prnt.sc Open in urlscan Pro
104.26.14.80 Public Scan

URL:
https://prnt.sc/14v89rs
Submission: On June 10 via manual (June 10th 2021, 6:58:03 pm UTC) from US

Summary HTTP 120 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 34 IPs in 4 countries across 21 domains to perform 120 HTTP transactions. The main IP is 104.26.14.80, located in United States and belongs to CLOUDFLARENET, US. The main domain is prnt.sc.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 18th 2020. Valid for: a year.

This is the only time prnt.sc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	104.26.14.80 104.26.14.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	104.23.139.12 104.23.139.12	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
2	2600:9000:218... 2600:9000:218c:9c00:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
2	151.139.242.3 151.139.242.3	33438 (HIGHWINDS2) (HIGHWINDS2)
1	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	2606:2800:234... 2606:2800:234:46c:e8b:1e2f:2bd:694	15133 (EDGECAST) (EDGECAST)
2	192.207.255.147 192.207.255.147	62821 (AS-MNX) (AS-MNX)
1	2a00:1450:400... 2a00:1450:400c:c0a::9b	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:51e4:db4b:4436:b305	16509 (AMAZON-02) (AMAZON-02)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	104.244.42.136 104.244.42.136	13414 (TWITTER) (TWITTER)
1	2600:9000:218... 2600:9000:218d:1a00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
4	143.204.141.33 143.204.141.33	16509 (AMAZON-02) (AMAZON-02)
1	2.21.111.28 2.21.111.28	16625 (AKAMAI-AS) (AKAMAI-AS)
2	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
6	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2006	15169 (GOOGLE) (GOOGLE)
8 12	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
6 10	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
4 6	185.33.220.242 185.33.220.242	29990 (ASN-APPNEX) (ASN-APPNEX)
2 3	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1 2	184.31.88.106 184.31.88.106	16625 (AKAMAI-AS) (AKAMAI-AS)
120	34

2 104.26.14.80 (United States)

ASN13335 (CLOUDFLARENET, US)

prnt.sc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 104.23.139.12 (United States)

ASN13335 (CLOUDFLARENET, US)

st.prntscr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.prntscr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:218c:9c00:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.242.3 (United States)

ASN33438 (HIGHWINDS2, US)

cdn.ad4game.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.207.255.147 (United States)

ASN62821 (AS-MNX, US)
PTR: haproxy2.ad4game.com

ads.ad4game.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0a::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:51e4:db4b:4436:b305 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.136 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:218d:1a00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 143.204.141.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-141-33.ewr52.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.21.111.28 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-111-28.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.185.162 (United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.18.234.21 (Frankfurt am Main, Germany) 6 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.33.220.242 (Amsterdam, Netherlands) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 724.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.159.8 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.31.88.106 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-31-88-106.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	googlesyndication.com 7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	152 KB
27	doubleclick.net 8 redirects stats.g.doubleclick.net securepubads.g.doubleclick.net googleads.g.doubleclick.net googleads4.g.doubleclick.net cm.g.doubleclick.net	195 KB
18	prntscr.com st.prntscr.com image.prntscr.com Failed api.prntscr.com	82 KB
11	casalemedia.com 6 redirects htlb.casalemedia.com dsum-sec.casalemedia.com	9 KB
6	adnxs.com 4 redirects ib.adnxs.com	6 KB
6	twitter.com platform.twitter.com syndication.twitter.com	148 KB
5	googletagservices.com www.googletagservices.com	160 KB
4	amazon-adsystem.com c.amazon-adsystem.com	36 KB
4	ad4game.com cdn.ad4game.com ads.ad4game.com	105 KB
3	openx.net 2 redirects us-u.openx.net	831 B
3	2mdn.net s0.2mdn.net	197 KB
3	google.com www.google.com adservice.google.com	276 B
2	teads.tv 1 redirects sync.teads.tv	414 B
2	quantcount.com rules.quantcount.com pixel.quantcount.com	554 B
2	google.de www.google.de adservice.google.de	272 B
2	facebook.net connect.facebook.net	67 KB
2	consensu.org quantcast.mgr.consensu.org	65 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	prnt.sc prnt.sc	21 KB
1	facebook.com www.facebook.com
1	quantserve.com secure.quantserve.com	9 KB
120	21

	Domain	Requested by
18	pagead2.googlesyndication.com	prnt.sc 7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
16	st.prntscr.com	prnt.sc st.prntscr.com
12	cm.g.doubleclick.net	8 redirects googleads.g.doubleclick.net
12	tpc.googlesyndication.com	prnt.sc 7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
10	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
6	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
6	googleads4.g.doubleclick.net	googleads.g.doubleclick.net
6	googleads.g.doubleclick.net	prnt.sc 7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com
5	www.googletagservices.com	ads.ad4game.com securepubads.g.doubleclick.net prnt.sc 7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com
4	7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	c.amazon-adsystem.com	ads.ad4game.com c.amazon-adsystem.com
4	platform.twitter.com	prnt.sc platform.twitter.com
3	us-u.openx.net	2 redirects googleads.g.doubleclick.net
3	s0.2mdn.net	7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com googleads.g.doubleclick.net
2	sync.teads.tv	1 redirects googleads.g.doubleclick.net
2	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
2	syndication.twitter.com	platform.twitter.com prnt.sc
2	www.google.com	prnt.sc
2	ads.ad4game.com	cdn.ad4game.com
2	api.prntscr.com	st.prntscr.com
2	connect.facebook.net	prnt.sc connect.facebook.net
2	cdn.ad4game.com	prnt.sc cdn.ad4game.com
2	quantcast.mgr.consensu.org	prnt.sc quantcast.mgr.consensu.org
2	www.google-analytics.com	prnt.sc www.google-analytics.com
2	prnt.sc	prnt.sc
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	htlb.casalemedia.com	cdn.ad4game.com
1	pixel.quantcount.com	prnt.sc
1	rules.quantcount.com	secure.quantserve.com
1	www.facebook.com	connect.facebook.net
1	secure.quantserve.com	quantcast.mgr.consensu.org
1	www.google.de	prnt.sc
1	stats.g.doubleclick.net	www.google-analytics.com
0	image.prntscr.com Failed	prnt.sc
120	35

This site contains links to these domains. Also see Links.

Domain
app.prntscr.com
prntscr.com
twitter.com
www.facebook.com
www.google.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-18` - `2021-07-18`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
quantcast.mgr.consensu.org Amazon	`2021-04-24` - `2022-05-23`	a year	crt.sh
*.ad4game.com Go Daddy Secure Certificate Authority - G2	`2019-11-17` - `2022-01-16`	2 years	crt.sh
*.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-05-26` - `2021-08-24`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-05-17` - `2021-08-09`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
teads.tv R3	`2021-06-04` - `2021-09-02`	3 months	crt.sh

This page contains 14 frames:

Primary Page: https://prnt.sc/14v89rs
Frame ID: A89FC7D7CC969B9E5B44CCCAD6B1FC5E
Requests: 52 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fprnt.sc
Frame ID: AB88EEFB6A82B7A7895D487ED95C66E4
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.06c6ee58c3810956b7509218508c7b56.en.html
Frame ID: B961A2498C3798DE797F284A43BD4B3B
Requests: 2 HTTP requests in this frame

Frame: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 5AB549C16E741C8E495ABBCC3C57C2F2
Requests: 1 HTTP requests in this frame

Frame: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D7D5B6203001EEB65D487A2989215A35
Requests: 1 HTTP requests in this frame

