prnt.sc Open in urlscan Pro
172.67.72.27  Public Scan

12 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 52

• https://www.facebook.com/plugins/comments.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df28ce66f2527184%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=340&height=100&href=https%3A%2F%2Fprnt.sc%2F12hs5gs&locale=en_US&migrated=1&sdk=joey&width=NaN&xid=12hs5gs HTTP 302
• https://www.facebook.com/plugins/feedback.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df28ce66f2527184%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=340&height=100&href=https%3A%2F%2Fprnt.sc%2F12hs5gs&locale=en_US&migrated=1&sdk=joey&width=NaN&xid=12hs5gs

Request Chain 96

• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKlNGVwmI7zjfZckOEife_o&google_cver=1

Request Chain 97

• https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
• https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&C=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YJG9XyOBNDCCVpowI72AfgAA HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECWSVkbtmb8ALeYAJRaiBdk&google_cver=1

Request Chain 99

• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKlNGVwmI7zjfZckOEife_o&google_cver=1

Request Chain 100

• https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
• https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&C=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YJG9XyOBNDCCVpowI72AfgAA HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECWSVkbtmb8ALeYAJRaiBdk&google_cver=1

Request Chain 110

• https://hal90008.redintelligence.net/request.php?zone=zy291edt4ui9&nw=20&renderingType=javascript&namespace=20f868897b&subid=&uid=b5206aa01d79fb33&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x18&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-gI7Xr2RYPvFNIif-gaCrbrQCrXN-YNXnNC5q-UM8C4QASCimaEcYJWCgICwB8gBCakCcoF8swwotD6oAwGqBKoBT9CFTOEckxu-xIsNsJPzfAqX1hHviiW-_J6SeuTbBGsfEoeHUZQXQkeckJSK-iV2-E4EXXCDwEnofg2qXctHtQmdDxdd9I3s0IvwvmD2UQp0LS5Y72ZXSCqR4vwyoxqSmO445bMusr3igCtY46gRwe3pLiMLAbCpEo9euI4aZbJaY1V87oIU3IeGZo3Fgxc7EaQc8TEg8OBNTHya8GheX13cZMb5CNgJMKrABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiA4YBQEAEYHfIIG2FkeC1zdWJzeW4tNjY1MDAxNjIxMjQ4MDk5MYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAQ%26ae%3D1%26num%3D1%26cid%3DCAASPeRoRg3cQALDGm2UuCxgO-gVU2UWLy0y8KNvTBwCoBaZ3Ik4rDMJ3iT_Npk88fHEm27RS33dpxSSU-QvtbI%26sig%3DAOD64_29pZ62wX8T5ju1IQhZxqqO3XDm3g%26client%3Dca-pub-1232265399417302%26dbm_c%3DAKAmf-DM1mWEBAW9sWwcYj4vhwJJwpevBejX_vQVbiNg7b19bco76-SVqV6uxa7bt9Ywc2BgaR0eXrKb7v2btdsc70iJAHu1dB-Ev9O1iWf61-tqK9z5lG0awwItproTVecuZb6COtcQxN3qsfZvDLi3kCQUfcUcJg%26cry%3D1%26dbm_d%3DAKAmf-Cn4ZyPmfdS0F4plpfxptypX6hxbQw7n7ltN5GItvg1pamX-GtjaX1PTQIYbJIdpYEzWZ4NX_PEZBoocd1BdBhN_iINPhZqAizHw_XbejMyHeBNxH2HAKFQ5SvjhyZkqkzvtSjEND1AgRFtThZxse8O-BSGRQi5GpMwHJwyYHWTltXaV6qyZ5YfUYuIbwmYWsnT0pkQjqv0NRRfPfnnJmNbLRHIFxiZ4wmx8CCTJsXBuYoKqQp987cxdi5MgsJB0kzgmtRXZI4WqgM_5u0ewQnXfgALylv3jmeVBDGoF2c-kf773SZOgnaYv49JvtOMJx-Cf1voFSftq7Hjo2223horgIt7dE3g5IWtWzaMZFDTf6zkAznfuyGGjJdVSmzgR8XXConzpYaVg-T9F8KQEzuuZCTaeLbH8vxjFvoCU87l7BIdwUIWbzTsm7cCcoafU4qi234E%26adurl%3D&documentReferer=https%3A%2F%2Fprnt.sc%2F&ancestorOrigins=https%3A%2F%2Fprnt.sc&random=6078348901098&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0 HTTP 302
• https://hal90008.redintelligence.net/request.php?zone=zy291edt4ui9&nw=20&renderingType=javascript&namespace=20f868897b&subid=&uid=b5206aa01d79fb33&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x18&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-gI7Xr2RYPvFNIif-gaCrbrQCrXN-YNXnNC5q-UM8C4QASCimaEcYJWCgICwB8gBCakCcoF8swwotD6oAwGqBKoBT9CFTOEckxu-xIsNsJPzfAqX1hHviiW-_J6SeuTbBGsfEoeHUZQXQkeckJSK-iV2-E4EXXCDwEnofg2qXctHtQmdDxdd9I3s0IvwvmD2UQp0LS5Y72ZXSCqR4vwyoxqSmO445bMusr3igCtY46gRwe3pLiMLAbCpEo9euI4aZbJaY1V87oIU3IeGZo3Fgxc7EaQc8TEg8OBNTHya8GheX13cZMb5CNgJMKrABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiA4YBQEAEYHfIIG2FkeC1zdWJzeW4tNjY1MDAxNjIxMjQ4MDk5MYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAQ%26ae%3D1%26num%3D1%26cid%3DCAASPeRoRg3cQALDGm2UuCxgO-gVU2UWLy0y8KNvTBwCoBaZ3Ik4rDMJ3iT_Npk88fHEm27RS33dpxSSU-QvtbI%26sig%3DAOD64_29pZ62wX8T5ju1IQhZxqqO3XDm3g%26client%3Dca-pub-1232265399417302%26dbm_c%3DAKAmf-DM1mWEBAW9sWwcYj4vhwJJwpevBejX_vQVbiNg7b19bco76-SVqV6uxa7bt9Ywc2BgaR0eXrKb7v2btdsc70iJAHu1dB-Ev9O1iWf61-tqK9z5lG0awwItproTVecuZb6COtcQxN3qsfZvDLi3kCQUfcUcJg%26cry%3D1%26dbm_d%3DAKAmf-Cn4ZyPmfdS0F4plpfxptypX6hxbQw7n7ltN5GItvg1pamX-GtjaX1PTQIYbJIdpYEzWZ4NX_PEZBoocd1BdBhN_iINPhZqAizHw_XbejMyHeBNxH2HAKFQ5SvjhyZkqkzvtSjEND1AgRFtThZxse8O-BSGRQi5GpMwHJwyYHWTltXaV6qyZ5YfUYuIbwmYWsnT0pkQjqv0NRRfPfnnJmNbLRHIFxiZ4wmx8CCTJsXBuYoKqQp987cxdi5MgsJB0kzgmtRXZI4WqgM_5u0ewQnXfgALylv3jmeVBDGoF2c-kf773SZOgnaYv49JvtOMJx-Cf1voFSftq7Hjo2223horgIt7dE3g5IWtWzaMZFDTf6zkAznfuyGGjJdVSmzgR8XXConzpYaVg-T9F8KQEzuuZCTaeLbH8vxjFvoCU87l7BIdwUIWbzTsm7cCcoafU4qi234E%26adurl%3D&documentReferer=https%3A%2F%2Fprnt.sc%2F&ancestorOrigins=https%3A%2F%2Fprnt.sc&random=6078348901098&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0&uidRedirect=1

Request Chain 113

• https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8801021413155.152 HTTP 302
• https://5994599.fls.doubleclick.net/activityi;dc_pre=CJWE_v78sPACFY3ruwgdDCMItg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8801021413155.152

Request Chain 116

• https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1566122874780.2646 HTTP 302
• https://5994599.fls.doubleclick.net/activityi;dc_pre=CLOSgv_8sPACFZXjuwgdynsGfg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1566122874780.2646

