
22ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021052401&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052401.js?31061298

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f5b2f01b338396048ec248adcadfe523eef65677edcacad842dc3ecc828fba2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 31 May 2021 12:02:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7645
x-xss-protection: 0

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/ Frame A0E6 11 KB
3 KB 18ms
17ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/index.html

Requested by

Host: prnt.sc
URL: https://prnt.sc/o4wwoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80db7ea4112976afd9bbeb9173427bfc0a90acbe1e969c3797a58f3e034cb2f2

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/10254323191026231966/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3307
date: Sat, 29 May 2021 08:01:23 GMT
expires: Sun, 29 May 2022 08:01:23 GMT
last-modified: Tue, 12 May 2020 12:47:50 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 187274
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame BA11 0
0 38ms
36ms Fetch
text/html 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CRidnXNC0YMPkO7OMjuwPxum46AbiycjCYPC1oZGgC9rZHhABIKKZoRxgkYSghYwYoAG0tuX7AsgBCakC2tqn4Hx0tD7gAgCoAwHIAwiqBMYBT9BZ9IEQI0o2nKzGekIkTrkhl2Yw2yz6hIGYC5M6m1qOjGZyfoN6wu2mhziH1yJHQbTNinwVPbFLq8UKIGXO8d3tfQTSr7NRNIjWsileQfpbZJ0umYGn4cnkqgVgpSQo-gbSgfwrz99f0W9biTTQrS0PrbzuKnnFuchTdvWQGVcgAnfLgg3gJ24Ub6IMB9XxehY9KVGr7MeUxZxirbZ96-ydP4hBfyG5PC9jUZ9jbzDGd1QYjON6Us3ypr-90RxNaMJcw0k5wATts8DD7wHgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHtMmahAGoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQ1PUG0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi02NjUwMDE2MjEyNDgwOTkxgAoDyAsB2BMN0BUBgBcBshcaChgIABIUcHViLTEyMzIyNjUzOTk0MTczMDI&sigh=wzkVi5I0odI&template_id=419
Requested by: Host: prnt.sc
URL: https://prnt.sc/o4wwoc
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s22-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/ Frame BA11 17 KB
7 KB 14ms
10ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/abg_lite_fy2019.js

Requested by

Host: ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com
URL: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4cc755a99349527933df50f5338a02d972da947a4c25f4a5309f4545ddc40ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 11:53:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 522
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7025
x-xss-protection: 0
server: cafe
etag: 8821855511435206686
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 14 Jun 2021 11:53:55 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame BA11 2 KB
1 KB 23ms
19ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/window_focus_fy2019.js

Requested by

Host: ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com
URL: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:00:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 126
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 14 Jun 2021 12:00:31 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BA11 121 KB
37 KB 20ms
17ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com
URL: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e45ca14bc59eff23fa77a56b5a047910b4bb21832fb69ef9308c3e16caabbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:37 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1622028738751036"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37763
x-xss-protection: 0
expires: Mon, 31 May 2021 12:02:37 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame BA11 13 KB
6 KB 21ms
17ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com
URL: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 36
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1319581658596578636
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 14 Jun 2021 12:02:01 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame BA11 0
0 18ms
15ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQLMSlBsxi8w7J9Nxfnk6VQNYuGG1_EkwGU0VoJguwu0oQWStWNVhmPwREv07sjEiUOM6hAeJn8kiN0zh0QA-Pal6KZTw
Requested by: Host: ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com
URL: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052401.js?31061298

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 31 May 2021 12:02:37 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame E308 624 B
584 B 21ms
18ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIikNxCnheACGMmYy50BMAE&v=APEucNXLa-AlvlRPxvhaSIMhF2mtT5S0R1egyzcvSPsiyOdNYT7YW-nzfx2Hcfu5nrovGp8vsfpA_QQD8v0c4aYmMiznf6YhcHsyg3O3amKRlNwzWWz885wuI50wc8ZrpQhdz_4qZF7ylngrBIAnMgAu7wt4-sQUtp8oYRQomeEnlos8pzUaLPg