Frame: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 24411A7F4E98FCA723DB2A467B5227CD
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQg-LRwAIYv5yNqgEwAQ&v=APEucNV1v7usRcQrVZiNhF58TmHeKDJhkRWQ01c5OS-_5IDR1e1QBTvd9mWqB7lXzmJUZuAjUOKS8vMIbgblqco8jvnDuOhh359Se22urF_pkdrhoacLHrsiMyhM1-3xE1U5tf_nLAXbk_W6cxiP6fwIIZnMJNmwEKyMwJu5QNcgkH6iOtnvkaA
Frame ID: C3DCB2FA520511EF2BBCB50F8D3DEB2B
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BbLSQtePL3HJkjMW1hihq_ZRCaOXzApv1HS7fh-sR84vFcgod0gPhf8QSFI_iz6rexx5--8mCL3DjwFR0iYY0rTXqRrGJtI5TefFYskBMDovaJiO6ejNRUancHODD0OG4WF6oyKnuldhkjsbvscbyvm-WbCg&dbm_d=AKAmf-B-DIyt4PBEioyxlWp4FcTyLoKBWzQt9XMk6FfQBfFTWYhT5fjrMP5KHnsyJbxi_t806YS5m2QLJET1_Rz9jbiovPA73TROIFpcqZqUrygB9h195mS4PBC6uCsSzQnAtHC7eQKNvys9-9TlcEkpco-nwBcZ_wyx3nl2pZ6F4Dj_hugayzurX6c786uPuaSmmmbqU_oaCb9SYFqFesvcSJMOCN8xJp0b_QJu3XEV_faITNbB6y50E8NFi4KFkA-FVhzwwOekQoftHkQji4ZaYcxiY7gibwb49tsw8Hz3mcVtXEeF4tV05P29Hs0_KKPTzhqLqACPyDvGtComqm1QKAEHhefZJa1QFfZ6kAGD0OW2y76dYfQRmucK4JpAUSKJ3TWYHIs6s_uDJX74FwW9H0UTh-BN-38GdQHZkZw86z17X289G7nE8zNA3d73udVxg3J8wBK1JpvexmXLa1ABwlMNujjNN3bCXqD1apq0wO6un2dxlZ8rUootxAJPvzngTGHHsASm_ou8LanShbPygkN8GP2g69V1tJ80FoGeyTJVAnGoyGcjch3-Pg809Eb8iegauE5wVSXoaa5lYsW7BYc-sAjrbcr_y_3kUOEhQBben1IxQK9NwhBARDTf5cP2z5aNsZFuqmXJJzCrZ1oiIgc6rYie9t1EL8Gg9ly3wVs2Y070uawO4CaLMlC-CwyVCZuFUQHmswCNi4L4usI63iD93BCDltttAKDJb-eL_qsUIkNrqOaoI-uXt0bAQp-vMNk13Y_v1slipQ-_l4FcZ3HcCJ3q_3-m_1Onudodkph4Y8qmy3s3XdYhFACyNf3uKGzrFaynx94p-B61fVkjZ2yh7CYmUjar5WnshnkTtBo6IN6bwuVbv0gGU9JAVX-cbjBsaxMgZ-ZC_BLRqI9oPSKW6l7qJ61vkWliVB5F5p4XqMignYtvQyxLXEPCN0GATahyxevW9dfQm2v5wV3omDrrbr3ah9Iuq-B7JMGuqsx-G-ZMhQ-vGKENisIWoCl-EvdM5ZVrypY7wZTff8TnW6ASm3Ok3IsSrVk0zxnMLg5TLcvmWtOWZ_MnQ94OkHO0aAChLjcOWNim4-dZifhbHkwCQ2k4EU8p4z416PAh_xQ_RsXdBmwYD4X8sB_OMykcQXuFO8IGHn-wNf-c8cxLQJro2rmFuGEt9P7X7mZJIFJc-5Osc3tmp1oUQnyn9ratyTrgtsGqPS1RzUYKGmc26lNDzeQaJXC5bbFTwICdYBNCPp6BTyKGRuYLXpcz2GXrXqb6r_OhQQQo5cNRrIxB5gYM07uOPJo5u-G4fT0s6iuAmS82CsWPgwVxMg-zI7pJ6QwLJohCO8pe4wE505QBLt-SnXuSO0c04Yd45cxhbB72vHLY20Kcyj4qxWxhs_u2DvQltSlxDuYQCh1eDMzszEFzDOqJ_eMu83qezqhsIwvtvMv-JIlLWmRsY8C_gnePLrtWQAC3Arj8gAnU3rI3_2vVvAGvtG0QfEdg0ZkVANuyuh11oUeFg2Db3cyw6nADbF60iw5Qxib0KlrHTxjxx6g90zTCAjGcN2vvHvZ2yYh5Or4sz3jRid-Qa5xDR1-TsMy37ZbKg8-6XmI6_68e-FHSy25FP35ONAO_1hGi9bZTRlOdLV1vfw61MjG0SceJP6-6v7e7Hevl4LO2qlG_ud0IQPwJFGxkHIColsZL6N8x4YYsWuu0daTIawjUZt-BX3ycdciwQhDRUWpZqBqVTjen1mK-rfvQfTT8h0nr4SbZNyUSo7TMj6W09q5uJ_5H5dmAt3uuhCyoO-1ZCRIEwC4WGKspmp1k0WeinB5OuPbN2_HHeoR0wD0gAAxdKgvFkP5iBUccNTA1Ar4dgJaJWQJp3UDV0NCTyGTytwVH6DDZAr9_11sV9EtCirKNpQ7ZuI5XxWgy5I_Ep6U5hViez6cQb1METib_lZpkffPtafWZz_AY6k91L-I2go7QPU8aKj4iPSHoPxwIK6xYAnUJY-5S7P6VuUbs9G1cHN-qsk1xd26mkQXi_mrxrUmOA42b_PS5SFSAokNkkudZ58J-gSnxcODNeWZhL1MDS0suoJxUBjyc2bBGO_E081pDwMSo-5N6F5CoEf5_ZSOk6x2Fip4zUyVDUs59UNU1Ivt9198BUqs_n1HTE7eZ229Ge2eV6OUBmIMCHc7rkMnKQBd4jjLDeoIm4UJlNU1jlx3kH-e8s06rZ59wC2zwVqkuXdd4v_XdxW2gCyyLarraIQKW3znCrS70NIyDdg6ev35Q4BuUtGbocQzDwhpBz-Z4Ax_-JIm_HlT9Sw1nEnJUnPDbWwCeOBRs84_QiNW5bPrRQaRUrhuiJyIf1c4_0pnOgO-xk5t5YHR-RV7T9sy2QPLk9SCnpP0870hvbrJaUll5aVwoIPb-da3kwMIFf-6eT0jE8LCN0QPvFfHHeh1yYXBI-kPOdjzuBgi4YF0Wu2aWA-QMoKpuy0HS7mPfaKCk136-LWV-g1NeoBnNbqA-9WDwvU-JEL0Et4gAEHrI3kcPkhjfO-l75Klpaw3HlUB00lbdoQZT7IkcWEnwq48sBzahPMLit7EVTKuAJJM6p1RoPR5okCXZG9smOKvpjFO_XhXzZxYYVFPdM-QHPKgm-v1KoTbse_phqiRV2T0O2juEp_bzxJRyrotfbwZVWz0zEDW3OAP4wBlG867z9FtPNtWQWlu4-Zmjb2Uy1AUaq4gxWzuQlEbO_5w7B8m0Z1BBtUEhQZudIQvKedVD2r1GtDvE_OWFBIP73HV5Db3du-cF0-woCr62xsS3Jod0Ae1Pggk2_kTbSJLsIfWhX6XqH3gn4BGIyZzqrxgp8qutO3aHLGMee2yRlt6VBRDeuVVyeG8CJUi2Bym3IU_cGuTQTLxvkwpKHCGjQWbQJDqpIeMnpXauPBuiYoqWwCPhcmO7pfzUhtmIkbDEdx5oKYa3xK_FCHsaR-FKs0a4C53iBKBn7xsnhzj4PTfmuRNIeggT7rwuNKtxuoawL-43CzGlu1ZNXUiHWCqJrpTEPX5Ujl3p77SZPFel4UImUoXQm4FMtN0PlJ5BCIZHIRoClKzAttW108--8hJRRbxV8gYWWVU5hjkmgFOdqRw&cid=CAASFeRoxYdi-LbRwoZ2vEp9JYquHv9Qeg&rfl=2%2Chttps%253A%252F%252Fprnt.sc%252F%240
Frame ID: 6002A47FD533C02EDFFD4BD0DC5659EA
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQg-LRwAIYv5yNqgEwAQ&v=APEucNX-gfgmLPaN4qxOqqPeWcYZwyzNrvG-Yv7Z7zhPZzYo4_hp8h0AFDiiCIany3HklobMxqokYyhXDox63ICsyJmHA4nHwG5AryOEx2NE1gVQz4rg-wytaU6f9f5TtHIx23ZOsWE-mor1VIA4SnWcodxbcezqLI7CUUqP-jgJwvn3MtGc4Ow
Frame ID: C8E1F3CF183AEAB3B0C98BD45BE84D9F
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bn7tHTOgueEM_v7II7VyJl3-sVg607DzOQqvR8yV3OVhJv_IsoW88M_2u5-g8U5a6wWBe9i5WumnwcvbnoH8LSmUpMFkoTFlatZnUhaAvbipVlfE7oiWev4Dd6xdu6HBZClBaYsgDC1f16AZWZ6US4te7h9A&dbm_d=AKAmf-DJiOinqkecBcvuonVoUcJVK3mLjyZSA_C1-QzvTpZIVhduphXonp0Uw1HOi0tlSsjkLONjoYWRh74Td78SRUkVTJZSlkXKDQmUCTPh7tFSRHnTtT_d7mlNbIzp_2BNG8s4M_J101tlpU9zCdukW69tVTF6tW8YIBQJr0DWD8xV-0FmQNdOpnKOBQyNU7bdBvBp5XOirYm1suCzXIO8Ud3M5sDUm_GOO2tgCHyPqko1TwaVPK_1rq3t50jaBphrpmCL58w2uZWAYMSK6oEJkI21rvFIoFBvrZ5gAe1VcvlVFxWV8Xz0kFQM34ZUaNcDWSg9qQg5zBFXRO37-f0VFOqIozbTca6Y3EuyGxJMpBsV8SdJWh1AysJk0XITR8MV7ajzlJa-qFyKQlz9kw2EKXdyIF4QaG_XmK0d4AIU-SFk4-lgCBT0RrlylbJHOKngLucJHKjTdN19LwsqijAkdG1W-DbMObxJOfIvRqFpEPljEoDPOuK8NR_BqSXL94cY8e2xWZqqvWtz_iWcbV2rL-F5O8UdoG4mOE0doT3Huro4KIVaVFeHLp03GtpimiRv7tlkjXGAeH02bx1Iv73g4ZkwKWeX883RAcNqQsb5-nYUfwDVgsD58ASDQbyjUUP8t10aQiRxJAaDjjObq-jMbRrz-1ZhChhxljPjBUS5NkJaI0C2xY65pbVyTh7TOAWs3zxNcEbdM_LGDvWTBtF4Wco5nx9btegXxJUUgmz3am_T8VOOenWnUzP9aNoecevB4YLhbYtQfBD_9zDjxapwMoIvC17B5g4apre-P_BXic440ST37jBHGjQpomBX6erp46cLS6NZX5iIVIpl-8l5mEPPWW1Sj6IMeTyVjhmHjo4Qqvy_RHjGEFkP7GPsYpquHN5ZLiWW2JMJSMkZv1F47vO2dWZBa1VQql7KXalatWuvlLDoYVgYvfIds4F8q2dbeWyLhgwGTRk8hgy0yDFtjtLLA7FLKjMfEMpCU1BEV-TV5vpqbCKLYLczzMg6f6M8dSm6O7MdR5rA7axFJlFYeMonMfyrJN5x5rz0Ow7No4eV_j5yDp-TkT9oBtyAhsY0DiBVV-LwvYDNKYkWxHFHVwEm0pKwYTUSt75jFZOVddfuAScxOIYqGnMqbIs2vasp_I_7UoAG_Poag2JZTA-eWQPqTuKQbnZ_g-ABKtPlbjfkbMrKCBRGjJGtCednQ29BNkFYtMXwXXYW34JFpdV0Nr-bWketSiRXaeGjKaKLi63FWcepC3kFAm_A8czJDDpoNM-oCV1EzfuxthRY6il-FGawJP3He6gKybpiMnrNdIlByxUs-5jka9BcRKbd4jk-PuPOJi0ZzNiaVy6jWWmkcyH-zuC7oYibHpXMZmPuxB22nZf_BXVMvNUoMcfUis4YlmPaPLdXSQCTg6lIX_tWQPFKoCbDERBfUN8c3GUgY2ZaZrqQLXkb-pyiBDrfuSD0sQIXITl6ZWBAX3NPq2VfPPwSf3wARRfZM0hAnsSkzBlzgjMrGoh8W9jhMKcUyaW1XIIA_uJsiwKYCVec7me6bGebMmAIt_h8QBS3Ew6sTykFzxhFVm73J8RSJcX8YA-6P71Xo_SAkOhqpqzBnS9kfjfWG30-O7eO1A7x7JByZ5BesNjLSAv8fJMZK9B0t6oNEQRrBXyKT5zL4-4oVXDPmNbFZsWw6tQBPe3g0qGguchLowjh6KZX0qGsaODOWpmoSmApRZ62zkHwcmjhmCszy_bIlOALkmvGc5y7OZjzN3R8msdOIuymcv25JTSyF9hmX1HbdaoGTCADQav0PQrxC5R3kwOdEddYR_Vm4lsCwA6DIG7G48HWoujP_saTmKD8ZU2rZPnLRNVKMZL0O0OdrTI9jpeYTwjMsfRHkBi0Krh2S6fD-75It9EkXOhvzaWcHQ7ZaoctFY_6N-1FfPKoMRfCEAQLJWA4VcBXsCqPLrkS0LfLSx5uPO3cC2EFhZ_yHZlzEWlLNCl3YoEt4iRJpGCB6GSXI3sN7vGb01oZG02ZSCKBIGsLS2k9qKALEFLsrcm14uDPT0naEJWjWIZKC45U6c8xeFJWksI_LdQqvIlro96-mNWWPe2VOa2xI6VXlwabDfAdsY8gbH7TwCwqQz-yh5iTonweUokUsWSwbskuDweGAbR9npDwwxqVNoEvOLE-tEhMB1DvM4Qy4UzV2CPfFi6rSBiW1CJQYEY6JBBZqwpSpiUEtpxNmLuxmap5qUv8PRia-3MzaDdM4_2AlmxN0LzrzgDXPQSybXDq5C3Elwzd2gC7dd83ULqSqR_j5sNmz4VCZnlveCIN-XxABCEvI3KMlpRywdlS2OmO9UpGVCpQZN5ubQJrTBXPAsAuFc7ReyuygnYK5wkbqMgR-l0mhBlKYMeY67_uzD5dcYlbrjtC-InYXJacLyieKEbAZKmfGNz-PAZc4TIf3bolXB8-tp7GG4udNKQcYhiM7RedHx1Bjqw1bNlnyaRpLuHCIsiY9Y3CQ0ePGDbT3ADWo0nGZJxy2by9dw9_Llo5h5IikHzKv7YyfWivZ_HxCzm5m9lM5yAmpUeZD9KpNVUmQEY-jGn26FL_R0MoFucpM34m-i99FW961FbrduOzh1uOK51ZnUIlhEQ24uzAsHcIQ6B5XfX7oOxm1sa7qFN_M8ufYsWXOWAYzaNEYdrr602hLl-Z7tHE7R0WitgD6y3iRZLRU1feTnT7dJYhetKX7MQJCNll3IjsbHQd0IfJQ0iWN417lCXEGQnebTS_UULmd0OpEI0T0D-dQyvIksoyjYb7uwO3hbevKD4EqwuKs9yVqnqWkSAiYcqstseBX168aNvQ7M530m0i8FjOdTJQF2ga2MjsPKkozQ5a001QMlpGfIvlTp7r3iEo3CKXdSTKdTG8KgnGwrXiQvbushoW7Y9JePZQf2siFA1lYSYo5I_QMPMdK8xCz2lDlCng00nk4_xvzTX3WsNmpYcRttONoWZexSmB4zdfyKkz_jtNAqIQaGt3j5fsyqP3oSH7cTe7nRAxRDID3xpAEYliUA9JvVwoZh8BR9MI25GEY883PK0tfL3iCr4k_mKuqEPE5uEC1763zMlZUxMzEb4wGY1UF9qP7xK-dK1yip_fHMpSa8N5ITvBol6G&cid=CAASFeRoBCsJ7D1EE-X5oXyrC5UI6bMYUg&rfl=2%2Chttps%253A%252F%252Fprnt.sc%252F%240
Frame ID: FD1B043F9626937217F5856F0A64272D
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQg-LRwAIY86mNqgEwAQ&v=APEucNUYPtSg-ppizMxiCj8k_sC7PaemKk5ykZWCO5attwUDbTKC9T9k9agy8DFdOK7XhS02Ka0ckP4kmQyujy9sDUOikxNpzlr5PttxezdU7ozgXH7Y7cCRfqOj6PwVRTGfX1bRKN8JoPAxqjnUI-XBkIQDBtj9nEquhJog_UP1AGyqwvMrfWw
Frame ID: AEB8B4361C50B9A71EB9823812B5D4FB
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: FBAEDFD2601656F5F195597DA4CDC5EF
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 654F1FBF4DC06DE79F2FD5BFFAC78C77
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: EEFF10BCB05F8D53D6224484DB79761B
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /\/prebid\.js/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

120
Requests

99 %
HTTPS

58 %
IPv6

21
Domains

35
Subdomains

34
IPs

4
Countries

1263 kB
Transfer

3244 kB
Size

0
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://app.prntscr.com/translate-lightshot.html
Title: Add your language

Search URL Search Domain Scan URL

URL: https://prntscr.com/gallery.html
Title: Sign in

Search URL Search Domain Scan URL

URL: https://twitter.com/Light_shot

Search URL Search Domain Scan URL

URL: http://www.facebook.com/Lighshot

Search URL Search Domain Scan URL

URL: https://app.prntscr.com/
Title: Captured with Lightshot

Search URL Search Domain Scan URL

URL: http://www.google.com/searchbyimage?image_url=https://image.prntscr.com/image/uFtX-oiqQUKd1uueeuW7Eg.png
Title: find similar

Search URL Search Domain Scan URL

URL: https://app.prntscr.com/download.html
Title: Download

Search URL Search Domain Scan URL

URL: https://app.prntscr.com/tutorials.html
Title: Tutorials

Search URL Search Domain Scan URL

URL: https://app.prntscr.com/privacy.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://app.prntscr.com/faq.html
Title: FAQ

Search URL Search Domain Scan URL

URL: https://app.prntscr.com/help.html
Title: Help

Search URL Search Domain Scan URL

URL: https://app.prntscr.com/advertise.html
Title: Advertise

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 93

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED7lGve57W8g4h1IN7eeEII&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED7lGve57W8g4h1IN7eeEII&google_cver=1&C=1

Request Chain 94

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMJgl3q71XOdxsytNSDesAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED7lGve57W8g4h1IN7eeEII&google_cver=1

Request Chain 95

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEHHOCfsyNSvY-UhxlP2t5S8&google_cver=1

Request Chain 96

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc3MTY0NDY1NzQ1NDY4Nzg5MA%3D%3D