131 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
6 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 12hs5gs Show response prnt.sc/	16 KB 5 KB	176ms 158ms	Document text/html	172.67.72.27 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://prnt.sc/12hs5gs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.72.27 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 22598723acb30646c3c794b27a2020fa5c0b7e1fa05f03d4c8018341011705b5 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers :method GET :authority prnt.sc :scheme https :path /12hs5gs pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:13 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=dbc01bb79de617174d21fbfcdb54a749e1620163933; expires=Thu, 03-Jun-21 21:32:13 GMT; path=/; domain=.prnt.sc; HttpOnly; SameSite=Lax x-frame-options SAMEORIGIN cf-cache-status DYNAMIC cf-request-id 09dae4ccb400002bdd7c2c2000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=j32MqsP89wU7ePNGHJa4JHCFBLT4XLS47E8xNmaq0rYYRdNeQAUCNcrH15P4lQ5ZSb0wsiZWE7LE90Y874SUP%2BdUj5r3JwGy"}],"max_age":604800,"group":"cf-nel"} nel {"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 64a4d7278e702bdd-FRA content-encoding br
GET H2	200	main.css st.prntscr.com/2021/04/08/1538/css/	57 KB 9 KB	51ms 23ms	Stylesheet text/css	104.23.139.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://st.prntscr.com/2021/04/08/1538/css/main.css Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7b67ae2416a166f4238581097d4ce984a69d9662aab12ecc4b2b881c45164e36 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:13 GMT content-encoding br cf-cache-status HIT last-modified Thu, 08 Apr 2021 15:39:37 GMT server cloudflare age 979 etag W/"606f23b9-23b6" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css cache-control max-age=1800 cf-ray 64a4d728beb30204-ZRH cf-request-id 09dae4cd770000020414a82000000001 expires Tue, 04 May 2021 21:16:29 GMT
GET H2	200	jquery.1.8.2.min.js Show response st.prntscr.com/2021/04/08/1538/js/	91 KB 32 KB	58ms 31ms	Script application/javascript	104.23.139.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://st.prntscr.com/2021/04/08/1538/js/jquery.1.8.2.min.js Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:13 GMT content-encoding br cf-cache-status HIT last-modified Thu, 08 Apr 2021 15:39:37 GMT server cloudflare age 979 etag W/"606f23b9-827c" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript cache-control max-age=1800 cf-ray 64a4d728beba0204-ZRH cf-request-id 09dae4cd7700000204eb25d000000001 expires Tue, 04 May 2021 21:16:22 GMT
GET H2	200	script.mix.js Show response st.prntscr.com/2021/04/08/1538/js/	69 KB 23 KB	53ms 26ms	Script application/javascript	104.23.139.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://st.prntscr.com/2021/04/08/1538/js/script.mix.js Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 45b8a13dcb32541a7703dec7eba4c4195cb62ed00029c2ea5a0b61fd16864b55 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:13 GMT content-encoding br cf-cache-status HIT last-modified Thu, 08 Apr 2021 15:39:37 GMT server cloudflare age 979 etag W/"606f23b9-5e6a" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript cache-control max-age=1800 cf-ray 64a4d728bebc0204-ZRH cf-request-id 09dae4cd770000020438010000000001 expires Tue, 04 May 2021 21:16:28 GMT
GET H2	200	Jtq3QjyRRlerbe95U29ZHg.png image.prntscr.com/image/	229 KB 229 KB	239ms 203ms	Image image/png	104.23.139.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://image.prntscr.com/image/Jtq3QjyRRlerbe95U29ZHg.png Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Magic Resource Hash 616186737cdcb075ccb8adcebb2bfbe036da262f82e486206f39f28a629a4789 Request headers Origin https://prnt.sc Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:13 GMT cf-cache-status MISS x-powered-by Magic content-length 234281 cf-request-id 09dae4cdd0000001db282bd000000001 last-modified Tue, 04 May 2021 20:50:14 GMT server cloudflare etag "faefc06dd54be940c64d71d51cda1737" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control public, max-age=315360000 accept-ranges bytes cf-ray 64a4d729492201db-ZRH access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	12hs5gs prnt.sc/	16 KB 16 KB	103ms 101ms	Image text/html	172.67.72.27 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://prnt.sc/12hs5gs Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.72.27 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers :path /12hs5gs pragma no-cache cookie __cfduid=dbc01bb79de617174d21fbfcdb54a749e1620163933 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority prnt.sc referer https://prnt.sc/12hs5gs :scheme https sec-fetch-site same-origin :method GET Referer https://prnt.sc/12hs5gs User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:13 GMT content-encoding br cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-frame-options SAMEORIGIN report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FiEVCP4WwcWmGaHscPNfbpbI8D5nRRm8FO8uNix1NRSFTxR0bkAvVu06Qkhfm26kU5AgJ5MIOPsBE6uUlT6%2F5icsOnnLXLb5"}],"max_age":604800,"group":"cf-nel"} content-type text/html; charset=UTF-8 cf-ray 64a4d729089b2bdd-FRA cf-request-id 09dae4cdac00002bddb123b000000001
GET H2	200	image-helper.js Show response st.prntscr.com/2021/04/08/1538/js/	3 KB 1 KB	20ms 20ms	Script application/javascript	104.23.139.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://st.prntscr.com/2021/04/08/1538/js/image-helper.js Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 83817752fb260ff66b3bca1471bb20dbb6a1e6a17174c657efe0912ad161b382 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:13 GMT content-encoding br cf-cache-status HIT last-modified Thu, 08 Apr 2021 15:39:07 GMT server cloudflare age 979 etag W/"606f239b-a2f" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript cache-control max-age=1800 cf-ray 64a4d728ff080204-ZRH cf-request-id 09dae4cd9800000204df973000000001 expires Tue, 04 May 2021 21:25:15 GMT
GET H2	200	footer-logo.png st.prntscr.com/2021/04/08/1538/img/	630 B 878 B	30ms 27ms	Image image/webp	104.23.139.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://st.prntscr.com/2021/04/08/1538/img/footer-logo.png Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bca2c1abcf4b76a46306bc7f1a607a459371ccf5e7213aae988c33b4dabb1758 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:13 GMT cf-cache-status HIT age 350 cf-polished origFmt=png, origSize=1848 content-disposition inline; filename="footer-logo.webp" content-length 630 cf-request-id 09dae4cdae0000020411243000000001 last-modified Mon, 05 Sep 2016 15:49:19 GMT server cloudflare etag "57cd93ff-738" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept content-type image/webp expires Tue, 04 May 2021 21:38:11 GMT cache-control max-age=1800 accept-ranges bytes cf-ray 64a4d7291f480204-ZRH cf-bgj imgq:100,h2pri
GET H2	200	jquery.smartbanner.css st.prntscr.com/2021/04/08/1538/css/	4 KB 1 KB	22ms 21ms	Stylesheet text/css	104.23.139.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://st.prntscr.com/2021/04/08/1538/css/jquery.smartbanner.css Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d91d13fd8f9d253a8213aeee7ebaa7e073683fc600a3d82902c3c669b8ffdee7 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:13 GMT content-encoding br cf-cache-status HIT last-modified Thu, 08 Apr 2021 15:39:31 GMT server cloudflare age 979 etag W/"606f23b3-ef0" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css cache-control max-age=1800 cf-ray 64a4d728ff210204-ZRH cf-request-id 09dae4cd9f00000204c22fe000000001 expires Tue, 04 May 2021 21:16:52 GMT
GET H2	200	jquery.smartbanner.js Show response st.prntscr.com/2021/04/08/1538/js/	8 KB 3 KB	30ms 27ms	Script application/javascript	104.23.139.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://st.prntscr.com/2021/04/08/1538/js/jquery.smartbanner.js Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1b185d89e437f1591af8c51d5e6dad41d3666e22a81931ee9df22e2cfdacaddb Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:13 GMT content-encoding br cf-cache-status HIT last-modified Thu, 08 Apr 2021 15:39:37 GMT server cloudflare age 979 etag W/"606f23b9-aec" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript cache-control max-age=1800 cf-ray 64a4d7291f460204-ZRH cf-request-id 09dae4cdad0000020438013000000001 expires Tue, 04 May 2021 21:16:48 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	48 KB 19 KB	8ms 5ms	Script text/javascript	2a00:1450:4001:828::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Fri, 09 Apr 2021 23:59:54 GMT server Golfe2 age 4382 date Tue, 04 May 2021 20:19:11 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19569 expires Tue, 04 May 2021 22:19:11 GMT
GET H2	200	choice.js Show response quantcast.mgr.consensu.org/choice/n-ZGqfdsg5894/prnt.sc/	3 KB 2 KB	50ms 16ms	Script application/javascript	2600:9000:2104:a000:9:46dc:4700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://quantcast.mgr.consensu.org/choice/n-ZGqfdsg5894/prnt.sc/choice.js Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2104:a000:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 9bd7952daefc70291b0a0bc163e80b8654b7600d1c590f24fa57a5cb8a218964 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:31:54 GMT content-encoding br etag W/"9074c1a966aada274b63c92859c4a3ec" last-modified Wed, 10 Feb 2021 21:13:06 GMT server AmazonS3 age 61 x-amz-server-side-encryption AES256 vary Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront) cache-control max-age=900 x-amz-cf-pop AMS1-C1 x-amz-cf-id rtvv8maoCnBc7-K7W8VJgQFaLjLkF9bTX42DMbQWlfjTGAKjhj3wew==
GET H2	200	page-bg.png st.prntscr.com/2021/04/08/1538/img/	5 KB 6 KB	27ms 27ms	Image image/webp	104.23.139.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://st.prntscr.com/2021/04/08/1538/img/page-bg.png Requested by Host: st.prntscr.com URL: https://st.prntscr.com/2021/04/08/1538/css/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 86a1b8f94f48c4e82d2616d4c581f10a34ff447a2bd95be08714fa0d19ba3f51 Request headers Referer https://st.prntscr.com/2021/04/08/1538/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:13 GMT cf-cache-status HIT age 350 cf-polished origFmt=png, origSize=7116 content-disposition inline; filename="page-bg.webp" content-length 5608 cf-request-id 09dae4cdae00000204c98a3000000001 last-modified Thu, 08 Apr 2021 15:39:37 GMT server cloudflare etag "606f23b9-1a7b" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept content-type image/webp expires Tue, 04 May 2021 21:53:16 GMT cache-control max-age=1800 accept-ranges bytes cf-ray 64a4d7291f4a0204-ZRH cf-bgj imgq:100,h2pri
GET H2	200	header-logo.png st.prntscr.com/2021/04/08/1538/img/	4 KB 4 KB	28ms 27ms	Image image/webp	104.23.139.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://st.prntscr.com/2021/04/08/1538/img/header-logo.png Requested by Host: st.prntscr.com URL: https://st.prntscr.com/2021/04/08/1538/css/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 40ec0b04019845302a5052b4689b5d3477c9717dca73243e5faf7cf98f3af564 Request headers Referer https://st.prntscr.com/2021/04/08/1538/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:13 GMT cf-cache-status HIT age 1103 cf-polished origFmt=png, origSize=7995 content-disposition inline; filename="header-logo.webp" content-length 4148 cf-request-id 09dae4cdb200000204f400b000000001 last-modified Thu, 08 Apr 2021 15:39:37 GMT server cloudflare etag "606f23b9-1e52" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept content-type image/webp expires Tue, 04 May 2021 21:23:17 GMT cache-control max-age=1800 accept-ranges bytes cf-ray 64a4d7291f520204-ZRH cf-bgj imgq:100,h2pri
GET H2	200	button-download.png st.prntscr.com/2021/04/08/1538/img/	314 B 495 B	28ms 27ms	Image image/webp	104.23.139.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://st.prntscr.com/2021/04/08/1538/img/button-download.png Requested by Host: st.prntscr.com URL: https://st.prntscr.com/2021/04/08/1538/css/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e926f30958d0c21d088e6a671d3356a3c3fab9cc6220b8e408f19d868a7dc5c8 Request headers Referer https://st.prntscr.com/2021/04/08/1538/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:13 GMT cf-cache-status HIT age 1695 cf-polished origFmt=png, origSize=1404 content-disposition inline; filename="button-download.webp" content-length 314 cf-request-id 09dae4cdb200000204e00f2000000001 last-modified Thu, 08 Apr 2021 15:38:42 GMT server cloudflare etag "606f2382-57c" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept content-type image/webp expires Tue, 04 May 2021 21:19:40 GMT cache-control max-age=1800 accept-ranges bytes cf-ray 64a4d7291f570204-ZRH cf-bgj imgq:100,h2pri
GET H2	200	button-icon-sep.png st.prntscr.com/2021/04/08/1538/img/	40 B 240 B	25ms 24ms	Image image/webp	104.23.139.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://st.prntscr.com/2021/04/08/1538/img/button-icon-sep.png Requested by Host: st.prntscr.com URL: https://st.prntscr.com/2021/04/08/1538/css/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b6a1120cc303b1c6ee6d548a5b418c2707b59de0c1f13c8ab870ca4e734b6acc Request headers Referer https://st.prntscr.com/2021/04/08/1538/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:13 GMT cf-cache-status HIT age 350 cf-polished origFmt=png, origSize=928 content-disposition inline; filename="button-icon-sep.webp" content-length 40 cf-request-id 09dae4cdb300000204fa96a000000001 last-modified Thu, 08 Apr 2021 15:38:42 GMT server cloudflare etag "606f2382-3a0" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept content-type image/webp expires Tue, 04 May 2021 21:53:48 GMT cache-control max-age=1800 accept-ranges bytes cf-ray 64a4d7291f580204-ZRH cf-bgj imgq:100,h2pri
GET H2	200	icon-twitter_gscale.png st.prntscr.com/2021/04/08/1538/img/	374 B 534 B	25ms 25ms	Image image/webp	104.23.139.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://st.prntscr.com/2021/04/08/1538/img/icon-twitter_gscale.png Requested by Host: st.prntscr.com URL: https://st.prntscr.com/2021/04/08/1538/css/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5a3a63b2ac124cb9a194ec01ea1f0d3123e4019bf658c6f47a77b4faea84c079 Request headers Referer https://st.prntscr.com/2021/04/08/1538/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:13 GMT cf-cache-status HIT age 849 cf-polished origFmt=png, origSize=1535 content-disposition inline; filename="icon-twitter_gscale.webp" content-length 374 cf-request-id 09dae4cdb400000204c32f2000000001 last-modified Thu, 08 Apr 2021 15:38:42 GMT server cloudflare etag "606f2382-5ff" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept content-type image/webp expires Tue, 04 May 2021 21:23:46 GMT cache-control max-age=1800 accept-ranges bytes cf-ray 64a4d7291f590204-ZRH cf-bgj imgq:100,h2pri
GET H2	200	icon-facebook_gscale.png st.prntscr.com/2021/04/08/1538/img/	296 B 609 B	25ms 24ms	Image image/webp	104.23.139.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://st.prntscr.com/2021/04/08/1538/img/icon-facebook_gscale.png Requested by Host: st.prntscr.com URL: https://st.prntscr.com/2021/04/08/1538/css/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a093d2047e1a59b7103810b947780e5f94d865915cb923ebcaa7e50f557c2102 Request headers Referer https://st.prntscr.com/2021/04/08/1538/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:13 GMT cf-cache-status HIT age 849 cf-polished origFmt=png, origSize=1325 content-disposition inline; filename="icon-facebook_gscale.webp" content-length 296 cf-request-id 09dae4cdb400000204ce056000000001 last-modified Thu, 08 Apr 2021 15:38:42 GMT server cloudflare etag "606f2382-52d" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept content-type image/webp expires Tue, 04 May 2021 21:23:46 GMT cache-control max-age=1800 accept-ranges bytes cf-ray 64a4d7291f5c0204-ZRH cf-bgj imgq:100,h2pri
GET H2	200	async-ajs.min.js Show response cdn.ad4game.com/	3 KB 2 KB	136ms 32ms	Script application/javascript	151.139.242.3 HIGHWINDS2
General Check archive.org Show headers Download Go to Full URL https://cdn.ad4game.com/async-ajs.min.js Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.139.242.3 , United States, ASN33438 (HIGHWINDS2, US), Reverse DNS Software nginx / Resource Hash dc9f7cdaabb3201fd2ead8c0cfd974710305362d0ea77c96069cb189796d6238 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-servername ads.ad4game.com\ 80\ 81 date Tue, 04 May 2021 21:32:13 GMT content-encoding gzip referrer-policy no-referrer last-modified Wed, 24 Mar 2021 13:03:53 GMT server nginx x-serveraddr 10.100.0.151 etag "605b38b9-ca8" vary Accept-Encoding x-cache HIT content-type application/javascript access-control-allow-origin * x-host ads.ad4game.com accept-ranges bytes content-length 1451
GET H2	200	icon-edit.png st.prntscr.com/2021/04/08/1538/img/	214 B 429 B	18ms 17ms	Image image/webp	104.23.139.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://st.prntscr.com/2021/04/08/1538/img/icon-edit.png Requested by Host: st.prntscr.com URL: https://st.prntscr.com/2021/04/08/1538/css/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cb09c3720b53d8651d6f5825cf643e6249aefbe82a1ba1417d230cdb9b36cba6 Request headers Referer https://st.prntscr.com/2021/04/08/1538/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:13 GMT cf-cache-status HIT age 350 cf-polished origFmt=png, origSize=3153 content-disposition inline; filename="icon-edit.webp" content-length 214 cf-request-id 09dae4cdd80000020438018000000001 last-modified Thu, 08 Apr 2021 15:38:42 GMT server cloudflare etag "606f2382-c51" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept content-type image/webp expires Tue, 04 May 2021 21:53:27 GMT cache-control max-age=1800 accept-ranges bytes cf-ray 64a4d7295fb70204-ZRH cf-bgj imgq:100,h2pri
GET H2	200	icon-camera.png st.prntscr.com/2021/04/08/1538/img/	158 B 443 B	19ms 19ms	Image image/webp	104.23.139.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://st.prntscr.com/2021/04/08/1538/img/icon-camera.png Requested by Host: st.prntscr.com URL: https://st.prntscr.com/2021/04/08/1538/css/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8bfd2fa3b3b5924e3655bcf9f63427e792bd8572b7ed0992373bdb4b21c7cb89 Request headers Referer https://st.prntscr.com/2021/04/08/1538/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:13 GMT cf-cache-status HIT age 767 cf-polished origFmt=png, origSize=1089 content-disposition inline; filename="icon-camera.webp" content-length 158 cf-request-id 09dae4cdd80000020418835000000001 last-modified Thu, 08 Apr 2021 15:38:42 GMT server cloudflare etag "606f2382-441" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept content-type image/webp expires Tue, 04 May 2021 21:19:46 GMT cache-control max-age=1800 accept-ranges bytes cf-ray 64a4d7295fb90204-ZRH cf-bgj imgq:100,h2pri
GET H2	200	icon-abuse.png st.prntscr.com/2021/04/08/1538/img/	126 B 323 B	21ms 21ms	Image image/webp	104.23.139.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://st.prntscr.com/2021/04/08/1538/img/icon-abuse.png Requested by Host: st.prntscr.com URL: https://st.prntscr.com/2021/04/08/1538/css/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2875a6fc4266fec00a383377cb4530b6407912897b0727e26249d89c6dfe0359 Request headers Referer https://st.prntscr.com/2021/04/08/1538/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:13 GMT cf-cache-status HIT age 767 cf-polished origFmt=png, origSize=327 content-disposition inline; filename="icon-abuse.webp" content-length 126 cf-request-id 09dae4cdd800000204ffa7f000000001 last-modified Thu, 08 Apr 2021 15:38:42 GMT server cloudflare etag "606f2382-147" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept content-type image/webp expires Tue, 04 May 2021 21:23:26 GMT cache-control max-age=1800 accept-ranges bytes cf-ray 64a4d7295fbc0204-ZRH cf-bgj imgq:100,h2pri
POST H3-29	200	collect Show response www.google-analytics.com/j/	4 B 24 B	27ms 13ms	XHR text/plain	2a00:1450:4001:828::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1016630049&t=pageview&_s=1&dl=https%3A%2F%2Fprnt.sc%2F12hs5gs&ul=en-us&de=UTF-8&dt=Screenshot%20by%20Lightshot&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=2143131128&gjid=878996206&cid=526208152.1620163934&tid=UA-12353127-1&_gid=862339126.1620163934&_r=1&_slc=1&z=139940974 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Tue, 04 May 2021 21:32:13 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://prnt.sc cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
OPTIONS H2	204	/ api.prntscr.com/v1/ Frame	0 0	127ms 120ms	Preflight	104.23.139.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.prntscr.com/v1/ Protocol H2 Server 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers content-type Origin https://prnt.sc User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Sec-Fetch-Mode cors Response headers date Tue, 04 May 2021 21:32:13 GMT access-control-allow-origin https://prnt.sc access-control-allow-credentials true access-control-allow-methods POST, OPTIONS access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept access-control-max-age 86400 cf-cache-status DYNAMIC cf-request-id 09dae4cdf8000001db673a4000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 64a4d729896b01db-ZRH
GET H2	200	all.js Show response connect.facebook.net/en_US/	3 KB 2 KB	7ms 6ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/all.js Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash da5832df57a3bada8aef850de1749acfb94de8a3345e99609a15b8d1d6edf692 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31536000; preload; includeSubDomains content-encoding gzip x-content-type-options nosniff content-md5 CGXJLic1MVBgZWpKEfi7xQ== cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 1780 x-fb-rlafr 0 x-fb-debug W4y546jmLT4WwelWsN1Y61UfUCRqJyoez0dz7gtJIeC6XDuH2+GYEvUJ8+ZD7dHoKxX7fIXWzjdkwzKrqhQI6A== x-fb-trip-id 686109401 x-fb-content-md5 994ece9faf2b374272ff3e840750fa8c x-frame-options DENY date Tue, 04 May 2021 21:32:13 GMT vary Accept-Encoding content-type application/x-javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers X-FB-Content-MD5 cache-control public,max-age=1200,stale-while-revalidate=3600 etag "125da48fc1351de2ab3ff7de34bce092" timing-allow-origin * expires Tue, 04 May 2021 21:46:08 GMT
GET H/1.1	200 OK	widgets.js Show response platform.twitter.com/	95 KB 29 KB	36ms 8ms	Script application/javascript	192.229.233.25 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://platform.twitter.com/widgets.js Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 192.229.233.25 Los Angeles, United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/67A8) / Resource Hash a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 04 May 2021 21:32:13 GMT Content-Encoding gzip Last-Modified Wed, 28 Apr 2021 17:57:32 GMT Server ECS (frb/67A8) Age 170 Etag "9eb59e5602fef4b3ebf6090856ff21db+gzip" Vary Accept-Encoding x-tw-cdn VZ P3P CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" Access-Control-Allow-Origin * Cache-Control public, max-age=1800 X-Cache HIT Access-Control-Allow-Methods GET Content-Type application/javascript; charset=utf-8 Content-Length 28779
