whytheychangetherestuff.shekinahphotography.com Open in urlscan Pro
173.208.179.74  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response whytheychangetherestuff.shekinahphotography.com/	5 KB 2 KB	489ms 124ms	Document text/html	173.208.179.74 WII
General Check archive.org Show headers Download Go to Full URL https://whytheychangetherestuff.shekinahphotography.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 173.208.179.74 , United States, ASN32097 (WII, US), Reverse DNS seashoredir.com Software nginx / Express Resource Hash c2c881f0e030bbdb13ea93fa8ee963fc9815a35528319181dc8b22759345a10e Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers content-encoding gzip content-type text/html; charset=utf-8 date Sat, 11 May 2024 10:48:33 GMT etag W/"14aa-Ox9AiIT4xg2xiq+NoYcJkq1L/Ac" server nginx vary Accept-Encoding x-cache MISS x-powered-by Express
GET H3	200	adsbygoogle.js Show response pagead2.googlesyndication.com/pagead/js/	151 KB 51 KB	70ms 53ms	Script text/javascript	142.250.186.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4556278525240867 Requested by Host: whytheychangetherestuff.shekinahphotography.com URL: https://whytheychangetherestuff.shekinahphotography.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s05-in-f2.1e100.net Software cafe / Resource Hash faf78912602f725899b4f7785a77f00c5da30baca7e91a6346d9357000dee8ea Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://whytheychangetherestuff.shekinahphotography.com/ Origin https://whytheychangetherestuff.shekinahphotography.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 11 May 2024 10:48:33 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 52118 x-xss-protection 0 server cafe etag 10665186164853289960 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=3600, stale-while-revalidate=3600 timing-allow-origin * link <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin expires Sat, 11 May 2024 10:48:33 GMT
GET H2	200	css2 fonts.googleapis.com/	22 KB 1 KB	38ms 15ms	Stylesheet text/css	2a00:1450:4001:81c::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap Requested by Host: whytheychangetherestuff.shekinahphotography.com URL: https://whytheychangetherestuff.shekinahphotography.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 9a6ad22973f5737039a4fa7cf7e23f9744ccd47ec82da68f125be614314483fc Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://whytheychangetherestuff.shekinahphotography.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Sat, 11 May 2024 10:48:33 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Sat, 11 May 2024 10:44:04 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sat, 11 May 2024 10:48:33 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	301 KB 100 KB	48ms 27ms	Script application/javascript	2a00:1450:4001:82f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-MZ5T2ZY0DZ Requested by Host: whytheychangetherestuff.shekinahphotography.com URL: https://whytheychangetherestuff.shekinahphotography.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 02e3bbde7ed6f5e77eb59d37e71697faa9c3f6c90554ec2ea91ed0a09cf85b1a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://whytheychangetherestuff.shekinahphotography.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 11 May 2024 10:48:33 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 102303 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Sat, 11 May 2024 10:48:33 GMT
GET H2	404	/ whytheychangetherestuff.shekinahphotography.com/img/bgs/	3 KB 3 KB	120ms 120ms	Image text/html	173.208.179.74 WII
General Check archive.org Show headers Download Go to Show image Full URL https://whytheychangetherestuff.shekinahphotography.com/img/bgs/ Requested by Host: whytheychangetherestuff.shekinahphotography.com URL: https://whytheychangetherestuff.shekinahphotography.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 173.208.179.74 , United States, ASN32097 (WII, US), Reverse DNS seashoredir.com Software nginx / Express Resource Hash a244654c11bd0685962604d04afb83bbd7194aceaf3cdaace7b61c9b4cadbcca Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://whytheychangetherestuff.shekinahphotography.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 11 May 2024 10:48:33 GMT content-encoding gzip server nginx x-powered-by Express etag W/"cb2-e4zA4cEjztpED3vbcVIKMkNrZTc" vary Accept-Encoding content-type text/html; charset=utf-8