Request Chain 97

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENBFUg38YDKXmGgTuAeDadE&google_cver=1

Request Chain 98

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MGY1NzQyYzMtN2VmMy0yMzEzLWQzNzUtMGYyY2QyYjM0OTI2

Request Chain 99

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEF9RGJB3L0QzWDI_3Sq1smI&google_cver=1

Request Chain 100

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=M2JlZGFjYWNlN2MyOTU0Yjk0NmNkYjYyYTc2OTg2NDgyMjhjMDUxZA==

Request Chain 101

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED7lGve57W8g4h1IN7eeEII&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED7lGve57W8g4h1IN7eeEII&google_cver=1&C=1

Request Chain 102

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMJgl3q71XOdxsytNSDesAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED7lGve57W8g4h1IN7eeEII&google_cver=1

Request Chain 103

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEHHOCfsyNSvY-UhxlP2t5S8&google_cver=1

Request Chain 104

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc3MTY0NDY1NzQ1NDY4Nzg5MA%3D%3D

120 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 14v89rs Show response
prnt.sc/ 16 KB
5 KB 241ms
187ms Document
text/html 104.26.14.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://prnt.sc/14v89rs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.14.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

851ee4c02ef1ce0d27c629dc91e1bcd5176a6b2b0a86fc53544f701ae34b11f1

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: prnt.sc
:scheme: https
:path: /14v89rs
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:25 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
cf-cache-status: DYNAMIC
cf-request-id: 0a98e25f6a000054d04faca000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=nZNz%2FFB2uBStpKNsXqMxu9mdA40ZynpuHk2Nl9bS%2BkTr2dAFfB7r0kYubCGErLdz4iW3TPuVuEw3mGZbvdOOhi0wNtYK11CkwsLZWcCV8AsOQAQX"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 65d4d3457b1454d0-MAN
content-encoding: br

GET
H2 200 main.css
st.prntscr.com/2021/04/08/1538/css/ 57 KB
9 KB 68ms
29ms Stylesheet
text/css 104.23.139.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://st.prntscr.com/2021/04/08/1538/css/main.css
Requested by: Host: prnt.sc
URL: https://prnt.sc/14v89rs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b67ae2416a166f4238581097d4ce984a69d9662aab12ecc4b2b881c45164e36

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:25 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 08 Apr 2021 15:39:37 GMT
server: cloudflare
age: 1534
etag: W/"606f23b9-23b6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1800
cf-ray: 65d4d346eed80857-CDG
cf-request-id: 0a98e2604d000008578d136000000001
expires: Thu, 10 Jun 2021 18:55:26 GMT

GET
H2 200 jquery.1.8.2.min.js Show response
st.prntscr.com/2021/04/08/1538/js/ 91 KB
32 KB 76ms
37ms Script
application/javascript 104.23.139.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://st.prntscr.com/2021/04/08/1538/js/jquery.1.8.2.min.js
Requested by: Host: prnt.sc
URL: https://prnt.sc/14v89rs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:25 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 08 Apr 2021 15:39:37 GMT
server: cloudflare
age: 1020
etag: W/"606f23b9-827c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 65d4d346eeda0857-CDG
cf-request-id: 0a98e2604e00000857aeb3b000000001
expires: Thu, 10 Jun 2021 18:54:23 GMT

GET
H2 200 script.mix.js Show response
st.prntscr.com/2021/04/08/1538/js/ 69 KB
23 KB 69ms
31ms Script
application/javascript 104.23.139.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://st.prntscr.com/2021/04/08/1538/js/script.mix.js
Requested by: Host: prnt.sc
URL: https://prnt.sc/14v89rs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45b8a13dcb32541a7703dec7eba4c4195cb62ed00029c2ea5a0b61fd16864b55

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:25 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 08 Apr 2021 15:39:37 GMT
server: cloudflare
age: 1062
etag: W/"606f23b9-5e6a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 65d4d346eee00857-CDG
cf-request-id: 0a98e2604e000008579b32b000000001
expires: Thu, 10 Jun 2021 18:55:53 GMT

GET uFtX-oiqQUKd1uueeuW7Eg.png
image.prntscr.com/image/ 0
0

GET
H2 200 14v89rs
prnt.sc/ 16 KB
16 KB 120ms
119ms Image
text/html 104.26.14.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://prnt.sc/14v89rs

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.14.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

:path: /14v89rs
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: prnt.sc
referer: https://prnt.sc/14v89rs
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://prnt.sc/14v89rs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:25 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=RbVMPTpgYzTy4sbxSEu8hsPQ8u8PTdYdqyu6Yep9%2FezJ9zvCiBD2ZlNuXFdfh43EWKO1YN1tW1DK61mX%2F5%2F%2BWTtnQBHErXNHOodHhcFSIrm8uw6B"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 65d4d3474f3354d0-MAN
cf-request-id: 0a98e2608d000054d0a1b83000000001

GET
H2 200 image-helper.js Show response
st.prntscr.com/2021/04/08/1538/js/ 3 KB
1 KB 29ms
29ms Script
application/javascript 104.23.139.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://st.prntscr.com/2021/04/08/1538/js/image-helper.js
Requested by: Host: prnt.sc
URL: https://prnt.sc/14v89rs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 83817752fb260ff66b3bca1471bb20dbb6a1e6a17174c657efe0912ad161b382

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:25 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 08 Apr 2021 15:39:07 GMT
server: cloudflare
age: 1507
etag: W/"606f239b-a2f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 65d4d3472f590857-CDG
cf-request-id: 0a98e26074000008578d138000000001
expires: Thu, 10 Jun 2021 18:58:04 GMT

GET
H2 200 footer-logo.png
st.prntscr.com/2021/04/08/1538/img/ 630 B
834 B 37ms
36ms Image
image/webp 104.23.139.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.prntscr.com/2021/04/08/1538/img/footer-logo.png
Requested by: Host: prnt.sc
URL: https://prnt.sc/14v89rs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bca2c1abcf4b76a46306bc7f1a607a459371ccf5e7213aae988c33b4dabb1758

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:25 GMT
cf-cache-status: HIT
age: 1175
cf-polished: origFmt=png, origSize=1848
content-disposition: inline; filename="footer-logo.webp"
content-length: 630
cf-request-id: 0a98e2608900000857aeb41000000001
last-modified: Mon, 05 Sep 2016 15:49:19 GMT
server: cloudflare
etag: "57cd93ff-738"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Thu, 10 Jun 2021 18:41:21 GMT
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 65d4d3474fb40857-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 jquery.smartbanner.css
st.prntscr.com/2021/04/08/1538/css/ 4 KB
1 KB 30ms
30ms Stylesheet
text/css 104.23.139.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://st.prntscr.com/2021/04/08/1538/css/jquery.smartbanner.css
Requested by: Host: prnt.sc
URL: https://prnt.sc/14v89rs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d91d13fd8f9d253a8213aeee7ebaa7e073683fc600a3d82902c3c669b8ffdee7

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:25 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 08 Apr 2021 15:39:31 GMT
server: cloudflare
age: 1542
etag: W/"606f23b3-ef0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1800
cf-ray: 65d4d3472f720857-CDG
cf-request-id: 0a98e2607c0000085775bc1000000001
expires: Thu, 10 Jun 2021 18:56:44 GMT

GET
H2 200 jquery.smartbanner.js Show response
st.prntscr.com/2021/04/08/1538/js/ 8 KB
3 KB 39ms
38ms Script
application/javascript 104.23.139.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://st.prntscr.com/2021/04/08/1538/js/jquery.smartbanner.js
Requested by: Host: prnt.sc
URL: https://prnt.sc/14v89rs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b185d89e437f1591af8c51d5e6dad41d3666e22a81931ee9df22e2cfdacaddb

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:25 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 08 Apr 2021 15:39:37 GMT
server: cloudflare
age: 839
etag: W/"606f23b9-aec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 65d4d3474fb30857-CDG
cf-request-id: 0a98e2608900000857bf2e0000000001
expires: Thu, 10 Jun 2021 18:58:19 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 4713
date: Thu, 10 Jun 2021 17:38:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Thu, 10 Jun 2021 19:38:52 GMT

GET
H2 200 choice.js Show response
quantcast.mgr.consensu.org/choice/n-ZGqfdsg5894/prnt.sc/ 3 KB
2 KB 80ms
33ms Script
application/javascript 2600:9000:218c:9c00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/choice/n-ZGqfdsg5894/prnt.sc/choice.js
Requested by: Host: prnt.sc
URL: https://prnt.sc/14v89rs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:218c:9c00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9bd7952daefc70291b0a0bc163e80b8654b7600d1c590f24fa57a5cb8a218964

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Thu, 10 Jun 2021 18:57:25 GMT
content-encoding: br
last-modified: Wed, 10 Feb 2021 21:13:06 GMT
server: AmazonS3
x-amz-cf-pop: CDG50-P1
etag: W/"9074c1a966aada274b63c92859c4a3ec"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 f71686f416809921055425c79026dd71.cloudfront.net (CloudFront)
cache-control: max-age=900
cross-origin-resource-policy: cross-origin
x-amz-cf-id: omKASNrtCPPj46KqFFbXpsRquhf4exIRiyh7nUNBtageVq1J2BXpjw==

GET
H2 200 page-bg.png
st.prntscr.com/2021/04/08/1538/img/ 5 KB
6 KB 35ms
34ms Image
image/webp 104.23.139.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.prntscr.com/2021/04/08/1538/img/page-bg.png
Requested by: Host: st.prntscr.com
URL: https://st.prntscr.com/2021/04/08/1538/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86a1b8f94f48c4e82d2616d4c581f10a34ff447a2bd95be08714fa0d19ba3f51

Request headers

Referer: https://st.prntscr.com/2021/04/08/1538/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:25 GMT
cf-cache-status: HIT
age: 1460
cf-polished: origFmt=png, origSize=7116
content-disposition: inline; filename="page-bg.webp"
content-length: 5608
cf-request-id: 0a98e2608a000008576e331000000001
last-modified: Thu, 08 Apr 2021 15:39:37 GMT
server: cloudflare
etag: "606f23b9-1a7b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Thu, 10 Jun 2021 18:56:57 GMT
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 65d4d3474fb90857-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 header-logo.png
st.prntscr.com/2021/04/08/1538/img/ 4 KB
4 KB 42ms
42ms Image
image/webp 104.23.139.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.prntscr.com/2021/04/08/1538/img/header-logo.png
Requested by: Host: st.prntscr.com
URL: https://st.prntscr.com/2021/04/08/1538/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40ec0b04019845302a5052b4689b5d3477c9717dca73243e5faf7cf98f3af564

Request headers

Referer: https://st.prntscr.com/2021/04/08/1538/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:25 GMT
cf-cache-status: HIT
age: 1460
cf-polished: origFmt=png, origSize=7995
content-disposition: inline; filename="header-logo.webp"
content-length: 4148
cf-request-id: 0a98e2608a0000085748803000000001
last-modified: Thu, 08 Apr 2021 15:39:37 GMT
server: cloudflare
etag: "606f23b9-1e52"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Thu, 10 Jun 2021 18:49:40 GMT
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 65d4d3474fba0857-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 button-download.png
st.prntscr.com/2021/04/08/1538/img/ 314 B
492 B 37ms
36ms Image
image/webp 104.23.139.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.prntscr.com/2021/04/08/1538/img/button-download.png
Requested by: Host: st.prntscr.com
URL: https://st.prntscr.com/2021/04/08/1538/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e926f30958d0c21d088e6a671d3356a3c3fab9cc6220b8e408f19d868a7dc5c8

Request headers

Referer: https://st.prntscr.com/2021/04/08/1538/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:25 GMT
cf-cache-status: HIT
age: 839
cf-polished: origFmt=png, origSize=1404
content-disposition: inline; filename="button-download.webp"
content-length: 314
cf-request-id: 0a98e2608e00000857693b0000000001
last-modified: Thu, 08 Apr 2021 15:38:42 GMT
server: cloudflare
etag: "606f2382-57c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Thu, 10 Jun 2021 18:56:32 GMT
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 65d4d3474fc50857-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 button-icon-sep.png
st.prntscr.com/2021/04/08/1538/img/ 40 B
221 B 50ms
50ms Image
image/webp 104.23.139.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.prntscr.com/2021/04/08/1538/img/button-icon-sep.png
Requested by: Host: st.prntscr.com
URL: https://st.prntscr.com/2021/04/08/1538/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b6a1120cc303b1c6ee6d548a5b418c2707b59de0c1f13c8ab870ca4e734b6acc

Request headers

Referer: https://st.prntscr.com/2021/04/08/1538/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:25 GMT
cf-cache-status: HIT
age: 1506
cf-polished: origFmt=png, origSize=928
content-disposition: inline; filename="button-icon-sep.webp"
content-length: 40
cf-request-id: 0a98e2608b000008579e121000000001
last-modified: Thu, 08 Apr 2021 15:38:42 GMT
server: cloudflare
etag: "606f2382-3a0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Thu, 10 Jun 2021 18:49:36 GMT
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 65d4d3474fcb0857-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 icon-twitter_gscale.png
st.prntscr.com/2021/04/08/1538/img/ 374 B
583 B 35ms
35ms Image
image/webp 104.23.139.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.prntscr.com/2021/04/08/1538/img/icon-twitter_gscale.png
Requested by: Host: st.prntscr.com
URL: https://st.prntscr.com/2021/04/08/1538/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5a3a63b2ac124cb9a194ec01ea1f0d3123e4019bf658c6f47a77b4faea84c079