POST H2	200	/ Show response api.prntscr.com/v1/	92 B 526 B	125ms 125ms	XHR application/json	104.23.139.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.prntscr.com/v1/ Requested by Host: st.prntscr.com URL: https://st.prntscr.com/2021/04/08/1538/js/jquery.1.8.2.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9c9935e1daafc929a9866a206e769e084cd83f19d436ca22887adc2798408646 Request headers Accept application/json, text/javascript, */*; q=0.01 Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type application/json Response headers date Tue, 04 May 2021 21:32:13 GMT content-encoding br cf-cache-status DYNAMIC server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-allow-methods POST, OPTIONS content-type application/json access-control-allow-origin https://prnt.sc access-control-allow-credentials true cf-ray 64a4d72a48f70204-ZRH access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept cf-request-id 09dae4ce72000002041883d000000001
GET H2	200	quant.js Show response secure.quantserve.com/	23 KB 9 KB	25ms 8ms	Script application/javascript	2620:116:800d:21:f916:5049:f87f:108e AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://secure.quantserve.com/quant.js Requested by Host: quantcast.mgr.consensu.org URL: https://quantcast.mgr.consensu.org/choice/n-ZGqfdsg5894/prnt.sc/choice.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 8000d797097e74bfff377d2f3fca7e046ee4490ea4edb70c2c0b189575847629 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:13 GMT content-encoding gzip etag "9iaPKZLFg6XYoMRMhilE8g==" vary Accept-Encoding content-type application/javascript cache-control private, max-age=604800 cross-origin-resource-policy cross-origin accept-ranges bytes expires Tue, 11 May 2021 21:32:13 GMT
GET H2	200	cmp2.js Show response quantcast.mgr.consensu.org/tcfv2/	278 KB 71 KB	24ms 24ms	Script text/javascript	2600:9000:2104:a000:9:46dc:4700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=prnt.sc Requested by Host: quantcast.mgr.consensu.org URL: https://quantcast.mgr.consensu.org/choice/n-ZGqfdsg5894/prnt.sc/choice.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2104:a000:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 29507fd3a172d0d54a23c53defa95fe78dbf477c5577b7b789abc2946c8a40d8 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-amz-server-side-encryption AES256 date Tue, 04 May 2021 21:32:13 GMT content-encoding br last-modified Wed, 10 Mar 2021 17:11:22 GMT server AmazonS3 x-amz-cf-pop AMS1-C1 etag W/"814cf3c7bdd5dafb6ad642c1b52006c2" vary Accept-Encoding x-cache Hit from cloudfront content-type text/javascript;charset=UTF-8 via 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront) cache-control max-age=3600 x-amz-meta-qc-ineu True x-amz-cf-id 97xSGPAtcRbYaeb6nlXp3R3JDWqIWmsdLY__-pkNLnymDtmVMp7_Fg==
GET H3-29	200	all.js Show response connect.facebook.net/en_US/	211 KB 62 KB	14ms 7ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/all.js?hash=afa810198586be552640108436c8daf9&ua=modern_es6 Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/all.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 6938fb9e43515bc798b6395f380c9d1e328faecfcfdde9f1cfcf7afd4605a5a1 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Origin https://prnt.sc Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31536000; preload; includeSubDomains content-encoding gzip x-content-type-options nosniff content-md5 fojNW1YgEFAk3w+2e2NC2A== cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 63762 x-fb-rlafr 0 x-fb-debug 6IyRMCUfdtMzZYRohVj6cxSwdOk8Nb4hYmum2W8j2Kb523bZ06NK7CzfB2rODBJC/quOccYeO5OUUDguhQSKBw== x-fb-content-md5 6d914a1035384419f59cc053ee79f13f x-frame-options DENY date Tue, 04 May 2021 21:32:13 GMT vary Accept-Encoding content-type application/x-javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers X-FB-Content-MD5 cache-control public,max-age=31536000,stale-while-revalidate=3600,immutable etag "6dc685d82332e87a6e9b26b59e1520b1" timing-allow-origin * priority u=3,i expires Wed, 04 May 2022 19:51:34 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 82 B	15ms 15ms	XHR text/plain	2a00:1450:400c:c04::9d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-12353127-1&cid=526208152.1620163934&jid=2143131128&gjid=878996206&_gid=862339126.1620163934&_u=IEBAAEAAAAAAAC~&z=1684233311 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c04::9d Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Tue, 04 May 2021 21:32:13 GMT content-type text/plain access-control-allow-origin https://prnt.sc cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	rules-p-n-ZGqfdsg5894.js Show response rules.quantcount.com/	2 B 345 B	113ms 36ms	Script application/javascript	2600:9000:20c8:3a00:6:44e3:f8c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://rules.quantcount.com/rules-p-n-ZGqfdsg5894.js Requested by Host: secure.quantserve.com URL: https://secure.quantserve.com/quant.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20c8:3a00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 20:52:05 GMT via 1.1 65c5c292982d6d8875d94812b2bfdf95.cloudfront.net (CloudFront) server AmazonS3 age 2407 access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control max-age=3600 cross-origin-resource-policy cross-origin x-cache Hit from cloudfront x-amz-cf-pop MAD50-C1 content-length 2 x-amz-cf-id yY3ZI_LkbkKlhpHrhwQ_kBc3PQpickSt2sKaDaSAL-wllVmI5zzH7g==
GET H2	200	ga-audiences www.google.com/ads/	42 B 107 B	17ms 17ms	Image image/gif	2a00:1450:4001:831::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-12353127-1&cid=526208152.1620163934&jid=2143131128&_u=IEBAAEAAAAAAAC~&z=622824682 Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Tue, 04 May 2021 21:32:13 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 107 B	17ms 16ms	Image image/gif	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-12353127-1&cid=526208152.1620163934&jid=2143131128&_u=IEBAAEAAAAAAAC~&z=622824682 Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Tue, 04 May 2021 21:32:13 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	widget_iframe.06c6ee58c3810956b7509218508c7b56.html Show response platform.twitter.com/widgets/ Frame 6168	319 KB 103 KB	7ms 6ms	Document text/html	192.229.233.25 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fprnt.sc Requested by Host: platform.twitter.com URL: https://platform.twitter.com/widgets.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 192.229.233.25 Los Angeles, United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/6760) / Resource Hash 5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3 Request headers Host platform.twitter.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest iframe Referer https://prnt.sc/ Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://prnt.sc/ Response headers Content-Encoding gzip Access-Control-Allow-Methods GET Access-Control-Allow-Origin * Age 522497 Cache-Control public, max-age=315360000 Content-Type text/html; charset=utf-8 Date Tue, 04 May 2021 21:32:13 GMT Etag "dab7ee9ff99366614e06e117bab5e542+gzip" Last-Modified Wed, 28 Apr 2021 17:56:54 GMT P3P CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" Server ECS (frb/6760) Vary Accept-Encoding X-Cache HIT x-tw-cdn VZ Content-Length 105298
GET H2	200	status www.facebook.com/x/oauth/	0 0	35ms 35ms	Fetch text/plain	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/x/oauth/status?client_id=154822244543652&input_token&origin=1&redirect_uri=https%3A%2F%2Fprnt.sc%2F12hs5gs&sdk=joey&wants_cookie_data=false Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/all.js?hash=afa810198586be552640108436c8daf9&ua=modern_es6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=15552000; preload x-content-type-options nosniff alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 0 x-fb-rlafr 0 pragma no-cache x-fb-debug Z7EJTAPKqExUT82OwPZrVgjShkZqdIaU4F6y8W2fg54ib8p3cqTk5V+6fsYHtuCN5RKilzL/CVje3WQZMCrmmQ== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" fb-s unknown cross-origin-opener-policy same-origin-allow-popups date Tue, 04 May 2021 21:32:13 GMT report-to {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]} content-type text/plain; charset=UTF-8 access-control-allow-origin https://prnt.sc access-control-expose-headers fb-s cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	prebid.js Show response cdn.ad4game.com/	261 KB 98 KB	63ms 62ms	Script application/javascript	151.139.242.3 HIGHWINDS2
General Check archive.org Show headers Download Go to Full URL https://cdn.ad4game.com/prebid.js Requested by Host: cdn.ad4game.com URL: https://cdn.ad4game.com/async-ajs.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.139.242.3 , United States, ASN33438 (HIGHWINDS2, US), Reverse DNS Software nginx / Resource Hash 733f44e4d42f00e0a8c267d516e9f6939d36f65ceb3bf851998475b9f6650d3f Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-servername ads.ad4game.com\ 80\ 81 date Tue, 04 May 2021 21:32:13 GMT content-encoding gzip referrer-policy no-referrer last-modified Thu, 15 Apr 2021 06:26:15 GMT server nginx x-serveraddr 10.100.0.151 etag W/"6077dc87-412ac" vary Accept-Encoding x-cache HIT content-type application/javascript access-control-allow-origin * x-host ads.ad4game.com accept-ranges bytes
GET H/1.1	200 OK	async-ajs.php Show response ads.ad4game.com/www/delivery/	9 KB 3 KB	441ms 115ms	Script text/javascript	192.207.255.147 AS-MNX
General Check archive.org Show headers Download Go to Full URL https://ads.ad4game.com/www/delivery/async-ajs.php?v=1&cb=a4g7498854&h=0&siteurl=https%3A%2F%2Fprnt.sc%2F12hs5gs&c=UTF-8&z=60918,70076,60916&b=7&x=7 Requested by Host: cdn.ad4game.com URL: https://cdn.ad4game.com/async-ajs.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.207.255.147 , United States, ASN62821 (AS-MNX, US), Reverse DNS haproxy2.ad4game.com Software nginx / Resource Hash beb0859fc698b1ac213d752fba43d03afd115a4a06b615df1580c7b2346a4cd2 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers X-servername ads.ad4game.com\ 80\ 81 Pragma no-cache Date Tue, 04 May 2021 21:32:14 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked P3P CP="CUR ADM OUR NOR STA NID" X-serveraddr 10.100.0.151 Cache-Control no-cache, no-store, must-revalidate X-host ads.ad4game.com Connection close Content-Type text/javascript; charset=UTF-8 Expires 0
GET H2	200	settings Show response syndication.twitter.com/ Frame 6168	184 B 421 B	137ms 122ms	Fetch application/json	104.244.42.200 TWITTER
General Check archive.org Show headers Download Go to Full URL https://syndication.twitter.com/settings?session_id=aa582023dd65817bcc5a0b9c699783ecfc21dd29 Requested by Host: platform.twitter.com URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fprnt.sc Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.244.42.200 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_devel / Resource Hash 77a328b3ec0bf931a19c692f7f14e117fd4c299c781561e02b679aae5d377620 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers Referer https://platform.twitter.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:13 GMT content-encoding gzip last-modified Tue, 04 May 2021 21:32:13 GMT server tsa_devel vary Origin strict-transport-security max-age=631138519 content-type application/json; charset=utf-8 access-control-allow-origin https://platform.twitter.com cache-control must-revalidate, max-age=600 access-control-allow-credentials true x-connection-hash 2f3e9bb096b4a038505a4e64a0e0ccf53b961057f2b5d831b431119dc471faf0 content-length 153
GET H2	200	pixel;r=633582548;source=choice;rf=0;a=p-n-ZGqfdsg5894;url=https%3A%2F%2Fprnt.sc%2F12hs5gs;uh=u;uht=u;ns=0;ce=1;qjs=1;qv=1558287b-20210421211215;cm=;gdpr=1;gdpr_consent=;ref=;d=prnt.sc;je=0;sr=1600... pixel.quantcount.com/	35 B 210 B	11ms 9ms	Image image/gif	2620:116:800d:21:f916:5049:f87f:108e AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.quantcount.com/pixel;r=633582548;source=choice;rf=0;a=p-n-ZGqfdsg5894;url=https%3A%2F%2Fprnt.sc%2F12hs5gs;uh=u;uht=u;ns=0;ce=1;qjs=1;qv=1558287b-20210421211215;cm=;gdpr=1;gdpr_consent=;ref=;d=prnt.sc;je=0;sr=1600x1200x24;dst=1;et=1620163933829;tzo=-120;ogl=site_name.Lightshot%2Ctitle.Screenshot%2Cimage.https%3A%2F%2Fimage%252Eprntscr%252Ecom%2Fimage%2FJtq3QjyRRlerbe95U29ZHg%252Epng%2Cdescription.Captured%20with%20Lightshot%2Curl.https%3A%2F%2Fprnt%252Esc%2F12hs5gs%2Ctype.website Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8 Security Headers Name Value Strict-Transport-Security max-age=86400 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Tue, 04 May 2021 21:32:13 GMT cache-control private, no-cache, no-store, proxy-revalidate content-type image/gif content-length 35 strict-transport-security max-age=86400 expires Fri, 04 Aug 1978 12:00:00 GMT
GET DATA	200 OK	truncated /	261 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 7de30ea716fc3fd539ef2451fc63017129677279a3928d46c3b1bbdbd70bae00 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	button.5573c974dc31bbdab5ea7923a0bd5cf3.js Show response platform.twitter.com/js/	7 KB 3 KB	7ms 7ms	Script application/javascript	192.229.233.25 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://platform.twitter.com/js/button.5573c974dc31bbdab5ea7923a0bd5cf3.js Requested by Host: platform.twitter.com URL: https://platform.twitter.com/widgets.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 192.229.233.25 Los Angeles, United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/67A8) / Resource Hash e05edf2ae58e3a9f1d2a84d32a8b216fd0aece46f527b58dcbce75255989ea88 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 04 May 2021 21:32:13 GMT Content-Encoding gzip Last-Modified Wed, 28 Apr 2021 17:56:41 GMT Server ECS (frb/67A8) Age 522499 Etag "382be2960021b88f6ce982d997cdbd01+gzip" Vary Accept-Encoding x-tw-cdn VZ P3P CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" Access-Control-Allow-Origin * Cache-Control public, max-age=315360000 X-Cache HIT Access-Control-Allow-Methods GET Content-Type application/javascript; charset=utf-8 Content-Length 2294
GET H/1.1	200 OK	tweet_button.06c6ee58c3810956b7509218508c7b56.en.html Show response platform.twitter.com/widgets/ Frame 519F	32 KB 12 KB	7ms 7ms	Document text/html	192.229.233.25 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://platform.twitter.com/widgets/tweet_button.06c6ee58c3810956b7509218508c7b56.en.html Requested by Host: platform.twitter.com URL: https://platform.twitter.com/widgets.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 192.229.233.25 Los Angeles, United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/67A8) / Resource Hash 483cc9a5ece5c92d5a2f1ea6e92e7f8bc29844a6c06bf36c0349d70334685dc7 Request headers Host platform.twitter.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest iframe Referer https://prnt.sc/ Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://prnt.sc/ Response headers Content-Encoding gzip Access-Control-Allow-Methods GET Access-Control-Allow-Origin * Age 522498 Cache-Control public, max-age=315360000 Content-Type text/html; charset=utf-8 Date Tue, 04 May 2021 21:32:13 GMT Etag "a87932e0f094e1fb4cced05f7d97ab94+gzip" Last-Modified Wed, 28 Apr 2021 17:56:47 GMT P3P CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" Server ECS (frb/67A8) Vary Accept-Encoding X-Cache HIT x-tw-cdn VZ Content-Length 12228
GET DATA	200 OK	truncated / Frame 519F	822 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	jot syndication.twitter.com/i/	43 B 375 B	114ms 114ms	Image image/gif	104.244.42.200 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fprnt.sc%2F12hs5gs%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22light_shot%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1620163934105%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.244.42.200 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_devel / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=631138519 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:14 GMT content-encoding gzip x-content-type-options nosniff status 200 OK x-twitter-response-tags BouncerCompliant content-length 65 x-xss-protection 0 pragma no-cache last-modified Tue, 04 May 2021 21:32:14 GMT server tsa_devel x-frame-options SAMEORIGIN strict-transport-security max-age=631138519 content-type image/gif;charset=utf-8 cache-control no-cache, no-store, must-revalidate, pre-check=0, post-check=0 x-connection-hash 2f3e9bb096b4a038505a4e64a0e0ccf53b961057f2b5d831b431119dc471faf0 x-transaction 9ffe6002e436c357 expires Tue, 31 Mar 1981 05:00:00 GMT
GET H2	200	gpt.js Show response www.googletagservices.com/tag/js/	61 KB 21 KB	34ms 14ms	Script text/javascript	2a00:1450:4001:808::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/tag/js/gpt.js Requested by Host: ads.ad4game.com URL: https://ads.ad4game.com/www/delivery/async-ajs.php?v=1&cb=a4g7498854&h=0&siteurl=https%3A%2F%2Fprnt.sc%2F12hs5gs&c=UTF-8&z=60918,70076,60916&b=7&x=7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e85c70b5ea5fbeaef353f560aef187cf27ae5be19b9f8c6008365c958fe27b18 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:14 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "862 / 365 of 1000 / last-modified: 1620151652" vary Accept-Encoding content-type text/javascript cache-control private, max-age=900, stale-while-revalidate=3600 timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 21164 x-xss-protection 0 expires Tue, 04 May 2021 21:32:14 GMT
GET H2	200	apstag.js Show response c.amazon-adsystem.com/aax2/	126 KB 33 KB	101ms 36ms	Script application/javascript	13.224.105.229 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c.amazon-adsystem.com/aax2/apstag.js Requested by Host: ads.ad4game.com URL: https://ads.ad4game.com/www/delivery/async-ajs.php?v=1&cb=a4g7498854&h=0&siteurl=https%3A%2F%2Fprnt.sc%2F12hs5gs&c=UTF-8&z=60918,70076,60916&b=7&x=7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.105.229 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-105-229.mad50.r.cloudfront.net Software Server / Resource Hash 05b1936a5e4229dc34d8e5fcfc22ce024634ea618687f37e31857402b27c4dba Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 05:09:09 GMT content-encoding gzip server Server age 58985 etag 8975e8311e479cf7d71d71133ee2dff8 x-cache Hit from cloudfront content-type application/javascript via 1.1 e5774f09cc2ae0875c0445786827ad1b.cloudfront.net (CloudFront) cache-control public, max-age=86400 x-amz-cf-pop MAD50-C1 accept-ranges bytes timing-allow-origin * x-amz-version-id RvFob.r3TH_ft5dtWL2SCNMCpiQphReE x-amz-cf-id kd2_ZLRvZOmhTk0sRfYOXpj3bBE0mRctTMWNnUOSFuz7-q13B0fqxw==
GET H/1.1	200 OK	bid Show response ads.ad4game.com/v1/	5 KB 2 KB	538ms 323ms	XHR application/json	192.207.255.147 AS-MNX
General Check archive.org Show headers Download Go to Full URL https://ads.ad4game.com/v1/bid?if=0&siteurl=https%3A%2F%2Fprnt.sc%2F12hs5gs&size=970x90%3B970x90%3B300x250&id=289a7c11eda451%3B3aabff0cd5b2fe%3B40fa4f65979ac5&zoneId=60918%3B70076%3B60916&gdpr=%5Bobject%20Object%5D Requested by Host: cdn.ad4game.com URL: https://cdn.ad4game.com/prebid.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.207.255.147 , United States, ASN62821 (AS-MNX, US), Reverse DNS haproxy2.ad4game.com Software nginx / Resource Hash 8fb4f3f88fc964bbb3ed922399eaeb33bbd5f0021d9cd803115745c4c48282a9 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain Response headers Date Tue, 04 May 2021 21:32:14 GMT Content-Encoding gzip Server nginx Vary Accept-Encoding, User-Agent Access-Control-Allow-Methods GET, POST, PUT, DELETE, OPTIONS Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://prnt.sc Transfer-Encoding chunked Connection close Access-Control-Allow-Credentials true Access-Control-Allow-Headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type X-Application-Context application:12061
GET H2	200	cygnus Show response htlb.casalemedia.com/	24 B 366 B	139ms 122ms	XHR application/json	23.37.38.181 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://htlb.casalemedia.com/cygnus?s=619471&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2256f208d9477b31%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fprnt.sc%2F12hs5gs%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A3%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allU%22%3A3%2C%22ren%22%3Afalse%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22indexexchange.com%22%2C%22sid%22%3A%22193578%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A1%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2263ee4b0bcc1f65%22%2C%22ext%22%3A%7B%22siteID%22%3A%22619471%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2274b219035cb0be%22%2C%22ext%22%3A%7B%22siteID%22%3A%22619471%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2280fbc88f4f3251%22%2C%22ext%22%3A%7B%22siteID%22%3A%22610018%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%7D Requested by Host: cdn.ad4game.com URL: https://cdn.ad4game.com/prebid.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-37-38-181.deploy.static.akamaitechnologies.com Software Apache / Resource Hash 94f11d909ef4751fc8a32fe60931e11b63b62301cd9d5ddee6df1f875657ad45 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Tue, 04 May 2021 21:32:14 GMT content-encoding gzip x-ak-initial-geo CC:[DE], RC:[HE], CN:[EU], CIP:[159.48.53.180], XFF:[] server Apache vary Is-Traffic-Invalid,Accept-Encoding content-type application/json access-control-allow-origin https://prnt.sc x-cs-client-geo 12 cache-control max-age=0, no-cache, no-store access-control-allow-credentials true content-length 44 x-ak-client-geo 12 expires Tue, 04 May 2021 21:32:14 GMT
GET H2	200	pubads_impl_2021042801.js Show response securepubads.g.doubleclick.net/gpt/	300 KB 106 KB	37ms 15ms	Script text/javascript	172.217.23.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/tag/js/gpt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.23.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s45-in-f2.1e100.net Software sffe / Resource Hash 1c2525b3e7631f2411872aac663bded4c73bd4e4f26182862b28db7f406d1c61 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:14 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 28 Apr 2021 08:37:54 GMT server sffe vary Accept-Encoding content-type text/javascript cache-control private, immutable, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 108145 x-xss-protection 0 expires Tue, 04 May 2021 21:32:14 GMT
GET H2	200	bid Show response c.amazon-adsystem.com/e/dtb/	23 B 364 B	74ms 73ms	XHR text/javascript	13.224.105.229 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fprnt.sc%2F12hs5gs&pid=vlkUDYCmfRwWO&cb=0&ws=1600x1200&v=7.64.00&t=2000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22970x90%22%5D%2C%22sn%22%3A%22%2F60257202%2F60918%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22970x90%22%5D%2C%22sn%22%3A%22%2F60257202%2F70076%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F60257202%2F60916%22%7D%5D&cfgv=0&pubid=852e3ca3-c387-44e4-a5c1-67c46495a8c4&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D Requested by Host: c.amazon-adsystem.com URL: https://c.amazon-adsystem.com/aax2/apstag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.105.229 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-105-229.mad50.r.cloudfront.net Software Server / Resource Hash 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:14 GMT via 1.1 e5774f09cc2ae0875c0445786827ad1b.cloudfront.net (CloudFront) server Server x-amz-cf-pop MAD50-C1 vary User-Agent x-cache Miss from cloudfront content-type text/javascript;charset=UTF-8 access-control-allow-origin https://prnt.sc access-control-allow-credentials true timing-allow-origin * content-length 23 x-amz-cf-id VG-WmL5c1haYyjwpKo744GSmxxs_YGu9OpdojeVsevrJen2MM5l9aw==