GET H2	200	JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 fonts.gstatic.com/s/montserrat/v26/	32 KB 33 KB	34ms 9ms	Font font/woff2	2a00:1450:4001:800::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://fonts.googleapis.com/ Origin https://whytheychangetherestuff.shekinahphotography.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 06 May 2024 17:34:04 GMT x-content-type-options nosniff age 407669 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 33092 x-xss-protection 0 last-modified Wed, 13 Sep 2023 22:51:58 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 06 May 2025 17:34:04 GMT
GET H3	200	show_ads_impl_with_ama_fy2021.js Show response pagead2.googlesyndication.com/pagead/managed/js/adsense/m202405070101/	412 KB 139 KB	77ms 63ms	Script text/javascript	142.250.186.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202405070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4556278525240867&plah=whytheychangetherestuff.shekinahphotography.com&aplac=true Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4556278525240867 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s05-in-f2.1e100.net Software cafe / Resource Hash 78f4d4b2fc0ca674d72f63db0a8219f6c2790efab3c4cace91a6c40d87531e7a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://whytheychangetherestuff.shekinahphotography.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 11 May 2024 10:48:33 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 142547 x-xss-protection 0 server cafe etag 7136579948865464129 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600, stale-while-revalidate=3600 timing-allow-origin * expires Sat, 11 May 2024 10:48:33 GMT
POST H2	204	collect region1.google-analytics.com/g/	0 277 B	36ms 14ms	Ping text/plain	2001:4860:4802:34::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-MZ5T2ZY0DZ&gtm=45je4580v9179064614za200&_p=1715424513553&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1840445158.1715424514&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.201%7CGoogle%2520Chrome%3B124.0.6367.201%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1715424513&sct=1&seg=0&dl=https%3A%2F%2Fwhytheychangetherestuff.shekinahphotography.com%2F&dt=EduVista%20%7C%20Students&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=625 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-MZ5T2ZY0DZ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://whytheychangetherestuff.shekinahphotography.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Sat, 11 May 2024 10:48:33 GMT server Golfe2 content-type text/plain access-control-allow-origin https://whytheychangetherestuff.shekinahphotography.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	zrt_lookup_fy2021.html pagead2.googlesyndication.com/pagead/html/r20240508/r20110914/ Frame BA23	0 0	47ms 9ms	Document text/html	142.250.186.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/html/r20240508/r20110914/zrt_lookup_fy2021.html Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202405070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4556278525240867&plah=whytheychangetherestuff.shekinahphotography.com&aplac=true Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s05-in-f2.1e100.net Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://whytheychangetherestuff.shekinahphotography.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers age 65703 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=1209600 content-encoding br content-length 4155 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Fri, 10 May 2024 16:33:30 GMT etag 5035419970550746386 expires Fri, 24 May 2024 16:33:30 GMT p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" server cafe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H3	200	ads pagead2.googlesyndication.com/pagead/ Frame 0F9C	0 0	164ms 132ms	Document text/html	142.250.186.