Request headers

Referer: https://st.prntscr.com/2021/04/08/1538/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:25 GMT
cf-cache-status: HIT
age: 1107
cf-polished: origFmt=png, origSize=1535
content-disposition: inline; filename="icon-twitter_gscale.webp"
content-length: 374
cf-request-id: 0a98e2608d000008578098e000000001
last-modified: Thu, 08 Apr 2021 15:38:42 GMT
server: cloudflare
etag: "606f2382-5ff"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Thu, 10 Jun 2021 18:55:19 GMT
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 65d4d3474fce0857-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 icon-facebook_gscale.png
st.prntscr.com/2021/04/08/1538/img/ 296 B
605 B 36ms
36ms Image
image/webp 104.23.139.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.prntscr.com/2021/04/08/1538/img/icon-facebook_gscale.png
Requested by: Host: st.prntscr.com
URL: https://st.prntscr.com/2021/04/08/1538/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a093d2047e1a59b7103810b947780e5f94d865915cb923ebcaa7e50f557c2102

Request headers

Referer: https://st.prntscr.com/2021/04/08/1538/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:25 GMT
cf-cache-status: HIT
age: 1460
cf-polished: origFmt=png, origSize=1325
content-disposition: inline; filename="icon-facebook_gscale.webp"
content-length: 296
cf-request-id: 0a98e2608c0000085784125000000001
last-modified: Thu, 08 Apr 2021 15:38:42 GMT
server: cloudflare
etag: "606f2382-52d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Thu, 10 Jun 2021 18:40:50 GMT
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 65d4d3474fd20857-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 async-ajs.min.js Show response
cdn.ad4game.com/ 3 KB
2 KB 29ms
6ms Script
application/javascript 151.139.242.3
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ad4game.com/async-ajs.min.js
Requested by: Host: prnt.sc
URL: https://prnt.sc/14v89rs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.242.3 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: dc9f7cdaabb3201fd2ead8c0cfd974710305362d0ea77c96069cb189796d6238

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-servername: ads.ad4game.com\ 80\ 81
date: Thu, 10 Jun 2021 18:57:25 GMT
content-encoding: gzip
referrer-policy: no-referrer
last-modified: Mon, 07 Jun 2021 11:21:33 GMT
server: nginx
x-serveraddr: 10.100.0.151
etag: W/"60be013d-ca8"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
x-host: ads.ad4game.com
accept-ranges: bytes
content-length: 1451

GET
H2 200 icon-edit.png
st.prntscr.com/2021/04/08/1538/img/ 214 B
392 B 36ms
36ms Image
image/webp 104.23.139.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.prntscr.com/2021/04/08/1538/img/icon-edit.png
Requested by: Host: st.prntscr.com
URL: https://st.prntscr.com/2021/04/08/1538/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb09c3720b53d8651d6f5825cf643e6249aefbe82a1ba1417d230cdb9b36cba6

Request headers

Referer: https://st.prntscr.com/2021/04/08/1538/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:25 GMT
cf-cache-status: HIT
age: 890
cf-polished: origFmt=png, origSize=3153
content-disposition: inline; filename="icon-edit.webp"
content-length: 214
cf-request-id: 0a98e260af00000857c3315000000001
last-modified: Thu, 08 Apr 2021 15:38:42 GMT
server: cloudflare
etag: "606f2382-c51"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Thu, 10 Jun 2021 19:06:08 GMT
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 65d4d347788f0857-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 icon-camera.png
st.prntscr.com/2021/04/08/1538/img/ 158 B
333 B 41ms
41ms Image
image/webp 104.23.139.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.prntscr.com/2021/04/08/1538/img/icon-camera.png
Requested by: Host: st.prntscr.com
URL: https://st.prntscr.com/2021/04/08/1538/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8bfd2fa3b3b5924e3655bcf9f63427e792bd8572b7ed0992373bdb4b21c7cb89

Request headers

Referer: https://st.prntscr.com/2021/04/08/1538/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:25 GMT
cf-cache-status: HIT
age: 890
cf-polished: origFmt=png, origSize=1089
content-disposition: inline; filename="icon-camera.webp"
content-length: 158
cf-request-id: 0a98e260b00000085780994000000001
last-modified: Thu, 08 Apr 2021 15:38:42 GMT
server: cloudflare
etag: "606f2382-441"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Thu, 10 Jun 2021 18:47:13 GMT
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 65d4d34778930857-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 icon-abuse.png
st.prntscr.com/2021/04/08/1538/img/ 126 B
340 B 34ms
34ms Image
image/webp 104.23.139.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st.prntscr.com/2021/04/08/1538/img/icon-abuse.png
Requested by: Host: st.prntscr.com
URL: https://st.prntscr.com/2021/04/08/1538/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2875a6fc4266fec00a383377cb4530b6407912897b0727e26249d89c6dfe0359

Request headers

Referer: https://st.prntscr.com/2021/04/08/1538/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:25 GMT
cf-cache-status: HIT
age: 1276
cf-polished: origFmt=png, origSize=327
content-disposition: inline; filename="icon-abuse.webp"
content-length: 126
cf-request-id: 0a98e260ac000008574e205000000001
last-modified: Thu, 08 Apr 2021 15:38:42 GMT
server: cloudflare
etag: "606f2382-147"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Thu, 10 Jun 2021 18:59:44 GMT
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 65d4d34778950857-CDG
cf-bgj: imgq:100,h2pri

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 28ms
13ms XHR
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1041837494&t=pageview&_s=1&dl=https%3A%2F%2Fprnt.sc%2F14v89rs&ul=en-us&de=UTF-8&dt=Screenshot%20by%20Lightshot&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1307224286&gjid=230187772&cid=1954356339.1623351446&tid=UA-12353127-1&_gid=278561342.1623351446&_r=1&_slc=1&z=292462210

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:25 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://prnt.sc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6c886829900e15065d82d7d2d1be325aadb12483443f7e1a558558841a42f2fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 2qQN33nAIXKNNK25EO3FVA==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1782
x-fb-rlafr: 0
x-fb-debug: TnNgkaW1j0nLAbKt4axw8zK3Qkxrwp2mUGxrFWJJGht9XlqZ3cFjF9/Po9xU/EJeFJRbCfQsHK3GK6ta+QmMYg==
x-fb-trip-id: 686109401
x-fb-content-md5: 7fafe31a0002a272615bee2b70d15bf6
x-frame-options: DENY
date: Thu, 10 Jun 2021 18:57:25 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "328dcf3fb77fce3c3676d7237f2e8df2"
timing-allow-origin: *
priority: u=3,i
expires: Thu, 10 Jun 2021 19:06:39 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 27ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: prnt.sc
URL: https://prnt.sc/14v89rs
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6727) /
Resource Hash: a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 18:57:25 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 1413
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length: 28779
x-tw-cdn: VZ
Last-Modified: Wed, 28 Apr 2021 17:57:32 GMT
Server: ECS (frb/6727)
Etag: "9eb59e5602fef4b3ebf6090856ff21db+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800

OPTIONS
H2 204 /
api.prntscr.com/v1/ Frame 0
0 369ms
367ms Preflight 104.23.139.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.prntscr.com/v1/
Protocol: H2
Server: 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://prnt.sc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 10 Jun 2021 18:57:26 GMT
access-control-allow-origin: https://prnt.sc
access-control-allow-credentials: true
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-request-id: 0a98e260c500003317d2bed000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 65d4d347a88d3317-CDG

POST
H2 200 / Show response
api.prntscr.com/v1/ 92 B
330 B 339ms
338ms XHR
application/json 104.23.139.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.prntscr.com/v1/
Requested by: Host: st.prntscr.com
URL: https://st.prntscr.com/2021/04/08/1538/js/jquery.1.8.2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.23.139.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9c9935e1daafc929a9866a206e769e084cd83f19d436ca22887adc2798408646

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 10 Jun 2021 18:57:26 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://prnt.sc
access-control-allow-credentials: true
cf-ray: 65d4d349efcc0857-CDG
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-request-id: 0a98e2623300000857590e6000000001

GET
H3-29 200 all.js Show response
connect.facebook.net/en_US/ 221 KB
65 KB 10ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=75b75f29a83126f571712243b8bfa307&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

444173b48f18d3e5e0d2caa5e248c120dd6f732f167538c168aea0182e9237d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://prnt.sc
Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 4B8H3b1cPYDWaHenY6ZKLw==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 66226
x-fb-rlafr: 0
x-fb-debug: RbgvfHtTF9AQzhr34Cvwac5ua9Se/6Ch5szKnZMlvGzFwk8S7UdmkbEksBC+GJrpxI4h63M4j0brRR++6mJ+NA==
x-fb-content-md5: ff60fb4e498a8690046bdb83c15bcec6
x-frame-options: DENY
date: Thu, 10 Jun 2021 18:57:25 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "d00964893572c6466e85b705769c135f"
timing-allow-origin: *
priority: u=3,i
expires: Fri, 10 Jun 2022 18:21:00 GMT

GET
H2 200 prebid.js Show response
cdn.ad4game.com/ 261 KB
98 KB 9ms
9ms Script
application/javascript 151.139.242.3
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ad4game.com/prebid.js
Requested by: Host: cdn.ad4game.com
URL: https://cdn.ad4game.com/async-ajs.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.242.3 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: 733f44e4d42f00e0a8c267d516e9f6939d36f65ceb3bf851998475b9f6650d3f

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-servername: ads.ad4game.com\ 80\ 81
date: Thu, 10 Jun 2021 18:57:25 GMT
content-encoding: gzip
referrer-policy: no-referrer
last-modified: Fri, 28 May 2021 08:02:31 GMT
server: nginx
x-serveraddr: 10.100.0.151
etag: "60b0a397-412ac"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
x-host: ads.ad4game.com
accept-ranges: bytes
content-length: 99905

GET
H/1.1 200
OK async-ajs.php Show response
ads.ad4game.com/www/delivery/ 9 KB
3 KB 415ms
108ms Script
text/javascript 192.207.255.147
AS-MNX

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.ad4game.com/www/delivery/async-ajs.php?v=1&cb=a4g3892925&h=0&siteurl=https%3A%2F%2Fprnt.sc%2F14v89rs&c=UTF-8&z=60918,70076,60916&b=7&x=7
Requested by: Host: cdn.ad4game.com
URL: https://cdn.ad4game.com/async-ajs.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.207.255.147 , United States, ASN62821 (AS-MNX, US),
Reverse DNS: haproxy2.ad4game.com
Software: nginx /
Resource Hash: 657e418aa106813f735516500df7c43f92658cee76b3b538fa92f19cd853e7fd

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-servername: ads.ad4game.com\ 80\ 81
Pragma: no-cache
Date: Thu, 10 Jun 2021 18:57:26 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
P3P: CP="CUR ADM OUR NOR STA NID"
X-serveraddr: 10.100.0.151
Cache-Control: no-cache, no-store, must-revalidate
X-host: ads.ad4game.com
Connection: close
Content-Type: text/javascript; charset=UTF-8
Expires: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
82 B 18ms
16ms XHR
text/plain 2a00:1450:400c:c0a::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-12353127-1&cid=1954356339.1623351446&jid=1307224286&gjid=230187772&_gid=278561342.1623351446&_u=IEBAAEAAAAAAAC~&z=87502987

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 10 Jun 2021 18:57:25 GMT
content-type: text/plain
access-control-allow-origin: https://prnt.sc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK widget_iframe.06c6ee58c3810956b7509218508c7b56.html Show response
platform.twitter.com/widgets/ Frame AB88 319 KB
103 KB 8ms
8ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fprnt.sc
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6723) /
Resource Hash: 5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://prnt.sc/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://prnt.sc/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 601760
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Thu, 10 Jun 2021 18:57:25 GMT
Etag: "dab7ee9ff99366614e06e117bab5e542+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:54 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6723)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105298

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
111 B 29ms
28ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-12353127-1&cid=1954356339.1623351446&jid=1307224286&_u=IEBAAEAAAAAAAC~&z=1893832944

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 29ms
29ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-12353127-1&cid=1954356339.1623351446&jid=1307224286&_u=IEBAAEAAAAAAAC~&z=1893832944

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
9 KB 25ms
8ms Script
application/javascript 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/n-ZGqfdsg5894/prnt.sc/choice.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:25 GMT
content-encoding: gzip
etag: "WhyxmPkT7L77qVDcrjxwGw=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Thu, 17 Jun 2021 18:57:25 GMT

GET
H2 200 cmp2.js Show response
quantcast.mgr.consensu.org/tcfv2/ 234 KB
64 KB 27ms
26ms Script
text/javascript 2600:9000:218c:9c00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=prnt.sc
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/n-ZGqfdsg5894/prnt.sc/choice.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:218c:9c00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2ddef05ee7b0caa6fd9be281a5b4e53ada42bff7814578d748144f2f9181e476

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:25 GMT
content-encoding: gzip
x-amz-cf-pop: CDG50-P1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-max-age: 86400
access-control-allow-origin: *
last-modified: Thu, 13 May 2021 19:03:54 GMT
server: AmazonS3
etag: W/"2848b39634e3b71d7b4f01531f83807a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
via: 1.1 f71686f416809921055425c79026dd71.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-meta-qc-ineu: True
x-amz-cf-id: fC7n-SHbLq_zioM9BU2w2j6hA29jqSEXDWzGWmyNpW5EklhhfyXjdQ==

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 29ms
29ms Fetch
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=154822244543652&input_token&origin=1&redirect_uri=https%3A%2F%2Fprnt.sc%2F14v89rs&sdk=joey&wants_cookie_data=false