Requested by

Host: ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com
URL: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CIikNxCnheACGMmYy50BMAE&v=APEucNXLa-AlvlRPxvhaSIMhF2mtT5S0R1egyzcvSPsiyOdNYT7YW-nzfx2Hcfu5nrovGp8vsfpA_QQD8v0c4aYmMiznf6YhcHsyg3O3amKRlNwzWWz885wuI50wc8ZrpQhdz_4qZF7ylngrBIAnMgAu7wt4-sQUtp8oYRQomeEnlos8pzUaLPg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 31 May 2021 12:02:37 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUlSS6Ua_GCbh4cErc21tbEPfoElJOEwh0F2Yh1bU_9nXuz6dtcc5OfLRh82; expires=Sat, 25-Jun-2022 12:02:37 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 31 May 2021 12:02:37 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 96F2 42 KB
21 KB 36ms
33ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AZX2unVzSwwK1cyNnFTGuMDwt3ZZ8HCbudkxjemvpdBkO0PEN1W9ek103cdliAF_c_MxKwJ5F9Fr2iigqe8kZKPjhYtbPgkjI-X6dMuv0QRCVYAuVtiuwTnhj53sRz_LQ_n2m1ASCdkIaXyn_U9095cb4fxQ&dbm_d=AKAmf-BdOFZEZXA2mF84Q_-cW3-5GzijNyJApoZ_XQ0Q45qUKuprIvd07GxRU7DTrbjvLUhSYk7-hCclJqHJwafpPamRirjhRLpVwGGckT9edXpPBx4fkiy-spqxI9Sj6Bwrj8EQrrYcxqOs0SSSWiQaXD7RDQE0FkBX6PqcaCk450mpoxbOiNNYwq9a6ZEf2o9hSHFIBO4gtuzS_auYk6wDaTm7ONb_nRZNQ8qMC8ke1y_f8mW-FrLI9sl-9CjuzFylcsxTjnk7Alfe5XW88Q4eo1CZuMJsya4VhT-KGupUAs4948Tw2JCiw8oPWbxSGrzPCfsnkyLuzMs1efDmNHRBDiRujvYda6Aho29VnuetoSMwvgxdMFnYjV2K7AX-6mijBSX44OPziD9-hkDNXahqH30zgAJ3L_Aph5YFVEX2rBIgHlk6896EXeqZ-SUQ4yXwbMgCIC6Bop9fGxCrX9I6uYqn4HNrkrykHfcJGCDhMBiNnyY8_vTE-9u4kOqFMWViCHdJkaLVUVTMbTGa5CTTOOZ95FhuQ_6-McsySYEajyJKxllKvOO2gcgIBhXQLl3d-y4M60nDHNd4HB9tI46nYPjL9cINqf0Zi4U-XFi4-YVcNtpp53bf69NEiAh0OT6O35OmcJ_NpN3xQ0EUOiOWUMOl1sL--y36bmSwEVdIh9oCe19UpehgUy-PDgX7HDBtRCahpUyB0kv56GlCEGSN4ltELyTOhvUL71fyZI8IutZ-8fzqqd8qagCEb70fKHQAjKax4aDg6kTP_17aZv2IQVOzYZhdOzbzr_Vq4M7PmPAuQHfUTv2bMNGUi68ZB_kr5aK6Jskz7weyNufdvTWM9R5Zu_p1weXlhZCRyK-oVpHOsLVb7cQbG_PpNdXSyI_C7Uj-d0r2QEZDyFEZYaVMaH2gGLQh8MKhtC0cjNmhbhjmsuU4DauppTm3MfxIv03YATMI8lac2IcOoIB6oUhnj--e9CkEB1V0dtBPX8G2O1ZXQqFq_WOMEGwdKHtUKVqL9dci5bexkcSifKxdvPlyJjQc1Ek_oUwHQ4hy2jE1ek10Hc5F2Lz0oKCh9Dlio6-rm7K2WLT9jvsgmajwA3uOuMPcrWQTpa4fqrFGytUCrFIH_lG5BL_AvCCeHw0mJta1kACoNq-6hIckE0h6StwXlmwmFS9j5Ld8a1BhWfSXIvRIR5-zcn3o84WvPRQajmLaTtmSq7bNbHUFdqaei0SsCn4O6KSrng6sZBNgW8bKGhxNr6procJDfH2Ts_xBzhM_Z2Bp_NAI7N5acPsvSapHAwpg2V_hL0aDuZp4JyBq3-4EOmmW2WI4DtFIgTBbTv37-jHZFMkavGnZiH0a5qXX4mX9i3b-FmIp0Y218CZp3BMX3zN5V1z3rXscKLB66HdKQhXufmmIFtMAhskf7awt6EO9nuYClxBr9wNg1psnHDCDiOn3Nwq-iHXU8ANGoXE7_0CVKBxwA16SZ8Ih5xX84oHmug5XU6t-hlZxD0TZhQjVaBIctTJ74oQfZH9ZRKOGJIHAX4nP0U47KwVAFvS9OXfNPzIfVthhprbI60sS2a1Xbs1TSID2f4-KutQwpC7Wgl1etN19drYexoN4pZGFFwY1LulLT3jc03dDSxXQIgNSo72qZYF8wTXEl9uvpkusbV2diZurPZqRJYkORsW3EVN4X6jdz3SdMQ3qn-mZaOL43io5to4WacNcz7KlOYwdWZwd8eegykpncJpM31X2J8PS9sWnHN168-HTObrXxdeT9p-vZe0uLD16MCJX_9QvjTaSJ7Q_pj6UGER9NYAiJUfHrnkiRgLXit24BqPNalAV5hIb73MiJ-o3z5_gHX6BwthgW-16UBEdwUp4oDh2R98T2LdrP6VvsiyFAV1rpzbvaSv-Tg3P_1g1kZGUc0lhhCRxJvZVFJ4VYJ2rYDLKKmqX1IoTiwwqVbQFf4-eSiLYll8BbBINnZ_IWkgGYmAJ5pujnKDY8mR7x0DPvaNs9MQqgLoClkocpVhxRTq8QmM6uQcG6rhi6Wpm4vGKghGMSVsZLdvv4Aacd3HALNLNaGTXZ1uXBHssXqzEIVQS_t0tdpM8_clD9X6e5mhhGtOeVV59wSOzdFpNOXuTh9wSn-2cqZh6qEdeeBawAQBMsvl_a2QYTtGjY0EkgKpfGwBcDlZhZbjqI4fANO9PXQH1lYZ0P0TM1MKYXumOFoVs6ywPUoUYsfG2T-v4wY8g44tV3WY3HsLFH_KxQ-C8RpwbcX7kI1mdk98z6XD-Ka7v_n2JAGaVeCJBwdPXkOovDZWdAy-ax9z-sgt27GDBKIzjPTlwHMV_oR_ODjADcLVQ0w55X21O8M86Ao3PqCdzuWMibfmkzOOjhVm9mcSbqcd9q9hP8o3Rm8wxJyn3RzEdtyyBtiw5ZSWAlRQZnUFVAdgXioJu0gaOkdx63zoc7j80Nxe1ePJmm_zKGrcCVELPNmzDtVQsgHTmMCjwq6ygLN4Y4kAYCTYp70itPUvt7S4nObmG6KWhHuhHqv_o7y_mq6658OtXqGeQcnFdbO8W4NwNpqcuot8ZQWdIkSSaNwuz6YHEmDZDokYQb5wEYJIehuM9EIFubj__h6Pf2LkgZATQq-V6sGn7p-XX8OIYNE_ses68L-podGBHh2b6mhDD8krpNcUD2I3Cu2RWzR0WPs2CK4QxHAgZbEksT3jSvJf7bKXG3PQDbfx20PUWJ0zKovFwExaeGbplAIghaor2hRMeX_JUe7hrxAd8HBiKysubhX70P6AcxK129wfeWcjxHuC6v5ZqEdFc5prQ4JR0kf68CJQPPLM97_NajUzpgVPiBEtht1hwzERb8_SwNynRmCMJLlEpo33seu7QncyyDF1ldoKxop9iQOYwEvqXzy7k3uwKR5A40zENMBJhT5giSzCel85ojRvof5y_rkwOtNOFyFPIseQmITYrd1OdAcbTAhBpIeju3dwmaVYgGf8whCY-2FXBuEVrX1pA8064joTfP7CUgD1ZGlaue_VcJemMlgc7uGKRPz1mZH0ClXlPXfF46s_oM3IhhWesq0O1cGD4boUbn_20n7BMBYonWVOvNgMPPFnqAw&cid=CAASFeRoz6cc1ovuFrbYDVffDFJeN4cQbQ&rfl=1%2Chttps%253A%252F%252Fprnt.sc%252F%240

Requested by

Host: prnt.sc
URL: https://prnt.sc/o4wwoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0fc2cbd615e2fef6acc9120e55d10b87db2988b3963e7415835acd5a67091a55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 May 2021 12:02:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20683
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 96F2 42 B
63 B 84ms
78ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BcdBhRVLHsChSGaowRiW1d1dO96cbnaGuZjRovN_lPFjgW_494SA17G6iPUMT1TXkpWoN4SDQLHHhkUk5au8gYW5DcysB0OA8tBWpUHmO-uPB-5uU

Requested by

Host: ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com
URL: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 May 2021 12:02:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 96F2 2 KB
1 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/window_focus_fy2019.js