GET H2	200	aps_csm.js Show response c.amazon-adsystem.com/bao-csm/aps-comm/	6 KB 3 KB	100ms 36ms	XHR application/javascript	13.224.105.229 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js Requested by Host: c.amazon-adsystem.com URL: https://c.amazon-adsystem.com/aax2/apstag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.105.229 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-105-229.mad50.r.cloudfront.net Software AmazonS3 / Resource Hash 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-amz-version-id eEYYOb32LZFr6yGAi8hXG4401uAIPew2 content-encoding gzip etag W/"a4d296427fc806b21335359e398c025c" age 19187 x-cache Hit from cloudfront access-control-max-age 3000 access-control-allow-origin * last-modified Wed, 07 Apr 2021 05:49:36 GMT server AmazonS3 date Tue, 04 May 2021 16:12:30 GMT vary Origin access-control-allow-methods GET content-type application/javascript via 1.1 52523006e1ee5c08eea6e9267e18fabf.cloudfront.net (CloudFront) cache-control public, max-age=86400 x-amz-cf-pop MAD50-C1 x-amz-cf-id DjCrmVf_JqoqjWDALyDuBfHTGUNGZy2ckJTJTO5v6qh_hrjcmwm_Cg==
GET H3-29	200	like.php Show response www.facebook.com/plugins/ Frame 248A	47 KB 15 KB	63ms 63ms	Document text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/plugins/like.php?action=like&app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df348c7b394ffab8%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fprnt.sc%2F12hs5gs&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=false&size=small&width=100 Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/all.js?hash=afa810198586be552640108436c8daf9&ua=modern_es6 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 837c6049c00baf8e7c689297a1c8cd8a6b0f3bff689bfca7cc63ff1280c17e2a Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority www.facebook.com :scheme https :path /plugins/like.php?action=like&app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df348c7b394ffab8%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fprnt.sc%2F12hs5gs&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=false&size=small&width=100 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://prnt.sc/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://prnt.sc/ Response headers vary Accept-Encoding x-fb-rlafr 0 pragma no-cache expires Sat, 01 Jan 2000 00:00:00 GMT content-encoding br strict-transport-security max-age=15552000; preload x-content-type-options nosniff x-xss-protection 0 cache-control private, no-cache, no-store, must-revalidate content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-type text/html; charset="utf-8" x-fb-debug K+L+5MDcYgOsm3r0nmtMZJhg/G22EoYtVezR37VKjjfCVRkG9ZWofgd9PLR2QD9TdnhGVob18ZkTsytFv2yC/A== date Tue, 04 May 2021 21:32:14 GMT priority u=3,i alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
GET H3-29	200	feedback.php Show response www.facebook.com/plugins/ Frame 76CA Redirect Chain https://www.facebook.com/plugins/comments.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df28ce66f2527184%26domain%3Dprnt.... https://www.facebook.com/plugins/feedback.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df28ce66f2527184%26domain%3Dprnt....	34 KB 11 KB	59ms 59ms	Document text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/plugins/feedback.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df28ce66f2527184%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=340&height=100&href=https%3A%2F%2Fprnt.sc%2F12hs5gs&locale=en_US&migrated=1&sdk=joey&width=NaN&xid=12hs5gs Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/all.js?hash=afa810198586be552640108436c8daf9&ua=modern_es6 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 4485cdb9903a9ce122d5562c583e561120365fec2690b4e1bdf1e8900e0486f8 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority www.facebook.com :scheme https :path /plugins/feedback.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df28ce66f2527184%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=340&height=100&href=https%3A%2F%2Fprnt.sc%2F12hs5gs&locale=en_US&migrated=1&sdk=joey&width=NaN&xid=12hs5gs pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://prnt.sc/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer about:blank Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; cache-control private, no-cache, no-store, must-revalidate x-xss-protection 0 x-content-type-options nosniff strict-transport-security max-age=15552000; preload content-encoding br expires Sat, 01 Jan 2000 00:00:00 GMT vary Accept-Encoding pragma no-cache x-fb-rlafr 0 cross-origin-opener-policy same-origin-allow-popups content-type text/html; charset="utf-8" x-fb-debug WqzCMbaCp38+DlwsSpQF2KjU60kGjzSznUnAIgaLjocLmkB/+j9mesflkzqjXg18/P453IKQ3mA54EXu7EKWcw== date Tue, 04 May 2021 21:32:14 GMT priority u=3,i alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 Redirect headers location https://www.facebook.com/plugins/feedback.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df28ce66f2527184%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=340&height=100&href=https%3A%2F%2Fprnt.sc%2F12hs5gs&locale=en_US&migrated=1&sdk=joey&width=NaN&xid=12hs5gs strict-transport-security max-age=15552000; preload content-type text/html; charset="utf-8" x-fb-debug k58qxIuWRr1Uw+obGX3+Xc5m7ceLK0b+Arphk0LCMpz22OpAl6/gBPV3Dlt5sLdpzNZ5mmGUxY80XclnyB0m3Q== content-length 0 date Tue, 04 May 2021 21:32:14 GMT priority u=3,i alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
GET H3-29	200	like_box.php Show response www.facebook.com/plugins/ Frame 46FF	47 KB 15 KB	63ms 63ms	Document text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df240a60389c72ac%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300 Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/all.js?hash=afa810198586be552640108436c8daf9&ua=modern_es6 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash ca813663d66e7c7b425392e749c1365c72b619562fb64721803d1ab797a1e0dc Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority www.facebook.com :scheme https :path /plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df240a60389c72ac%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://prnt.sc/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://prnt.sc/ Response headers vary Accept-Encoding x-fb-rlafr 0 pragma no-cache expires Sat, 01 Jan 2000 00:00:00 GMT content-encoding br strict-transport-security max-age=15552000; preload x-content-type-options nosniff x-xss-protection 0 cache-control private, no-cache, no-store, must-revalidate content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-type text/html; charset="utf-8" x-fb-debug s/+vaAoyEG7seMV8WY5AIl9676U7fFc1uVdVAvSP2G4edMW0esllSTQG67qCBC4vj3I0WpO7hEliv+w/9drj0g== date Tue, 04 May 2021 21:32:14 GMT priority u=3,i alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
GET H2	200	OqOE21UvWe3.png static.xx.fbcdn.net/rsrc.php/v3/y5/r/ Frame 248A	400 B 642 B	7ms 5ms	Image image/png	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://static.xx.fbcdn.net/rsrc.php/v3/y5/r/OqOE21UvWe3.png Requested by Host: www.facebook.com URL: https://www.facebook.com/plugins/like.php?action=like&app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df348c7b394ffab8%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fprnt.sc%2F12hs5gs&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=false&size=small&width=100 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.facebook.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-fb-debug KASiXt3PX7nPgje7J4l5ABied9/uc3azD/KFHbLLtzeppCOVn3YN7PyrlmZqapdF3YYLaDijfr1eyYxu4akihg== x-fb-trip-id 686109401 x-content-type-options nosniff last-modified Mon, 01 Jan 2001 08:00:00 GMT content-md5 uF0RL4E+h23ClLQmPOTTMw== date Tue, 04 May 2021 21:32:14 GMT content-type image/png access-control-allow-origin * cache-control public,max-age=31536000,immutable cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 400 x-fb-rlafr 0 expires Wed, 27 Apr 2022 15:55:46 GMT
GET H2	200	_7AQqnJUgWG.js Show response static.xx.fbcdn.net/rsrc.php/v3iEpO4/yg/l/en_US/ Frame 248A	503 KB 132 KB	22ms 10ms	XHR application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yg/l/en_US/_7AQqnJUgWG.js?_nc_x=Ij3Wp8lg5Kz Requested by Host: www.facebook.com URL: https://www.facebook.com/plugins/like.php?action=like&app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df348c7b394ffab8%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fprnt.sc%2F12hs5gs&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=false&size=small&width=100 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash ff2645d07699317796fd67f95bc2091ff1481792abbb32ed7cfb8d98d43fb76f Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.facebook.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:14 GMT content-encoding br x-content-type-options nosniff content-md5 eJATA/frOrE7jYgjX8M4ZQ== cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 134792 x-fb-rlafr 0 x-fb-debug l2zUOV9d435BS7AZsHG6qznbZihU/3+omg5Zj8sShUHcUn39nJJQAOeiBJgwm2xZVaFdhHl9+5YT0pMpBuuhhw== x-fb-trip-id 686109401 last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Origin content-type application/x-javascript; charset=utf-8 access-control-allow-origin https://www.facebook.com cache-control public,max-age=31536000,immutable timing-allow-origin * priority u=3,i expires Wed, 04 May 2022 20:36:40 GMT
GET H3-29	200	d1_3YuWLirh.css static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/ Frame 46FF	26 KB 6 KB	10ms 7ms	Stylesheet text/css	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/d1_3YuWLirh.css?_nc_x=Ij3Wp8lg5Kz Requested by Host: www.facebook.com URL: https://www.facebook.com/plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df240a60389c72ac%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 5540e791db7fe8ee84e419ce572502e38979eb2b2c1c3c5dc8db60da135fc13b Security Headers Name Value X-Content-Type-Options nosniff Request headers Origin https://www.facebook.com Referer https://www.facebook.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:14 GMT content-encoding br x-content-type-options nosniff content-md5 Y4aq0HIXZmtBbcxcE4o9CQ== cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 5966 x-fb-rlafr 0 x-fb-debug H5yJBV9U1RH82QslVW9T9vT7Gvn8vB2MA48zny/uQS7wckMVgKlicdgeCaBsLP+aPfcRWc6DFxjpI3eDw9D1lw== last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Origin content-type text/css; charset=utf-8 access-control-allow-origin https://www.facebook.com cache-control public,max-age=31536000,immutable timing-allow-origin * priority u=3,i expires Wed, 04 May 2022 20:25:22 GMT
GET H3-29	200	hayJvIbPJDd.js Show response static.xx.fbcdn.net/rsrc.php/v3/yv/r/ Frame 46FF	292 KB 79 KB	10ms 8ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/hayJvIbPJDd.js?_nc_x=Ij3Wp8lg5Kz Requested by Host: www.facebook.com URL: https://www.facebook.com/plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df240a60389c72ac%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 3780dfcc37cde7c41ae548c2cd53f85359ce8af26824a37edc65a215c48a0325 Security Headers Name Value X-Content-Type-Options nosniff Request headers Origin https://www.facebook.com Referer https://www.facebook.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:14 GMT content-encoding br x-content-type-options nosniff content-md5 DjoRpQOSrywb/3Gm39N72A== cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 81097 x-fb-rlafr 0 x-fb-debug 1wcIuBSkCT9kxeot74mQV19k5R/FM748Uk9FOk5ZoQT/U9i7FHS4VGEgBIdv8WTXZ/6bID068WQdnLVfFKGXdw== last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Origin content-type application/x-javascript; charset=utf-8 access-control-allow-origin https://www.facebook.com cache-control public,max-age=31536000,immutable timing-allow-origin * priority u=3,i expires Wed, 04 May 2022 20:34:45 GMT
GET H3-29	200	IZatEHNRVHJ.js Show response static.xx.fbcdn.net/rsrc.php/v3/y5/r/ Frame 46FF	63 KB 19 KB	11ms 8ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3/y5/r/IZatEHNRVHJ.js?_nc_x=Ij3Wp8lg5Kz Requested by Host: www.facebook.com URL: https://www.facebook.com/plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df240a60389c72ac%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 61d4c9a10e7e7ffdbd96d74c6c988bc5fae2c882a7bdbc2c902de3e81a5d238a Security Headers Name Value X-Content-Type-Options nosniff Request headers Origin https://www.facebook.com Referer https://www.facebook.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:14 GMT content-encoding br x-content-type-options nosniff content-md5 6euYRQMhWsZNosO7E9Asig== cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 19647 x-fb-rlafr 0 x-fb-debug OfP7k2YYPTgNBsZi8cRRQRTNgE8mIkyRO34q52KelQL39RqrKYIbSDLIZySgQCjH3WsflUuk1fwrAoDEYLO6+A== last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Origin content-type application/x-javascript; charset=utf-8 access-control-allow-origin https://www.facebook.com cache-control public,max-age=31536000,immutable timing-allow-origin * priority u=3,i expires Sun, 01 May 2022 12:58:25 GMT
GET H3-29	200	__q9dxH6_x1.js Show response static.xx.fbcdn.net/rsrc.php/v3iEpO4/yi/l/en_US/ Frame 46FF	128 KB 36 KB	10ms 9ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yi/l/en_US/__q9dxH6_x1.js?_nc_x=Ij3Wp8lg5Kz Requested by Host: www.facebook.com URL: https://www.facebook.com/plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df240a60389c72ac%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 4ec44b70aa20129513bc61eb4b86c1ca854b425cec7eda03f8652093374c0f5b Security Headers Name Value X-Content-Type-Options nosniff Request headers Origin https://www.facebook.com Referer https://www.facebook.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:14 GMT content-encoding br x-content-type-options nosniff content-md5 96/585IxIDTBVc7RVxq/Yw== cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 36441 x-fb-rlafr 0 x-fb-debug Yu9Z652DHiekseYM+aiNG/n5/sIziEO7KTgipDw6FZ4GNdhglMkr7S/aMVTAFhmDOO6W/l1/m2hWzWfHcpCrtA== last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Origin content-type application/x-javascript; charset=utf-8 access-control-allow-origin https://www.facebook.com cache-control public,max-age=31536000,immutable timing-allow-origin * priority u=3,i expires Tue, 03 May 2022 18:36:22 GMT
GET H3-29	200	oYH4_Q4OBVP.js Show response static.xx.fbcdn.net/rsrc.php/v3/y3/r/ Frame 46FF	5 KB 2 KB	11ms 9ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3/y3/r/oYH4_Q4OBVP.js?_nc_x=Ij3Wp8lg5Kz Requested by Host: www.facebook.com URL: https://www.facebook.com/plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df240a60389c72ac%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash fdbb995458f6b6f28ba8ad20b662687f9b83edb8f74034f7243161086e7e54cb Security Headers Name Value X-Content-Type-Options nosniff Request headers Origin https://www.facebook.com Referer https://www.facebook.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:14 GMT content-encoding br x-content-type-options nosniff content-md5 SNHyGmMRoqgA28EMocpyhA== cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 1723 x-fb-rlafr 0 x-fb-debug +yM7DVaYIyWUjA7XBjm/WkchCZ/Aon/PS25O0Vqp92ZIvACWC8Y/QlnZ11TaOsAD9OPreE+yBhtbm3AzCh4Iyg== last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Origin content-type application/x-javascript; charset=utf-8 access-control-allow-origin https://www.facebook.com cache-control public,max-age=31536000,immutable timing-allow-origin * priority u=3,i expires Tue, 26 Apr 2022 10:01:44 GMT
GET H2	200	10380207_10152455232975761_8123100998967752904_o.png scontent-frt3-2.xx.fbcdn.net/v/t31.18172-0/p130x130/ Frame 46FF	36 KB 36 KB	13ms 6ms	Image image/png	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://scontent-frt3-2.xx.fbcdn.net/v/t31.18172-0/p130x130/10380207_10152455232975761_8123100998967752904_o.png?_nc_cat=1&ccb=1-3&_nc_sid=dd9801&_nc_ohc=Jid9pfPEbx8AX90JrOB&_nc_ht=scontent-frt3-2.xx&tp=30&oh=7b443975964649bd8c9dd109f2494f60&oe=60B92A64 Requested by Host: www.facebook.com URL: https://www.facebook.com/plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df240a60389c72ac%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 7f0c0d5e15ee4b3a06964f2256fc37be30934a62b0e0bf61a00eb0aa47969eb6 Request headers Referer https://www.facebook.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-haystack-needlechecksum 591433749 date Tue, 04 May 2021 21:32:14 GMT x-fb-trip-id 686109401 last-modified Thu, 22 May 2014 08:24:07 GMT content-type image/png access-control-allow-origin * access-control-expose-headers X-FB-CEC-Video-Limit cache-control max-age=1209600, no-transform cross-origin-resource-policy cross-origin x-needle-checksum 1994070467 x-fb-config-version-olb-prod 1085 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 37042
GET H3-29	200	277895_10151200062570761_1904128644_o.jpg scontent-frt3-2.xx.fbcdn.net/v/t31.18172-1/cp0/p50x50/ Frame 46FF	1 KB 1 KB	13ms 6ms	Image image/jpeg	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://scontent-frt3-2.xx.fbcdn.net/v/t31.18172-1/cp0/p50x50/277895_10151200062570761_1904128644_o.jpg?_nc_cat=1&ccb=1-3&_nc_sid=dbb9e7&_nc_ohc=o6WS-hFkmTgAX8On0cp&_nc_ht=scontent-frt3-2.xx&tp=27&oh=ef8fef90c3e2b2086f95c2d10e2fbbb9&oe=60B7BDAD Requested by Host: www.facebook.com URL: https://www.facebook.com/plugins/like_box.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df240a60389c72ac%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FLightShot%2F242750885760&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash fe0b009af4d6be99bb24436d2b2c67706fa3698e059d8df3bfa9f9c8857b42ae Request headers Referer https://www.facebook.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-haystack-needlechecksum 3015587832 date Tue, 04 May 2021 21:32:14 GMT last-modified Wed, 22 Aug 2012 00:00:00 GMT content-length 1288 content-type image/jpeg access-control-allow-origin * access-control-expose-headers X-FB-CEC-Video-Limit cache-control max-age=1209600, no-transform cross-origin-resource-policy cross-origin x-needle-checksum 1162695912 x-fb-config-version-olb-prod 1085 timing-allow-origin * alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 priority u=3,i
GET H3-29	200	of3W6kmxqoW.css static.xx.fbcdn.net/rsrc.php/v3/yw/l/0,cross/ Frame 76CA	127 KB 20 KB	12ms 7ms	Stylesheet text/css	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3/yw/l/0,cross/of3W6kmxqoW.css?_nc_x=Ij3Wp8lg5Kz Requested by Host: www.facebook.com URL: https://www.facebook.com/plugins/feedback.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df28ce66f2527184%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=340&height=100&href=https%3A%2F%2Fprnt.sc%2F12hs5gs&locale=en_US&migrated=1&sdk=joey&width=NaN&xid=12hs5gs Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 5cb0b17af2e69cc2c148c2d0834edb7413541002a6146fcf387fcf316fd19905 Security Headers Name Value X-Content-Type-Options nosniff Request headers Origin https://www.facebook.com Referer https://www.facebook.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:14 GMT content-encoding br x-content-type-options nosniff content-md5 90OHvJ4EZtjVln9Miwp8BA== cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 20852 x-fb-rlafr 0 x-fb-debug yRwJ8aoaiKtoBlgtY5aA30nBMEix6Utu+cc+2ce1oEGwbW/kgZWLiQlXpfb0MVJfZCI6fA/mAsw6qSYE5Avr3w== last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Origin content-type text/css; charset=utf-8 access-control-allow-origin https://www.facebook.com cache-control public,max-age=31536000,immutable timing-allow-origin * priority u=3,i expires Fri, 22 Apr 2022 18:43:15 GMT
GET H3-29	200	hayJvIbPJDd.js Show response static.xx.fbcdn.net/rsrc.php/v3/yv/r/ Frame 76CA	292 KB 79 KB	8ms 6ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/hayJvIbPJDd.js?_nc_x=Ij3Wp8lg5Kz Requested by Host: www.facebook.com URL: https://www.facebook.com/plugins/feedback.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df28ce66f2527184%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=340&height=100&href=https%3A%2F%2Fprnt.sc%2F12hs5gs&locale=en_US&migrated=1&sdk=joey&width=NaN&xid=12hs5gs Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 3780dfcc37cde7c41ae548c2cd53f85359ce8af26824a37edc65a215c48a0325 Security Headers Name Value X-Content-Type-Options nosniff Request headers Origin https://www.facebook.com Referer https://www.facebook.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:14 GMT content-encoding br x-content-type-options nosniff content-md5 DjoRpQOSrywb/3Gm39N72A== cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 81097 x-fb-rlafr 0 x-fb-debug 1wcIuBSkCT9kxeot74mQV19k5R/FM748Uk9FOk5ZoQT/U9i7FHS4VGEgBIdv8WTXZ/6bID068WQdnLVfFKGXdw== last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Origin content-type application/x-javascript; charset=utf-8 access-control-allow-origin https://www.facebook.com cache-control public,max-age=31536000,immutable timing-allow-origin * priority u=3,i expires Wed, 04 May 2022 20:34:45 GMT
GET H3-29	200	1dsNedNrP66.js Show response static.xx.fbcdn.net/rsrc.php/v3i7M54/yP/l/en_US/ Frame 76CA	156 KB 43 KB	12ms 7ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yP/l/en_US/1dsNedNrP66.js?_nc_x=Ij3Wp8lg5Kz Requested by Host: www.facebook.com URL: https://www.facebook.com/plugins/feedback.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df28ce66f2527184%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=340&height=100&href=https%3A%2F%2Fprnt.sc%2F12hs5gs&locale=en_US&migrated=1&sdk=joey&width=NaN&xid=12hs5gs Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 61a7a99b55c0d55710087276835e2639007e21e1756adbdf5de67f711f292784 Security Headers Name Value X-Content-Type-Options nosniff Request headers Origin https://www.facebook.com Referer https://www.facebook.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:14 GMT content-encoding br x-content-type-options nosniff content-md5 tMLvIEGJ23VJss4fp6WlyA== cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 44443 x-fb-rlafr 0 x-fb-debug 7c98sP6Lx4i4daO6ohQHzr+pY45lFfP16kMpRnTdpy6ZJIA+zl+mxIunNIlQQC3/RuZ/n3RxTvhWvICvqzE5tw== last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Origin content-type application/x-javascript; charset=utf-8 access-control-allow-origin https://www.facebook.com cache-control public,max-age=31536000,immutable timing-allow-origin * priority u=3,i expires Tue, 03 May 2022 18:35:07 GMT
GET H3-29	200	yoh9mRMCKzZ.js Show response static.xx.fbcdn.net/rsrc.php/v3iPwL4/y5/l/en_US/ Frame 76CA	37 KB 11 KB	12ms 8ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3iPwL4/y5/l/en_US/yoh9mRMCKzZ.js?_nc_x=Ij3Wp8lg5Kz Requested by Host: www.facebook.com URL: https://www.facebook.com/plugins/feedback.php?app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df28ce66f2527184%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=340&height=100&href=https%3A%2F%2Fprnt.sc%2F12hs5gs&locale=en_US&migrated=1&sdk=joey&width=NaN&xid=12hs5gs Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash ad2d901c4250d200dc4e40fdc50c750f4e64b62237102655e80f363a1faeb990 Security Headers Name Value X-Content-Type-Options nosniff Request headers Origin https://www.facebook.com Referer https://www.facebook.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:14 GMT content-encoding br x-content-type-options nosniff content-md5 QqvcCPfyYGh1cte8btya2A== cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 11055 x-fb-rlafr 0 x-fb-debug wK7ZhXWC2cboeR10XS3w0g51/6d8PwyTDoLYT4l91/lgF0RHw1kscGfaA6V4c2DVCbjkIBR7jCR9KcK8XHb98w== last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Origin content-type application/x-javascript; charset=utf-8 access-control-allow-origin https://www.facebook.com cache-control public,max-age=31536000,immutable timing-allow-origin * priority u=3,i expires Thu, 28 Apr 2022 19:14:32 GMT