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-4556278525240867&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1715424513&plat=8%3A4194304%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x1080_l%7C500x1080_r&format=0x0&url=https%3A%2F%2Fwhytheychangetherestuff.shekinahphotography.com%2F&pra=5&wgl=1&easpi=0&aihb=0&asro=0&aslmct=0.7&asamct=0.7&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNC4wLjYzNjcuMjAxIixudWxsLDAsbnVsbCwiNjQiLFtbIkNocm9taXVtIiwiMTI0LjAuNjM2Ny4yMDEiXSxbIkdvb2dsZSBDaHJvbWUiLCIxMjQuMC42MzY3LjIwMSJdLFsiTm90LUEuQnJhbmQiLCI5OS4wLjAuMCJdXSwwXQ..&dt=1715424513606&bpp=1&bdt=93&idt=177&shv=r20240508&mjsv=m202405070101&ptt=9&saldr=aa&abxe=1&eoidce=1&nras=1&correlator=4303980818589&frm=20&pv=2&ga_vid=1840445158.1715424514&ga_sid=1715424514&ga_hid=1144841657&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31083438%2C95331983%2C31082144%2C95331043%2C95332403%2C95332415&oid=2&pvsid=3204326501565286&tmod=909747673&uas=0&nvt=1&fsapi=1&fc=1920&brdim=1570%2C1170%2C1570%2C1170%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&ifi=1&uci=a!1&fsb=1&dtd=187 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202405070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4556278525240867&plah=whytheychangetherestuff.shekinahphotography.com&aplac=true Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s05-in-f2.1e100.net Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://whytheychangetherestuff.shekinahphotography.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-encoding br content-length 46 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Sat, 11 May 2024 10:48:33 GMT p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" server cafe timing-allow-origin * x-content-type-options nosniff x-xss-protection 0
GET H3	200	sodar Show response pagead2.googlesyndication.com/getconfig/	16 KB 12 KB	53ms 52ms	XHR application/json	142.250.186.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240508&st=env Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202405070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4556278525240867&plah=whytheychangetherestuff.shekinahphotography.com&aplac=true Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s05-in-f2.1e100.net Software cafe / Resource Hash 175cdd2b8ed11b2740a726ab9dfad8bf1d5a999bf6874c8434969633bca286b0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://whytheychangetherestuff.shekinahphotography.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 11 May 2024 10:48:33 GMT content-encoding br x-content-type-options nosniff server cafe content-type application/json; charset=UTF-8 access-control-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 12275 x-xss-protection 0
GET H2	200	eduvista.png whytheychangetherestuff.shekinahphotography.com/img/	138 KB 139 KB	242ms 242ms	Other image/png	173.208.179.74 WII
General Check archive.org Show headers Download Go to Full URL https://whytheychangetherestuff.shekinahphotography.com/img/eduvista.png Protocol H2 Security TLS 1.3, , AES_256_GCM Server 173.208.179.74 , United States, ASN32097 (WII, US), Reverse DNS seashoredir.com Software nginx / Express Resource Hash 427de5857f839f049d39438413af93bb3cb2d5338e3f4e0f598fc17eb39c32e2 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://whytheychangetherestuff.shekinahphotography.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 11 May 2024 10:48:34 GMT last-modified Mon, 06 May 2024 23:02:47 GMT server nginx x-powered-by Express etag W/"229fc-18f50253833" x-cache MISS content-type image/png cache-control public, max-age=0 accept-ranges bytes content-length 141820
GET H2	200	sodar2.js Show response tpc.googlesyndication.com/sodar/	17 KB 7 KB	208ms 74ms	Script text/javascript	2a00:1450:4001:830::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202405070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4556278525240867&plah=whytheychangetherestuff.shekinahphotography.com&aplac=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://whytheychangetherestuff.shekinahphotography.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 11 May 2024 10:48:34 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 6386 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" etag "1637097310169751" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Sat, 11 May 2024 10:48:34 GMT