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=75b75f29a83126f571712243b8bfa307&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: 7OoLj0MNtgKbfIqzD9RNofSfzcSLUanZzoXpJACjSYawm7BQIXc/cUyF2/STpwh0vQmXVctSrXwAkXtQimaMeQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
fb-s: unknown
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 10 Jun 2021 18:57:25 GMT
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://prnt.sc
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame AB88 256 B
441 B 152ms
121ms Fetch
application/json 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=1a5425222e87e2f38cc1d30f254bc8982784aeeb

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fprnt.sc

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

c9815821ab1442501b9e9bae3d4bc5730315d6a513c8b40141b2d47b76da1916

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:25 GMT
content-encoding: gzip
last-modified: Thu, 10 Jun 2021 18:57:25 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 56c2a6a2860a0e076550e8cbdc856c9806b7b05d9bb972cfe5c2f7669e06be14
content-length: 176

GET
H2 200 rules-p-n-ZGqfdsg5894.js Show response
rules.quantcount.com/ 2 B
344 B 68ms
22ms Script
application/javascript 2600:9000:218d:1a00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-n-ZGqfdsg5894.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:218d:1a00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:08:22 GMT
via: 1.1 e36c32cacca3348932522b77d9a47dca.cloudfront.net (CloudFront)
server: AmazonS3
age: 2943
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
x-amz-cf-pop: CDG50-P2
content-length: 2
x-amz-cf-id: cj8sn2uCuR1iU35GeQKYYMmaPLz8_THSShYmHejg-Mprg7iPjNT3og==

GET
H2 200 pixel;r=911368126;source=choice;rf=0;a=p-n-ZGqfdsg5894;url=https%3A%2F%2Fprnt.sc%2F14v89rs;uh=u;uht=u;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=1;gdpr_consent=;ref=;d=prnt.sc;je=0;sr=1600...
pixel.quantcount.com/ 35 B
210 B 10ms
8ms Image
image/gif 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantcount.com/pixel;r=911368126;source=choice;rf=0;a=p-n-ZGqfdsg5894;url=https%3A%2F%2Fprnt.sc%2F14v89rs;uh=u;uht=u;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=1;gdpr_consent=;ref=;d=prnt.sc;je=0;sr=1600x1200x24;dst=1;et=1623351445847;tzo=-120;ogl=site_name.Lightshot%2Ctitle.Screenshot%2Cimage.https%3A%2F%2Fimage%252Eprntscr%252Ecom%2Fimage%2FuFtX-oiqQUKd1uueeuW7Eg%252Epng%2Cdescription.Captured%20with%20Lightshot%2Curl.https%3A%2F%2Fprnt%252Esc%2F14v89rs%2Ctype.website

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:25 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1 200
OK button.5573c974dc31bbdab5ea7923a0bd5cf3.js Show response
platform.twitter.com/js/ 7 KB
3 KB 6ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.5573c974dc31bbdab5ea7923a0bd5cf3.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6727) /
Resource Hash: e05edf2ae58e3a9f1d2a84d32a8b216fd0aece46f527b58dcbce75255989ea88

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 18:57:25 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:56:41 GMT
Server: ECS (frb/6727)
Age: 601762
Etag: "382be2960021b88f6ce982d997cdbd01+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2294

GET
H/1.1 200
OK tweet_button.06c6ee58c3810956b7509218508c7b56.en.html Show response
platform.twitter.com/widgets/ Frame B961 32 KB
12 KB 6ms
6ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.06c6ee58c3810956b7509218508c7b56.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6727) /
Resource Hash: 483cc9a5ece5c92d5a2f1ea6e92e7f8bc29844a6c06bf36c0349d70334685dc7

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://prnt.sc/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://prnt.sc/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 601762
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Thu, 10 Jun 2021 18:57:25 GMT
Etag: "a87932e0f094e1fb4cced05f7d97ab94+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:47 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6727)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 12228

GET
DATA 200
OK truncated
/ Frame B961 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
375 B 136ms
136ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fprnt.sc%2F14v89rs%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22light_shot%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1623351446075%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 10 Jun 2021 18:57:26 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 56c2a6a2860a0e076550e8cbdc856c9806b7b05d9bb972cfe5c2f7669e06be14
x-transaction: 65b0b56005ec97de
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 62 KB
21 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: ads.ad4game.com
URL: https://ads.ad4game.com/www/delivery/async-ajs.php?v=1&cb=a4g3892925&h=0&siteurl=https%3A%2F%2Fprnt.sc%2F14v89rs&c=UTF-8&z=60918,70076,60916&b=7&x=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3930375a8b682fc44d17b9a0c437b93ecfff48f3f1b8aac11730a6d919dc413f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "899 / 398 of 1000 / last-modified: 1623343493"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21317
x-xss-protection: 0
expires: Thu, 10 Jun 2021 18:57:26 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 123 KB
33 KB 302ms
105ms Script
application/javascript 143.204.141.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: ads.ad4game.com
URL: https://ads.ad4game.com/www/delivery/async-ajs.php?v=1&cb=a4g3892925&h=0&siteurl=https%3A%2F%2Fprnt.sc%2F14v89rs&c=UTF-8&z=60918,70076,60916&b=7&x=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.141.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-141-33.ewr52.r.cloudfront.net
Software: Server /
Resource Hash: 0f4b08d07ecca9f8fcaf108ea78bb163fc98cfc19a844bd0f87412ab34a41873

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:50:29 GMT
content-encoding: gzip
server: Server
age: 416
etag: c457e964d47ff007ca9e04843536c474
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 26302dbb69a1bcc1682e559282335ad9.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: EWR52-C2
accept-ranges: bytes
timing-allow-origin: *
x-amz-version-id: sWCsRsvwWkSFZMQxDYXuCmbidBHsB_Lq
x-amz-cf-id: re78jok4A3vEiFReNlLWxSpvWFS_w0ixCd3aR6AX03k1daZJxpu8ow==

GET
H/1.1 200
OK bid Show response
ads.ad4game.com/v1/ 5 KB
2 KB 530ms
319ms XHR
application/json 192.207.255.147
AS-MNX

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.ad4game.com/v1/bid?if=0&siteurl=https%3A%2F%2Fprnt.sc%2F14v89rs&size=970x90%3B970x90%3B300x250&id=241d515b772fc9%3B3c43139c79f1ce%3B425b71540a6f7e&zoneId=60918%3B70076%3B60916&gdpr=%5Bobject%20Object%5D
Requested by: Host: cdn.ad4game.com
URL: https://cdn.ad4game.com/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.207.255.147 , United States, ASN62821 (AS-MNX, US),
Reverse DNS: haproxy2.ad4game.com
Software: nginx /
Resource Hash: 77037ee4dbbc12af593132d67ef32065fda5f1d2f5800094e3dc7c0a15fede7e

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 10 Jun 2021 18:57:26 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://prnt.sc
Transfer-Encoding: chunked
Connection: close
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Application-Context: application:12061

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 24 B
366 B 140ms
95ms XHR
application/json 2.21.111.28
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=619471&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%225fdbb98387b88e%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fprnt.sc%2F14v89rs%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A3%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allU%22%3A3%2C%22ren%22%3Afalse%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22indexexchange.com%22%2C%22sid%22%3A%22193578%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A1%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22600353db073b9e%22%2C%22ext%22%3A%7B%22siteID%22%3A%22619471%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2272e7e37a7e1d9d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22619471%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%228f40665b49af11%22%2C%22ext%22%3A%7B%22siteID%22%3A%22610018%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%7D
Requested by: Host: cdn.ad4game.com
URL: https://cdn.ad4game.com/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.111.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-111-28.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 9cba18b92e9e26a6c192ad3b5d9349387d664a888ccf512073aedb88a618ac8b

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:26 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[89.249.64.211], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
content-type: application/json
access-control-allow-origin: https://prnt.sc
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 44
x-ak-client-geo: 12
expires: Thu, 10 Jun 2021 18:57:26 GMT

GET
H2 200 pubads_impl_2021060801.js Show response
securepubads.g.doubleclick.net/gpt/ 318 KB
112 KB 36ms
15ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js?31061412

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

8a19707bd88a29100f84e106852ddd5bfeebe1fe562960c4932d1347210d13a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Jun 2021 08:38:25 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114129
x-xss-protection: 0
expires: Thu, 10 Jun 2021 18:57:26 GMT

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
298 B 107ms
107ms XHR
text/plain 143.204.141.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=852e3ca3-c387-44e4-a5c1-67c46495a8c4&u=https%3A%2F%2Fprnt.sc%2F14v89rs
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.141.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-141-33.ewr52.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:26 GMT
via: 1.1 26302dbb69a1bcc1682e559282335ad9.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: EWR52-C2
x-cache: Miss from cloudfront
access-control-allow-origin: https://prnt.sc
cache-control: max-age=86087, s-maxage=86400
access-control-allow-credentials: true
x-amz-cf-id: akXetB3QG4M60T0kGXD7PWwlH_qwrzkHDYvH9SVcsqfWbpnVWtW4Hg==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
365 B 114ms
113ms XHR
text/javascript 143.204.141.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fprnt.sc%2F14v89rs&pid=kyOJf8dERtgau&cb=0&ws=1600x1200&v=7.66.00&t=2000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22970x90%22%5D%2C%22sn%22%3A%22%2F60257202%2F60918%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22970x90%22%5D%2C%22sn%22%3A%22%2F60257202%2F70076%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F60257202%2F60916%22%7D%5D&cfgv=0&pubid=852e3ca3-c387-44e4-a5c1-67c46495a8c4&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.141.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-141-33.ewr52.r.cloudfront.net
Software: Server /
Resource Hash: 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:26 GMT
via: 1.1 26302dbb69a1bcc1682e559282335ad9.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: EWR52-C2
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://prnt.sc
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: RILyU_f9l-1sC5NcrJwfWN6Cl-PaMSMkL6PsHTBbC43zVKlTgjiIlQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 286ms
95ms XHR
application/javascript 143.204.141.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.141.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-141-33.ewr52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: eEYYOb32LZFr6yGAi8hXG4401uAIPew2
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 52917
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 07 Apr 2021 05:49:36 GMT
server: AmazonS3
date: Thu, 10 Jun 2021 04:15:30 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 6f21edc64d8594b28f80c9ab159bcddd.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: EWR52-C2
x-amz-cf-id: X93CU-fVQVL4fC6NpKZHRlqgUnmrbFabgQp_CTo_jr9Qq_vLopFYQw==

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 15ms
14ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=prnt.sc

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js?31061412

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 18:57:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 15ms
15ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=prnt.sc

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js?31061412

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 18:57:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 43 KB
16 KB 1044ms
1043ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=128397662296178&correlator=3212342206627247&output=ldjh&impl=fifs&eid=31061224%2C31061279%2C31061412%2C31061142%2C31061337&vrg=2021060801&ptt=17&gdpr=1&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=60257202%2C60918%2C70076%2C60916&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=970x90%2C970x90%2C300x250&prev_scp=amznbid%3D2%26amznp%3D2%26hb_format_a4g%3Dbanner%26hb_source_a4g%3Dclient%26hb_size_a4g%3D970x90%26hb_pb_a4g%3D0.05%26hb_adid_a4g%3D241d515b772fc9%26hb_bidder_a4g%3Da4g%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D970x90%26hb_pb%3D0.05%26hb_adid%3D241d515b772fc9%26hb_bidder%3Da4g%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%26hb_format_a4g%3Dbanner%26hb_source_a4g%3Dclient%26hb_size_a4g%3D300x250%26hb_pb_a4g%3D0.19%26hb_adid_a4g%3D425b71540a6f7e%26hb_bidder_a4g%3Da4g%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D300x250%26hb_pb%3D0.19%26hb_adid%3D425b71540a6f7e%26hb_bidder%3Da4g&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623351446&dt=1623351446681&dlt=1623351445531&idt=674&frm=20&biw=1600&bih=1200&oid=2&adxs=315%2C315%2C315&adys=70%2C340%2C462&adks=1432691387%2C3120184932%2C4042975291&ucis=1%7C2%7C3&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fprnt.sc%2F14v89rs&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x90%7C970x90%7C300x250&msz=970x-1%7C970x-1%7C300x-1&ga_vid=1954356339.1623351446&ga_sid=1623351447&ga_hid=1041837494&ga_fc=false&fws=0%2C0%2C0&ohw=0%2C0%2C0&btvi=0%7C0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js?31061412

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

ff435c12fbb6f6b16fe568369dda74ec57643c23ae168e74990283a71902daef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16392
x-xss-protection: 0
google-lineitem-id: -1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://prnt.sc
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 47ms
14ms Other
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js?31061412
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 container.html Show response
7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5AB5 6 KB
3 KB 22ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js?31061412

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://prnt.sc/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://prnt.sc/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Thu, 10 Jun 2021 18:57:26 GMT
expires: Fri, 10 Jun 2022 18:57:26 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D7D5 6 KB
3 KB 19ms
8ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js?31061412

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://prnt.sc/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://prnt.sc/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Thu, 10 Jun 2021 18:57:26 GMT
expires: Fri, 10 Jun 2022 18:57:26 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2441 6 KB
3 KB 17ms
8ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js?31061412

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://prnt.sc/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://prnt.sc/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Thu, 10 Jun 2021 18:57:26 GMT
expires: Fri, 10 Jun 2022 18:57:26 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060801.js?31061412