GET H3-29	200	cavalry_endpoint.php www.facebook.com/common/ Frame 248A	67 B 97 B	35ms 35ms	Image image/png	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/common/cavalry_endpoint.php?t_cstart=1620163934432&t_start=1620163934433&t_domcontent=1620163934454&t_layout=1620163934476&t_onload=1620163934476&t_paint=1620163934476&t_creport=1620163934476&t_tti=1620163934454&lid=6958551111044202789-0 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a Security Headers Name Value Content-Security-Policy default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?action=like&app_id=154822244543652&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df348c7b394ffab8%26domain%3Dprnt.sc%26origin%3Dhttps%253A%252F%252Fprnt.sc%252Ff138e1c79efcbc4%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fprnt.sc%2F12hs5gs&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=false&size=small&width=100 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers content-security-policy default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c; content-encoding br x-content-type-options nosniff x-xss-protection 0 alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 x-fb-rlafr 0 pragma no-cache x-fb-debug tkuAqBNprvT/whkyC2VuqVG1uiMulR1K0PVNXbkFgSHTDhVfnxFHwPukjiA4m9L2KdOboW2dRWyXN/LLcGfHnQ== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 04 May 2021 21:32:14 GMT strict-transport-security max-age=15552000; preload report-to {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]} content-type image/png vary Accept-Encoding cache-control private, no-store, no-cache, must-revalidate priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H3-29	200	ApcBOUT5FoS.png static.xx.fbcdn.net/rsrc.php/v3/y_/r/ Frame 46FF	573 B 624 B	6ms 6ms	Image image/png	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://static.xx.fbcdn.net/rsrc.php/v3/y_/r/ApcBOUT5FoS.png Requested by Host: static.xx.fbcdn.net URL: https://static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/d1_3YuWLirh.css?_nc_x=Ij3Wp8lg5Kz Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 641e03dfeee60c05e0794bace5fc58d2fba409fee529a114459e44cee0d9d069 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/d1_3YuWLirh.css?_nc_x=Ij3Wp8lg5Kz User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-fb-debug ZnZiUKvlmlsy0Wj9fbOT4YCGgfQheQHC5TomoMcl9XW9dKhgxmJKp4Uh4IwOk9v8Gi7Vx6dtvy4fesmqFIewHQ== x-content-type-options nosniff last-modified Mon, 01 Jan 2001 08:00:00 GMT content-md5 Y/eW3MWFNJnkcpEqoXzG3Q== date Tue, 04 May 2021 21:32:14 GMT content-type image/png access-control-allow-origin * cache-control public,max-age=31536000,immutable cross-origin-resource-policy cross-origin priority u=3,i timing-allow-origin * alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 573 x-fb-rlafr 0 expires Thu, 28 Apr 2022 18:33:43 GMT
GET H3-29	200	LpAgiooQ2Qv.js Show response static.xx.fbcdn.net/rsrc.php/v3/yu/r/ Frame 76CA	32 KB 10 KB	6ms 6ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/LpAgiooQ2Qv.js?_nc_x=Ij3Wp8lg5Kz Requested by Host: static.xx.fbcdn.net URL: https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/hayJvIbPJDd.js?_nc_x=Ij3Wp8lg5Kz Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 810fd98b65b7fab1ebd27816f8409ef63cd341dee5e59766d694e002a49cafa2 Security Headers Name Value X-Content-Type-Options nosniff Request headers Origin https://www.facebook.com Referer https://www.facebook.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:14 GMT content-encoding br x-content-type-options nosniff content-md5 GVXP9zCMEGxyu/K6PGxjvw== cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 10193 x-fb-rlafr 0 x-fb-debug hfHrLnReCMbQhVN107SQQHEBK5IeJbhDlnhx6BlPry40/PuhMYLF3CUeX+BGAUfUgK1k9HtSwl0kYqpxZ4GKdQ== last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Origin content-type application/x-javascript; charset=utf-8 access-control-allow-origin https://www.facebook.com cache-control public,max-age=31536000,immutable timing-allow-origin * priority u=3,i expires Thu, 28 Apr 2022 08:23:07 GMT
GET H3-29	200	vqfCEjVdney.css static.xx.fbcdn.net/rsrc.php/v3/yw/l/0,cross/ Frame 76CA	48 KB 11 KB	7ms 6ms	Stylesheet text/css	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3/yw/l/0,cross/vqfCEjVdney.css?_nc_x=Ij3Wp8lg5Kz Requested by Host: static.xx.fbcdn.net URL: https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/hayJvIbPJDd.js?_nc_x=Ij3Wp8lg5Kz Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 9e0b7f28dbbabbe3a02122b910419ce0305528c17807a17e34a3d0470619518d Security Headers Name Value X-Content-Type-Options nosniff Request headers Origin https://www.facebook.com Referer https://www.facebook.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:14 GMT content-encoding br x-content-type-options nosniff content-md5 8MkyhtDBx9YUtc9gd7J/gA== cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 10931 x-fb-rlafr 0 x-fb-debug L4J+nj1rfW98seAHMIL43UFQXQEteiDYtZ3wXz7DVV8VxRuvKzPbvFescygTX6w4XTeh9rPcfr3pj9mjhzHi9A== last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Origin content-type text/css; charset=utf-8 access-control-allow-origin https://www.facebook.com cache-control public,max-age=31536000,immutable timing-allow-origin * priority u=3,i expires Wed, 04 May 2022 19:44:59 GMT
GET H2	200	integrator.js Show response adservice.google.de/adsid/	107 B 799 B	36ms 15ms	Script application/javascript	2a00:1450:4001:801::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=prnt.sc Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Tue, 04 May 2021 21:32:14 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H2	200	integrator.js Show response adservice.google.com/adsid/	107 B 553 B	34ms 14ms	Script application/javascript	2a00:1450:4001:813::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=prnt.sc Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Tue, 04 May 2021 21:32:14 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3-29	200	ads Show response securepubads.g.doubleclick.net/gampad/	31 KB 12 KB	643ms 629ms	XHR text/plain	172.217.23.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2979469266896303&correlator=1078936871722091&output=ldjh&impl=fifs&eid=31060958&vrg=2021042801&ptt=17&gdpr=1&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210504&iu_parts=60257202%2C60918%2C70076%2C60916&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=970x90%2C970x90%2C300x250&prev_scp=amznbid%3D2%26amznp%3D2%26hb_format_a4g%3Dbanner%26hb_source_a4g%3Dclient%26hb_size_a4g%3D970x90%26hb_pb_a4g%3D0.05%26hb_adid_a4g%3D289a7c11eda451%26hb_bidder_a4g%3Da4g%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D970x90%26hb_pb%3D0.05%26hb_adid%3D289a7c11eda451%26hb_bidder%3Da4g%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%26hb_format_a4g%3Dbanner%26hb_source_a4g%3Dclient%26hb_size_a4g%3D300x250%26hb_pb_a4g%3D0.11%26hb_adid_a4g%3D40fa4f65979ac5%26hb_bidder_a4g%3Da4g%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D300x250%26hb_pb%3D0.11%26hb_adid%3D40fa4f65979ac5%26hb_bidder%3Da4g&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1620163934&dt=1620163934800&dlt=1620163933522&idt=813&frm=20&biw=1600&bih=1200&oid=3&adxs=315%2C315%2C315&adys=70%2C1027%2C1149&adks=1432691387%2C3120184932%2C4042975291&ucis=1%7C2%7C3&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fprnt.sc%2F12hs5gs&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x90%7C970x90%7C300x250&msz=970x-1%7C970x-1%7C300x-1&ga_vid=526208152.1620163934&ga_sid=1620163935&ga_hid=1016630049&ga_fc=false&fws=0%2C0%2C0&ohw=0%2C0%2C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ.. Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 172.217.23.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s45-in-f2.1e100.net Software cafe / Resource Hash 2d3e27702da812c0b1f6d9b305eb75cd5efee86475950693dcdba673e9d80012 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:15 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 12732 x-xss-protection 0 google-lineitem-id -2,-1,-1 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -2,-1,-1 content-type text/plain; charset=UTF-8 access-control-allow-origin https://prnt.sc cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	container.html ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/safeframe/1-0-38/html/	0 0	59ms 13ms	Other text/html	2a00:1450:4001:82f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H2	200	container.html tpc.googlesyndication.com/safeframe/1-0-38/html/	0 0	27ms 6ms	Other text/html	2a00:1450:4001:803::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H3-29	200	container.html Show response ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 07D6	6 KB 3 KB	20ms 7ms	Document text/html	2a00:1450:4001:82f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com :scheme https :path /safeframe/1-0-38/html/container.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://prnt.sc/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://prnt.sc/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin timing-allow-origin * content-length 3108 date Tue, 04 May 2021 21:32:14 GMT expires Wed, 04 May 2022 21:32:14 GMT last-modified Tue, 02 Mar 2021 20:17:03 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, immutable, max-age=31536000 age 1 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3-29	200	container.html Show response ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 30C2	6 KB 3 KB	17ms 7ms	Document text/html	2a00:1450:4001:82f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com :scheme https :path /safeframe/1-0-38/html/container.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://prnt.sc/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://prnt.sc/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin timing-allow-origin * content-length 3108 date Tue, 04 May 2021 21:32:14 GMT expires Wed, 04 May 2022 21:32:14 GMT last-modified Tue, 02 Mar 2021 20:17:03 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, immutable, max-age=31536000 age 1 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3-29	200	osd.js Show response www.googletagservices.com/activeview/js/current/	73 KB 27 KB	27ms 14ms	Script text/javascript	2a00:1450:4001:808::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 94442ab42e60dd5c6c276c1777c56fc3f9dff44e999524ca6431af82a9bff9af Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:15 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1620056503243602" vary Accept-Encoding content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 28014 x-xss-protection 0 expires Tue, 04 May 2021 21:32:15 GMT
GET H2	200	sodar Show response pagead2.googlesyndication.com/getconfig/	10 KB 8 KB	39ms 19ms	XHR application/json	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021042801&st=env Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 72b4194618da37b64e4939b844008f86388c657d741a442ae8f00f7a1639378d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Tue, 04 May 2021 21:32:15 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7647 x-xss-protection 0
GET H2	200	pixel Show response googleads.g.doubleclick.net/xbbe/ Frame 6AD4	478 B 545 B	17ms 17ms	Document text/html	2a00:1450:4001:800::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYncXFlQEwAQ&v=APEucNVdQ2w1CLVUEK6ZPQOGwx59Eu9Acox_6aY0NUiYotfWvfKXIvJ68eu01MVmIBIPFNbLZBCxjz7G1kunOdEsCu3ByUaqb5a0PpqwuUpXhI-EidKpjM16ORq1THYeibRDHn2Nv-ixqgXdV12ycuItxl5agAwk4wBPoDYgG2hR5aU1CHOgmECKJaDQVrVwo20d0p64dOH4ANP2e9caMOL_paibHQGdgA Requested by Host: ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com URL: https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority googleads.g.doubleclick.net :scheme https :path /xbbe/pixel?d=CN-KGhCn9EsYncXFlQEwAQ&v=APEucNVdQ2w1CLVUEK6ZPQOGwx59Eu9Acox_6aY0NUiYotfWvfKXIvJ68eu01MVmIBIPFNbLZBCxjz7G1kunOdEsCu3ByUaqb5a0PpqwuUpXhI-EidKpjM16ORq1THYeibRDHn2Nv-ixqgXdV12ycuItxl5agAwk4wBPoDYgG2hR5aU1CHOgmECKJaDQVrVwo20d0p64dOH4ANP2e9caMOL_paibHQGdgA pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ accept-encoding gzip, deflate, br accept-language en-US cookie test_cookie=CheckForPermission Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding gzip date Tue, 04 May 2021 21:32:15 GMT server cafe cache-control private content-length 230 x-xss-protection 0 set-cookie test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure IDE=AHWqTUn9gdlX2CQQ_ejvAOS2CeLSUW8Fiotf1ciuUUkm5zcj5kXLO-v33HwDV5Ux; expires=Sun, 29-May-2022 21:32:15 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Tue, 04 May 2021 21:32:15 GMT
GET H2	200	ad Show response googleads.g.doubleclick.net/dbm/ Frame 07D6	23 KB 12 KB	36ms 35ms	Script text/javascript	2a00:1450:4001:800::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DOjyeF8vdT67kjkfzcsOwRSqlxI82jJgqeHk6dIrTRIAcy_1F9FTka4fn_tUJgozWHNsxdsokbJRJlLqEt1cz09ELh3lMIEOUjOEpAMqD4e_EPhiPZ_z8yJR6wg7m2IHAiL50P_sY4k-wkb57MIM932Gfm7g&cry=1&dbm_d=AKAmf-DtEMMyhsZu9twGCuZ210SFTK6tfqAmlSmSFMndrh2prKdmGip67f2GPQlD2h6qJUuEUdPFRwTufBHGIxQFpP3WxgqC8wSzbJjnuyU6jdCAVO0XwOCm-WqS5erykidQEDZimRjM7h-sp4Pz0yB5trkLAou9xyeIAhoJZ3yAfL8_qjsiZP0sQj9FZITKNhoDPXF_cksRMwI4frbqAdlJljcaARhO5wD3lY7HEb1r-f8DTt9GCmMiDAbj6NFrWjnCvdeLBML7OsUZiDo__f_ZbNp8LHKI7pmT5U6uhMbLVzvisfPVUTFn-UCLRd97oHBhzk-Tck08Sp6JgQfBatHrbGmnV9UGzYdHKPETnj01X7WUuajpgFC9c5bo4z4PNC7_Mmd24MPcTM3sRuO0aWPPQPAoSjhpv92iiACv4bU0nnqUlythEa9cHwjDQFnBNBFHnpH1Ygxj51y_1jpIY9e7voKICF8UGs_8_yfE3m3nZsDjzJ1Va6GxIkH7VoN7mkssHelcQrFL4RBxpLnjjk0_hxXD53SQf6u8XFs53MO1og3jooGbv--WbzK9DmZDSfdEsjCtgcAwDm44yGBB8rGtPN-LHbXV993pswzihLYOU4HcY0yn7sNwC3zDUkLaEtCYXC3A7OjnElVQfWcTWUm6NoFrozP5sctEmLi0Z2HGYYGJ2S6i5sMpV5qKjr1trxJBTWf69YlcRXks9SJ0S3tei-lqv-glLMIICWlJUNu3pqzickoW7YOvo23csCrJQW5vJw8f-MsVFXBxHshNsOGo6FO6njE-8xemgne1Jkmxl6oOOB5FsvJfmdb7mpF3xYiQaiD7clCPc91byeV7PZucyTMkX2T-fcP-xhVaV2jKFXWYm68VXIn7UfleJ8GavGvxoG-0B8FzG_WFH57p42kCChKr1SQiN8xGi1uYHEPLJmzoWzAbnRQZ44Wplf6Ix4j9zeXWCmdpEVq6lR8mcImWhQ4AHTHe8tPuHp56Z4gR_eSHXi69hCHXSa--gfiPq1Brh1VCBNpCtfldH7xMOkBAQ0N9bz9KcObVP9QtURhZZiMt44I6Q6zvBNoX6iNhjDYdo-8AxTkofHKd73k5U_U-7ygHUovCJ1sJXwZBIcIgNJj6FahY7b_4coAnq-PSdbSNrPoTuLLg-xVeGsxzZCMnwfxd3Mh3i6pesBFNS2ukOnZhVzVnEPWeOQsoVi1wIZV2UVHFcbd71E3uFJTQSTq73J2VNFx2gmd2rvIqTv51raV6zLJbF-hVLhlShmaGmDaZhN8ZDLJa-McMVkIaCge12rfi9sRhypWw2Snz_sMh0E6_SREh7BT9tPooqD_d5Bb1XbyW2hCgcpsaLjzic4LBSLZmoZ9t_rMko1zUZr4IQ5zeRnV0FKoE-4UzIp_P5PpuRLVwcgchl_MqYPoCpaU-PlwT25kksS3yymIEaiKJ5IaqnLcsFQz9KneXnk6wlco5kBlZ6NLO0GX2iFGV2m6vPVdZ1Q_e9JAVWaw3Vd_9wTv717_623CSNLKpXXBoLSx3kiKho0xLYcVd6QcksAhjtMGWgIfGi3rLKHnTSLlECUwcn2HFsC1_zXqo4Vm67wBt7KbGP8VYLhqFo0vfJCR0fNxwPVzwuwbF4RFFggl8V1vuuDmiek6W56ePpfRVBte_PnkY18gXqhMIInffvm7pl5bIqs0feiwxkB90TtWP762llaa4SvNplpvvZrP5eEwwLa883B6tjsjFY1a40lzTErKCfTi-mC_k34EFOE-0sMeTFEHlmxkDoMOX9rCVhO-cOMPpTyVMwcxa5eqJ2SysCpHtWKKy1FpsLAhPr21r6wKjxuXbfoviprLDsE6bYgWaLHqEBc8h3aMpYUrFbbBORKfJqw11_KbgNGPAMsCDp-H8r6kqHLNVi21tk4-TtkBtrKzcsCjx2HzMmfgvuuZlOTBP89WNBPduVOLnn0bvTT1XPJAALCaH7kGcKkhxryXJ0m4CEm9OxTljqbS1raHkCqdseb4J3LAeDt7GZCBfdimAHKIyryKH7vwUnWFidZKUiouwd8DEjBBkvP7-7g7_6DsxdbgENccOGeC3kpu4cqZGXktaiVSVuozBNq1yNyDirxoWfxPrDjMPd83gmYlvMCX68X1jVlo301CKaAPG5JzsmMxPAELf6as1PJET6P9FOjOpqeG7dJ82YRFOMs4NcqPlngEhvpBLRRlcjRjiprZfwtf-lxkleYOdacDjzBzaMa2_bp86g1-eAiuD-Z-szta-6b2Nf8c_m3-nit43szl7vVXJi8UF3T9BTf-_YI6mLhddUs6ynfTQBpWpIoXOzeL1quPUinxLpw3PWLYvnu-PTobjFGMJjbcXMsWaOHQ9k9C2pw_af9DpIt3TFXSZ4ahIKc601aZO8zlhQFTlue4yhrnWu8EGWuwp5Zhn-jL_WTCv3sabfzIeMAjuUntF7kIxJKfqj3r2ZQUDnB-HelTlMRF0WNST0YCcSpaCY4MagV6_xCs8nj35ia2SfKMcJ9WxXOuxyQbEPEjv-SXCWSXoNjpRGsWh_Gix6BbUPnhH7HpSgEYCGRpQuOfG2jfNziFe0RoGONJyc5B61ztWHICzYfXrSt0LtWoqy8Usc7hg9tuj8Fl-x6UHd-FjbxPy0zMiRHt6sM2PxjHojfyTGCLdU10JZ7sO8hrK86d_je4p7S-ErtmL9YfBtPt9_fG21t45ArHTzCONvQ5SSRQj_FtKiLrp9AQBq0Q42vvvPBCuDBru2K5_PtJInlOmU_8D78ZUjn8d6fpZlIpmeDacdD1nn3ivV1Ruc-xTSoKpmkdKVp7t_H-V_YfptgoyVcXOZEwBkb_KHtmTl4t-HUh0F747duBFRFpiysMq-SYIhou9FeIggou5R9wkFWM9I7EYgchDSuFkykSVZI24H1vUjpFEt0UloLfRbrkDICSrW2XGYu2gYKA8I2X9fTRMbBzq0UCnzSeTk0m6-vSNrIFI4iE7JNVhASoDv1vGXsqjddlYBIrzP8mbIkO4cwHPpZbg2lYOSfzHW403vq9wr06CU9qdFTKm65n8rO57dDIuu7AUqCUhMJWi&cid=CAASPeRoRg3cQALDGm2UuCxgO-gVU2UWLy0y8KNvTBwCoBaZ3Ik4rDMJ3iT_Npk88fHEm27RS33dpxSSU-QvtbI&rfl=1%2Chttps%253A%252F%252Fprnt.sc%252F%240 Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a32e5b560e2803b3a86415077272b652dc0d3fe7ec4ba868ae08b6a8d9dc159d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Tue, 04 May 2021 21:32:15 GMT content-encoding br x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 11952 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	gen_204 pagead2.googlesyndication.com/pagead/ Frame 07D6	42 B 107 B	59ms 40ms	Image image/gif	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A7jHLPS6UbrFURcBQ7oLCLjemsqc2WuijOf9_HJ2tPX0ZTGJkuYFJlt2_9O3JgoY724IY3W-GctuwVg8HWbQohI6QubA8huei5BTBcEMQxvMgwRFY Requested by Host: ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com URL: https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Tue, 04 May 2021 21:32:15 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	window_focus_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/ Frame 07D6	2 KB 1 KB	26ms 8ms	Script text/javascript	2a00:1450:4001:803::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/window_focus_fy2019.js Requested by Host: ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com URL: https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:26:38 GMT content-encoding gzip x-content-type-options nosniff age 337 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1303 x-xss-protection 0 server cafe etag 14729628269804859526 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 18 May 2021 21:26:38 GMT
GET H3-29	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame 07D6	116 KB 35 KB	16ms 15ms	Script text/javascript	2a00:1450:4001:808::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com URL: https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash bdaa38f52441bf7af0793fbf059e5598ffd9d18fa264b14bd55f6b3655fcc958 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:15 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1620056514301796" vary Accept-Encoding content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 36023 x-xss-protection 0 expires Tue, 04 May 2021 21:32:15 GMT
GET H3-29	200	qs_click_protection_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/ Frame 07D6	13 KB 5 KB	24ms 7ms	Script text/javascript	2a00:1450:4001:803::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/qs_click_protection_fy2019.js Requested by Host: ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com URL: https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 439ab67fa3c312bb442bed574ea79be834dbd92f3bd7d2288b6f3fce4d0afb0c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:29:43 GMT content-encoding gzip x-content-type-options nosniff age 152 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5604 x-xss-protection 0 server cafe etag 2846967340006788112 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 18 May 2021 21:29:43 GMT
GET H2	200	pixel Show response googleads.g.doubleclick.net/xbbe/ Frame 28C9	478 B 512 B	19ms 19ms	Document text/html	2a00:1450:4001:800::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNUcquRGocjtRQNFl80cKO0j8RN-tsmQvB10QOE4dvW1XRq_oMlSBjn0hUkwExSYC1tuZMaMsabmGvURsPJ6zVXpN6drjPhvFoQJmVbogkIveSGQEB5w6NJL7v5nIHvksdKAIdQMQdPRFC9eJRCg3PRsV30XPNurTU17h25Kf_oJCxiLv2pp9zXfCmeuD2xsycL_z7yV1zoaO7rvPzFASeiSZjaDRg Requested by Host: ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com URL: https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority googleads.g.doubleclick.net :scheme https :path /xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNUcquRGocjtRQNFl80cKO0j8RN-tsmQvB10QOE4dvW1XRq_oMlSBjn0hUkwExSYC1tuZMaMsabmGvURsPJ6zVXpN6drjPhvFoQJmVbogkIveSGQEB5w6NJL7v5nIHvksdKAIdQMQdPRFC9eJRCg3PRsV30XPNurTU17h25Kf_oJCxiLv2pp9zXfCmeuD2xsycL_z7yV1zoaO7rvPzFASeiSZjaDRg pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ accept-encoding gzip, deflate, br accept-language en-US cookie test_cookie=CheckForPermission Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding gzip date Tue, 04 May 2021 21:32:15 GMT server cafe cache-control private content-length 230 x-xss-protection 0 set-cookie test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure IDE=AHWqTUmc1egPwhyhyCoihGyNdbDTA8bkmkjQoXjKpmT_K62bvcTk5PagfgPAyzk0; expires=Sun, 29-May-2022 21:32:15 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Tue, 04 May 2021 21:32:15 GMT