Requested by

Host: ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com
URL: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:00:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 126
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 14 Jun 2021 12:00:31 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 96F2 121 KB
37 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com
URL: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e45ca14bc59eff23fa77a56b5a047910b4bb21832fb69ef9308c3e16caabbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:37 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1622028738751036"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37763
x-xss-protection: 0
expires: Mon, 31 May 2021 12:02:37 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 96F2 13 KB
6 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com
URL: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 36
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1319581658596578636
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 14 Jun 2021 12:02:01 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 96F2 0
0 14ms
13ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSBbqO51zlb-otDNWo7Zcezn8JEMGGavEWb-lhS6Tz8DTRKRnFB4qaExs85dI8m8Fe-3x0eGMdR5wsuPdgVnUQluAhldw
Requested by: Host: ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com
URL: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B893 143 B
163 B 15ms
13ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com
URL: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlJtHLpH9eOAMelW-1-p7EaHtabJ87NOzScJQKal8-roCIL3_bSR7Wy89KJJQ4
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 31 May 2021 11:57:10 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 327
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame BA11 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: edf9aa6a19a073e0a3fa31c08f1b2f9fa744d61ad7a464a829142bc7db41a0b5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame BD2A 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://prnt.sc/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://prnt.sc/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 31 May 2021 11:58:21 GMT
expires: Tue, 31 May 2022 11:58:21 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 256
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 01B2 783 B
532 B 27ms
23ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

81b41a2c8e9ec80197d6488d58ac6436e8442fe548dfd255701e393023b67c27

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ne3BWk3o8dQQnKfvvMkLYQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://prnt.sc/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://prnt.sc/

Response headers

expires: Mon, 31 May 2021 12:02:37 GMT
date: Mon, 31 May 2021 12:02:37 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-ne3BWk3o8dQQnKfvvMkLYQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame A0E6 9 KB
3 KB 11ms
8ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 03:57:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29136
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 01 Jun 2021 03:57:01 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame A0E6 26 KB
10 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 30 May 2021 18:54:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61677
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 31 May 2021 18:54:40 GMT

GET
H3-29 200 07e4a959edabae9ae7b5363e7e2ee4a7.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/ Frame A0E6 68 KB
18 KB 11ms
9ms Script
application/x-javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/07e4a959edabae9ae7b5363e7e2ee4a7.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36bdd71be72716b255eb90aa7e9b1fc5501d090a684befdd91f095d311830f7b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 9036
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18120
x-xss-protection: 0
last-modified: Tue, 12 May 2020 12:47:50 GMT
server: sffe
date: Mon, 31 May 2021 09:32:01 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 31 May 2022 09:32:01 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210524/r20110914/ Frame 96F2 22 KB
8 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210524/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AZX2unVzSwwK1cyNnFTGuMDwt3ZZ8HCbudkxjemvpdBkO0PEN1W9ek103cdliAF_c_MxKwJ5F9Fr2iigqe8kZKPjhYtbPgkjI-X6dMuv0QRCVYAuVtiuwTnhj53sRz_LQ_n2m1ASCdkIaXyn_U9095cb4fxQ&dbm_d=AKAmf-BdOFZEZXA2mF84Q_-cW3-5GzijNyJApoZ_XQ0Q45qUKuprIvd07GxRU7DTrbjvLUhSYk7-hCclJqHJwafpPamRirjhRLpVwGGckT9edXpPBx4fkiy-spqxI9Sj6Bwrj8EQrrYcxqOs0SSSWiQaXD7RDQE0FkBX6PqcaCk450mpoxbOiNNYwq9a6ZEf2o9hSHFIBO4gtuzS_auYk6wDaTm7ONb_nRZNQ8qMC8ke1y_f8mW-FrLI9sl-9CjuzFylcsxTjnk7Alfe5XW88Q4eo1CZuMJsya4VhT-KGupUAs4948Tw2JCiw8oPWbxSGrzPCfsnkyLuzMs1efDmNHRBDiRujvYda6Aho29VnuetoSMwvgxdMFnYjV2K7AX-6mijBSX44OPziD9-hkDNXahqH30zgAJ3L_Aph5YFVEX2rBIgHlk6896EXeqZ-SUQ4yXwbMgCIC6Bop9fGxCrX9I6uYqn4HNrkrykHfcJGCDhMBiNnyY8_vTE-9u4kOqFMWViCHdJkaLVUVTMbTGa5CTTOOZ95FhuQ_6-McsySYEajyJKxllKvOO2gcgIBhXQLl3d-y4M60nDHNd4HB9tI46nYPjL9cINqf0Zi4U-XFi4-YVcNtpp53bf69NEiAh0OT6O35OmcJ_NpN3xQ0EUOiOWUMOl1sL--y36bmSwEVdIh9oCe19UpehgUy-PDgX7HDBtRCahpUyB0kv56GlCEGSN4ltELyTOhvUL71fyZI8IutZ-8fzqqd8qagCEb70fKHQAjKax4aDg6kTP_17aZv2IQVOzYZhdOzbzr_Vq4M7PmPAuQHfUTv2bMNGUi68ZB_kr5aK6Jskz7weyNufdvTWM9R5Zu_p1weXlhZCRyK-oVpHOsLVb7cQbG_PpNdXSyI_C7Uj-d0r2QEZDyFEZYaVMaH2gGLQh8MKhtC0cjNmhbhjmsuU4DauppTm3MfxIv03YATMI8lac2IcOoIB6oUhnj--e9CkEB1V0dtBPX8G2O1ZXQqFq_WOMEGwdKHtUKVqL9dci5bexkcSifKxdvPlyJjQc1Ek_oUwHQ4hy2jE1ek10Hc5F2Lz0oKCh9Dlio6-rm7K2WLT9jvsgmajwA3uOuMPcrWQTpa4fqrFGytUCrFIH_lG5BL_AvCCeHw0mJta1kACoNq-6hIckE0h6StwXlmwmFS9j5Ld8a1BhWfSXIvRIR5-zcn3o84WvPRQajmLaTtmSq7bNbHUFdqaei0SsCn4O6KSrng6sZBNgW8bKGhxNr6procJDfH2Ts_xBzhM_Z2Bp_NAI7N5acPsvSapHAwpg2V_hL0aDuZp4JyBq3-4EOmmW2WI4DtFIgTBbTv37-jHZFMkavGnZiH0a5qXX4mX9i3b-FmIp0Y218CZp3BMX3zN5V1z3rXscKLB66HdKQhXufmmIFtMAhskf7awt6EO9nuYClxBr9wNg1psnHDCDiOn3Nwq-iHXU8ANGoXE7_0CVKBxwA16SZ8Ih5xX84oHmug5XU6t-hlZxD0TZhQjVaBIctTJ74oQfZH9ZRKOGJIHAX4nP0U47KwVAFvS9OXfNPzIfVthhprbI60sS2a1Xbs1TSID2f4-KutQwpC7Wgl1etN19drYexoN4pZGFFwY1LulLT3jc03dDSxXQIgNSo72qZYF8wTXEl9uvpkusbV2diZurPZqRJYkORsW3EVN4X6jdz3SdMQ3qn-mZaOL43io5to4WacNcz7KlOYwdWZwd8eegykpncJpM31X2J8PS9sWnHN168-HTObrXxdeT9p-vZe0uLD16MCJX_9QvjTaSJ7Q_pj6UGER9NYAiJUfHrnkiRgLXit24BqPNalAV5hIb73MiJ-o3z5_gHX6BwthgW-16UBEdwUp4oDh2R98T2LdrP6VvsiyFAV1rpzbvaSv-Tg3P_1g1kZGUc0lhhCRxJvZVFJ4VYJ2rYDLKKmqX1IoTiwwqVbQFf4-eSiLYll8BbBINnZ_IWkgGYmAJ5pujnKDY8mR7x0DPvaNs9MQqgLoClkocpVhxRTq8QmM6uQcG6rhi6Wpm4vGKghGMSVsZLdvv4Aacd3HALNLNaGTXZ1uXBHssXqzEIVQS_t0tdpM8_clD9X6e5mhhGtOeVV59wSOzdFpNOXuTh9wSn-2cqZh6qEdeeBawAQBMsvl_a2QYTtGjY0EkgKpfGwBcDlZhZbjqI4fANO9PXQH1lYZ0P0TM1MKYXumOFoVs6ywPUoUYsfG2T-v4wY8g44tV3WY3HsLFH_KxQ-C8RpwbcX7kI1mdk98z6XD-Ka7v_n2JAGaVeCJBwdPXkOovDZWdAy-ax9z-sgt27GDBKIzjPTlwHMV_oR_ODjADcLVQ0w55X21O8M86Ao3PqCdzuWMibfmkzOOjhVm9mcSbqcd9q9hP8o3Rm8wxJyn3RzEdtyyBtiw5ZSWAlRQZnUFVAdgXioJu0gaOkdx63zoc7j80Nxe1ePJmm_zKGrcCVELPNmzDtVQsgHTmMCjwq6ygLN4Y4kAYCTYp70itPUvt7S4nObmG6KWhHuhHqv_o7y_mq6658OtXqGeQcnFdbO8W4NwNpqcuot8ZQWdIkSSaNwuz6YHEmDZDokYQb5wEYJIehuM9EIFubj__h6Pf2LkgZATQq-V6sGn7p-XX8OIYNE_ses68L-podGBHh2b6mhDD8krpNcUD2I3Cu2RWzR0WPs2CK4QxHAgZbEksT3jSvJf7bKXG3PQDbfx20PUWJ0zKovFwExaeGbplAIghaor2hRMeX_JUe7hrxAd8HBiKysubhX70P6AcxK129wfeWcjxHuC6v5ZqEdFc5prQ4JR0kf68CJQPPLM97_NajUzpgVPiBEtht1hwzERb8_SwNynRmCMJLlEpo33seu7QncyyDF1ldoKxop9iQOYwEvqXzy7k3uwKR5A40zENMBJhT5giSzCel85ojRvof5y_rkwOtNOFyFPIseQmITYrd1OdAcbTAhBpIeju3dwmaVYgGf8whCY-2FXBuEVrX1pA8064joTfP7CUgD1ZGlaue_VcJemMlgc7uGKRPz1mZH0ClXlPXfF46s_oM3IhhWesq0O1cGD4boUbn_20n7BMBYonWVOvNgMPPFnqAw&cid=CAASFeRoz6cc1ovuFrbYDVffDFJeN4cQbQ&rfl=1%2Chttps%253A%252F%252Fprnt.sc%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e515f6e09f5e26caff10460e9a027e236ec78caffaa756799730b20f4d33320