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34e9a619897b9223115c6588f352612268c90c3d83990829768973759b0d1a6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://prnt.sc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:27 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623263566164500"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28162
x-xss-protection: 0
expires: Thu, 10 Jun 2021 18:57:27 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C3DC 624 B
592 B 18ms
17ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQg-LRwAIYv5yNqgEwAQ&v=APEucNV1v7usRcQrVZiNhF58TmHeKDJhkRWQ01c5OS-_5IDR1e1QBTvd9mWqB7lXzmJUZuAjUOKS8vMIbgblqco8jvnDuOhh359Se22urF_pkdrhoacLHrsiMyhM1-3xE1U5tf_nLAXbk_W6cxiP6fwIIZnMJNmwEKyMwJu5QNcgkH6iOtnvkaA

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CMXlgQEQg-LRwAIYv5yNqgEwAQ&v=APEucNV1v7usRcQrVZiNhF58TmHeKDJhkRWQ01c5OS-_5IDR1e1QBTvd9mWqB7lXzmJUZuAjUOKS8vMIbgblqco8jvnDuOhh359Se22urF_pkdrhoacLHrsiMyhM1-3xE1U5tf_nLAXbk_W6cxiP6fwIIZnMJNmwEKyMwJu5QNcgkH6iOtnvkaA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 10 Jun 2021 18:57:27 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUlEsiCIQKS1qnRPuQEOdwZsOd4juoT1D8F_VYa_dotZRKu12lNKG6--MA_g; expires=Tue, 05-Jul-2022 18:57:27 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 10 Jun 2021 18:57:27 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6002 43 KB
21 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BbLSQtePL3HJkjMW1hihq_ZRCaOXzApv1HS7fh-sR84vFcgod0gPhf8QSFI_iz6rexx5--8mCL3DjwFR0iYY0rTXqRrGJtI5TefFYskBMDovaJiO6ejNRUancHODD0OG4WF6oyKnuldhkjsbvscbyvm-WbCg&dbm_d=AKAmf-B-DIyt4PBEioyxlWp4FcTyLoKBWzQt9XMk6FfQBfFTWYhT5fjrMP5KHnsyJbxi_t806YS5m2QLJET1_Rz9jbiovPA73TROIFpcqZqUrygB9h195mS4PBC6uCsSzQnAtHC7eQKNvys9-9TlcEkpco-nwBcZ_wyx3nl2pZ6F4Dj_hugayzurX6c786uPuaSmmmbqU_oaCb9SYFqFesvcSJMOCN8xJp0b_QJu3XEV_faITNbB6y50E8NFi4KFkA-FVhzwwOekQoftHkQji4ZaYcxiY7gibwb49tsw8Hz3mcVtXEeF4tV05P29Hs0_KKPTzhqLqACPyDvGtComqm1QKAEHhefZJa1QFfZ6kAGD0OW2y76dYfQRmucK4JpAUSKJ3TWYHIs6s_uDJX74FwW9H0UTh-BN-38GdQHZkZw86z17X289G7nE8zNA3d73udVxg3J8wBK1JpvexmXLa1ABwlMNujjNN3bCXqD1apq0wO6un2dxlZ8rUootxAJPvzngTGHHsASm_ou8LanShbPygkN8GP2g69V1tJ80FoGeyTJVAnGoyGcjch3-Pg809Eb8iegauE5wVSXoaa5lYsW7BYc-sAjrbcr_y_3kUOEhQBben1IxQK9NwhBARDTf5cP2z5aNsZFuqmXJJzCrZ1oiIgc6rYie9t1EL8Gg9ly3wVs2Y070uawO4CaLMlC-CwyVCZuFUQHmswCNi4L4usI63iD93BCDltttAKDJb-eL_qsUIkNrqOaoI-uXt0bAQp-vMNk13Y_v1slipQ-_l4FcZ3HcCJ3q_3-m_1Onudodkph4Y8qmy3s3XdYhFACyNf3uKGzrFaynx94p-B61fVkjZ2yh7CYmUjar5WnshnkTtBo6IN6bwuVbv0gGU9JAVX-cbjBsaxMgZ-ZC_BLRqI9oPSKW6l7qJ61vkWliVB5F5p4XqMignYtvQyxLXEPCN0GATahyxevW9dfQm2v5wV3omDrrbr3ah9Iuq-B7JMGuqsx-G-ZMhQ-vGKENisIWoCl-EvdM5ZVrypY7wZTff8TnW6ASm3Ok3IsSrVk0zxnMLg5TLcvmWtOWZ_MnQ94OkHO0aAChLjcOWNim4-dZifhbHkwCQ2k4EU8p4z416PAh_xQ_RsXdBmwYD4X8sB_OMykcQXuFO8IGHn-wNf-c8cxLQJro2rmFuGEt9P7X7mZJIFJc-5Osc3tmp1oUQnyn9ratyTrgtsGqPS1RzUYKGmc26lNDzeQaJXC5bbFTwICdYBNCPp6BTyKGRuYLXpcz2GXrXqb6r_OhQQQo5cNRrIxB5gYM07uOPJo5u-G4fT0s6iuAmS82CsWPgwVxMg-zI7pJ6QwLJohCO8pe4wE505QBLt-SnXuSO0c04Yd45cxhbB72vHLY20Kcyj4qxWxhs_u2DvQltSlxDuYQCh1eDMzszEFzDOqJ_eMu83qezqhsIwvtvMv-JIlLWmRsY8C_gnePLrtWQAC3Arj8gAnU3rI3_2vVvAGvtG0QfEdg0ZkVANuyuh11oUeFg2Db3cyw6nADbF60iw5Qxib0KlrHTxjxx6g90zTCAjGcN2vvHvZ2yYh5Or4sz3jRid-Qa5xDR1-TsMy37ZbKg8-6XmI6_68e-FHSy25FP35ONAO_1hGi9bZTRlOdLV1vfw61MjG0SceJP6-6v7e7Hevl4LO2qlG_ud0IQPwJFGxkHIColsZL6N8x4YYsWuu0daTIawjUZt-BX3ycdciwQhDRUWpZqBqVTjen1mK-rfvQfTT8h0nr4SbZNyUSo7TMj6W09q5uJ_5H5dmAt3uuhCyoO-1ZCRIEwC4WGKspmp1k0WeinB5OuPbN2_HHeoR0wD0gAAxdKgvFkP5iBUccNTA1Ar4dgJaJWQJp3UDV0NCTyGTytwVH6DDZAr9_11sV9EtCirKNpQ7ZuI5XxWgy5I_Ep6U5hViez6cQb1METib_lZpkffPtafWZz_AY6k91L-I2go7QPU8aKj4iPSHoPxwIK6xYAnUJY-5S7P6VuUbs9G1cHN-qsk1xd26mkQXi_mrxrUmOA42b_PS5SFSAokNkkudZ58J-gSnxcODNeWZhL1MDS0suoJxUBjyc2bBGO_E081pDwMSo-5N6F5CoEf5_ZSOk6x2Fip4zUyVDUs59UNU1Ivt9198BUqs_n1HTE7eZ229Ge2eV6OUBmIMCHc7rkMnKQBd4jjLDeoIm4UJlNU1jlx3kH-e8s06rZ59wC2zwVqkuXdd4v_XdxW2gCyyLarraIQKW3znCrS70NIyDdg6ev35Q4BuUtGbocQzDwhpBz-Z4Ax_-JIm_HlT9Sw1nEnJUnPDbWwCeOBRs84_QiNW5bPrRQaRUrhuiJyIf1c4_0pnOgO-xk5t5YHR-RV7T9sy2QPLk9SCnpP0870hvbrJaUll5aVwoIPb-da3kwMIFf-6eT0jE8LCN0QPvFfHHeh1yYXBI-kPOdjzuBgi4YF0Wu2aWA-QMoKpuy0HS7mPfaKCk136-LWV-g1NeoBnNbqA-9WDwvU-JEL0Et4gAEHrI3kcPkhjfO-l75Klpaw3HlUB00lbdoQZT7IkcWEnwq48sBzahPMLit7EVTKuAJJM6p1RoPR5okCXZG9smOKvpjFO_XhXzZxYYVFPdM-QHPKgm-v1KoTbse_phqiRV2T0O2juEp_bzxJRyrotfbwZVWz0zEDW3OAP4wBlG867z9FtPNtWQWlu4-Zmjb2Uy1AUaq4gxWzuQlEbO_5w7B8m0Z1BBtUEhQZudIQvKedVD2r1GtDvE_OWFBIP73HV5Db3du-cF0-woCr62xsS3Jod0Ae1Pggk2_kTbSJLsIfWhX6XqH3gn4BGIyZzqrxgp8qutO3aHLGMee2yRlt6VBRDeuVVyeG8CJUi2Bym3IU_cGuTQTLxvkwpKHCGjQWbQJDqpIeMnpXauPBuiYoqWwCPhcmO7pfzUhtmIkbDEdx5oKYa3xK_FCHsaR-FKs0a4C53iBKBn7xsnhzj4PTfmuRNIeggT7rwuNKtxuoawL-43CzGlu1ZNXUiHWCqJrpTEPX5Ujl3p77SZPFel4UImUoXQm4FMtN0PlJ5BCIZHIRoClKzAttW108--8hJRRbxV8gYWWVU5hjkmgFOdqRw&cid=CAASFeRoxYdi-LbRwoZ2vEp9JYquHv9Qeg&rfl=2%2Chttps%253A%252F%252Fprnt.sc%252F%240

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8885b148fd935be13a377bbea1d21bf7eb4f42127f3795428e68eeee7c0c022e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21323
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame 6002 2 KB
1 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/window_focus_fy2019.js

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:52:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 296
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1316
x-xss-protection: 0
server: cafe
etag: 797314601362473214
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 18:52:31 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6002 122 KB
37 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5e762276ffd20732a10037842bac383dc64a7b230ab1f48f2a0ff7406b8b9c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:27 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623263560240521"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37945
x-xss-protection: 0
expires: Thu, 10 Jun 2021 18:57:27 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame 6002 13 KB
6 KB 33ms
12ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:55:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5644
x-xss-protection: 0
server: cafe
etag: 16788636151609896382
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 18:55:59 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6002 42 B
515 B 59ms
38ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CeRoJGtWpghArE3qfdv5TA3Yl2A6-cT8NaYLxMQdyVhVuPiMvvD7ih5RwQ8JLG_qoh4TQe1NU6HGQFCjHu1_Z4beK00ZJg4jmUi7tBvxH-kO0vOS4

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C8E1 624 B
300 B 30ms
26ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQg-LRwAIYv5yNqgEwAQ&v=APEucNX-gfgmLPaN4qxOqqPeWcYZwyzNrvG-Yv7Z7zhPZzYo4_hp8h0AFDiiCIany3HklobMxqokYyhXDox63ICsyJmHA4nHwG5AryOEx2NE1gVQz4rg-wytaU6f9f5TtHIx23ZOsWE-mor1VIA4SnWcodxbcezqLI7CUUqP-jgJwvn3MtGc4Ow