GET H2	200	ad Show response googleads.g.doubleclick.net/dbm/ Frame 30C2	23 KB 12 KB	68ms 67ms	Script text/javascript	2a00:1450:4001:800::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cow-HOYS0dnPQQOprTinNCtIAOj4FdKrQml-crYiSIUHM6Mr-Sg0JJ_uPcAhBAb9fZu7ICq1b5_9ALnzrPDSTfca-B0nOx8nJuDiy0Gm-1EJyE7p8oGI5uw00ERtoCVGaGUOnbg24s5ujaVrcw3W1-hSoPkw&cry=1&dbm_d=AKAmf-CigE_1ZdSQuGQaHs_aI3OEqDG2kG_Jk9vacdf_jgmKWqPR5Sy-tcsZ2ozL4odBHsZ851Pws7o9P-4wWbQyrTkCTYWlyYmqJQcbxFuTi04PdwrbOVKAOahvs5RdN39lSNaNdEi7l2zOL-XyK_8Bw63z1fPoMpMJ0UnqCmoGZwj6mOKWcAJ0s_YqimmtzwiF2angIGH-XiVqsY38TWG7-RW0T-qGNE6B_7_z-6zxa4-4N-6-CPhDC7B75SLcRksz4wiCPVcJkQyMQCNh7ExhQ8rli4ZrDINaJXSuRz_ZqtAONP8QeTGzxKDRyU9BxFA49MSH9jBOM61N6nSKo6So1IwvF-otYGD61fhSS4uq1inKd1T5YzkNJP48eATW2XehLEZtdmQKu1rF33TUXPpGGlJznJyJH_GdFZ1NzbDxKvdueiqhffqyk5K4Pc3DPo6vGA0wq-CXDaavsnTSZI_n3xaEF2gKPMOJg3Adm-DzMh2jq_Av-8ImDLzyjuh7BLRgwYKqDRbn2YBTrEG3zt_xsXQYIRuy_2q9bswW8PdIYRegMsikikA_9PM7hjjO49iWmLVlbk5eNU18-FG8K01LypozRLxEflwRZkXoWMxP8N07NYfSGBotqogH_0IqDYpH-rg-LPexSfPkGb7w_BlHvuk6Xxe9anS_r6w1W1ppYPGrAnHVzTp3O4E18H0-n9Q-ZjJdNEWQSM8efkDztZV1N6X6DlXIFahhJyCHGrX_6u-MlQxDm4gS40WIRnJgnfSj92UrdV3AKsX7qNs0wAdttEPU55laGYdBzK8lLJTMUNhomDvfMIc_nC0Obq5LpsXWiCWUgiVj9vNbdCQc4EIbJbJBEQNtM4X0QSwguy5Vx3NTFYQeSq5oJ-rPhXc1_y9YWwoAB8BoRLy6WXJ1LiysaPPTVnHhgv-eskZYovx7Av0bpcWfGYCzaPwwawt6sVNT4m12Xj2OnMVomGZzFH0z26J7DP1LOcoNaayCRlJ9PVu6LIs8qpFdTUBhWKW7fHGmc7guOBteC1kNATyxQ1LyuvojtKaASQLBOggf0gDSSQCYyLhajD5x1ERkSHbkwJgZ9qL9Hwu6BrByKzB2TIJZTijg8DloU47cqBUx--m4RwEGh_vGKo_O0jDRJiHcUIUE63_EE3OOQ7hkocfCcf0Ruv2JEbKhPyilMrFsANrNWEFc0z-IKpp7Nv9bmBNbMyDG0Y8q1n4LTzA99_suOe0PSGczs0vexOqMf_7PzOFJcwLYVMwLC3JyD9sIJN7qpToi8oIene2Ch7aT2OWXfcz1i-aQLeOWPKFxeaXREISkk2KSyHr1eb-1J7rujAvVZg0XAtp1fWa1BmLP4iw2ahKDZ1jh0KWD3Xp00VR5uWTn_WVHrYwwwxN-oxWyoo7VcUZPpAm4Qaasf0ajgkxbzrn2Wh9bLCZc9fPYcZceZA0F_hevf8soxqNwdnLC_gg75tb6RxFn8bS3LLYChmRlZOgcrr8x5mIor6QlGfctkKjfDIEub368L9K5He6Zc7LZ1xIszZl_v17XFQO6NWany6f-3r-Hkqo6xOSZrR7Q02BPfOaTwp5UMaDb6imy8zgfJgmo2arqa4tntuCmih7U_EViVoz8I9SAWK4ijEHz6CHcLVYPGPVT555D7gCWar5grWxrC3m1l02eJgeSY3wesPAjofHlmjY7OPFsx9jWHU8uCuRmHEiqTv6a3iaTP4YD9Q7r4PCh_IChTHdTz351MtZVT0dYAfjZ_MlICH9ydtlpOvDA7W68U4YVa9zabqyB_xy11TrLWfHArT4j9G99Cii8ekWeFgTXFZtQ6ELN0zc6SSxc14_ew7YOpHz8QS7tF5fJcFC7SxUpqWzDs5NCDuv_wqsQKWqZyWA_mWYWo6__4Fyxq6LrLo7IRSMZzLA_OgoPctEYMxFq2J3jZnbRzU2aWYg9ZDInrqrcQYUsV7T2ol_d1CkE96_hq3ycffTo5GEqwVVBDdPhXMM8ucWb0H6NKTt2x5bgNdbwG2Wail2UGe88mONbNv0OVZS0FgyXhFDxwJ43dW4B-O0AFTX38kx6vm_Y8ivSgghtg8E9v64VCe-6z-GLAXp0kcmN83mmPkSKLkY023cnFl4gUS1i5eTmttW_kfcFkiRVypi3DPc9utG_WX1zmQtRAHv5K6N3cagJ0eElm7gRek-1omu2-q5y_kEWcBflYqH4UF1CHM54IH6Q2E2BJgch6I83xhtYybUGaewm-CspnDKN2zDpguCauMX2cOSyby_v1EFSlw9e3Mwv-tfUfY1iUFAMKS-wY3F3CMjsGe1qcKljpj75FL4vYePlOB4Vo04M-NhXaUYNvm7DnYccjqhwTpwKiq6kiMM8ZIGa296DntLiEXnFJE5b0r7cubKcQZlK29H3LnA6BFK5wxCosjPnHZ9VGSgZ14Jv4iUDe1sR-qCLV6bv9yB3_UP4IgbwjWA1ZGBbKah2YzVltGZ99fW_Vri57oDJdZ2lbFf9jQrgb3AipLm4KZEeporLnD3NCENytnv4hyAmMKv4fK4hTx6Co3b7CLrVkCg94h_b_pcefgvqYhNsb02GWZLutaMAH4Ung9zQK2tmvoghLHi9nKkOCLkP6T6uzPQJoIpf0idGYYH_X6LSt0pFYaA3Qm1hNEwdMtSAp-IfPGJVZC5Y4MXQ804a7X8PXbiYxXVSINpYk9UpsK7LdGmIiG90585gH1KdVAYptHV3v2EGNJde5xp_Aeyej44t-atfqH5J4DOhcHx_F97sYJ3uZZpVg-zR6TvccW4IcUkIRTSnQ9_sIJq4-6o1UiApIiy6nAwuh28bFAzZ2-rpalRzG7UwSaedZQD6RUl6ODw8wzBh0SY-Apg0MgKZM7LYsbY05VrGmKhsykDCk-blxapXAFr41gdpT2TwqS96yFRJpUdEiyQiNWAd_NJrbsJETVXmW-0fdVZKdCjwhuvP_YkGGz28I8oikxjLAGnE_sAR1foDaL1_2zWN1Ym_veqM1JpqLhyOdZ4G0xGiw3bXOKGb0_PvS7eBaY0E4sk8kilrEt70jOF4Bp1AWpKfHbR1hVTeKGlVYp1MhzwhOH5XIOLP3VZTkMemFA&cid=CAASPeRoIrQo0vPO0l8PcYH62pmbrXwOwhBiBr7yvo1Q4Rpr6-9szgZzXlb-hh2RBHD1WE0zJ95tL0GpVO2MvKY&rfl=1%2Chttps%253A%252F%252Fprnt.sc%252F%240 Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash fa3be9109f722eb1e34cf394eb07c9481d1272c7543e10239e9611dae835e85c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Tue, 04 May 2021 21:32:15 GMT content-encoding br x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 12035 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	gen_204 pagead2.googlesyndication.com/pagead/ Frame 30C2	42 B 498 B	55ms 40ms	Image image/gif	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A05ur7_srpzyqTz804O-aLjWyDnYqK7409ExaCBMQS8j_ynGZUda18O6tu3ao1P3DDZNm6Boa85D2V9PWXdtWMpw4pz--xVZL1fKEgXYQ-nv4EN1M Requested by Host: ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com URL: https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Tue, 04 May 2021 21:32:15 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	window_focus_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/ Frame 30C2	2 KB 1 KB	21ms 8ms	Script text/javascript	2a00:1450:4001:803::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/window_focus_fy2019.js Requested by Host: ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com URL: https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:26:38 GMT content-encoding gzip x-content-type-options nosniff age 337 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1303 x-xss-protection 0 server cafe etag 14729628269804859526 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 18 May 2021 21:26:38 GMT
GET H3-29	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame 30C2	116 KB 35 KB	21ms 21ms	Script text/javascript	2a00:1450:4001:808::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com URL: https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash bdaa38f52441bf7af0793fbf059e5598ffd9d18fa264b14bd55f6b3655fcc958 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:15 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1620056514301796" vary Accept-Encoding content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 36023 x-xss-protection 0 expires Tue, 04 May 2021 21:32:15 GMT
GET H3-29	200	qs_click_protection_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/ Frame 30C2	13 KB 5 KB	19ms 6ms	Script text/javascript	2a00:1450:4001:803::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210429/r20110914/client/qs_click_protection_fy2019.js Requested by Host: ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com URL: https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 439ab67fa3c312bb442bed574ea79be834dbd92f3bd7d2288b6f3fce4d0afb0c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:29:43 GMT content-encoding gzip x-content-type-options nosniff age 152 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5604 x-xss-protection 0 server cafe etag 2846967340006788112 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 18 May 2021 21:29:43 GMT
GET H3-29	200	sodar2.js Show response tpc.googlesyndication.com/sodar/	17 KB 6 KB	14ms 13ms	Script text/javascript	2a00:1450:4001:803::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021042801.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:15 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1616005470650935" vary Accept-Encoding content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6437 x-xss-protection 0 expires Tue, 04 May 2021 21:32:15 GMT
GET H3-29	200	abg_lite.js Show response pagead2.googlesyndication.com/pagead/js/r20210429/r20110914/ Frame 07D6	22 KB 8 KB	21ms 7ms	Script text/javascript	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20210429/r20110914/abg_lite.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DOjyeF8vdT67kjkfzcsOwRSqlxI82jJgqeHk6dIrTRIAcy_1F9FTka4fn_tUJgozWHNsxdsokbJRJlLqEt1cz09ELh3lMIEOUjOEpAMqD4e_EPhiPZ_z8yJR6wg7m2IHAiL50P_sY4k-wkb57MIM932Gfm7g&cry=1&dbm_d=AKAmf-DtEMMyhsZu9twGCuZ210SFTK6tfqAmlSmSFMndrh2prKdmGip67f2GPQlD2h6qJUuEUdPFRwTufBHGIxQFpP3WxgqC8wSzbJjnuyU6jdCAVO0XwOCm-WqS5erykidQEDZimRjM7h-sp4Pz0yB5trkLAou9xyeIAhoJZ3yAfL8_qjsiZP0sQj9FZITKNhoDPXF_cksRMwI4frbqAdlJljcaARhO5wD3lY7HEb1r-f8DTt9GCmMiDAbj6NFrWjnCvdeLBML7OsUZiDo__f_ZbNp8LHKI7pmT5U6uhMbLVzvisfPVUTFn-UCLRd97oHBhzk-Tck08Sp6JgQfBatHrbGmnV9UGzYdHKPETnj01X7WUuajpgFC9c5bo4z4PNC7_Mmd24MPcTM3sRuO0aWPPQPAoSjhpv92iiACv4bU0nnqUlythEa9cHwjDQFnBNBFHnpH1Ygxj51y_1jpIY9e7voKICF8UGs_8_yfE3m3nZsDjzJ1Va6GxIkH7VoN7mkssHelcQrFL4RBxpLnjjk0_hxXD53SQf6u8XFs53MO1og3jooGbv--WbzK9DmZDSfdEsjCtgcAwDm44yGBB8rGtPN-LHbXV993pswzihLYOU4HcY0yn7sNwC3zDUkLaEtCYXC3A7OjnElVQfWcTWUm6NoFrozP5sctEmLi0Z2HGYYGJ2S6i5sMpV5qKjr1trxJBTWf69YlcRXks9SJ0S3tei-lqv-glLMIICWlJUNu3pqzickoW7YOvo23csCrJQW5vJw8f-MsVFXBxHshNsOGo6FO6njE-8xemgne1Jkmxl6oOOB5FsvJfmdb7mpF3xYiQaiD7clCPc91byeV7PZucyTMkX2T-fcP-xhVaV2jKFXWYm68VXIn7UfleJ8GavGvxoG-0B8FzG_WFH57p42kCChKr1SQiN8xGi1uYHEPLJmzoWzAbnRQZ44Wplf6Ix4j9zeXWCmdpEVq6lR8mcImWhQ4AHTHe8tPuHp56Z4gR_eSHXi69hCHXSa--gfiPq1Brh1VCBNpCtfldH7xMOkBAQ0N9bz9KcObVP9QtURhZZiMt44I6Q6zvBNoX6iNhjDYdo-8AxTkofHKd73k5U_U-7ygHUovCJ1sJXwZBIcIgNJj6FahY7b_4coAnq-PSdbSNrPoTuLLg-xVeGsxzZCMnwfxd3Mh3i6pesBFNS2ukOnZhVzVnEPWeOQsoVi1wIZV2UVHFcbd71E3uFJTQSTq73J2VNFx2gmd2rvIqTv51raV6zLJbF-hVLhlShmaGmDaZhN8ZDLJa-McMVkIaCge12rfi9sRhypWw2Snz_sMh0E6_SREh7BT9tPooqD_d5Bb1XbyW2hCgcpsaLjzic4LBSLZmoZ9t_rMko1zUZr4IQ5zeRnV0FKoE-4UzIp_P5PpuRLVwcgchl_MqYPoCpaU-PlwT25kksS3yymIEaiKJ5IaqnLcsFQz9KneXnk6wlco5kBlZ6NLO0GX2iFGV2m6vPVdZ1Q_e9JAVWaw3Vd_9wTv717_623CSNLKpXXBoLSx3kiKho0xLYcVd6QcksAhjtMGWgIfGi3rLKHnTSLlECUwcn2HFsC1_zXqo4Vm67wBt7KbGP8VYLhqFo0vfJCR0fNxwPVzwuwbF4RFFggl8V1vuuDmiek6W56ePpfRVBte_PnkY18gXqhMIInffvm7pl5bIqs0feiwxkB90TtWP762llaa4SvNplpvvZrP5eEwwLa883B6tjsjFY1a40lzTErKCfTi-mC_k34EFOE-0sMeTFEHlmxkDoMOX9rCVhO-cOMPpTyVMwcxa5eqJ2SysCpHtWKKy1FpsLAhPr21r6wKjxuXbfoviprLDsE6bYgWaLHqEBc8h3aMpYUrFbbBORKfJqw11_KbgNGPAMsCDp-H8r6kqHLNVi21tk4-TtkBtrKzcsCjx2HzMmfgvuuZlOTBP89WNBPduVOLnn0bvTT1XPJAALCaH7kGcKkhxryXJ0m4CEm9OxTljqbS1raHkCqdseb4J3LAeDt7GZCBfdimAHKIyryKH7vwUnWFidZKUiouwd8DEjBBkvP7-7g7_6DsxdbgENccOGeC3kpu4cqZGXktaiVSVuozBNq1yNyDirxoWfxPrDjMPd83gmYlvMCX68X1jVlo301CKaAPG5JzsmMxPAELf6as1PJET6P9FOjOpqeG7dJ82YRFOMs4NcqPlngEhvpBLRRlcjRjiprZfwtf-lxkleYOdacDjzBzaMa2_bp86g1-eAiuD-Z-szta-6b2Nf8c_m3-nit43szl7vVXJi8UF3T9BTf-_YI6mLhddUs6ynfTQBpWpIoXOzeL1quPUinxLpw3PWLYvnu-PTobjFGMJjbcXMsWaOHQ9k9C2pw_af9DpIt3TFXSZ4ahIKc601aZO8zlhQFTlue4yhrnWu8EGWuwp5Zhn-jL_WTCv3sabfzIeMAjuUntF7kIxJKfqj3r2ZQUDnB-HelTlMRF0WNST0YCcSpaCY4MagV6_xCs8nj35ia2SfKMcJ9WxXOuxyQbEPEjv-SXCWSXoNjpRGsWh_Gix6BbUPnhH7HpSgEYCGRpQuOfG2jfNziFe0RoGONJyc5B61ztWHICzYfXrSt0LtWoqy8Usc7hg9tuj8Fl-x6UHd-FjbxPy0zMiRHt6sM2PxjHojfyTGCLdU10JZ7sO8hrK86d_je4p7S-ErtmL9YfBtPt9_fG21t45ArHTzCONvQ5SSRQj_FtKiLrp9AQBq0Q42vvvPBCuDBru2K5_PtJInlOmU_8D78ZUjn8d6fpZlIpmeDacdD1nn3ivV1Ruc-xTSoKpmkdKVp7t_H-V_YfptgoyVcXOZEwBkb_KHtmTl4t-HUh0F747duBFRFpiysMq-SYIhou9FeIggou5R9wkFWM9I7EYgchDSuFkykSVZI24H1vUjpFEt0UloLfRbrkDICSrW2XGYu2gYKA8I2X9fTRMbBzq0UCnzSeTk0m6-vSNrIFI4iE7JNVhASoDv1vGXsqjddlYBIrzP8mbIkO4cwHPpZbg2lYOSfzHW403vq9wr06CU9qdFTKm65n8rO57dDIuu7AUqCUhMJWi&cid=CAASPeRoRg3cQALDGm2UuCxgO-gVU2UWLy0y8KNvTBwCoBaZ3Ik4rDMJ3iT_Npk88fHEm27RS33dpxSSU-QvtbI&rfl=1%2Chttps%253A%252F%252Fprnt.sc%252F%240 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 09f0fa32fa39db3e3da2eea89bf806be0b147366343a0934e30f164a12431b43 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:24:42 GMT content-encoding gzip x-content-type-options nosniff age 453 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 8608 x-xss-protection 0 server cafe etag 12149544148951276823 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 18 May 2021 21:24:42 GMT
GET H3-29	200	UFYwWwmt.js Show response tpc.googlesyndication.com/sodar/ Frame 07D6	41 KB 15 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:803::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DOjyeF8vdT67kjkfzcsOwRSqlxI82jJgqeHk6dIrTRIAcy_1F9FTka4fn_tUJgozWHNsxdsokbJRJlLqEt1cz09ELh3lMIEOUjOEpAMqD4e_EPhiPZ_z8yJR6wg7m2IHAiL50P_sY4k-wkb57MIM932Gfm7g&cry=1&dbm_d=AKAmf-DtEMMyhsZu9twGCuZ210SFTK6tfqAmlSmSFMndrh2prKdmGip67f2GPQlD2h6qJUuEUdPFRwTufBHGIxQFpP3WxgqC8wSzbJjnuyU6jdCAVO0XwOCm-WqS5erykidQEDZimRjM7h-sp4Pz0yB5trkLAou9xyeIAhoJZ3yAfL8_qjsiZP0sQj9FZITKNhoDPXF_cksRMwI4frbqAdlJljcaARhO5wD3lY7HEb1r-f8DTt9GCmMiDAbj6NFrWjnCvdeLBML7OsUZiDo__f_ZbNp8LHKI7pmT5U6uhMbLVzvisfPVUTFn-UCLRd97oHBhzk-Tck08Sp6JgQfBatHrbGmnV9UGzYdHKPETnj01X7WUuajpgFC9c5bo4z4PNC7_Mmd24MPcTM3sRuO0aWPPQPAoSjhpv92iiACv4bU0nnqUlythEa9cHwjDQFnBNBFHnpH1Ygxj51y_1jpIY9e7voKICF8UGs_8_yfE3m3nZsDjzJ1Va6GxIkH7VoN7mkssHelcQrFL4RBxpLnjjk0_hxXD53SQf6u8XFs53MO1og3jooGbv--WbzK9DmZDSfdEsjCtgcAwDm44yGBB8rGtPN-LHbXV993pswzihLYOU4HcY0yn7sNwC3zDUkLaEtCYXC3A7OjnElVQfWcTWUm6NoFrozP5sctEmLi0Z2HGYYGJ2S6i5sMpV5qKjr1trxJBTWf69YlcRXks9SJ0S3tei-lqv-glLMIICWlJUNu3pqzickoW7YOvo23csCrJQW5vJw8f-MsVFXBxHshNsOGo6FO6njE-8xemgne1Jkmxl6oOOB5FsvJfmdb7mpF3xYiQaiD7clCPc91byeV7PZucyTMkX2T-fcP-xhVaV2jKFXWYm68VXIn7UfleJ8GavGvxoG-0B8FzG_WFH57p42kCChKr1SQiN8xGi1uYHEPLJmzoWzAbnRQZ44Wplf6Ix4j9zeXWCmdpEVq6lR8mcImWhQ4AHTHe8tPuHp56Z4gR_eSHXi69hCHXSa--gfiPq1Brh1VCBNpCtfldH7xMOkBAQ0N9bz9KcObVP9QtURhZZiMt44I6Q6zvBNoX6iNhjDYdo-8AxTkofHKd73k5U_U-7ygHUovCJ1sJXwZBIcIgNJj6FahY7b_4coAnq-PSdbSNrPoTuLLg-xVeGsxzZCMnwfxd3Mh3i6pesBFNS2ukOnZhVzVnEPWeOQsoVi1wIZV2UVHFcbd71E3uFJTQSTq73J2VNFx2gmd2rvIqTv51raV6zLJbF-hVLhlShmaGmDaZhN8ZDLJa-McMVkIaCge12rfi9sRhypWw2Snz_sMh0E6_SREh7BT9tPooqD_d5Bb1XbyW2hCgcpsaLjzic4LBSLZmoZ9t_rMko1zUZr4IQ5zeRnV0FKoE-4UzIp_P5PpuRLVwcgchl_MqYPoCpaU-PlwT25kksS3yymIEaiKJ5IaqnLcsFQz9KneXnk6wlco5kBlZ6NLO0GX2iFGV2m6vPVdZ1Q_e9JAVWaw3Vd_9wTv717_623CSNLKpXXBoLSx3kiKho0xLYcVd6QcksAhjtMGWgIfGi3rLKHnTSLlECUwcn2HFsC1_zXqo4Vm67wBt7KbGP8VYLhqFo0vfJCR0fNxwPVzwuwbF4RFFggl8V1vuuDmiek6W56ePpfRVBte_PnkY18gXqhMIInffvm7pl5bIqs0feiwxkB90TtWP762llaa4SvNplpvvZrP5eEwwLa883B6tjsjFY1a40lzTErKCfTi-mC_k34EFOE-0sMeTFEHlmxkDoMOX9rCVhO-cOMPpTyVMwcxa5eqJ2SysCpHtWKKy1FpsLAhPr21r6wKjxuXbfoviprLDsE6bYgWaLHqEBc8h3aMpYUrFbbBORKfJqw11_KbgNGPAMsCDp-H8r6kqHLNVi21tk4-TtkBtrKzcsCjx2HzMmfgvuuZlOTBP89WNBPduVOLnn0bvTT1XPJAALCaH7kGcKkhxryXJ0m4CEm9OxTljqbS1raHkCqdseb4J3LAeDt7GZCBfdimAHKIyryKH7vwUnWFidZKUiouwd8DEjBBkvP7-7g7_6DsxdbgENccOGeC3kpu4cqZGXktaiVSVuozBNq1yNyDirxoWfxPrDjMPd83gmYlvMCX68X1jVlo301CKaAPG5JzsmMxPAELf6as1PJET6P9FOjOpqeG7dJ82YRFOMs4NcqPlngEhvpBLRRlcjRjiprZfwtf-lxkleYOdacDjzBzaMa2_bp86g1-eAiuD-Z-szta-6b2Nf8c_m3-nit43szl7vVXJi8UF3T9BTf-_YI6mLhddUs6ynfTQBpWpIoXOzeL1quPUinxLpw3PWLYvnu-PTobjFGMJjbcXMsWaOHQ9k9C2pw_af9DpIt3TFXSZ4ahIKc601aZO8zlhQFTlue4yhrnWu8EGWuwp5Zhn-jL_WTCv3sabfzIeMAjuUntF7kIxJKfqj3r2ZQUDnB-HelTlMRF0WNST0YCcSpaCY4MagV6_xCs8nj35ia2SfKMcJ9WxXOuxyQbEPEjv-SXCWSXoNjpRGsWh_Gix6BbUPnhH7HpSgEYCGRpQuOfG2jfNziFe0RoGONJyc5B61ztWHICzYfXrSt0LtWoqy8Usc7hg9tuj8Fl-x6UHd-FjbxPy0zMiRHt6sM2PxjHojfyTGCLdU10JZ7sO8hrK86d_je4p7S-ErtmL9YfBtPt9_fG21t45ArHTzCONvQ5SSRQj_FtKiLrp9AQBq0Q42vvvPBCuDBru2K5_PtJInlOmU_8D78ZUjn8d6fpZlIpmeDacdD1nn3ivV1Ruc-xTSoKpmkdKVp7t_H-V_YfptgoyVcXOZEwBkb_KHtmTl4t-HUh0F747duBFRFpiysMq-SYIhou9FeIggou5R9wkFWM9I7EYgchDSuFkykSVZI24H1vUjpFEt0UloLfRbrkDICSrW2XGYu2gYKA8I2X9fTRMbBzq0UCnzSeTk0m6-vSNrIFI4iE7JNVhASoDv1vGXsqjddlYBIrzP8mbIkO4cwHPpZbg2lYOSfzHW403vq9wr06CU9qdFTKm65n8rO57dDIuu7AUqCUhMJWi&cid=CAASPeRoRg3cQALDGm2UuCxgO-gVU2UWLy0y8KNvTBwCoBaZ3Ik4rDMJ3iT_Npk88fHEm27RS33dpxSSU-QvtbI&rfl=1%2Chttps%253A%252F%252Fprnt.sc%252F%240 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 13:44:39 GMT content-encoding gzip x-content-type-options nosniff age 28056 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15207 x-xss-protection 0 last-modified Tue, 03 Mar 2020 20:15:00 GMT server sffe vary Accept-Encoding content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 04 May 2022 13:44:39 GMT
GET H2	200	pixel cm.g.doubleclick.net/ Frame 6AD4	170 B 232 B	40ms 17ms	Image image/png	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYncXFlQEwAQ&v=APEucNVdQ2w1CLVUEK6ZPQOGwx59Eu9Acox_6aY0NUiYotfWvfKXIvJ68eu01MVmIBIPFNbLZBCxjz7G1kunOdEsCu3ByUaqb5a0PpqwuUpXhI-EidKpjM16ORq1THYeibRDHn2Nv-ixqgXdV12ycuItxl5agAwk4wBPoDYgG2hR5aU1CHOgmECKJaDQVrVwo20d0p64dOH4ANP2e9caMOL_paibHQGdgA Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Tue, 04 May 2021 21:32:15 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	rum dsum-sec.casalemedia.com/ Frame 6AD4 Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKlNGVwmI7zjfZckOEife_o&google_cver=1	43 B 1014 B	23ms 15ms	Image image/gif	2.18.234.21 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKlNGVwmI7zjfZckOEife_o&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYncXFlQEwAQ&v=APEucNVdQ2w1CLVUEK6ZPQOGwx59Eu9Acox_6aY0NUiYotfWvfKXIvJ68eu01MVmIBIPFNbLZBCxjz7G1kunOdEsCu3ByUaqb5a0PpqwuUpXhI-EidKpjM16ORq1THYeibRDHn2Nv-ixqgXdV12ycuItxl5agAwk4wBPoDYgG2hR5aU1CHOgmECKJaDQVrVwo20d0p64dOH4ANP2e9caMOL_paibHQGdgA Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-234-21.deploy.static.akamaitechnologies.com Software Apache / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Pragma no-cache Date Tue, 04 May 2021 21:32:15 GMT Server Apache Vary Is-Traffic-Usersync P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Type image/gif Content-Length 43 Expires Tue, 04 May 2021 21:32:15 GMT Redirect headers pragma no-cache date Tue, 04 May 2021 21:32:15 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKlNGVwmI7zjfZckOEife_o&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 313 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	rum dsum-sec.casalemedia.com/ Frame 6AD4 Redirect Chain https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&C=1 https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YJG9XyOBNDCCVpowI72AfgAA https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECWSVkbtmb8ALeYAJRaiBdk&google_cver=1	43 B 894 B	15ms 15ms	Image image/gif	2.18.234.21 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECWSVkbtmb8ALeYAJRaiBdk&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYncXFlQEwAQ&v=APEucNVdQ2w1CLVUEK6ZPQOGwx59Eu9Acox_6aY0NUiYotfWvfKXIvJ68eu01MVmIBIPFNbLZBCxjz7G1kunOdEsCu3ByUaqb5a0PpqwuUpXhI-EidKpjM16ORq1THYeibRDHn2Nv-ixqgXdV12ycuItxl5agAwk4wBPoDYgG2hR5aU1CHOgmECKJaDQVrVwo20d0p64dOH4ANP2e9caMOL_paibHQGdgA Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-234-21.deploy.static.akamaitechnologies.com Software Apache / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Pragma no-cache Date Tue, 04 May 2021 21:32:15 GMT Server Apache Vary Is-Traffic-Usersync P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Type image/gif Content-Length 43 Expires Tue, 04 May 2021 21:32:15 GMT Redirect headers pragma no-cache date Tue, 04 May 2021 21:32:15 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECWSVkbtmb8ALeYAJRaiBdk&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 313 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	pixel cm.g.doubleclick.net/ Frame 28C9	170 B 243 B	39ms 16ms	Image image/png	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNUcquRGocjtRQNFl80cKO0j8RN-tsmQvB10QOE4dvW1XRq_oMlSBjn0hUkwExSYC1tuZMaMsabmGvURsPJ6zVXpN6drjPhvFoQJmVbogkIveSGQEB5w6NJL7v5nIHvksdKAIdQMQdPRFC9eJRCg3PRsV30XPNurTU17h25Kf_oJCxiLv2pp9zXfCmeuD2xsycL_z7yV1zoaO7rvPzFASeiSZjaDRg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Tue, 04 May 2021 21:32:15 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	rum dsum-sec.casalemedia.com/ Frame 28C9 Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKlNGVwmI7zjfZckOEife_o&google_cver=1	43 B 1014 B	22ms 13ms	Image image/gif	2.18.234.21 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKlNGVwmI7zjfZckOEife_o&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNUcquRGocjtRQNFl80cKO0j8RN-tsmQvB10QOE4dvW1XRq_oMlSBjn0hUkwExSYC1tuZMaMsabmGvURsPJ6zVXpN6drjPhvFoQJmVbogkIveSGQEB5w6NJL7v5nIHvksdKAIdQMQdPRFC9eJRCg3PRsV30XPNurTU17h25Kf_oJCxiLv2pp9zXfCmeuD2xsycL_z7yV1zoaO7rvPzFASeiSZjaDRg Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-234-21.deploy.static.akamaitechnologies.com Software Apache / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Pragma no-cache Date Tue, 04 May 2021 21:32:15 GMT Server Apache Vary Is-Traffic-Usersync P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Type image/gif Content-Length 43 Expires Tue, 04 May 2021 21:32:15 GMT Redirect headers pragma no-cache date Tue, 04 May 2021 21:32:15 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKlNGVwmI7zjfZckOEife_o&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 313 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	rum dsum-sec.casalemedia.com/ Frame 28C9 Redirect Chain https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&C=1 https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YJG9XyOBNDCCVpowI72AfgAA https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECWSVkbtmb8ALeYAJRaiBdk&google_cver=1	43 B 894 B	17ms 17ms	Image image/gif	2.18.234.21 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECWSVkbtmb8ALeYAJRaiBdk&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNUcquRGocjtRQNFl80cKO0j8RN-tsmQvB10QOE4dvW1XRq_oMlSBjn0hUkwExSYC1tuZMaMsabmGvURsPJ6zVXpN6drjPhvFoQJmVbogkIveSGQEB5w6NJL7v5nIHvksdKAIdQMQdPRFC9eJRCg3PRsV30XPNurTU17h25Kf_oJCxiLv2pp9zXfCmeuD2xsycL_z7yV1zoaO7rvPzFASeiSZjaDRg Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-234-21.deploy.static.akamaitechnologies.com Software Apache / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Pragma no-cache Date Tue, 04 May 2021 21:32:15 GMT Server Apache Vary Is-Traffic-Usersync P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Type image/gif Content-Length 43 Expires Tue, 04 May 2021 21:32:15 GMT Redirect headers pragma no-cache date Tue, 04 May 2021 21:32:15 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECWSVkbtmb8ALeYAJRaiBdk&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 313 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	runner.html Show response tpc.googlesyndication.com/sodar/sodar2/222/ Frame 0E22	12 KB 5 KB	7ms 6ms	Document text/html	2a00:1450:4001:803::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority tpc.googlesyndication.com :scheme https :path /sodar/sodar2/222/runner.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://prnt.sc/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://prnt.sc/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin content-length 5022 date Tue, 04 May 2021 21:13:23 GMT expires Wed, 04 May 2022 21:13:23 GMT last-modified Wed, 20 Jan 2021 19:23:06 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 1132 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3-29	200	Enqz_20U.html Show response tpc.googlesyndication.com/sodar/ Frame D657	22 KB 8 KB	9ms 7ms	Document text/html	2a00:1450:4001:803::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/Enqz_20U.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority tpc.googlesyndication.com :scheme https :path /sodar/Enqz_20U.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin timing-allow-origin * content-length 8395 date Tue, 04 May 2021 13:44:50 GMT expires Wed, 04 May 2022 13:44:50 GMT last-modified Tue, 03 Mar 2020 20:15:00 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 28045 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H/1.1	200 OK	zy291edt4ui9 Show response hal9000.redintelligence.net/zone/ Frame 07D6	11 KB 4 KB	36ms 12ms	Script text/html	78.46.111.106 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal9000.redintelligence.net/zone/zy291edt4ui9?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-gI7Xr2RYPvFNIif-gaCrbrQCrXN-YNXnNC5q-UM8C4QASCimaEcYJWCgICwB8gBCakCcoF8swwotD6oAwGqBKoBT9CFTOEckxu-xIsNsJPzfAqX1hHviiW-_J6SeuTbBGsfEoeHUZQXQkeckJSK-iV2-E4EXXCDwEnofg2qXctHtQmdDxdd9I3s0IvwvmD2UQp0LS5Y72ZXSCqR4vwyoxqSmO445bMusr3igCtY46gRwe3pLiMLAbCpEo9euI4aZbJaY1V87oIU3IeGZo3Fgxc7EaQc8TEg8OBNTHya8GheX13cZMb5CNgJMKrABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiA4YBQEAEYHfIIG2FkeC1zdWJzeW4tNjY1MDAxNjIxMjQ4MDk5MYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAQ%26ae%3D1%26num%3D1%26cid%3DCAASPeRoRg3cQALDGm2UuCxgO-gVU2UWLy0y8KNvTBwCoBaZ3Ik4rDMJ3iT_Npk88fHEm27RS33dpxSSU-QvtbI%26sig%3DAOD64_29pZ62wX8T5ju1IQhZxqqO3XDm3g%26client%3Dca-pub-1232265399417302%26dbm_c%3DAKAmf-DM1mWEBAW9sWwcYj4vhwJJwpevBejX_vQVbiNg7b19bco76-SVqV6uxa7bt9Ywc2BgaR0eXrKb7v2btdsc70iJAHu1dB-Ev9O1iWf61-tqK9z5lG0awwItproTVecuZb6COtcQxN3qsfZvDLi3kCQUfcUcJg%26cry%3D1%26dbm_d%3DAKAmf-Cn4ZyPmfdS0F4plpfxptypX6hxbQw7n7ltN5GItvg1pamX-GtjaX1PTQIYbJIdpYEzWZ4NX_PEZBoocd1BdBhN_iINPhZqAizHw_XbejMyHeBNxH2HAKFQ5SvjhyZkqkzvtSjEND1AgRFtThZxse8O-BSGRQi5GpMwHJwyYHWTltXaV6qyZ5YfUYuIbwmYWsnT0pkQjqv0NRRfPfnnJmNbLRHIFxiZ4wmx8CCTJsXBuYoKqQp987cxdi5MgsJB0kzgmtRXZI4WqgM_5u0ewQnXfgALylv3jmeVBDGoF2c-kf773SZOgnaYv49JvtOMJx-Cf1voFSftq7Hjo2223horgIt7dE3g5IWtWzaMZFDTf6zkAznfuyGGjJdVSmzgR8XXConzpYaVg-T9F8KQEzuuZCTaeLbH8vxjFvoCU87l7BIdwUIWbzTsm7cCcoafU4qi234E%26adurl%3D Requested by Host: ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com URL: https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.106.111.46.78.clients.your-server.de Software Apache / Resource Hash f6a0f06d3135444b590fbed8a3e38b8f2aab60503e3050ad2a2a3da3df36176a Request headers Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 04 May 2021 21:32:15 GMT Content-Encoding gzip Server Apache Connection close Content-Length 3880 Vary Accept-Encoding Content-Type text/html; charset=UTF-8