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 11:58:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 232
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8609
x-xss-protection: 0
server: cafe
etag: 7365582700020686358
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 14 Jun 2021 11:58:45 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210524/r20110914/elements/html/ Frame 96F2 8 KB
3 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210524/r20110914/elements/html/omrhp.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:00:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 151
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 14 Jun 2021 12:00:06 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 96F2 0
575 B 132ms
71ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuuidIHMOn5p4dz0vL9btIubW_fvD1z3USOD_OxVmT0-FSUJN9B9cNJmDpVTwcSERrmASWMlCdUkTjtqiQbf_YhQmqwINkT-lBz1aYtRXtA4kpAC47JE-cvMDT31z36JvfNFQisDQxsHKZjSWDsZWB_QzThLSwaHB-kVOqlvQtG61n3CW6pnUh0c49V_Q3sBMLlh8vdCnLAfDZkQ9fGiQmmdB6fHWot9-WpunFAKHJ_c2iv0kzAQPg-o-pV7Dn9_s-cP6WnD7le51Ex8_y2C7bFsyoGZSDJfvEhrrn1Cz5xNn5incQo9BbndI_vt1EmrgvRcvuYsf6B8MuoF8cMb2UZqtwMM1iGBGjbh0wcnDnD0j5iUOkI5KAcu3vbBRAuWH_mfFef-Nx_874K1N9REEGGVXG-a4GZRBQp2uQfbIJCAT5qQ5_kcmNOzT9XOC99JOpa7Xub4BmtH4quhwACatp4C0ubmkbS3irSwrcmH0v1kPxdymEQ9Qorz8wWKFETG1Mfb362kQyjVuKcmvGN2HZX5KOsRpLCRw8QTGTdhDY9GyGv0X_X98EcoEIrSmkrqGrvktsrzTHMuZNIGdaT8feBca8lnkIqhqVLXgTXNbpJsm-mvr5gpCs7aVyU8Sn3y-_vewDlFtk05HePic48CoRysU7p7bigsawdVE-p7wI9XaVxFoLO8lepANWAM78VNE9KoPEgLSDI5N8_L7PTog1Q-Kt2p27yINATaaR1dhUhNyDUVaTVPHujM2rsIcoH1jp8H6lDqIBPuvM3NWNoBe5w8TuXN3-m0ZsePYhc3q_I1_5uxxCXxoVVcm3LIDW5RSLHnf1yzYjWEImRC16YcdkonEu0oXwF5WCsKk_SLN-Qt-Da9JqAa75nLRsIhf35gFhoR02cW1aIF90foyuHIMQ3FfV-yHB6s8SnqdzYfzC5PvtmIvXq-fHqPsKeoRI1Cv7J8nfuiWIu5-ZiiGL717GWCci3-IIkA29i-fw-gbKr3C0J2t26GG9qhzqaZLXLIDWyqLxu3YHtt7MhFw3IIqIrdtjzXpiM5HKNZd5AX7MvUWnI_vWnIBksD-jP1fKoUifrMteE5g2qoRDUxl9Pe_C-GOcUHeda5tGl0e9fjYwEvl_yETJ2Wom3lZ8nNxRJRqdjE3djQ4qrZtj733EoXtDSGC9J&sai=AMfl-YRymDsdU7kOq1jAh8AUMuzxupnVn5zc6SjfVKLpvQXg-mgRh43z38s006xl8aZSB_K2SZAhI4JHuGxhf5z9wdqO0Xocv6rZUsRuxNy5tzGs1BnhjaiZehkjJW9wGXcIkxxWWFf1D8z4WLlH9KWmbTXlGlYtcTzLQsK34FE&sig=Cg0ArKJSzMpakzc3a8fyEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=0&cbvp=1&cstd=0&cisv=r20210524.16144&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 31 May 2021 12:02:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 96F2 41 KB
15 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 30 May 2021 16:00:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72119
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 30 May 2022 16:00:38 GMT

GET
H2 200 300x250.jpg
s0.2mdn.net/8841295/ Frame 96F2 75 KB
76 KB 9ms
7ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8841295/300x250.jpg