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CMXlgQEQg-LRwAIYv5yNqgEwAQ&v=APEucNX-gfgmLPaN4qxOqqPeWcYZwyzNrvG-Yv7Z7zhPZzYo4_hp8h0AFDiiCIany3HklobMxqokYyhXDox63ICsyJmHA4nHwG5AryOEx2NE1gVQz4rg-wytaU6f9f5TtHIx23ZOsWE-mor1VIA4SnWcodxbcezqLI7CUUqP-jgJwvn3MtGc4Ow
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 10 Jun 2021 18:57:27 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUlUALyrqe64H1Ob72UnzvnHoJebFI3tEEpPPO2Tq1SeZ7erjb2gs-TcT7jT; expires=Tue, 05-Jul-2022 18:57:27 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 10 Jun 2021 18:57:27 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame FD1B 43 KB
21 KB 38ms
36ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bn7tHTOgueEM_v7II7VyJl3-sVg607DzOQqvR8yV3OVhJv_IsoW88M_2u5-g8U5a6wWBe9i5WumnwcvbnoH8LSmUpMFkoTFlatZnUhaAvbipVlfE7oiWev4Dd6xdu6HBZClBaYsgDC1f16AZWZ6US4te7h9A&dbm_d=AKAmf-DJiOinqkecBcvuonVoUcJVK3mLjyZSA_C1-QzvTpZIVhduphXonp0Uw1HOi0tlSsjkLONjoYWRh74Td78SRUkVTJZSlkXKDQmUCTPh7tFSRHnTtT_d7mlNbIzp_2BNG8s4M_J101tlpU9zCdukW69tVTF6tW8YIBQJr0DWD8xV-0FmQNdOpnKOBQyNU7bdBvBp5XOirYm1suCzXIO8Ud3M5sDUm_GOO2tgCHyPqko1TwaVPK_1rq3t50jaBphrpmCL58w2uZWAYMSK6oEJkI21rvFIoFBvrZ5gAe1VcvlVFxWV8Xz0kFQM34ZUaNcDWSg9qQg5zBFXRO37-f0VFOqIozbTca6Y3EuyGxJMpBsV8SdJWh1AysJk0XITR8MV7ajzlJa-qFyKQlz9kw2EKXdyIF4QaG_XmK0d4AIU-SFk4-lgCBT0RrlylbJHOKngLucJHKjTdN19LwsqijAkdG1W-DbMObxJOfIvRqFpEPljEoDPOuK8NR_BqSXL94cY8e2xWZqqvWtz_iWcbV2rL-F5O8UdoG4mOE0doT3Huro4KIVaVFeHLp03GtpimiRv7tlkjXGAeH02bx1Iv73g4ZkwKWeX883RAcNqQsb5-nYUfwDVgsD58ASDQbyjUUP8t10aQiRxJAaDjjObq-jMbRrz-1ZhChhxljPjBUS5NkJaI0C2xY65pbVyTh7TOAWs3zxNcEbdM_LGDvWTBtF4Wco5nx9btegXxJUUgmz3am_T8VOOenWnUzP9aNoecevB4YLhbYtQfBD_9zDjxapwMoIvC17B5g4apre-P_BXic440ST37jBHGjQpomBX6erp46cLS6NZX5iIVIpl-8l5mEPPWW1Sj6IMeTyVjhmHjo4Qqvy_RHjGEFkP7GPsYpquHN5ZLiWW2JMJSMkZv1F47vO2dWZBa1VQql7KXalatWuvlLDoYVgYvfIds4F8q2dbeWyLhgwGTRk8hgy0yDFtjtLLA7FLKjMfEMpCU1BEV-TV5vpqbCKLYLczzMg6f6M8dSm6O7MdR5rA7axFJlFYeMonMfyrJN5x5rz0Ow7No4eV_j5yDp-TkT9oBtyAhsY0DiBVV-LwvYDNKYkWxHFHVwEm0pKwYTUSt75jFZOVddfuAScxOIYqGnMqbIs2vasp_I_7UoAG_Poag2JZTA-eWQPqTuKQbnZ_g-ABKtPlbjfkbMrKCBRGjJGtCednQ29BNkFYtMXwXXYW34JFpdV0Nr-bWketSiRXaeGjKaKLi63FWcepC3kFAm_A8czJDDpoNM-oCV1EzfuxthRY6il-FGawJP3He6gKybpiMnrNdIlByxUs-5jka9BcRKbd4jk-PuPOJi0ZzNiaVy6jWWmkcyH-zuC7oYibHpXMZmPuxB22nZf_BXVMvNUoMcfUis4YlmPaPLdXSQCTg6lIX_tWQPFKoCbDERBfUN8c3GUgY2ZaZrqQLXkb-pyiBDrfuSD0sQIXITl6ZWBAX3NPq2VfPPwSf3wARRfZM0hAnsSkzBlzgjMrGoh8W9jhMKcUyaW1XIIA_uJsiwKYCVec7me6bGebMmAIt_h8QBS3Ew6sTykFzxhFVm73J8RSJcX8YA-6P71Xo_SAkOhqpqzBnS9kfjfWG30-O7eO1A7x7JByZ5BesNjLSAv8fJMZK9B0t6oNEQRrBXyKT5zL4-4oVXDPmNbFZsWw6tQBPe3g0qGguchLowjh6KZX0qGsaODOWpmoSmApRZ62zkHwcmjhmCszy_bIlOALkmvGc5y7OZjzN3R8msdOIuymcv25JTSyF9hmX1HbdaoGTCADQav0PQrxC5R3kwOdEddYR_Vm4lsCwA6DIG7G48HWoujP_saTmKD8ZU2rZPnLRNVKMZL0O0OdrTI9jpeYTwjMsfRHkBi0Krh2S6fD-75It9EkXOhvzaWcHQ7ZaoctFY_6N-1FfPKoMRfCEAQLJWA4VcBXsCqPLrkS0LfLSx5uPO3cC2EFhZ_yHZlzEWlLNCl3YoEt4iRJpGCB6GSXI3sN7vGb01oZG02ZSCKBIGsLS2k9qKALEFLsrcm14uDPT0naEJWjWIZKC45U6c8xeFJWksI_LdQqvIlro96-mNWWPe2VOa2xI6VXlwabDfAdsY8gbH7TwCwqQz-yh5iTonweUokUsWSwbskuDweGAbR9npDwwxqVNoEvOLE-tEhMB1DvM4Qy4UzV2CPfFi6rSBiW1CJQYEY6JBBZqwpSpiUEtpxNmLuxmap5qUv8PRia-3MzaDdM4_2AlmxN0LzrzgDXPQSybXDq5C3Elwzd2gC7dd83ULqSqR_j5sNmz4VCZnlveCIN-XxABCEvI3KMlpRywdlS2OmO9UpGVCpQZN5ubQJrTBXPAsAuFc7ReyuygnYK5wkbqMgR-l0mhBlKYMeY67_uzD5dcYlbrjtC-InYXJacLyieKEbAZKmfGNz-PAZc4TIf3bolXB8-tp7GG4udNKQcYhiM7RedHx1Bjqw1bNlnyaRpLuHCIsiY9Y3CQ0ePGDbT3ADWo0nGZJxy2by9dw9_Llo5h5IikHzKv7YyfWivZ_HxCzm5m9lM5yAmpUeZD9KpNVUmQEY-jGn26FL_R0MoFucpM34m-i99FW961FbrduOzh1uOK51ZnUIlhEQ24uzAsHcIQ6B5XfX7oOxm1sa7qFN_M8ufYsWXOWAYzaNEYdrr602hLl-Z7tHE7R0WitgD6y3iRZLRU1feTnT7dJYhetKX7MQJCNll3IjsbHQd0IfJQ0iWN417lCXEGQnebTS_UULmd0OpEI0T0D-dQyvIksoyjYb7uwO3hbevKD4EqwuKs9yVqnqWkSAiYcqstseBX168aNvQ7M530m0i8FjOdTJQF2ga2MjsPKkozQ5a001QMlpGfIvlTp7r3iEo3CKXdSTKdTG8KgnGwrXiQvbushoW7Y9JePZQf2siFA1lYSYo5I_QMPMdK8xCz2lDlCng00nk4_xvzTX3WsNmpYcRttONoWZexSmB4zdfyKkz_jtNAqIQaGt3j5fsyqP3oSH7cTe7nRAxRDID3xpAEYliUA9JvVwoZh8BR9MI25GEY883PK0tfL3iCr4k_mKuqEPE5uEC1763zMlZUxMzEb4wGY1UF9qP7xK-dK1yip_fHMpSa8N5ITvBol6G&cid=CAASFeRoBCsJ7D1EE-X5oXyrC5UI6bMYUg&rfl=2%2Chttps%253A%252F%252Fprnt.sc%252F%240

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

847b752a86dc45b468e83e21204f7cb2099c39050c521827d9648f8514c6a717

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21297
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame FD1B 2 KB
1 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/window_focus_fy2019.js

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:52:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 296
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1316
x-xss-protection: 0
server: cafe
etag: 797314601362473214
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 18:52:31 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FD1B 122 KB
37 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5e762276ffd20732a10037842bac383dc64a7b230ab1f48f2a0ff7406b8b9c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:27 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623263560240521"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37945
x-xss-protection: 0
expires: Thu, 10 Jun 2021 18:57:27 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame FD1B 13 KB
6 KB 27ms
14ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:55:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5644
x-xss-protection: 0
server: cafe
etag: 16788636151609896382
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 18:55:59 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame FD1B 0
0 23ms
21ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQtSaKKOPI-EqVmsXCvgKJr-j5T9VzC189iZgNDlH203MX9cQJ2ZRmf9e18bUWJuL5Q5lWJz8kvhjeaXmYWvG58dPiKlw
Requested by: Host: prnt.sc
URL: https://prnt.sc/14v89rs
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame FD1B 42 B
107 B 53ms
39ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AHEM0yNZhlqZ-ieBiIIqHNI31y4muMGqQGnR4IV_ehKBoApGZp504UJNDqCqV1Z99pundurN3M_irpN0HH5j_HN5DtP3_HJPlYNNlN-FJKQCt9D7A

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame AEB8 640 B
316 B 26ms
24ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQg-LRwAIY86mNqgEwAQ&v=APEucNUYPtSg-ppizMxiCj8k_sC7PaemKk5ykZWCO5attwUDbTKC9T9k9agy8DFdOK7XhS02Ka0ckP4kmQyujy9sDUOikxNpzlr5PttxezdU7ozgXH7Y7cCRfqOj6PwVRTGfX1bRKN8JoPAxqjnUI-XBkIQDBtj9nEquhJog_UP1AGyqwvMrfWw

Requested by

Host: 7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com
URL: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CMXlgQEQg-LRwAIY86mNqgEwAQ&v=APEucNUYPtSg-ppizMxiCj8k_sC7PaemKk5ykZWCO5attwUDbTKC9T9k9agy8DFdOK7XhS02Ka0ckP4kmQyujy9sDUOikxNpzlr5PttxezdU7ozgXH7Y7cCRfqOj6PwVRTGfX1bRKN8JoPAxqjnUI-XBkIQDBtj9nEquhJog_UP1AGyqwvMrfWw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlEsiCIQKS1qnRPuQEOdwZsOd4juoT1D8F_VYa_dotZRKu12lNKG6--MA_g
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 10 Jun 2021 18:57:27 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2441 43 KB
21 KB 44ms
41ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D7hXWTsPstV3YaH0ShHBHKjc4Tf3jNmVMfI7693T0Uq_TMCBWqJSd1Ch0dqkvXXAyKJXs3QbxL6Oheo6l_YrVqTKSLQFe0_5DfkDDbMq7WrwKMZMl55iAUL4uWqqq6Urb18KG7DbitvQppTm_5Vtn4BLa_xQ&dbm_d=AKAmf-Bc4HerJitw3erLZPfmJErijIE6RdsSJPQR5CADTvrBXjI5ia8wU9FP6Y5aX-amav4-lkVTmjkt2hkRc-6j_-wW29MAQWHdZKTinj3R-N5vkfHZRYy6OH8rArBeLyzCScjiBIK43mzCUH6MNXCh1b9_cbzDtn6eQssM5HUFE0MPlveUZ7_ZF97cUS1V2q_Wz2GlnbZ3Ta0KpsHTDO9K82PVj8bfzNrCHB21qVxQqZt7dNxjnPWbhdD9hyC9c6zudzWUbESKfIU9f9frXb8DkWiYLJbiGsj6mjQUjhwOUCDfgUhTccDKxVoaEdeh2i9diVywITMHW-0hQU9i_wbAcK_nwkTwxzbi60j1lt0cdUURmL7WTBUMgsB9mO0p_5uDJr3QOD55FlpvNrP2OHpbRrMJ_lITtPQTCLoSPtXxKG2tTmeV1Jh9xB-fGFUmF_bLT6z2sDI3CRkICBos8oDv47t9htvwYdukRpv0uLtM7U4sigmw7QwCfbyldO6ET2e-WXJEA22tvyuNFpSAJ6xANjujefwcRACpmNQReMyiKbvnox-ZKohNri9Ol8rcq8G5-t1vhty2H_vy0If8AUYTFmzfJo5Cs8bwVC8afjbUF-SZ2gcJahUBk1NXo8q8lASUfb8B7HhglMBqf2lzvIuAie5s0_7CI-rhe5IJtWnDc4vxzdeQhwHODUUTOZ_DgVpw2rUk0UHSiuReNfxWCKPcFaqEkGB-7vbP5uQR_NxX5HQnuoRZEcYltdC89y06WxsC1lPWEOgqpSMUPjpv-cuB0mTNa5VlND4l6aNbKYMn8cgw5RnnqJ7bVW79fiZl8yY4HBe-xX57sngVc-geQBJyVYsjAPfScAry6kpPIrLaKxhEnGavSTboniTxj4adH44-InV_FVeDZBA49vHDUWYDzCjAPnwI0fBPfyrdcycoGOWuC7p_sRH1iQXNeMmo_aIRsQ9DFhoaAHlP2Zf_-fqKztSJ_PvVO0ov-pU57MyiiUkTtpdYL2BO5j00KQdns-cg1JKW7tOiJA5HNietEqdhsADSO32azNlstp4A0hTulpunFQN0MN2z3daQ0dgQQZRp-mWETswwCroIq7TWlvg7JjHSaXOYqlVNfHzXnevkCTgdyWHrewX0Eu3lYZo-GY0VNgQykaPAnNMO8vonCvHIMmHJTX4nu6rlmV-Wfbx728Y6r67gnZW6UHVrDdFaWDHzfGtcvbB64aLd7Duz5QaEcBtqSZzMPuCBxOEYyaKInn3F4Aow0AK_97NsveY7agOrrbm5L3Lf5x8v4g2tzf-wz8QxMc60yB2zH6yjboVEe64Y4oFh9hFasqAndP-rSpWl0M0BGY0E-vEGcv4J-AI8dgj0Ud6mw5KfxjhevF6UxeiISI7aRvdBGSvs3CsE6TAlRodM0tsId_A2jqf7riUAEMrr_sV34pDWkvhsbzugjzQX_9-kj1JLLgPOzydjgpwNZYE4pIY_i8KoRBt51hEisXzvUc7asTWwYCCFP8ygzgtLOOWGa1AwRZ_nPOA-IDBHLVIhur8Y1XqgJv-Gy0CKuWJALDxpFh-01elhlQ6oS2YOxwbve6mv4V8RxLf82AV58HT-sFtVfgS-t0Gcpkk-MtfPotttu2Y4YtKUJIOSzKzQScQFAUtKsv2b0cWXaJj3pbjazzlqSSMnqB1vqM2DpGXdjanw4gJwsdpqRyAR4hPgf-TzDgtDWkik7TsqfNfOcqAnPUCPWiqzXKKfIGtlqHhQNS3oaXaTbOPPhNJuqmNH-MVj5kqxwvgfyOj8j7OYUhUzMA688EdRVKtkgmzRv-jmpfEoCpxMF1EC9jKf1NFfuGUgK_G-Fznq9cihnTbKXP3LxOIA0RkbRW709142yhyERQhmtD4WtWX57XX6ScKOWCOH9bf8WiiqDdZ1DoXNvwgTkfg1KTFXXUnqKTE8ZSOB7QbwmQQ-qFMXkcJm66T4rDPF5h_h_ZuCjiN5gMun7bJ1GpRToAzvkh3N5rrceMqCvOiu66XySQ66Xf3Hn_CvceLDJZhdl2jF5XBWcCj_lZ4P3kXN73xWnZQ6L38h1OYRZP6k2rH0sHFGUXO2qkyHwJU_MvebQge3j-kybpv_B5V2xVjDab5NWp_kRySiYTF0hwA-v9-6WkLI2gNRd_mj0qc4vf2lqkWpdtZUv-yjzPd2mUTvjYxt0BhdQRlSt1tSsEY5XJN-EKrjGi99vplfvNRMpRQj_ymWgPRamLhtdT-aVFrLD4IYnMyw1b15ve0d121vef_XWXEZSkUkl07fGXiL-GtoRFM16_pw-E4MNGGrSmewGhL2989oGqdFO7OJdtxmp99xeabaNqKf4gCwXb31LSSnw8w7X5qECMX57wAoFTNlTiPbCN8_hQlqTAT6NOj_JEHIeY0i2SgVR7IgYcJ0qe72dpup2TMMk-l6Edt3iZMpYM4PP8_L5dhuwUNlDkJTPu2S4Hd_roPOjXSbT1fW4ySc2bK97r6kHJTGU1JlGS_bPp4asX9Bki5YUnwsR6GB8AhRKZI0YLEmasZ-sPn9Y0DGcUowXQyOy9lOJCGWdFvL0tRT8ixdFk5iFj3CbWJH-wA-RBfu-p04gfmtY4Ac8gBDcL5Trxce6jrsjG9Ro2SOdCd0qCtnjUUTZycCSUTkVq4QXDtzFMUKWgZ5UI3Ze8wjMoqKtXpDLLObI3fNx03thD5xAot0M3PIcuzi4Btiz3Vzom3SsHtrMco-LuePlii66uy5B3vnBbCfi27GvPKsTUuwTTbW0NmYEerVPNFK61S7B858DbPhn2AoLgsAY1Dawd_5lc0_r3lZudne8X1Z79dH1SFxLdKTaG2xoMWo_lNiGdu-RDyaSNql65RrHXZ3Ara3FchLybDXk6jrEH_DpDx50X_2bNnKGGQWn2e7HkOHnxgKqyAU5XP8PRW0tFtLSMtO710dGpP-0zFEw3O5kWLJEAX967Z2OBBq5pUoe-AdE9PG-V_FD2SkBFDACdn8raVFbKmLNumX7GTsKGi5dZAWIKCB-9n8iQkM7c0iLBU0k_1mLfUU8lKSfUf7IFmkqYWl1RsmhNKcpyRArh71g_olv4d19lWC7b0gxcApZQL-vimSfEFdbZuxAOxizCqhMinAuEiXwmFKOW-BviAtNLJTRj9m6gsj13KhAHah7A&cid=CAASFeRoprMvZGrfa_bxiEhFbCibqY0xhQ&rfl=1%2Chttps%253A%252F%252Fprnt.sc%252F%240