GET H3-29	200	abg_lite.js Show response pagead2.googlesyndication.com/pagead/js/r20210429/r20110914/ Frame 30C2	22 KB 8 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20210429/r20110914/abg_lite.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cow-HOYS0dnPQQOprTinNCtIAOj4FdKrQml-crYiSIUHM6Mr-Sg0JJ_uPcAhBAb9fZu7ICq1b5_9ALnzrPDSTfca-B0nOx8nJuDiy0Gm-1EJyE7p8oGI5uw00ERtoCVGaGUOnbg24s5ujaVrcw3W1-hSoPkw&cry=1&dbm_d=AKAmf-CigE_1ZdSQuGQaHs_aI3OEqDG2kG_Jk9vacdf_jgmKWqPR5Sy-tcsZ2ozL4odBHsZ851Pws7o9P-4wWbQyrTkCTYWlyYmqJQcbxFuTi04PdwrbOVKAOahvs5RdN39lSNaNdEi7l2zOL-XyK_8Bw63z1fPoMpMJ0UnqCmoGZwj6mOKWcAJ0s_YqimmtzwiF2angIGH-XiVqsY38TWG7-RW0T-qGNE6B_7_z-6zxa4-4N-6-CPhDC7B75SLcRksz4wiCPVcJkQyMQCNh7ExhQ8rli4ZrDINaJXSuRz_ZqtAONP8QeTGzxKDRyU9BxFA49MSH9jBOM61N6nSKo6So1IwvF-otYGD61fhSS4uq1inKd1T5YzkNJP48eATW2XehLEZtdmQKu1rF33TUXPpGGlJznJyJH_GdFZ1NzbDxKvdueiqhffqyk5K4Pc3DPo6vGA0wq-CXDaavsnTSZI_n3xaEF2gKPMOJg3Adm-DzMh2jq_Av-8ImDLzyjuh7BLRgwYKqDRbn2YBTrEG3zt_xsXQYIRuy_2q9bswW8PdIYRegMsikikA_9PM7hjjO49iWmLVlbk5eNU18-FG8K01LypozRLxEflwRZkXoWMxP8N07NYfSGBotqogH_0IqDYpH-rg-LPexSfPkGb7w_BlHvuk6Xxe9anS_r6w1W1ppYPGrAnHVzTp3O4E18H0-n9Q-ZjJdNEWQSM8efkDztZV1N6X6DlXIFahhJyCHGrX_6u-MlQxDm4gS40WIRnJgnfSj92UrdV3AKsX7qNs0wAdttEPU55laGYdBzK8lLJTMUNhomDvfMIc_nC0Obq5LpsXWiCWUgiVj9vNbdCQc4EIbJbJBEQNtM4X0QSwguy5Vx3NTFYQeSq5oJ-rPhXc1_y9YWwoAB8BoRLy6WXJ1LiysaPPTVnHhgv-eskZYovx7Av0bpcWfGYCzaPwwawt6sVNT4m12Xj2OnMVomGZzFH0z26J7DP1LOcoNaayCRlJ9PVu6LIs8qpFdTUBhWKW7fHGmc7guOBteC1kNATyxQ1LyuvojtKaASQLBOggf0gDSSQCYyLhajD5x1ERkSHbkwJgZ9qL9Hwu6BrByKzB2TIJZTijg8DloU47cqBUx--m4RwEGh_vGKo_O0jDRJiHcUIUE63_EE3OOQ7hkocfCcf0Ruv2JEbKhPyilMrFsANrNWEFc0z-IKpp7Nv9bmBNbMyDG0Y8q1n4LTzA99_suOe0PSGczs0vexOqMf_7PzOFJcwLYVMwLC3JyD9sIJN7qpToi8oIene2Ch7aT2OWXfcz1i-aQLeOWPKFxeaXREISkk2KSyHr1eb-1J7rujAvVZg0XAtp1fWa1BmLP4iw2ahKDZ1jh0KWD3Xp00VR5uWTn_WVHrYwwwxN-oxWyoo7VcUZPpAm4Qaasf0ajgkxbzrn2Wh9bLCZc9fPYcZceZA0F_hevf8soxqNwdnLC_gg75tb6RxFn8bS3LLYChmRlZOgcrr8x5mIor6QlGfctkKjfDIEub368L9K5He6Zc7LZ1xIszZl_v17XFQO6NWany6f-3r-Hkqo6xOSZrR7Q02BPfOaTwp5UMaDb6imy8zgfJgmo2arqa4tntuCmih7U_EViVoz8I9SAWK4ijEHz6CHcLVYPGPVT555D7gCWar5grWxrC3m1l02eJgeSY3wesPAjofHlmjY7OPFsx9jWHU8uCuRmHEiqTv6a3iaTP4YD9Q7r4PCh_IChTHdTz351MtZVT0dYAfjZ_MlICH9ydtlpOvDA7W68U4YVa9zabqyB_xy11TrLWfHArT4j9G99Cii8ekWeFgTXFZtQ6ELN0zc6SSxc14_ew7YOpHz8QS7tF5fJcFC7SxUpqWzDs5NCDuv_wqsQKWqZyWA_mWYWo6__4Fyxq6LrLo7IRSMZzLA_OgoPctEYMxFq2J3jZnbRzU2aWYg9ZDInrqrcQYUsV7T2ol_d1CkE96_hq3ycffTo5GEqwVVBDdPhXMM8ucWb0H6NKTt2x5bgNdbwG2Wail2UGe88mONbNv0OVZS0FgyXhFDxwJ43dW4B-O0AFTX38kx6vm_Y8ivSgghtg8E9v64VCe-6z-GLAXp0kcmN83mmPkSKLkY023cnFl4gUS1i5eTmttW_kfcFkiRVypi3DPc9utG_WX1zmQtRAHv5K6N3cagJ0eElm7gRek-1omu2-q5y_kEWcBflYqH4UF1CHM54IH6Q2E2BJgch6I83xhtYybUGaewm-CspnDKN2zDpguCauMX2cOSyby_v1EFSlw9e3Mwv-tfUfY1iUFAMKS-wY3F3CMjsGe1qcKljpj75FL4vYePlOB4Vo04M-NhXaUYNvm7DnYccjqhwTpwKiq6kiMM8ZIGa296DntLiEXnFJE5b0r7cubKcQZlK29H3LnA6BFK5wxCosjPnHZ9VGSgZ14Jv4iUDe1sR-qCLV6bv9yB3_UP4IgbwjWA1ZGBbKah2YzVltGZ99fW_Vri57oDJdZ2lbFf9jQrgb3AipLm4KZEeporLnD3NCENytnv4hyAmMKv4fK4hTx6Co3b7CLrVkCg94h_b_pcefgvqYhNsb02GWZLutaMAH4Ung9zQK2tmvoghLHi9nKkOCLkP6T6uzPQJoIpf0idGYYH_X6LSt0pFYaA3Qm1hNEwdMtSAp-IfPGJVZC5Y4MXQ804a7X8PXbiYxXVSINpYk9UpsK7LdGmIiG90585gH1KdVAYptHV3v2EGNJde5xp_Aeyej44t-atfqH5J4DOhcHx_F97sYJ3uZZpVg-zR6TvccW4IcUkIRTSnQ9_sIJq4-6o1UiApIiy6nAwuh28bFAzZ2-rpalRzG7UwSaedZQD6RUl6ODw8wzBh0SY-Apg0MgKZM7LYsbY05VrGmKhsykDCk-blxapXAFr41gdpT2TwqS96yFRJpUdEiyQiNWAd_NJrbsJETVXmW-0fdVZKdCjwhuvP_YkGGz28I8oikxjLAGnE_sAR1foDaL1_2zWN1Ym_veqM1JpqLhyOdZ4G0xGiw3bXOKGb0_PvS7eBaY0E4sk8kilrEt70jOF4Bp1AWpKfHbR1hVTeKGlVYp1MhzwhOH5XIOLP3VZTkMemFA&cid=CAASPeRoIrQo0vPO0l8PcYH62pmbrXwOwhBiBr7yvo1Q4Rpr6-9szgZzXlb-hh2RBHD1WE0zJ95tL0GpVO2MvKY&rfl=1%2Chttps%253A%252F%252Fprnt.sc%252F%240 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 09f0fa32fa39db3e3da2eea89bf806be0b147366343a0934e30f164a12431b43 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:24:42 GMT content-encoding gzip x-content-type-options nosniff age 453 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 8608 x-xss-protection 0 server cafe etag 12149544148951276823 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 18 May 2021 21:24:42 GMT
GET H3-29	200	UFYwWwmt.js Show response tpc.googlesyndication.com/sodar/ Frame 30C2	41 KB 15 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:803::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cow-HOYS0dnPQQOprTinNCtIAOj4FdKrQml-crYiSIUHM6Mr-Sg0JJ_uPcAhBAb9fZu7ICq1b5_9ALnzrPDSTfca-B0nOx8nJuDiy0Gm-1EJyE7p8oGI5uw00ERtoCVGaGUOnbg24s5ujaVrcw3W1-hSoPkw&cry=1&dbm_d=AKAmf-CigE_1ZdSQuGQaHs_aI3OEqDG2kG_Jk9vacdf_jgmKWqPR5Sy-tcsZ2ozL4odBHsZ851Pws7o9P-4wWbQyrTkCTYWlyYmqJQcbxFuTi04PdwrbOVKAOahvs5RdN39lSNaNdEi7l2zOL-XyK_8Bw63z1fPoMpMJ0UnqCmoGZwj6mOKWcAJ0s_YqimmtzwiF2angIGH-XiVqsY38TWG7-RW0T-qGNE6B_7_z-6zxa4-4N-6-CPhDC7B75SLcRksz4wiCPVcJkQyMQCNh7ExhQ8rli4ZrDINaJXSuRz_ZqtAONP8QeTGzxKDRyU9BxFA49MSH9jBOM61N6nSKo6So1IwvF-otYGD61fhSS4uq1inKd1T5YzkNJP48eATW2XehLEZtdmQKu1rF33TUXPpGGlJznJyJH_GdFZ1NzbDxKvdueiqhffqyk5K4Pc3DPo6vGA0wq-CXDaavsnTSZI_n3xaEF2gKPMOJg3Adm-DzMh2jq_Av-8ImDLzyjuh7BLRgwYKqDRbn2YBTrEG3zt_xsXQYIRuy_2q9bswW8PdIYRegMsikikA_9PM7hjjO49iWmLVlbk5eNU18-FG8K01LypozRLxEflwRZkXoWMxP8N07NYfSGBotqogH_0IqDYpH-rg-LPexSfPkGb7w_BlHvuk6Xxe9anS_r6w1W1ppYPGrAnHVzTp3O4E18H0-n9Q-ZjJdNEWQSM8efkDztZV1N6X6DlXIFahhJyCHGrX_6u-MlQxDm4gS40WIRnJgnfSj92UrdV3AKsX7qNs0wAdttEPU55laGYdBzK8lLJTMUNhomDvfMIc_nC0Obq5LpsXWiCWUgiVj9vNbdCQc4EIbJbJBEQNtM4X0QSwguy5Vx3NTFYQeSq5oJ-rPhXc1_y9YWwoAB8BoRLy6WXJ1LiysaPPTVnHhgv-eskZYovx7Av0bpcWfGYCzaPwwawt6sVNT4m12Xj2OnMVomGZzFH0z26J7DP1LOcoNaayCRlJ9PVu6LIs8qpFdTUBhWKW7fHGmc7guOBteC1kNATyxQ1LyuvojtKaASQLBOggf0gDSSQCYyLhajD5x1ERkSHbkwJgZ9qL9Hwu6BrByKzB2TIJZTijg8DloU47cqBUx--m4RwEGh_vGKo_O0jDRJiHcUIUE63_EE3OOQ7hkocfCcf0Ruv2JEbKhPyilMrFsANrNWEFc0z-IKpp7Nv9bmBNbMyDG0Y8q1n4LTzA99_suOe0PSGczs0vexOqMf_7PzOFJcwLYVMwLC3JyD9sIJN7qpToi8oIene2Ch7aT2OWXfcz1i-aQLeOWPKFxeaXREISkk2KSyHr1eb-1J7rujAvVZg0XAtp1fWa1BmLP4iw2ahKDZ1jh0KWD3Xp00VR5uWTn_WVHrYwwwxN-oxWyoo7VcUZPpAm4Qaasf0ajgkxbzrn2Wh9bLCZc9fPYcZceZA0F_hevf8soxqNwdnLC_gg75tb6RxFn8bS3LLYChmRlZOgcrr8x5mIor6QlGfctkKjfDIEub368L9K5He6Zc7LZ1xIszZl_v17XFQO6NWany6f-3r-Hkqo6xOSZrR7Q02BPfOaTwp5UMaDb6imy8zgfJgmo2arqa4tntuCmih7U_EViVoz8I9SAWK4ijEHz6CHcLVYPGPVT555D7gCWar5grWxrC3m1l02eJgeSY3wesPAjofHlmjY7OPFsx9jWHU8uCuRmHEiqTv6a3iaTP4YD9Q7r4PCh_IChTHdTz351MtZVT0dYAfjZ_MlICH9ydtlpOvDA7W68U4YVa9zabqyB_xy11TrLWfHArT4j9G99Cii8ekWeFgTXFZtQ6ELN0zc6SSxc14_ew7YOpHz8QS7tF5fJcFC7SxUpqWzDs5NCDuv_wqsQKWqZyWA_mWYWo6__4Fyxq6LrLo7IRSMZzLA_OgoPctEYMxFq2J3jZnbRzU2aWYg9ZDInrqrcQYUsV7T2ol_d1CkE96_hq3ycffTo5GEqwVVBDdPhXMM8ucWb0H6NKTt2x5bgNdbwG2Wail2UGe88mONbNv0OVZS0FgyXhFDxwJ43dW4B-O0AFTX38kx6vm_Y8ivSgghtg8E9v64VCe-6z-GLAXp0kcmN83mmPkSKLkY023cnFl4gUS1i5eTmttW_kfcFkiRVypi3DPc9utG_WX1zmQtRAHv5K6N3cagJ0eElm7gRek-1omu2-q5y_kEWcBflYqH4UF1CHM54IH6Q2E2BJgch6I83xhtYybUGaewm-CspnDKN2zDpguCauMX2cOSyby_v1EFSlw9e3Mwv-tfUfY1iUFAMKS-wY3F3CMjsGe1qcKljpj75FL4vYePlOB4Vo04M-NhXaUYNvm7DnYccjqhwTpwKiq6kiMM8ZIGa296DntLiEXnFJE5b0r7cubKcQZlK29H3LnA6BFK5wxCosjPnHZ9VGSgZ14Jv4iUDe1sR-qCLV6bv9yB3_UP4IgbwjWA1ZGBbKah2YzVltGZ99fW_Vri57oDJdZ2lbFf9jQrgb3AipLm4KZEeporLnD3NCENytnv4hyAmMKv4fK4hTx6Co3b7CLrVkCg94h_b_pcefgvqYhNsb02GWZLutaMAH4Ung9zQK2tmvoghLHi9nKkOCLkP6T6uzPQJoIpf0idGYYH_X6LSt0pFYaA3Qm1hNEwdMtSAp-IfPGJVZC5Y4MXQ804a7X8PXbiYxXVSINpYk9UpsK7LdGmIiG90585gH1KdVAYptHV3v2EGNJde5xp_Aeyej44t-atfqH5J4DOhcHx_F97sYJ3uZZpVg-zR6TvccW4IcUkIRTSnQ9_sIJq4-6o1UiApIiy6nAwuh28bFAzZ2-rpalRzG7UwSaedZQD6RUl6ODw8wzBh0SY-Apg0MgKZM7LYsbY05VrGmKhsykDCk-blxapXAFr41gdpT2TwqS96yFRJpUdEiyQiNWAd_NJrbsJETVXmW-0fdVZKdCjwhuvP_YkGGz28I8oikxjLAGnE_sAR1foDaL1_2zWN1Ym_veqM1JpqLhyOdZ4G0xGiw3bXOKGb0_PvS7eBaY0E4sk8kilrEt70jOF4Bp1AWpKfHbR1hVTeKGlVYp1MhzwhOH5XIOLP3VZTkMemFA&cid=CAASPeRoIrQo0vPO0l8PcYH62pmbrXwOwhBiBr7yvo1Q4Rpr6-9szgZzXlb-hh2RBHD1WE0zJ95tL0GpVO2MvKY&rfl=1%2Chttps%253A%252F%252Fprnt.sc%252F%240 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 13:44:39 GMT content-encoding gzip x-content-type-options nosniff age 28056 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15207 x-xss-protection 0 last-modified Tue, 03 Mar 2020 20:15:00 GMT server sffe vary Accept-Encoding content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 04 May 2022 13:44:39 GMT
GET H3-29	200	WoE6FlxLfDckfFPcighdBxIW8EHvlo7fGH3q-u1F8Es.js Show response pagead2.googlesyndication.com/bg/ Frame 0E22	14 KB 6 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/WoE6FlxLfDckfFPcighdBxIW8EHvlo7fGH3q-u1F8Es.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5a813a165c4b7c37247c53dc8a085d071216f041ef968edf187deafaed45f04b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 20:13:26 GMT content-encoding br x-content-type-options nosniff last-modified Wed, 28 Apr 2021 12:48:00 GMT server sffe age 4729 vary Accept-Encoding content-type text/javascript cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5711 x-xss-protection 0 expires Wed, 04 May 2022 20:13:26 GMT
GET H3-29	200	WoE6FlxLfDckfFPcighdBxIW8EHvlo7fGH3q-u1F8Es.js Show response pagead2.googlesyndication.com/bg/ Frame D657	14 KB 6 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/WoE6FlxLfDckfFPcighdBxIW8EHvlo7fGH3q-u1F8Es.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5a813a165c4b7c37247c53dc8a085d071216f041ef968edf187deafaed45f04b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 20:13:26 GMT content-encoding br x-content-type-options nosniff last-modified Wed, 28 Apr 2021 12:48:00 GMT server sffe age 4729 vary Accept-Encoding content-type text/javascript cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5711 x-xss-protection 0 expires Wed, 04 May 2022 20:13:26 GMT
GET H3-29	200	Enqz_20U.html Show response tpc.googlesyndication.com/sodar/ Frame B18F	22 KB 8 KB	7ms 6ms	Document text/html	2a00:1450:4001:803::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/Enqz_20U.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority tpc.googlesyndication.com :scheme https :path /sodar/Enqz_20U.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin timing-allow-origin * content-length 8395 date Tue, 04 May 2021 13:44:50 GMT expires Wed, 04 May 2022 13:44:50 GMT last-modified Tue, 03 Mar 2020 20:15:00 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 28045 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H/1.1	200 OK	npoee1nv94vs Show response hal9000.redintelligence.net/zone/ Frame 30C2	11 KB 4 KB	34ms 12ms	Script text/html	78.46.111.106 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal9000.redintelligence.net/zone/npoee1nv94vs?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8mGaXr2RYPzFNIif-gaCrbrQCrXN-YNXzN65q-UM8C4QASCimaEcYJWCgICwB8gBCakCcoF8swwotD6oAwGqBK4BT9CKzbY4u3piMAXSfFaWz4zYwHJkg6Y3jeNQKU_hl2IT43hoQIhAZHlWocaENNhFgGJ29W7nXAaAzyTHmuqEwParIZ_h3XMNRJJH-0Y9BydPHB0udVlcYkAevpCJbcJRL_sp7eoJWlWf9o20xQX9_TRQDKYHIDEwTbrLv-INjOy9yf18IWCeSHH3-koLqZeBzs-N2dwP3UAwxW8s0ZsU_lVtGvtinWUZ1LNt9-fhwASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB3yCBthZHgtc3Vic3luLTY2NTAwMTYyMTI0ODA5OTGACgOYCwHICwGADAGwE8Ka2grQEwDYEwPYFAE%26ae%3D1%26num%3D1%26cid%3DCAASPeRoIrQo0vPO0l8PcYH62pmbrXwOwhBiBr7yvo1Q4Rpr6-9szgZzXlb-hh2RBHD1WE0zJ95tL0GpVO2MvKY%26sig%3DAOD64_1zlTrjdCqOPsTp0i3DClwllPI9Ew%26client%3Dca-pub-1232265399417302%26dbm_c%3DAKAmf-BeHzAQ0vQMPU2m5hDkOAz0EYDAKnmFqttQHWAuJr_PXPJPn3FZO7FBTzXURfxmDQDkUp63ApD4HgZGbzCQ2RMwxO-nkm6gD_qXNsFhINBMoYFnWnvwDWBXx4Y00uGLoH4WjdYVXkfNaLlIxkxEHRom_ZOCPg%26cry%3D1%26dbm_d%3DAKAmf-CBjC1thljAYkstIauhGvedYcckGWV2LMgFyGSnIKF_3LmFUtEze4egTwIsGswm_GvUADGX8DMhZtvPwljqyGnTW5F2wF2a9-HzQF6IoLMbTufrjljx38Ou3sOeaskFip0pvegPVpVIkZw-U5RQu47link_DEVix0itRrZFSuN6Ybd1PWAFrG4vc0PsXeztYEYqUuNNPX3ZdQi1V3c3Aihme8keGYrY72g_oQwFRVqXTk-Itrcm-ZB2Fwxepl3UwFC6E2RJ94ey8XhbS9xJuOiDO4PoksIGMFklk4_1082w_bLEbmRXYdg3-_8IO-Xpo__E5-eOvXiPo-6GBgqnEoT-nupRD2WTu5OSJWYLtQ4r77S6WSMtQKZyNxH1lAWh21CGDXWVTKQKTW5IAeQzO6RRQ-32MyD5h5u5W7zAcUnuWis45hohyoKd4i-HoCenctAUJIE3%26adurl%3D Requested by Host: ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com URL: https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.106.111.46.78.clients.your-server.de Software Apache / Resource Hash 1c1700382b2b81831bfd8b73779bc18c185bd1429c7d0fe3e87887fa37a4607d Request headers Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 04 May 2021 21:32:15 GMT Content-Encoding gzip Server Apache Connection close Content-Length 3886 Vary Accept-Encoding Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	request.php Show response hal90008.redintelligence.net/ Frame 07D6 Redirect Chain https://hal90008.redintelligence.net/request.php?zone=zy291edt4ui9&nw=20&renderingType=javascript&namespace=20f868897b&subid=&uid=b5206aa01d79fb33&screenSize=1600x1200&screenSizeAvail=1600x1200&cli... https://hal90008.redintelligence.net/request.php?zone=zy291edt4ui9&nw=20&renderingType=javascript&namespace=20f868897b&subid=&uid=b5206aa01d79fb33&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...	2 KB 1 KB	94ms 71ms	Script application/x-javascript	138.201.63.150 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal90008.redintelligence.net/request.php?zone=zy291edt4ui9&nw=20&renderingType=javascript&namespace=20f868897b&subid=&uid=b5206aa01d79fb33&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x18&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-gI7Xr2RYPvFNIif-gaCrbrQCrXN-YNXnNC5q-UM8C4QASCimaEcYJWCgICwB8gBCakCcoF8swwotD6oAwGqBKoBT9CFTOEckxu-xIsNsJPzfAqX1hHviiW-_J6SeuTbBGsfEoeHUZQXQkeckJSK-iV2-E4EXXCDwEnofg2qXctHtQmdDxdd9I3s0IvwvmD2UQp0LS5Y72ZXSCqR4vwyoxqSmO445bMusr3igCtY46gRwe3pLiMLAbCpEo9euI4aZbJaY1V87oIU3IeGZo3Fgxc7EaQc8TEg8OBNTHya8GheX13cZMb5CNgJMKrABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiA4YBQEAEYHfIIG2FkeC1zdWJzeW4tNjY1MDAxNjIxMjQ4MDk5MYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAQ%26ae%3D1%26num%3D1%26cid%3DCAASPeRoRg3cQALDGm2UuCxgO-gVU2UWLy0y8KNvTBwCoBaZ3Ik4rDMJ3iT_Npk88fHEm27RS33dpxSSU-QvtbI%26sig%3DAOD64_29pZ62wX8T5ju1IQhZxqqO3XDm3g%26client%3Dca-pub-1232265399417302%26dbm_c%3DAKAmf-DM1mWEBAW9sWwcYj4vhwJJwpevBejX_vQVbiNg7b19bco76-SVqV6uxa7bt9Ywc2BgaR0eXrKb7v2btdsc70iJAHu1dB-Ev9O1iWf61-tqK9z5lG0awwItproTVecuZb6COtcQxN3qsfZvDLi3kCQUfcUcJg%26cry%3D1%26dbm_d%3DAKAmf-Cn4ZyPmfdS0F4plpfxptypX6hxbQw7n7ltN5GItvg1pamX-GtjaX1PTQIYbJIdpYEzWZ4NX_PEZBoocd1BdBhN_iINPhZqAizHw_XbejMyHeBNxH2HAKFQ5SvjhyZkqkzvtSjEND1AgRFtThZxse8O-BSGRQi5GpMwHJwyYHWTltXaV6qyZ5YfUYuIbwmYWsnT0pkQjqv0NRRfPfnnJmNbLRHIFxiZ4wmx8CCTJsXBuYoKqQp987cxdi5MgsJB0kzgmtRXZI4WqgM_5u0ewQnXfgALylv3jmeVBDGoF2c-kf773SZOgnaYv49JvtOMJx-Cf1voFSftq7Hjo2223horgIt7dE3g5IWtWzaMZFDTf6zkAznfuyGGjJdVSmzgR8XXConzpYaVg-T9F8KQEzuuZCTaeLbH8vxjFvoCU87l7BIdwUIWbzTsm7cCcoafU4qi234E%26adurl%3D&documentReferer=https%3A%2F%2Fprnt.sc%2F&ancestorOrigins=https%3A%2F%2Fprnt.sc&random=6078348901098&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0&uidRedirect=1 Requested by Host: ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com URL: https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.63.150 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.150.63.201.138.clients.your-server.de Software Apache / Resource Hash 63b5c435c970d19bfc3858ed9cd3193b47eb140a2f30fd68f91af0eeed66eeee Request headers Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Pragma no-cache Date Tue, 04 May 2021 21:32:15 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Cache-Control no-store, no-cache, must-revalidate, max-age=0 X-NEORY-SubId 62421400267045200710632011584008 Connection close Content-Type application/x-javascript; charset=utf-8 Content-Length 895 Expires Tue, 04 May 2021 22:32:15 +0200 Redirect headers Pragma no-cache Date Tue, 04 May 2021 21:32:15 GMT Server Apache P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Location request.php?zone=zy291edt4ui9&nw=20&renderingType=javascript&namespace=20f868897b&subid=&uid=b5206aa01d79fb33&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x18&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-gI7Xr2RYPvFNIif-gaCrbrQCrXN-YNXnNC5q-UM8C4QASCimaEcYJWCgICwB8gBCakCcoF8swwotD6oAwGqBKoBT9CFTOEckxu-xIsNsJPzfAqX1hHviiW-_J6SeuTbBGsfEoeHUZQXQkeckJSK-iV2-E4EXXCDwEnofg2qXctHtQmdDxdd9I3s0IvwvmD2UQp0LS5Y72ZXSCqR4vwyoxqSmO445bMusr3igCtY46gRwe3pLiMLAbCpEo9euI4aZbJaY1V87oIU3IeGZo3Fgxc7EaQc8TEg8OBNTHya8GheX13cZMb5CNgJMKrABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiA4YBQEAEYHfIIG2FkeC1zdWJzeW4tNjY1MDAxNjIxMjQ4MDk5MYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAQ%26ae%3D1%26num%3D1%26cid%3DCAASPeRoRg3cQALDGm2UuCxgO-gVU2UWLy0y8KNvTBwCoBaZ3Ik4rDMJ3iT_Npk88fHEm27RS33dpxSSU-QvtbI%26sig%3DAOD64_29pZ62wX8T5ju1IQhZxqqO3XDm3g%26client%3Dca-pub-1232265399417302%26dbm_c%3DAKAmf-DM1mWEBAW9sWwcYj4vhwJJwpevBejX_vQVbiNg7b19bco76-SVqV6uxa7bt9Ywc2BgaR0eXrKb7v2btdsc70iJAHu1dB-Ev9O1iWf61-tqK9z5lG0awwItproTVecuZb6COtcQxN3qsfZvDLi3kCQUfcUcJg%26cry%3D1%26dbm_d%3DAKAmf-Cn4ZyPmfdS0F4plpfxptypX6hxbQw7n7ltN5GItvg1pamX-GtjaX1PTQIYbJIdpYEzWZ4NX_PEZBoocd1BdBhN_iINPhZqAizHw_XbejMyHeBNxH2HAKFQ5SvjhyZkqkzvtSjEND1AgRFtThZxse8O-BSGRQi5GpMwHJwyYHWTltXaV6qyZ5YfUYuIbwmYWsnT0pkQjqv0NRRfPfnnJmNbLRHIFxiZ4wmx8CCTJsXBuYoKqQp987cxdi5MgsJB0kzgmtRXZI4WqgM_5u0ewQnXfgALylv3jmeVBDGoF2c-kf773SZOgnaYv49JvtOMJx-Cf1voFSftq7Hjo2223horgIt7dE3g5IWtWzaMZFDTf6zkAznfuyGGjJdVSmzgR8XXConzpYaVg-T9F8KQEzuuZCTaeLbH8vxjFvoCU87l7BIdwUIWbzTsm7cCcoafU4qi234E%26adurl%3D&documentReferer=https%3A%2F%2Fprnt.sc%2F&ancestorOrigins=https%3A%2F%2Fprnt.sc&random=6078348901098&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0&uidRedirect=1 Cache-Control no-store, no-cache, must-revalidate, max-age=0 Connection close Content-Type text/html; charset=UTF-8 Content-Length 0 Expires Tue, 04 May 2021 22:32:15 +0200
GET H/1.1	200 OK	request.php Show response hal90006.redintelligence.net/ Frame 30C2	2 KB 1 KB	94ms 69ms	Script application/x-javascript	138.201.63.164 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal90006.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=4a0f6888d2&subid=&uid=fe9ff664e0c510c5&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8mGaXr2RYPzFNIif-gaCrbrQCrXN-YNXzN65q-UM8C4QASCimaEcYJWCgICwB8gBCakCcoF8swwotD6oAwGqBK4BT9CKzbY4u3piMAXSfFaWz4zYwHJkg6Y3jeNQKU_hl2IT43hoQIhAZHlWocaENNhFgGJ29W7nXAaAzyTHmuqEwParIZ_h3XMNRJJH-0Y9BydPHB0udVlcYkAevpCJbcJRL_sp7eoJWlWf9o20xQX9_TRQDKYHIDEwTbrLv-INjOy9yf18IWCeSHH3-koLqZeBzs-N2dwP3UAwxW8s0ZsU_lVtGvtinWUZ1LNt9-fhwASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB3yCBthZHgtc3Vic3luLTY2NTAwMTYyMTI0ODA5OTGACgOYCwHICwGADAGwE8Ka2grQEwDYEwPYFAE%26ae%3D1%26num%3D1%26cid%3DCAASPeRoIrQo0vPO0l8PcYH62pmbrXwOwhBiBr7yvo1Q4Rpr6-9szgZzXlb-hh2RBHD1WE0zJ95tL0GpVO2MvKY%26sig%3DAOD64_1zlTrjdCqOPsTp0i3DClwllPI9Ew%26client%3Dca-pub-1232265399417302%26dbm_c%3DAKAmf-BeHzAQ0vQMPU2m5hDkOAz0EYDAKnmFqttQHWAuJr_PXPJPn3FZO7FBTzXURfxmDQDkUp63ApD4HgZGbzCQ2RMwxO-nkm6gD_qXNsFhINBMoYFnWnvwDWBXx4Y00uGLoH4WjdYVXkfNaLlIxkxEHRom_ZOCPg%26cry%3D1%26dbm_d%3DAKAmf-CBjC1thljAYkstIauhGvedYcckGWV2LMgFyGSnIKF_3LmFUtEze4egTwIsGswm_GvUADGX8DMhZtvPwljqyGnTW5F2wF2a9-HzQF6IoLMbTufrjljx38Ou3sOeaskFip0pvegPVpVIkZw-U5RQu47link_DEVix0itRrZFSuN6Ybd1PWAFrG4vc0PsXeztYEYqUuNNPX3ZdQi1V3c3Aihme8keGYrY72g_oQwFRVqXTk-Itrcm-ZB2Fwxepl3UwFC6E2RJ94ey8XhbS9xJuOiDO4PoksIGMFklk4_1082w_bLEbmRXYdg3-_8IO-Xpo__E5-eOvXiPo-6GBgqnEoT-nupRD2WTu5OSJWYLtQ4r77S6WSMtQKZyNxH1lAWh21CGDXWVTKQKTW5IAeQzO6RRQ-32MyD5h5u5W7zAcUnuWis45hohyoKd4i-HoCenctAUJIE3%26adurl%3D&documentReferer=https%3A%2F%2Fprnt.sc%2F&ancestorOrigins=https%3A%2F%2Fprnt.sc&random=7950697383656&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0 Requested by Host: hal9000.redintelligence.net URL: https://hal9000.redintelligence.net/zone/npoee1nv94vs?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8mGaXr2RYPzFNIif-gaCrbrQCrXN-YNXzN65q-UM8C4QASCimaEcYJWCgICwB8gBCakCcoF8swwotD6oAwGqBK4BT9CKzbY4u3piMAXSfFaWz4zYwHJkg6Y3jeNQKU_hl2IT43hoQIhAZHlWocaENNhFgGJ29W7nXAaAzyTHmuqEwParIZ_h3XMNRJJH-0Y9BydPHB0udVlcYkAevpCJbcJRL_sp7eoJWlWf9o20xQX9_TRQDKYHIDEwTbrLv-INjOy9yf18IWCeSHH3-koLqZeBzs-N2dwP3UAwxW8s0ZsU_lVtGvtinWUZ1LNt9-fhwASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB3yCBthZHgtc3Vic3luLTY2NTAwMTYyMTI0ODA5OTGACgOYCwHICwGADAGwE8Ka2grQEwDYEwPYFAE%26ae%3D1%26num%3D1%26cid%3DCAASPeRoIrQo0vPO0l8PcYH62pmbrXwOwhBiBr7yvo1Q4Rpr6-9szgZzXlb-hh2RBHD1WE0zJ95tL0GpVO2MvKY%26sig%3DAOD64_1zlTrjdCqOPsTp0i3DClwllPI9Ew%26client%3Dca-pub-1232265399417302%26dbm_c%3DAKAmf-BeHzAQ0vQMPU2m5hDkOAz0EYDAKnmFqttQHWAuJr_PXPJPn3FZO7FBTzXURfxmDQDkUp63ApD4HgZGbzCQ2RMwxO-nkm6gD_qXNsFhINBMoYFnWnvwDWBXx4Y00uGLoH4WjdYVXkfNaLlIxkxEHRom_ZOCPg%26cry%3D1%26dbm_d%3DAKAmf-CBjC1thljAYkstIauhGvedYcckGWV2LMgFyGSnIKF_3LmFUtEze4egTwIsGswm_GvUADGX8DMhZtvPwljqyGnTW5F2wF2a9-HzQF6IoLMbTufrjljx38Ou3sOeaskFip0pvegPVpVIkZw-U5RQu47link_DEVix0itRrZFSuN6Ybd1PWAFrG4vc0PsXeztYEYqUuNNPX3ZdQi1V3c3Aihme8keGYrY72g_oQwFRVqXTk-Itrcm-ZB2Fwxepl3UwFC6E2RJ94ey8XhbS9xJuOiDO4PoksIGMFklk4_1082w_bLEbmRXYdg3-_8IO-Xpo__E5-eOvXiPo-6GBgqnEoT-nupRD2WTu5OSJWYLtQ4r77S6WSMtQKZyNxH1lAWh21CGDXWVTKQKTW5IAeQzO6RRQ-32MyD5h5u5W7zAcUnuWis45hohyoKd4i-HoCenctAUJIE3%26adurl%3D Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.63.164 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.164.63.201.138.clients.your-server.de Software Apache / Resource Hash 4ef9e49e1fdde228542c9b2f748a697deb6be77d2d183aa468e7e78bf09b137f Request headers Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Pragma no-cache Date Tue, 04 May 2021 21:32:15 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Cache-Control no-store, no-cache, must-revalidate, max-age=0 X-NEORY-SubId 68380000293472200710616011584006 Connection close Content-Type application/x-javascript; charset=utf-8 Content-Length 895 Expires Tue, 04 May 2021 22:32:15 +0200
GET H3-29	200	WoE6FlxLfDckfFPcighdBxIW8EHvlo7fGH3q-u1F8Es.js Show response pagead2.googlesyndication.com/bg/ Frame B18F	14 KB 6 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/WoE6FlxLfDckfFPcighdBxIW8EHvlo7fGH3q-u1F8Es.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5a813a165c4b7c37247c53dc8a085d071216f041ef968edf187deafaed45f04b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 20:13:26 GMT content-encoding br x-content-type-options nosniff last-modified Wed, 28 Apr 2021 12:48:00 GMT server sffe age 4729 vary Accept-Encoding content-type text/javascript cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5711 x-xss-protection 0 expires Wed, 04 May 2022 20:13:26 GMT