Requested by

Host: ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com
URL: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44700f9e39f3b7b7900e491ceedc60f6eb484a72c804a6a69b03bf4991898a37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 04:41:29 GMT
x-content-type-options: nosniff
last-modified: Thu, 11 Feb 2021 11:34:31 GMT
server: sffe
age: 26468
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 77288
x-xss-protection: 0
expires: Tue, 01 Jun 2021 04:41:29 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E308
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOL4ibtwvJ5h-03pgrXg_YE&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOL4ibtwvJ5h-03pgrXg_YE&google_cver=1&C=1

43 B
1014 B

122ms
122ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOL4ibtwvJ5h-03pgrXg_YE&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIikNxCnheACGMmYy50BMAE&v=APEucNXLa-AlvlRPxvhaSIMhF2mtT5S0R1egyzcvSPsiyOdNYT7YW-nzfx2Hcfu5nrovGp8vsfpA_QQD8v0c4aYmMiznf6YhcHsyg3O3amKRlNwzWWz885wuI50wc8ZrpQhdz_4qZF7ylngrBIAnMgAu7wt4-sQUtp8oYRQomeEnlos8pzUaLPg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 31 May 2021 12:02:38 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 31 May 2021 12:02:38 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 31 May 2021 12:02:38 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOL4ibtwvJ5h-03pgrXg_YE&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Mon, 31 May 2021 12:02:38 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E308
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YLTQXWAy99dm8zA6s4JpHgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOL4ibtwvJ5h-03pgrXg_YE&google_cver=1

43 B
894 B

90ms
90ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOL4ibtwvJ5h-03pgrXg_YE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIikNxCnheACGMmYy50BMAE&v=APEucNXLa-AlvlRPxvhaSIMhF2mtT5S0R1egyzcvSPsiyOdNYT7YW-nzfx2Hcfu5nrovGp8vsfpA_QQD8v0c4aYmMiznf6YhcHsyg3O3amKRlNwzWWz885wuI50wc8ZrpQhdz_4qZF7ylngrBIAnMgAu7wt4-sQUtp8oYRQomeEnlos8pzUaLPg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 31 May 2021 12:02:38 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 31 May 2021 12:02:38 GMT

Redirect headers

pragma: no-cache
date: Mon, 31 May 2021 12:02:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOL4ibtwvJ5h-03pgrXg_YE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame E308
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPZ88yiJMUbnNdSbRTYv4WU&google_cver=1

43 B
1018 B

72ms
28ms

Image
image/gif

37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPZ88yiJMUbnNdSbRTYv4WU&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIikNxCnheACGMmYy50BMAE&v=APEucNXLa-AlvlRPxvhaSIMhF2mtT5S0R1egyzcvSPsiyOdNYT7YW-nzfx2Hcfu5nrovGp8vsfpA_QQD8v0c4aYmMiznf6YhcHsyg3O3amKRlNwzWWz885wuI50wc8ZrpQhdz_4qZF7ylngrBIAnMgAu7wt4-sQUtp8oYRQomeEnlos8pzUaLPg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 31 May 2021 12:02:37 GMT
X-Proxy-Origin: 159.48.55.6; 159.48.55.6; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.173.88:80
AN-X-Request-Uuid: e4cb0fc0-d4c9-49c6-8433-e420175bf111
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 31 May 2021 12:02:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPZ88yiJMUbnNdSbRTYv4WU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E308
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTM0NDc2ODI5MTE3MzY0Mzk2Ng%3D%3D

170 B
188 B

69ms
36ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTM0NDc2ODI5MTE3MzY0Mzk2Ng%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 May 2021 12:02:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 31 May 2021 12:02:37 GMT
X-Proxy-Origin: 159.48.55.6; 159.48.55.6; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.172.77:80
AN-X-Request-Uuid: 442a830a-3e8e-46e9-94d0-26937dd817b5
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTM0NDc2ODI5MTE3MzY0Mzk2Ng%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 b32381f39c8efc22073207a3cb161e86.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/media/ Frame A0E6 11 KB
11 KB 12ms
10ms Image
image/jpeg 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/media/b32381f39c8efc22073207a3cb161e86.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c28f14639e836bffd6964ab762bc741db297b854571b09e6d72e03c088cc7776

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 9036
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10889
x-xss-protection: 0
last-modified: Tue, 12 May 2020 12:47:50 GMT
server: sffe
date: Mon, 31 May 2021 09:32:01 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 31 May 2022 09:32:01 GMT

GET
H3-29 200 414bb945ba72f71ab21a634f1d889717.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/media/ Frame A0E6 3 KB
1 KB 11ms
9ms Image
image/svg+xml 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/media/414bb945ba72f71ab21a634f1d889717.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c75d668bdcae4ce48e61dc5be81e9c3c71d72db491bd954a6b1215ceb362db8

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 230484
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1245
x-xss-protection: 0
last-modified: Tue, 12 May 2020 12:47:50 GMT
server: sffe
date: Fri, 28 May 2021 20:01:13 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 May 2022 20:01:13 GMT

GET
H3-29 200 0185c9145218d679ba7003951489896d.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/media/ Frame A0E6 4 KB
4 KB 10ms
9ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/media/0185c9145218d679ba7003951489896d.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1809417b29e7b9839c2e48e190e1cc976972437fe8ac4f5b9afae7fe1aabe128

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 235570
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4064
x-xss-protection: 0
last-modified: Tue, 12 May 2020 12:47:50 GMT
server: sffe
date: Fri, 28 May 2021 18:36:27 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 May 2022 18:36:27 GMT

GET
H3-29 200 e42d74c3be02814f5b93503d7820bd2a.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/media/ Frame A0E6 7 KB
2 KB 10ms
8ms Image
image/svg+xml 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/media/e42d74c3be02814f5b93503d7820bd2a.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9876dc3f4a992fa1fc3b0593c8c2e65133c39b8bb47f5a22486dd71bab06198f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 99400
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2205
x-xss-protection: 0
last-modified: Tue, 12 May 2020 12:47:50 GMT
server: sffe
date: Sun, 30 May 2021 08:25:57 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 30 May 2022 08:25:57 GMT

GET
H3-29 200 bbc9af040f2585d84fb0e81b210da995.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/media/ Frame A0E6 4 KB
1 KB 12ms
11ms Image
image/svg+xml 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/media/bbc9af040f2585d84fb0e81b210da995.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76ce8274270be05f76b98a64619981aec63e5e9f1b1a5d8fd90df01954799ba4

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 444887
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1008
x-xss-protection: 0
last-modified: Tue, 12 May 2020 12:47:50 GMT
server: sffe
date: Wed, 26 May 2021 08:27:50 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 26 May 2022 08:27:50 GMT

GET
H3-29 200 49dd7694a0690f323e705b05d985fc62.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/media/ Frame A0E6 10 KB
10 KB 11ms
10ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/media/49dd7694a0690f323e705b05d985fc62.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da0438bcfdf2d6d6b230ae86c801cc53d6480a0d45b1247f53b61f85e0f52bcf