GET H2	200	runner.html tpc.googlesyndication.com/sodar/sodar2/225/ Frame F487	0 0	28ms 7ms	Document text/html	2a00:1450:4001:830::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://whytheychangetherestuff.shekinahphotography.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes age 4832 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=31536000 content-encoding gzip content-length 5046 content-type text/html cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" cross-origin-resource-policy cross-origin date Sat, 11 May 2024 09:28:02 GMT expires Sun, 11 May 2025 09:28:02 GMT last-modified Mon, 21 Jun 2021 20:47:05 GMT report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} server sffe vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET		sodar pagead2.googlesyndication.com/pagead/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

pagead2.googlesyndication.com

URL

https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240508&jk=3204326501565286&bg=!c3ClcD_NAAZxHNKdURw7ADQBe5WfOBtmswu_DnIDKh3yo0RXRcZhdVL6FW_7GlJ0Dm-ytsuNKsciIFE5qL1ohiZBrgqQAgAAAC9SAAAAAWgBB34ANW_NsFY0WgKHIZztzWNJI9CMR0bnIrvuE68pCgrhAwOa18bDaIbP5I6L_pmqM01OGsONqfywCgBBwx9lLyZCww4pwRKgOyN_Cfuqz_MPWpgeXAaf0rBHWQAPultzjRF0XY_dnPI0B4tlqkjM2EyIzMu4O3yVF86hQxqZAr_XQjpdMOkD6dpEIzbFjs1A9tiqlGmRR7C1Gli3YNpo1LXJPGCi6-oUJTOwHXvNK2PXHXz_jSjWmHwbeJe2p0pe0ZSkmy96Q-jlq19LljQxwQY3iQgd3lFE_NKV36HYCqt-klMFA-Y-AmGv-K_DLniQi74BrThIof3a-uMNud3WtZVuw_XQdhSS5b_-8k8j3grHguhd-2CtF-43M6jeCVMR0VhHr2H5TJMdjGWhKv2gG6VW9IN0YbxtsZ-TBheOYSokS_tBSrKXo5yex0n66g5YoyXo5Gtt3tjLX4Dj5iYtDBHT0PfkyUw5-J2ZkVqonVYNUN-oxpm9wlv9XX1xtEQ88bP607twv9tHbKwQ6cWsG1hmQtxKo0L_AcyLjm444Jec3P0RE_8EZEGxkZJWJoRWTmtJiq2ovlchkw4wncZv-PPjM5N3xQswfHmzOac9kbP6O9N8YennCkL8k_wfw3NP-DKQQnpqST_23KcH6Xx5qUf7mrWk9e5Cpses145GZoJO1vToQTCwLiCEBaLL6cAS5JhhnQwtaca_WTFU4PQ-MfM2jzdibZgoJ0l4EbxRlS4byGZFNb1qbX06pTXT6fnRH8RIJj1-U1xaIlDbJUu3oMl6Fqey4OVT8faE_QOWsObm52s-nGDMvofHkEDTlIqTMDcuDUU-rvjEQe3IKVGCgYMnryzSb3YxkpeCmvakuyGOYplimqKndehEKYZfW3SULo0vCYgNTFoQzoPoRG-KDFJIouxztKxkw4UFajcjpxTDsec9ajiiNf_vOChx4vIQfl27IdGZxjuye2rNKKvv9Hfl4xIbsnIkLcqy5LfG6RWzMCXrgT4wNLi6yJkV9gHZIwYhIug-hX-ebVuFY0WcrwZcvmkrQGOFsQLFV5wVaZfJmcIY1nV7P5Nt343ZDMeQfqi2GfY8F05lcdyvxXes

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| gtag object| dataLayer function| delay function| loginSystem object| google_js_reporting_queue number| google_srt object| google_persistent_state_async object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_tag_data object| google_reactive_ads_global_state object| adsbygoogle object| google_sa_queue function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint object| google_tag_manager function| onYouTubeIframeAPIReady object| gaGlobal function| google_sa_impl number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| GoogleGcLKhOms object| google_image_requests

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.shekinahphotography.com/	1970-01-21 06:06:24	Name: _ga Value: GA1.1.1840445158.1715424514
			.shekinahphotography.com/	1970-01-21 06:06:24	Name: _ga_MZ5T2ZY0DZ Value: GS1.1.1715424513.1.0.1715424513.0.0.0

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://whytheychangetherestuff.shekinahphotography.com/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://whytheychangetherestuff.shekinahphotography.com/img/bgs/ Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
pagead2.googlesyndication.com
region1.google-analytics.com
tpc.googlesyndication.com
whytheychangetherestuff.shekinahphotography.com
www.googletagmanager.com
pagead2.googlesyndication.com
142.250.186.66
173.208.179.74
2001:4860:4802:34::36
2a00:1450:4001:800::2003
2a00:1450:4001:81c::200a
2a00:1450:4001:82f::2008
2a00:1450:4001:830::2001
02e3bbde7ed6f5e77eb59d37e71697faa9c3f6c90554ec2ea91ed0a09cf85b1a
175cdd2b8ed11b2740a726ab9dfad8bf1d5a999bf6874c8434969633bca286b0
427de5857f839f049d39438413af93bb3cb2d5338e3f4e0f598fc17eb39c32e2
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
78f4d4b2fc0ca674d72f63db0a8219f6c2790efab3c4cace91a6c40d87531e7a
9a6ad22973f5737039a4fa7cf7e23f9744ccd47ec82da68f125be614314483fc
a244654c11bd0685962604d04afb83bbd7194aceaf3cdaace7b61c9b4cadbcca
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
c2c881f0e030bbdb13ea93fa8ee963fc9815a35528319181dc8b22759345a10e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
faf78912602f725899b4f7785a77f00c5da30baca7e91a6346d9357000dee8ea