GET H3-29	200	activityi;dc_pre=CJWE_v78sPACFY3ruwgdDCMItg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8801021413155.152 Show response 5994599.fls.doubleclick.net/ Frame DD6F Redirect Chain https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8801021413155.152? https://5994599.fls.doubleclick.net/activityi;dc_pre=CJWE_v78sPACFY3ruwgdDCMItg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8801021413155.152?	391 B 344 B	38ms 23ms	Document text/html	172.217.23.102 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://5994599.fls.doubleclick.net/activityi;dc_pre=CJWE_v78sPACFY3ruwgdDCMItg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8801021413155.152? Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol H3-29 Security QUIC, , AES_128_GCM Server 172.217.23.102 , United States, ASN15169 (GOOGLE, US), Reverse DNS mil04s23-in-f102.1e100.net Software cafe / Resource Hash b7c556b0fda0b876150fe95466f3e40bcadcf345b746e2ca8985bf1f6d8b43cf Security Headers Name Value Strict-Transport-Security max-age=21600 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority 5994599.fls.doubleclick.net :scheme https :path /activityi;dc_pre=CJWE_v78sPACFY3ruwgdDCMItg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8801021413155.152? pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ accept-encoding gzip, deflate, br accept-language en-US cookie IDE=AHWqTUmx5Ling5L2o5pklO6CM74N0_g4yG2HzEw3Sz3GOZ5vl9cnDlct_RQyLK-KYPw Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin date Tue, 04 May 2021 21:32:15 GMT expires Tue, 04 May 2021 21:32:15 GMT cache-control private, max-age=0 strict-transport-security max-age=21600 content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding gzip server cafe content-length 321 x-xss-protection 0 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Redirect headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin date Tue, 04 May 2021 21:32:15 GMT pragma no-cache expires Fri, 01 Jan 1990 00:00:00 GMT cache-control no-cache, must-revalidate follow-only-when-prerender-shown 1 strict-transport-security max-age=21600 location https://5994599.fls.doubleclick.net/activityi;dc_pre=CJWE_v78sPACFY3ruwgdDCMItg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8801021413155.152? content-type text/html; charset=UTF-8 x-content-type-options nosniff server cafe content-length 0 x-xss-protection 0 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H/1.1	200 OK	request_content.php Show response hal90006.redintelligence.net/ Frame 0E8F	6 KB 2 KB	33ms 12ms	Document text/html	138.201.63.164 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal90006.redintelligence.net/request_content.php?s=68380000293472200710616011584006&a=17defbab Requested by Host: hal90006.redintelligence.net URL: https://hal90006.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=4a0f6888d2&subid=&uid=fe9ff664e0c510c5&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8mGaXr2RYPzFNIif-gaCrbrQCrXN-YNXzN65q-UM8C4QASCimaEcYJWCgICwB8gBCakCcoF8swwotD6oAwGqBK4BT9CKzbY4u3piMAXSfFaWz4zYwHJkg6Y3jeNQKU_hl2IT43hoQIhAZHlWocaENNhFgGJ29W7nXAaAzyTHmuqEwParIZ_h3XMNRJJH-0Y9BydPHB0udVlcYkAevpCJbcJRL_sp7eoJWlWf9o20xQX9_TRQDKYHIDEwTbrLv-INjOy9yf18IWCeSHH3-koLqZeBzs-N2dwP3UAwxW8s0ZsU_lVtGvtinWUZ1LNt9-fhwASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB3yCBthZHgtc3Vic3luLTY2NTAwMTYyMTI0ODA5OTGACgOYCwHICwGADAGwE8Ka2grQEwDYEwPYFAE%26ae%3D1%26num%3D1%26cid%3DCAASPeRoIrQo0vPO0l8PcYH62pmbrXwOwhBiBr7yvo1Q4Rpr6-9szgZzXlb-hh2RBHD1WE0zJ95tL0GpVO2MvKY%26sig%3DAOD64_1zlTrjdCqOPsTp0i3DClwllPI9Ew%26client%3Dca-pub-1232265399417302%26dbm_c%3DAKAmf-BeHzAQ0vQMPU2m5hDkOAz0EYDAKnmFqttQHWAuJr_PXPJPn3FZO7FBTzXURfxmDQDkUp63ApD4HgZGbzCQ2RMwxO-nkm6gD_qXNsFhINBMoYFnWnvwDWBXx4Y00uGLoH4WjdYVXkfNaLlIxkxEHRom_ZOCPg%26cry%3D1%26dbm_d%3DAKAmf-CBjC1thljAYkstIauhGvedYcckGWV2LMgFyGSnIKF_3LmFUtEze4egTwIsGswm_GvUADGX8DMhZtvPwljqyGnTW5F2wF2a9-HzQF6IoLMbTufrjljx38Ou3sOeaskFip0pvegPVpVIkZw-U5RQu47link_DEVix0itRrZFSuN6Ybd1PWAFrG4vc0PsXeztYEYqUuNNPX3ZdQi1V3c3Aihme8keGYrY72g_oQwFRVqXTk-Itrcm-ZB2Fwxepl3UwFC6E2RJ94ey8XhbS9xJuOiDO4PoksIGMFklk4_1082w_bLEbmRXYdg3-_8IO-Xpo__E5-eOvXiPo-6GBgqnEoT-nupRD2WTu5OSJWYLtQ4r77S6WSMtQKZyNxH1lAWh21CGDXWVTKQKTW5IAeQzO6RRQ-32MyD5h5u5W7zAcUnuWis45hohyoKd4i-HoCenctAUJIE3%26adurl%3D&documentReferer=https%3A%2F%2Fprnt.sc%2F&ancestorOrigins=https%3A%2F%2Fprnt.sc&random=7950697383656&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.63.164 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.164.63.201.138.clients.your-server.de Software Apache / Resource Hash 2b4afcfef3361e43f18a3c380e4b97676d583db26d2d55fafadd7370a7be8b0e Request headers Host hal90006.redintelligence.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest iframe Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ Accept-Encoding gzip, deflate, br Accept-Language en-US Cookie 8lcfmzhxc8d6_uid=b2f57adfbafe4be6 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ Response headers Date Tue, 04 May 2021 21:32:15 GMT Server Apache Cache-Control no-store, no-cache, must-revalidate, max-age=0 Expires Tue, 04 May 2021 22:32:15 +0200 Pragma no-cache P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Vary Accept-Encoding Content-Encoding gzip Content-Length 2137 Connection close Content-Type text/html; charset=utf-8
GET DATA	200 OK	truncated / Frame 30C2	215 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 8be8610654a31ead5a65e7c75857b320e592b77a95f1c083007f495bdbbbebe1 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/png
GET H3-29	200	activityi;dc_pre=CLOSgv_8sPACFZXjuwgdynsGfg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1566122874780.2646 Show response 5994599.fls.doubleclick.net/ Frame D87E Redirect Chain https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1566122874780.2646? https://5994599.fls.doubleclick.net/activityi;dc_pre=CLOSgv_8sPACFZXjuwgdynsGfg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1566122874780.2646?	392 B 348 B	24ms 24ms	Document text/html	172.217.23.102 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://5994599.fls.doubleclick.net/activityi;dc_pre=CLOSgv_8sPACFZXjuwgdynsGfg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1566122874780.2646? Requested by Host: prnt.sc URL: https://prnt.sc/12hs5gs Protocol H3-29 Security QUIC, , AES_128_GCM Server 172.217.23.102 , United States, ASN15169 (GOOGLE, US), Reverse DNS mil04s23-in-f102.1e100.net Software cafe / Resource Hash 8a3de9130c0cf3ebd754533b16ab62c584ecc48c6b374092cb5ca9e3508ef200 Security Headers Name Value Strict-Transport-Security max-age=21600 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority 5994599.fls.doubleclick.net :scheme https :path /activityi;dc_pre=CLOSgv_8sPACFZXjuwgdynsGfg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1566122874780.2646? pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ accept-encoding gzip, deflate, br accept-language en-US cookie IDE=AHWqTUmx5Ling5L2o5pklO6CM74N0_g4yG2HzEw3Sz3GOZ5vl9cnDlct_RQyLK-KYPw Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin date Tue, 04 May 2021 21:32:15 GMT expires Tue, 04 May 2021 21:32:15 GMT cache-control private, max-age=0 strict-transport-security max-age=21600 content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding gzip server cafe content-length 325 x-xss-protection 0 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Redirect headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin date Tue, 04 May 2021 21:32:15 GMT pragma no-cache expires Fri, 01 Jan 1990 00:00:00 GMT cache-control no-cache, must-revalidate follow-only-when-prerender-shown 1 strict-transport-security max-age=21600 location https://5994599.fls.doubleclick.net/activityi;dc_pre=CLOSgv_8sPACFZXjuwgdynsGfg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1566122874780.2646? content-type text/html; charset=UTF-8 x-content-type-options nosniff server cafe content-length 0 x-xss-protection 0 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H/1.1	200 OK	request_content.php Show response hal90008.redintelligence.net/ Frame B84C	6 KB 2 KB	33ms 11ms	Document text/html	138.201.63.150 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal90008.redintelligence.net/request_content.php?s=62421400267045200710632011584008&a=b51ebe86 Requested by Host: hal90008.redintelligence.net URL: https://hal90008.redintelligence.net/request.php?zone=zy291edt4ui9&nw=20&renderingType=javascript&namespace=20f868897b&subid=&uid=b5206aa01d79fb33&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x18&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-gI7Xr2RYPvFNIif-gaCrbrQCrXN-YNXnNC5q-UM8C4QASCimaEcYJWCgICwB8gBCakCcoF8swwotD6oAwGqBKoBT9CFTOEckxu-xIsNsJPzfAqX1hHviiW-_J6SeuTbBGsfEoeHUZQXQkeckJSK-iV2-E4EXXCDwEnofg2qXctHtQmdDxdd9I3s0IvwvmD2UQp0LS5Y72ZXSCqR4vwyoxqSmO445bMusr3igCtY46gRwe3pLiMLAbCpEo9euI4aZbJaY1V87oIU3IeGZo3Fgxc7EaQc8TEg8OBNTHya8GheX13cZMb5CNgJMKrABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiA4YBQEAEYHfIIG2FkeC1zdWJzeW4tNjY1MDAxNjIxMjQ4MDk5MYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAQ%26ae%3D1%26num%3D1%26cid%3DCAASPeRoRg3cQALDGm2UuCxgO-gVU2UWLy0y8KNvTBwCoBaZ3Ik4rDMJ3iT_Npk88fHEm27RS33dpxSSU-QvtbI%26sig%3DAOD64_29pZ62wX8T5ju1IQhZxqqO3XDm3g%26client%3Dca-pub-1232265399417302%26dbm_c%3DAKAmf-DM1mWEBAW9sWwcYj4vhwJJwpevBejX_vQVbiNg7b19bco76-SVqV6uxa7bt9Ywc2BgaR0eXrKb7v2btdsc70iJAHu1dB-Ev9O1iWf61-tqK9z5lG0awwItproTVecuZb6COtcQxN3qsfZvDLi3kCQUfcUcJg%26cry%3D1%26dbm_d%3DAKAmf-Cn4ZyPmfdS0F4plpfxptypX6hxbQw7n7ltN5GItvg1pamX-GtjaX1PTQIYbJIdpYEzWZ4NX_PEZBoocd1BdBhN_iINPhZqAizHw_XbejMyHeBNxH2HAKFQ5SvjhyZkqkzvtSjEND1AgRFtThZxse8O-BSGRQi5GpMwHJwyYHWTltXaV6qyZ5YfUYuIbwmYWsnT0pkQjqv0NRRfPfnnJmNbLRHIFxiZ4wmx8CCTJsXBuYoKqQp987cxdi5MgsJB0kzgmtRXZI4WqgM_5u0ewQnXfgALylv3jmeVBDGoF2c-kf773SZOgnaYv49JvtOMJx-Cf1voFSftq7Hjo2223horgIt7dE3g5IWtWzaMZFDTf6zkAznfuyGGjJdVSmzgR8XXConzpYaVg-T9F8KQEzuuZCTaeLbH8vxjFvoCU87l7BIdwUIWbzTsm7cCcoafU4qi234E%26adurl%3D&documentReferer=https%3A%2F%2Fprnt.sc%2F&ancestorOrigins=https%3A%2F%2Fprnt.sc&random=6078348901098&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.63.150 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.150.63.201.138.clients.your-server.de Software Apache / Resource Hash 7f8a1e4e19a740a18d026a989bde5d1fe9bbb995d59dcbe4b9fc25a71d87f307 Request headers Host hal90008.redintelligence.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest iframe Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ Accept-Encoding gzip, deflate, br Accept-Language en-US Cookie 8lcfmzhxc8d6_uid=b2f57adfbafe4be6 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ Response headers Date Tue, 04 May 2021 21:32:15 GMT Server Apache Cache-Control no-store, no-cache, must-revalidate, max-age=0 Expires Tue, 04 May 2021 22:32:15 +0200 Pragma no-cache P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Vary Accept-Encoding Content-Encoding gzip Content-Length 2110 Connection close Content-Type text/html; charset=utf-8
GET DATA	200 OK	truncated / Frame 07D6	214 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 8c650208fb4577af25a044de870fc8c35f5566caf22600fa3da365aa59a5387c Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/png
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame 0E8F	89 KB 32 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:811::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js Requested by Host: hal90006.redintelligence.net URL: https://hal90006.redintelligence.net/request_content.php?s=68380000293472200710616011584006&a=17defbab Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://hal90006.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 03 May 2021 15:58:03 GMT content-encoding gzip x-content-type-options nosniff age 106452 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 32245 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Tue, 03 May 2022 15:58:03 GMT
GET H/1.1	200 OK	300x250_OMAC_2016_Launch%20(3).jpg cdn.contentspread.net/24i/advertiser/32995/creativesup/ Frame 0E8F	52 KB 52 KB	39ms 15ms	Image image/jpeg	188.138.57.20 GD-EMEA-DC-SXB1
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.contentspread.net/24i/advertiser/32995/creativesup/300x250_OMAC_2016_Launch%20(3).jpg Requested by Host: hal90006.redintelligence.net URL: https://hal90006.redintelligence.net/request_content.php?s=68380000293472200710616011584006&a=17defbab Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 188.138.57.20 Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE), Reverse DNS loft11016.serverprofi24.de Software nginx / Resource Hash 23ef33989f2db4e8afde93e57b1534aeca826f6c70e794a9d7a418fea9a58614 Request headers Referer https://hal90006.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 04 May 2021 21:32:15 GMT Last-Modified Mon, 20 Jun 2016 09:16:21 GMT Server nginx ETag "5767b465-ce63" Content-Type image/jpeg Connection close Accept-Ranges bytes Content-Length 52835
GET H3-29	200	dc_pre=CJWE_v78sPACFY3ruwgdDCMItg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8801021413155.152 adservice.google.com/ddm/fls/z/ Frame DD6F	42 B 63 B	53ms 40ms	Image image/gif	2a00:1450:4001:813::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://adservice.google.com/ddm/fls/z/dc_pre=CJWE_v78sPACFY3ruwgdDCMItg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8801021413155.152 Requested by Host: 5994599.fls.doubleclick.net URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CJWE_v78sPACFY3ruwgdDCMItg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8801021413155.152? Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://5994599.fls.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Tue, 04 May 2021 21:32:16 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame B84C	89 KB 32 KB	22ms 7ms	Script text/javascript	2a00:1450:4001:80f::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js Requested by Host: hal90008.redintelligence.net URL: https://hal90008.redintelligence.net/request_content.php?s=62421400267045200710632011584008&a=b51ebe86 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://hal90008.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Mon, 03 May 2021 15:58:03 GMT content-encoding gzip x-content-type-options nosniff age 106452 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 32245 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Tue, 03 May 2022 15:58:03 GMT
GET H/1.1	200 OK	DE-970x90.jpg cdn.contentspread.net/24i/advertiser/32995/creativesup/ Frame B84C	45 KB 45 KB	37ms 15ms	Image image/jpeg	188.138.57.20 GD-EMEA-DC-SXB1
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.contentspread.net/24i/advertiser/32995/creativesup/DE-970x90.jpg Requested by Host: hal90008.redintelligence.net URL: https://hal90008.redintelligence.net/request_content.php?s=62421400267045200710632011584008&a=b51ebe86 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 188.138.57.20 Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE), Reverse DNS loft11016.serverprofi24.de Software nginx / Resource Hash 111f89907f15880eac1cbb2d94d9ec4d166639db3a53ca75c11dd59a2887435d Request headers Referer https://hal90008.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 04 May 2021 21:32:16 GMT Last-Modified Thu, 13 Apr 2017 09:15:04 GMT Server nginx ETag "58ef4198-b211" Content-Type image/jpeg Connection close Accept-Ranges bytes Content-Length 45585
GET H3-29	200	dc_pre=CLOSgv_8sPACFZXjuwgdynsGfg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1566122874780.2646 adservice.google.com/ddm/fls/z/ Frame D87E	42 B 63 B	51ms 41ms	Image image/gif	2a00:1450:4001:813::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://adservice.google.com/ddm/fls/z/dc_pre=CLOSgv_8sPACFZXjuwgdynsGfg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1566122874780.2646 Requested by Host: 5994599.fls.doubleclick.net URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CLOSgv_8sPACFZXjuwgdynsGfg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1566122874780.2646? Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://5994599.fls.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Tue, 04 May 2021 21:32:16 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	viewability Show response hal90006.redintelligence.net/ Frame 0E8F	0 150 B	33ms 12ms	Script text/html	138.201.63.164 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal90006.redintelligence.net/viewability?s=68380000293472200710616011584006&a=8ac7125e&vb=m Requested by Host: hal90006.redintelligence.net URL: https://hal90006.redintelligence.net/request_content.php?s=68380000293472200710616011584006&a=17defbab Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.63.164 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.164.63.201.138.clients.your-server.de Software Apache / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://hal90006.redintelligence.net/request_content.php?s=68380000293472200710616011584006&a=17defbab User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 04 May 2021 21:32:16 GMT Server Apache Connection close Content-Length 0 Content-Type text/html; charset=UTF-8
GET DATA	200 OK	truncated / Frame 0E8F	43 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/gif
GET H/1.1	200 OK	viewability Show response hal90008.redintelligence.net/ Frame B84C	0 150 B	33ms 12ms	Script text/html	138.201.63.150 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal90008.redintelligence.net/viewability?s=62421400267045200710632011584008&a=cf5a67a2&vb=m Requested by Host: hal90008.redintelligence.net URL: https://hal90008.redintelligence.net/request_content.php?s=62421400267045200710632011584008&a=b51ebe86 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.63.150 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.150.63.201.138.clients.your-server.de Software Apache / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://hal90008.redintelligence.net/request_content.php?s=62421400267045200710632011584008&a=b51ebe86 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 04 May 2021 21:32:16 GMT Server Apache Connection close Content-Length 0 Content-Type text/html; charset=UTF-8
GET DATA	200 OK	truncated / Frame B84C	43 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/gif
GET H3-29	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame D657	0 20 B	42ms 41ms	Image image/gif	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BULsWX72RYPWcH9L33wPAv524DgAAAAA4AeAEAg&bg=!8vGl8bXNAAYXzPaOF8w7ACkAdvg8Wrxor8xokkw3IYlh158f-VGYJiWKd_zaaU9wLFLjT6hNNk29cQIAAAE2UgAAAC9oAQcKAKhYO5LZI6J092YkNicLfIo6_XJfaJKKZgl4OrxCRizSFF0BQrIQe5_Npzl7GrDiZE0B0Yue3mVxHpwOSKIpAJeRS46GIq0XExzBtRt8Q4wZrW3Z6Bstqh30PDJM48x12-BKbnhD80KZuj1jbJBdBw_L_UDf-4-jLldDIXZK2KS9RuntEdEYO-ZIr4cf0QYq2-_UH5BTNQzqqZZ1ZR5MxunIxE8xUNXfsuyZAn7z-FhzfkeZHU2GO4_mSdKdXMmzuGGmQVth05D2EgOcXHBfoANgW2zLU24SBJ11ECitVGCQAR13bzmU22ixMiap3zHMsJhcH9mJA1Vl2EkVY3Pft_2HFBu556XsxD9ItHmF6UI3Z4lgj-QtGWDncgBe5lHMVgIzJa2iPkYJeWaBvPeooYAXlIMOlczBXfR4mLvs7Ip4xymSLcrUbZ1o4DOhLOOLVE9EPa1gWGWwM16G4KztQDfVWJ09cgGUHa7eF_UVvBCt_QziSLVsbEk3o5FCQ9Okw3JzFH63dgZe0R2OLOx_EKpkTkF8Ktm3ZHbuEFr3Jey33NXr_Vi-4yuBAbrQtmtKyfaKb0qNqd6KTYQT-uejrn4_71nJyY_BjduCWvsVtA7RgBIoNN19MWBjiySTxYTzF0eVaD9ptT9FRbrVolJTJAB7woXTE8-CEbICvCDqP8w2-B-npzpuReg9Oup8o__AnjJwAQqJN9Zq7pnUpmsumJH2mr0qsDXsb-bPlDCJO7leIpVHNcfgM1O5VS5PrttrsH-y-ESBUnUzTxK-jC-QcUea8mHzhRheiiYEXHtwHBGrO-YzsP4UYZLmHvLVE_PtLWytA8tV5-HQVayc0HDArR52v3iDIgkbhhzr8bFfba-E4327KphnC-x2wkd9vJSsr_92evsm5wbfj3JWeQSkVLFn2_lrfkxL1M_rphpH_m_Np4yGi83KBF2HEBBMw_16H-fh2qBikKJXQ8Vj_wcEZpiiL1AZOXh77y4r3Gdt1c7_s5Qr9mN36rEKWtuJMICh6a6CgrapJ_ckORN14sPlMyvykFoxFafKVHlLx0fCpT081Khn4mliKj1oSQ Requested by Host: ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com URL: https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Tue, 04 May 2021 21:32:16 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	204	gen_204 pagead2.googlesyndication.com/pagead/	0 20 B	41ms 40ms	Image image/gif	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021042801&jk=2979469266896303&bg=!i4iliMzNAAYXzPaOF8w7ACkAdvg8WnPqOGUYhsQ2xANdDfEjTvYYgWrry3myklIvMauEeTUqi1Xl5QIAAAE6UgAAACdoAQcKAKrTVfFRR493BH550tw9yzPBrgh0NKrpCRkJ9WtTgNbFzR9BOb8lMz4lrt1bObPTFXQu84wQtPM8xok_K7BisxqAUgYUoUB56FUan75EKSI999vdLEJtGGLGicB35HG3vVipPo8YO2qo1oM5FbEVoNEC2dy3MoQMrdnz7AldjC7QBiwoh8E0M2nl0fKZmV6dwmmr5-CgaP3RbZxmWvEjfXJKAnkttlp0ykbsS5kCRv5jKZwPaxj2jcnzb_Kh3yISObZMoqWoRCg_RYNR6xd3Z0L1KU4IBNylZDPGYu1jVfFonFerXlXRY3Rh06qirP0A2ZGfDNDv5-arRIvwRCKHbKRjQl69OgdfPIYXsES6LJS03v9uJhmdDNHRFEFRIjYDt_fNmRdn7ORXq2OLoV-HiyjmqvAP8R8VaNa8p_13O8xZxkpuyz-qD5PFl1ymGQeCxdEyIBEy6zqK_FfUNWgxwncenToLavf9OLdD4WEgLybEO8xHcL9dpVfn9cSmFQJ5Pqqt5y8BOVou-uq_7iGVt-WfNKrp3iokaLpOAHX8u5cKFdxveaeDhEjzU-udfcdbHa01eWzAoS303xQsDtwRERvPPiPU1Zx1Q42jAE2YRG_y4nSVirktRs78e7_kg55jWPYDvACjb4meeQus0IVYrgUa41wBsebHw4kTcUTnpZtR6YsUdKmGnD2xkbrQvRiL-yfiVGF6NG8VHUXXBhGr1ONM1llH73TkMOS5EEjNVvWvmXwkTyfpH20eu1UusHPYoKJKJ4YMr03WOsCtx-qLIcGDNhtWtWwvwm82jIsuRzc17Apq_r0CIuIt4xx5xgCCtzyK-LRhovuOC_MpVGoB5GsqEuSC8eu8MKS5TTx2bmqPUTEkuZF68KQXoG4Lc05aSs5U7y3zQ3xPw2IP7lj_qyMPZQlTc12OBswn9p0aq1TliP1H4XfjbpXCFpEHrOhBotEK_dClNCS4y3GPEVXTukGbPwbCY2H__Itrxa0pT5fNI-v5lQ Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Tue, 04 May 2021 21:32:16 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame B18F	0 20 B	40ms 40ms	Image image/gif	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BDHbSX72RYLquIbfE7_UPltOCuAoAAAAAOAHgBAI&bg=!ycqlyo7NAAYXzPaOF8w7ACkAdvg8WjJyJUVJF0CVMi5syqmTiESx0XU1cbkuWX6Kf44lBIJyfsOI6wIAAAFCUgAAAA9oAQeZAouEQaEqTsoZv6yt0yg2GATrMWTzx3SZtjFOUro5JA-lCTUdp99MaSvjsmqHPUd3ZBYMqfZh-lDJ9qicW-pqAwRz7JNZyAr32eC-SMw8tsLMWsfMTJhauRzXlhmVCQTCCwwVRkSM5GCYuhysQOMzXQC522KQwosxuKFoGqoKGzog5riOvWywG2omas-lLdzhUnODswu6fpFIWX1SvoL45igxBIcQn7mshnuKKP9t68TsOnl7U6C_QO3LgC3xU0BfQYf9eYNOguWHejs5r7FeZmK8XDuNhi_-Eqh9h4xD5qLWkr6fO0wqgQ-aifgOBMK6-GqElU0e9Flie2L6mKsyx1_j42-rbXt68F6gBeMZPFe6ruhg0Qe09I7vnqQn0TJcT7GojaxGEPcEMrgtMW3EVnRxMJtNQXBU6lgfaEum5dq0jUaR_KExWRK22SkIMvbncoIQiVN1bfCP7eeCu1Dx0jU9Ibmmq87nRm9pSs2nJ3A7K2xvxYxI9F2pBxJEAp0G-6tHGvNUYy39zuOViLSLIelpekBoxlPWcvlJS1U9aKa1SZueYwyV5AjKktoIoC_eIvCrxmYAGZ14o8yV4Ut13Gk6OCckpltNtKD83549YF8lwa_KPKDKFwh2pUI-iGKZsqCfuIvkhespOhujxVFJhIYZFqg6JoBrtSCXSF3iN-RCMqAJAtFfwNruxeVMjXBQHfUpq1RgQN_fWLgIFU-j4z5enUumQX3b3uAQuy2xcjCX3J9Po1O7nO2dcZWPx6fqlJ5Qgxy2X0NnwEeCtpSTGjU6Es5W3LpDmy4gnk3guWkuDuKmXTvq63VNcNDR9PZESg54IDv4f4DWAHUx7-V_MKpgmpNvf6tb75FLswU Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Tue, 04 May 2021 21:32:16 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	worker.nude.js Show response st.prntscr.com/2021/04/08/1538/js/	3 KB 1 KB	39ms 39ms	XHR application/javascript	104.23.139.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://st.prntscr.com/2021/04/08/1538/js/worker.nude.js Requested by Host: st.prntscr.com URL: https://st.prntscr.com/2021/04/08/1538/js/script.mix.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ee7c0aa7330f62b75b4e54dc5e44c543d8013358f2f2e40a655b9d0a668ba572 Request headers Referer https://prnt.sc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 04 May 2021 21:32:16 GMT content-encoding br cf-cache-status HIT last-modified Thu, 08 Apr 2021 15:39:30 GMT server cloudflare age 762 etag W/"606f23b2-ad9" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript access-control-allow-origin https://prnt.sc cache-control max-age=1800 cf-ray 64a4d73d9b8601db-ZRH cf-request-id 09dae4da81000001db0caaf000000001 expires Tue, 04 May 2021 21:49:07 GMT
GET H3-29	200	activeview Show response pagead2.googlesyndication.com/pcs/ Frame 07D6	42 B 64 B	57ms 43ms	Fetch image/gif	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvRjvj1Xs9jnggFGa-jJs7_7eWcjDP2EEKsUEC9ObeSAUZ0JjrrT5UP8dPwNEmNTMNHuhYbdVdeDk3o6uOZ_N4Gxr_ni7acs9u0YB4_1h5CQQQ9&sai=AMfl-YSHxUug7erC3ys3miRlgpYe8TFj3oppzj_34J7Vp0f2YBrvttqZkG9qFXSwUd1pzvnbV3BJURa6snz-6AJXxLSF2srvZeQ0_OS8gP7he6exJGNivoBnI8zRM2E5zNc&sig=Cg0ArKJSzGznFzNKecg7EAE&cid=CAASPeRoRg3cQALDGm2UuCxgO-gVU2UWLy0y8KNvTBwCoBaZ3Ik4rDMJ3iT_Npk88fHEm27RS33dpxSSU-QvtbI&id=lidar2&mcvt=1000&p=1027,315,1121,1285&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20210503&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=20&adk=3120184932&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1620163935471&dlt=18&rpt=461&isd=0&msd=0&r=v&fum=1 Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://ff89fe765c7a582c71dbcb6f522b9b54.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Tue, 04 May 2021 21:32:16 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET BLOB	200 OK	7e8a73de-a6c1-4ae8-8c60-317ccc4a7cab https://prnt.sc/	3 KB 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://prnt.sc/7e8a73de-a6c1-4ae8-8c60-317ccc4a7cab Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash ee7c0aa7330f62b75b4e54dc5e44c543d8013358f2f2e40a655b9d0a668ba572 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Length 2777 Content-Type text/javascript
GET H/1.1	200 OK	viewability Show response hal90008.redintelligence.net/ Frame B84C	0 150 B	33ms 12ms	Script text/html	138.201.63.150 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal90008.redintelligence.net/viewability?s=62421400267045200710632011584008&a=cf5a67a2&vb=v Requested by Host: hal90008.redintelligence.net URL: https://hal90008.redintelligence.net/request_content.php?s=62421400267045200710632011584008&a=b51ebe86 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.63.150 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.150.63.201.138.clients.your-server.de Software Apache / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://hal90008.redintelligence.net/request_content.php?s=62421400267045200710632011584008&a=b51ebe86 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 04 May 2021 21:32:17 GMT Server Apache Connection close Content-Length 0 Content-Type text/html; charset=UTF-8