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 444887
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9939
x-xss-protection: 0
last-modified: Tue, 12 May 2020 12:47:50 GMT
server: sffe
date: Wed, 26 May 2021 08:27:50 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 26 May 2022 08:27:50 GMT

GET
DATA 200
OK truncated
/ Frame 96F2 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0b2feb42752d6f88c022398f9ccf1a4785020591c4b8b1e5ee67a86dc8a9bf1e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B893
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
13ms

Document
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com
URL: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlJtHLpH9eOAMelW-1-p7EaHtabJ87NOzScJQKal8-roCIL3_bSR7Wy89KJJQ4
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 31 May 2021 12:02:37 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Mon, 31-May-2021 13:02:37 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 31 May 2021 12:02:37 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 31 May 2021 12:02:37 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 4516 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 30 May 2021 16:00:38 GMT
expires: Mon, 30 May 2022 16:00:38 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 72119
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 96F2 0
60 B 212ms
195ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 31 May 2021 12:02:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 9805b7d7175a3c7780ce7aa08a10b804.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/media/ Frame A0E6 2 KB
905 B 7ms
6ms Image
image/svg+xml 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/media/9805b7d7175a3c7780ce7aa08a10b804.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10254323191026231966/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d292a3cdd4cf9ce48b96db1bb99f0b758e8c1da9e3cf6747dafaaa11ac3869e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 9035
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 872
x-xss-protection: 0
last-modified: Tue, 12 May 2020 12:47:50 GMT
server: sffe
date: Mon, 31 May 2021 09:32:02 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 31 May 2022 09:32:02 GMT

GET
H3-29 200 _ITcuHTDnJFauDqltlBqrEjQ-T5zT23sppn99C3Ar0M.js Show response
pagead2.googlesyndication.com/bg/ Frame BD2A 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/_ITcuHTDnJFauDqltlBqrEjQ-T5zT23sppn99C3Ar0M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc84dcb874c39c915ab83aa5b6506aac48d0f93e734f6deca699fdf42dc0af43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 30 May 2021 06:12:34 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 11:28:00 GMT
server: sffe
age: 107403
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5710
x-xss-protection: 0
expires: Mon, 30 May 2022 06:12:34 GMT

GET
H3-29 200 _ITcuHTDnJFauDqltlBqrEjQ-T5zT23sppn99C3Ar0M.js Show response
pagead2.googlesyndication.com/bg/ Frame 4516 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/_ITcuHTDnJFauDqltlBqrEjQ-T5zT23sppn99C3Ar0M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc84dcb874c39c915ab83aa5b6506aac48d0f93e734f6deca699fdf42dc0af43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 30 May 2021 06:12:34 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 11:28:00 GMT
server: sffe
age: 107403
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5710
x-xss-protection: 0
expires: Mon, 30 May 2022 06:12:34 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021052401&jk=556579552043843&bg=!l5SllNDNAAaMan2LjGo7ACkAdvg8WmkBzol5DQ80bKBFgHIod1l2zRlF2dFhZRzDf-Jtbr89cMwM7wIAAABrUgAAABtoAQcKANWR5gRNxcq1vI-J4NmVxexnRnu7lyLHqPfhSPEP7cLUJYeX5TS-t5R-mZmkKU1D_Guvhq_R3t4-mMEjSl9Bvcy22D5GUgkL4cxDbNKqHMdN2jTFeC0EvjREolzDVyQjq4BBhBMK4-EXh0_yHoBheOLyJB5xIOgE2WlbvgRsDXEhPrmY2r1rh5XqIC0nc1NBDaW1n0PEQ_1mL_21qeXISJYw8XnwjqUDaxhPmgNyBhbdJY76q0GNNnDQOEP8JsMW471DYEnL2HJU1_fEr8WrP8t6nmhBjbGZAjQpGpH-LYh7kw3B2nn6AHMvTNwES2M85qMgw1Nlp_psqjDTV9JHdqcHncnf7cBOeq59PkyHKrt8GShUgN8PCAcSP3y67I3ZiS2DHT0rnrvWQj0wqEjLWllhwaNwk5wR7pPHHFOjQtTz6hdjz0yp3NeKlPsb_t_p_mnN2cXj7l0rFCLSs2np309nnTCdCsaPI8ZVAMdBZF5XhOoo2ACDrmPQ23zt1_y9FJZQ6ojuDzKJV-LZLVtQypjRo6E78gjs6pxAMdtuWdtgO_8rRAfX_kPlPLUeUOrrUR3zWsWT5jzDNxosqfqK-WStISbc4eX3t6KqhQaAQ8-en_Ix8LfmdIQ6bWIyDT44J60tv7S3l15EEJlp4faXLV9e7dVLqcP4Ec0xa9ADjX3MC_yC7qd6pP4sfY1fbt4LwCLEa8CE-kseAghaBkWIU7Yu-KCOdAkE2PFbuKpLNXp213iRzmwSa6FCPW0dvRl7vrwzf4JgXAuFCCuh4a7ugUGAs4A-P8waN0_STQuKyfMp-Vmp6cK7RvHbReXfTAX-9_e3KEQSRSvUKcj7S131glmc7tkf2THgKyWvEeuaPI4JsWohIUh1le3stZsNQWfvgKUOBLoGL-F8eV4HGlOsCQFFJDom2YWCraGCjWW9cvagu8NYQf5U84einS7Q1ZdrVU37vL3oSeVEaZQyIb6kXEYWKHxh5Y7vcr6QR0QKGjzuCPGDflhgXThCEgB0uOvmVUJAxDisb7_8on6jvkU

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 May 2021 12:02:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4516 0
20 B 63ms
62ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B5bWBXdC0YO7qK4iS7_UPh4yOqAYAAAAAOAHgBAI&bg=!Li2lLWnNAAaMan2LjGo7ACkAdvg8WiylJSZQIeaM46MB8Xdn8hbBTzjXdrU7Hv1R0ho2OuZw95TajAIAAABnUgAAAAtoAQeZAmyck-C9iRJY3jSHeofVYGvszju-exiho7MPurgmP7EjqnZJRKlOB64lg36EhYKS_DZtcl_Id4-Y8DgV2zjvNh5GuhQRpDUz5VAEl3i3U4WnbbzueJ3SV6HMoP1OWCZUB-cZgOcGJxhHd-SF5V9mGGdZuoxbv8D8eXlOp1FJSBNdwI3-e_w8fr31rH9lmUat3tyaGNsLWdpNrg2svtPR1gKUyFtCPVo6LeE7220N5qzxNCv6vJOJOGX9ol2algP3lulBRX9Dw5O3bw4l1csMu6FHxU8lD16NGHHZm1kOfKFpDCnGfg2mcyhKZgWrF8LoE--LWrmEXODIoSm7yDTKfPdWDOCizjfHwtqFXuXxvCb0Q8_GO_xCJQwdFDvnGJQY_jgDy9_WEqVldtrapPGbnO0adJM9uUAXg4U-nWIN4n7CHnfIGORA0ejiodW9fDiKp9mzypZmfCWFabZEb-M14B0yTlZEH5BXCRHfmONTaDgTEPyvYwt4rN_IbdjxyWoidQhPHyyRXIbYWnuhNyDcWp_0lFAmFzNnm-BtoFbux2MVIIoliFyKHqDOr3IZNdCcYnfPDcWDz93ioLD1uR9tuNuXu3GyTS4rA_baWfaFuzDCjEMwsGhBwNpUH6h-KolQTzT6C0xAgWBg8nVW3J0DNMgI5LFy-T9dvcouY19f8NXv6BNxo_2JHw0cGhRILzMVJNCgh5kltCqDuHPCkVunOfrlvjRgYhiCDBfGpCkEqzAJ1TXWk1GeS-pCTmRM0omncGv6e0bMoypLNUb7-EO8QKR6tVyqumLLSuGhMfeA86GvWVKwiuUAppf5TJy9Cw

Requested by

Host: ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com
URL: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 May 2021 12:02:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BA11 42 B
64 B 25ms
24ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstZ-NWnOCvP5Zo0grNxdrqdHNWIxjML1iiI_4E0j7Cn26D_PYME5C70O-xl-EMCpjPvpQQeTvl_EwLPgHxwTXfb8GOsupkyYQFQ-7wWKihVG1qA4A8W0mGOPt5Tfg&sai=AMfl-YR-OuXyi1da4g1ZZjkfEuxOgmXf92hMytLHOXMYP-AJu_gc8a3cia9diDDqkMvew5HsoPCUiKvc9O1AU2X_Iar0Hy9rk0yEXcJzaPhD2HMP1xIULdzrmO79gYO6ZZHF&sig=Cg0ArKJSzD3YYBe-JXLuEAE&id=lidar2&mcvt=1000&p=448,315,538,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210526&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=3120184932&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1622462557656&dlt=18&rpt=153&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 May 2021 12:02:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 worker.nude.js Show response
st.prntscr.com/2021/04/08/1538/js/ 3 KB
1 KB 34ms
33ms XHR
application/javascript 104.23.140.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://st.prntscr.com/2021/04/08/1538/js/worker.nude.js
Requested by: Host: st.prntscr.com
URL: https://st.prntscr.com/2021/04/08/1538/js/script.mix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.140.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee7c0aa7330f62b75b4e54dc5e44c543d8013358f2f2e40a655b9d0a668ba572

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 12:02:38 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 08 Apr 2021 15:39:30 GMT
server: cloudflare
age: 618
etag: W/"606f23b2-ad9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: https://prnt.sc
cache-control: max-age=1800
cf-ray: 65800df0ad437329-AMS
cf-request-id: 0a63e70a6d00007329aeb22000000001
expires: Mon, 31 May 2021 12:04:36 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 96F2 42 B
64 B 16ms
16ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvYCSS4PwzzP_5Uca0F3CnBHckqFLOobXUWrO9ilidibHJNQ0GnW_rPcre1bcEwU1D6DAFonYUiCJ8dYclRkl2UX3wn4VYD1ri_-sRNj-NvL4PM&sai=AMfl-YQasIybejOj1fkNsk1tlXlHmF983Kqffp5lWTci0H_cZL6-De2pOFPKJC0Q_dP2UVBRwFicAv_MeuwbTWQInDo2-eGNBj14roUKtBLARo_Imfqh0z1AFiTC65xVe69V&sig=Cg0ArKJSzMgEO2_NMSWCEAE&cid=CAASFeRoz6cc1ovuFrbYDVffDFJeN4cQbQ&id=lidar2&mcvt=1000&p=570,315,824,615&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20210526&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&app=0&itpl=20&adk=4042975291&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1622462557657&dlt=21&rpt=199&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 May 2021 12:02:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
BLOB 200
OK df0e0126-e137-46a4-b6e3-decdea926d37
https://prnt.sc/ 3 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://prnt.sc/df0e0126-e137-46a4-b6e3-decdea926d37
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ee7c0aa7330f62b75b4e54dc5e44c543d8013358f2f2e40a655b9d0a668ba572

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 2777
Content-Type: text/javascript

Verdicts & Comments Add Verdict or Comment

117 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=prnt.sc(Line 1) Message: TypeError: Cannot read property 'getItem' of null

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.ad4game.com
adservice.google.com
adservice.google.de
api.prntscr.com
c.amazon-adsystem.com
cdn.ad4game.com
cm.g.doubleclick.net
connect.facebook.net
dsum-sec.casalemedia.com
ed031e6555b8f3779c5c6fd48ef22351.safeframe.googlesyndication.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
htlb.casalemedia.com
ib.adnxs.com
pagead2.googlesyndication.com
pixel.quantcount.com
platform.twitter.com
prnt.sc
prntscr.com
quantcast.mgr.consensu.org
rules.quantcount.com
s0.2mdn.net
scontent-frt3-2.xx.fbcdn.net
secure.quantserve.com
securepubads.g.doubleclick.net
st.prntscr.com
stats.g.doubleclick.net
syndication.twitter.com
tpc.googlesyndication.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
104.23.140.12
104.244.42.200
104.26.15.80
13.226.158.204
142.250.185.162
142.250.185.98
151.139.242.3
192.207.255.147
2.18.234.21
216.58.212.162
23.37.38.181
2600:9000:2182:7200:6:44e3:f8c0:93a1
2600:9000:2182:9600:9:46dc:4700:93a1
2606:2800:234:59:254c:406:2366:268c
2620:116:800d:21:36a9:ecb:e518:b308
2a00:1450:4001:800::2001
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:810::2002
2a00:1450:4001:811::2001
2a00:1450:4001:827::2004
2a00:1450:4001:82a::2002
2a00:1450:4001:831::2002
2a00:1450:4001:831::2006
2a00:1450:4001:831::200e
2a00:1450:400c:c0a::9a
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
37.252.172.250
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0b2feb42752d6f88c022398f9ccf1a4785020591c4b8b1e5ee67a86dc8a9bf1e
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0fc2cbd615e2fef6acc9120e55d10b87db2988b3963e7415835acd5a67091a55
11d3c19422f3aed2dfb0d718d09bfb98ae6611505bd3cb136ea8efeba4f5444b
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1809417b29e7b9839c2e48e190e1cc976972437fe8ac4f5b9afae7fe1aabe128
18df5571d8a09c9003fc5652687be6c00c55515389e07172a4a659f20cd0b033
1a019a3624e7868eb18ddc0b8c2ef7a50d26006ad4e05d96c609ead07c1ca366
1a843c8dafb88a35d1f120970c32587ef40a36ca9a5f9908e78c400c17ee4868
1b185d89e437f1591af8c51d5e6dad41d3666e22a81931ee9df22e2cfdacaddb
1d292a3cdd4cf9ce48b96db1bb99f0b758e8c1da9e3cf6747dafaaa11ac3869e
1e45ca14bc59eff23fa77a56b5a047910b4bb21832fb69ef9308c3e16caabbe4
223b3bde0338f2f39624e225b02f9481a6a384c1096d8751f2ce54d10ca9ee84
2875a6fc4266fec00a383377cb4530b6407912897b0727e26249d89c6dfe0359
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2ddef05ee7b0caa6fd9be281a5b4e53ada42bff7814578d748144f2f9181e476
2e515f6e09f5e26caff10460e9a027e236ec78caffaa756799730b20f4d33320
36bdd71be72716b255eb90aa7e9b1fc5501d090a684befdd91f095d311830f7b
40ec0b04019845302a5052b4689b5d3477c9717dca73243e5faf7cf98f3af564
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44700f9e39f3b7b7900e491ceedc60f6eb484a72c804a6a69b03bf4991898a37
45b8a13dcb32541a7703dec7eba4c4195cb62ed00029c2ea5a0b61fd16864b55
483cc9a5ece5c92d5a2f1ea6e92e7f8bc29844a6c06bf36c0349d70334685dc7
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c75d668bdcae4ce48e61dc5be81e9c3c71d72db491bd954a6b1215ceb362db8
4cc755a99349527933df50f5338a02d972da947a4c25f4a5309f4545ddc40ee1
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
57e84e43c4bbcaa159159d7e7ab9771cfda3147300a1a096b2dcefdff0a95a05
5a3a63b2ac124cb9a194ec01ea1f0d3123e4019bf658c6f47a77b4faea84c079
5b6f3806c04b7c91d2ee5cf8f42b31343a9d33ea62ad9d0506cfa1be078477d3
5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3
641e03dfeee60c05e0794bace5fc58d2fba409fee529a114459e44cee0d9d069
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a
6aa7181afe0bea9dc4e90e1d040c0b27be388088f6a5ec3d195c60229fe3c9b5
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
733f44e4d42f00e0a8c267d516e9f6939d36f65ceb3bf851998475b9f6650d3f
73f34e79e46b915c476863d756929f3aeb82ad2c0df24714bb15caf95af5bd25
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
74a68024cd95156e421483199ca2b204cb4c5f30381352cce69a1f5f7338cd8e
76ce8274270be05f76b98a64619981aec63e5e9f1b1a5d8fd90df01954799ba4
7969e63563915d7fe34fd5c163295defbf48fff366523cde499b383cdb214be0
7b67ae2416a166f4238581097d4ce984a69d9662aab12ecc4b2b881c45164e36
7f0c0d5e15ee4b3a06964f2256fc37be30934a62b0e0bf61a00eb0aa47969eb6
7f5b2f01b338396048ec248adcadfe523eef65677edcacad842dc3ecc828fba2
80db7ea4112976afd9bbeb9173427bfc0a90acbe1e969c3797a58f3e034cb2f2
81b41a2c8e9ec80197d6488d58ac6436e8442fe548dfd255701e393023b67c27
83817752fb260ff66b3bca1471bb20dbb6a1e6a17174c657efe0912ad161b382
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86a1b8f94f48c4e82d2616d4c581f10a34ff447a2bd95be08714fa0d19ba3f51
8bfd2fa3b3b5924e3655bcf9f63427e792bd8572b7ed0992373bdb4b21c7cb89
8f359cea41f7e97a585f44c7c318c4f2314b2981060da1623e39d8d348ff9150
908edfa9f7ec9fd5cb6b2159b5cb305d9c2c88601c8bf00a23bb0e96fcea1e21
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
9876dc3f4a992fa1fc3b0593c8c2e65133c39b8bb47f5a22486dd71bab06198f
9bd7952daefc70291b0a0bc163e80b8654b7600d1c590f24fa57a5cb8a218964
9c9935e1daafc929a9866a206e769e084cd83f19d436ca22887adc2798408646
9e116fbacdd49f4786ad3f0753be61b1df9444103efa9400cfd7e798ae9d0f43
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a093d2047e1a59b7103810b947780e5f94d865915cb923ebcaa7e50f557c2102
a0be26a38f4c076a9bee84f35d0e96c0fd2f23cf2f10e056850249d0b678f3c9
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
abb06a0b1c3e20d177c9487ed38d050957aff6039a3c6fa5dfe1e1b92425ec69
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3408a1b744ce1351e9554b861c45480f39e54c059f3b11f4e77f9f13564ba4f
b6a1120cc303b1c6ee6d548a5b418c2707b59de0c1f13c8ab870ca4e734b6acc
bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012
bc1d3b1d6637a1573ac4c8b53a4b16feb39d1f7de2b1b480f69ee1d1a7d283dc
bca2c1abcf4b76a46306bc7f1a607a459371ccf5e7213aae988c33b4dabb1758
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c28f14639e836bffd6964ab762bc741db297b854571b09e6d72e03c088cc7776
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
cb09c3720b53d8651d6f5825cf643e6249aefbe82a1ba1417d230cdb9b36cba6
cc7930c46bc124f85f2f4e68bf9ccd0456d77c48759cd3e301b040e3dcdf57fb
d09f54d072f2734fc8a3c27ab293e06a10f564a6ae5557d17972cf51d68e19af
d175d400e6415cd2d5a76e744971ca96e79124b57fe873d184b93837d9dfe681
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d91d13fd8f9d253a8213aeee7ebaa7e073683fc600a3d82902c3c669b8ffdee7
da0438bcfdf2d6d6b230ae86c801cc53d6480a0d45b1247f53b61f85e0f52bcf
dc9f7cdaabb3201fd2ead8c0cfd974710305362d0ea77c96069cb189796d6238
e05edf2ae58e3a9f1d2a84d32a8b216fd0aece46f527b58dcbce75255989ea88
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6807bcb4d3bf9f958318524a9e5fd19b026a403eefffd40f217d07cd5126008
e926f30958d0c21d088e6a671d3356a3c3fab9cc6220b8e408f19d868a7dc5c8
ec05ca405d0d682ad632a5e8fb5a05f817734fa108f07bdbff4afaaf6c8f11b3
edf9aa6a19a073e0a3fa31c08f1b2f9fa744d61ad7a464a829142bc7db41a0b5
ee7c0aa7330f62b75b4e54dc5e44c543d8013358f2f2e40a655b9d0a668ba572
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729
fc84dcb874c39c915ab83aa5b6506aac48d0f93e734f6deca699fdf42dc0af43
fe0b009af4d6be99bb24436d2b2c67706fa3698e059d8df3bfa9f9c8857b42ae

prnt.sc Open in urlscan Pro 104.26.15.80 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

122 Requests

99 %HTTPS

59 %IPv6

20 Domains

34 Subdomains

30 IPs

3 Countries

1275 kBTransfer

3563 kBSize

0 Cookies

12 Outgoing links

Page URL History

Redirected requests

122 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

prnt.sc Open in urlscan Pro
104.26.15.80 Public Scan

Screenshot
Live screenshot

Full Image

122
Requests

99 %
HTTPS

59 %
IPv6

20
Domains

34
Subdomains

30
IPs

3
Countries

1275 kB
Transfer

3563 kB
Size

0
Cookies

122 HTTP transactions
4 data transactions