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

14a0e975c6d240c8347273a5a64dd89e8ef1d121bbfc17010fc8bc833ce3ba88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21399
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2441 42 B
107 B 41ms
39ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BMJUoX9t7WN6B3NEj76jndwmZg-OG7n9s_sXWaL_xEGcYjDz7AAnMVIlcmcgkyEPmcvJpBuUrreGJ9IDR80M0Yoli_deoCk6_8PvBTueXNt5yf9T8

Requested by

Host: 7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com
URL: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame 2441 2 KB
2 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/window_focus_fy2019.js

Requested by

Host: 7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com
URL: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:52:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 296
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1316
x-xss-protection: 0
server: cafe
etag: 797314601362473214
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 18:52:31 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2441 122 KB
37 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com
URL: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5e762276ffd20732a10037842bac383dc64a7b230ab1f48f2a0ff7406b8b9c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:57:27 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623263560240521"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37945
x-xss-protection: 0
expires: Thu, 10 Jun 2021 18:57:27 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame 2441 13 KB
6 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com
URL: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:55:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5644
x-xss-protection: 0
server: cafe
etag: 16788636151609896382
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 18:55:59 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/ Frame 6002 22 KB
8 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BbLSQtePL3HJkjMW1hihq_ZRCaOXzApv1HS7fh-sR84vFcgod0gPhf8QSFI_iz6rexx5--8mCL3DjwFR0iYY0rTXqRrGJtI5TefFYskBMDovaJiO6ejNRUancHODD0OG4WF6oyKnuldhkjsbvscbyvm-WbCg&dbm_d=AKAmf-B-DIyt4PBEioyxlWp4FcTyLoKBWzQt9XMk6FfQBfFTWYhT5fjrMP5KHnsyJbxi_t806YS5m2QLJET1_Rz9jbiovPA73TROIFpcqZqUrygB9h195mS4PBC6uCsSzQnAtHC7eQKNvys9-9TlcEkpco-nwBcZ_wyx3nl2pZ6F4Dj_hugayzurX6c786uPuaSmmmbqU_oaCb9SYFqFesvcSJMOCN8xJp0b_QJu3XEV_faITNbB6y50E8NFi4KFkA-FVhzwwOekQoftHkQji4ZaYcxiY7gibwb49tsw8Hz3mcVtXEeF4tV05P29Hs0_KKPTzhqLqACPyDvGtComqm1QKAEHhefZJa1QFfZ6kAGD0OW2y76dYfQRmucK4JpAUSKJ3TWYHIs6s_uDJX74FwW9H0UTh-BN-38GdQHZkZw86z17X289G7nE8zNA3d73udVxg3J8wBK1JpvexmXLa1ABwlMNujjNN3bCXqD1apq0wO6un2dxlZ8rUootxAJPvzngTGHHsASm_ou8LanShbPygkN8GP2g69V1tJ80FoGeyTJVAnGoyGcjch3-Pg809Eb8iegauE5wVSXoaa5lYsW7BYc-sAjrbcr_y_3kUOEhQBben1IxQK9NwhBARDTf5cP2z5aNsZFuqmXJJzCrZ1oiIgc6rYie9t1EL8Gg9ly3wVs2Y070uawO4CaLMlC-CwyVCZuFUQHmswCNi4L4usI63iD93BCDltttAKDJb-eL_qsUIkNrqOaoI-uXt0bAQp-vMNk13Y_v1slipQ-_l4FcZ3HcCJ3q_3-m_1Onudodkph4Y8qmy3s3XdYhFACyNf3uKGzrFaynx94p-B61fVkjZ2yh7CYmUjar5WnshnkTtBo6IN6bwuVbv0gGU9JAVX-cbjBsaxMgZ-ZC_BLRqI9oPSKW6l7qJ61vkWliVB5F5p4XqMignYtvQyxLXEPCN0GATahyxevW9dfQm2v5wV3omDrrbr3ah9Iuq-B7JMGuqsx-G-ZMhQ-vGKENisIWoCl-EvdM5ZVrypY7wZTff8TnW6ASm3Ok3IsSrVk0zxnMLg5TLcvmWtOWZ_MnQ94OkHO0aAChLjcOWNim4-dZifhbHkwCQ2k4EU8p4z416PAh_xQ_RsXdBmwYD4X8sB_OMykcQXuFO8IGHn-wNf-c8cxLQJro2rmFuGEt9P7X7mZJIFJc-5Osc3tmp1oUQnyn9ratyTrgtsGqPS1RzUYKGmc26lNDzeQaJXC5bbFTwICdYBNCPp6BTyKGRuYLXpcz2GXrXqb6r_OhQQQo5cNRrIxB5gYM07uOPJo5u-G4fT0s6iuAmS82CsWPgwVxMg-zI7pJ6QwLJohCO8pe4wE505QBLt-SnXuSO0c04Yd45cxhbB72vHLY20Kcyj4qxWxhs_u2DvQltSlxDuYQCh1eDMzszEFzDOqJ_eMu83qezqhsIwvtvMv-JIlLWmRsY8C_gnePLrtWQAC3Arj8gAnU3rI3_2vVvAGvtG0QfEdg0ZkVANuyuh11oUeFg2Db3cyw6nADbF60iw5Qxib0KlrHTxjxx6g90zTCAjGcN2vvHvZ2yYh5Or4sz3jRid-Qa5xDR1-TsMy37ZbKg8-6XmI6_68e-FHSy25FP35ONAO_1hGi9bZTRlOdLV1vfw61MjG0SceJP6-6v7e7Hevl4LO2qlG_ud0IQPwJFGxkHIColsZL6N8x4YYsWuu0daTIawjUZt-BX3ycdciwQhDRUWpZqBqVTjen1mK-rfvQfTT8h0nr4SbZNyUSo7TMj6W09q5uJ_5H5dmAt3uuhCyoO-1ZCRIEwC4WGKspmp1k0WeinB5OuPbN2_HHeoR0wD0gAAxdKgvFkP5iBUccNTA1Ar4dgJaJWQJp3UDV0NCTyGTytwVH6DDZAr9_11sV9EtCirKNpQ7ZuI5XxWgy5I_Ep6U5hViez6cQb1METib_lZpkffPtafWZz_AY6k91L-I2go7QPU8aKj4iPSHoPxwIK6xYAnUJY-5S7P6VuUbs9G1cHN-qsk1xd26mkQXi_mrxrUmOA42b_PS5SFSAokNkkudZ58J-gSnxcODNeWZhL1MDS0suoJxUBjyc2bBGO_E081pDwMSo-5N6F5CoEf5_ZSOk6x2Fip4zUyVDUs59UNU1Ivt9198BUqs_n1HTE7eZ229Ge2eV6OUBmIMCHc7rkMnKQBd4jjLDeoIm4UJlNU1jlx3kH-e8s06rZ59wC2zwVqkuXdd4v_XdxW2gCyyLarraIQKW3znCrS70NIyDdg6ev35Q4BuUtGbocQzDwhpBz-Z4Ax_-JIm_HlT9Sw1nEnJUnPDbWwCeOBRs84_QiNW5bPrRQaRUrhuiJyIf1c4_0pnOgO-xk5t5YHR-RV7T9sy2QPLk9SCnpP0870hvbrJaUll5aVwoIPb-da3kwMIFf-6eT0jE8LCN0QPvFfHHeh1yYXBI-kPOdjzuBgi4YF0Wu2aWA-QMoKpuy0HS7mPfaKCk136-LWV-g1NeoBnNbqA-9WDwvU-JEL0Et4gAEHrI3kcPkhjfO-l75Klpaw3HlUB00lbdoQZT7IkcWEnwq48sBzahPMLit7EVTKuAJJM6p1RoPR5okCXZG9smOKvpjFO_XhXzZxYYVFPdM-QHPKgm-v1KoTbse_phqiRV2T0O2juEp_bzxJRyrotfbwZVWz0zEDW3OAP4wBlG867z9FtPNtWQWlu4-Zmjb2Uy1AUaq4gxWzuQlEbO_5w7B8m0Z1BBtUEhQZudIQvKedVD2r1GtDvE_OWFBIP73HV5Db3du-cF0-woCr62xsS3Jod0Ae1Pggk2_kTbSJLsIfWhX6XqH3gn4BGIyZzqrxgp8qutO3aHLGMee2yRlt6VBRDeuVVyeG8CJUi2Bym3IU_cGuTQTLxvkwpKHCGjQWbQJDqpIeMnpXauPBuiYoqWwCPhcmO7pfzUhtmIkbDEdx5oKYa3xK_FCHsaR-FKs0a4C53iBKBn7xsnhzj4PTfmuRNIeggT7rwuNKtxuoawL-43CzGlu1ZNXUiHWCqJrpTEPX5Ujl3p77SZPFel4UImUoXQm4FMtN0PlJ5BCIZHIRoClKzAttW108--8hJRRbxV8gYWWVU5hjkmgFOdqRw&cid=CAASFeRoxYdi-LbRwoZ2vEp9JYquHv9Qeg&rfl=2%2Chttps%253A%252F%252Fprnt.sc%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cabbde8502a6598896a3c812c89ecd99ecfb3e9ca68f632c8c9b3f2a7f6e0046

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:55:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8601
x-xss-protection: 0
server: cafe
etag: 18280575870105241958
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 18:55:05 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/ Frame 6002 8 KB
3 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/omrhp.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:46:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 648
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 18:46:39 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6002 0
61 B 92ms
55ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvVm-xRNCaphJ_q4W5Tyffuqdjn79GVmqzwLJ9djoOzy8c4phn0gu-DjsAVCywFnG-xj4O-oAPOtNlpOqElkSOn6hlr-5GDJA9F5BK8_IV4BafZE_4a22INC5Fd8hMkuydaACPB6NsdDAtHISqlEFoznzV52D_zElVsVl63bTgdqLLjvundofNXheWMcktJnRf1-9HYc5B_ni0y1F7rvmpb2L93h-Dl1P4GOoL2T177reH_8cIa5XicTLr1H0HmVOuE0SvIRQ6QIMxbhxEvcwCyIK-7sMZ6I_OSWqyqm4Vdkl5CR9XUDfMVJt0DEmZ4V_58TUGu-0gsXM1j-KM4KKbxVYV8PBlmUXfl4_hocBqhUNu0uEMe1ZVU8N82Cags9V11t3mM3QPouAJLbIShkSKlzwEcJz3Mo1lKTMsYmti-WFOAGq8qjeTjL2g8zOUTUufO4tO4a7oCOsWqnJSlBfY4YfdNU-emgCkFQqapdy9CwJIj3W8O20FVAR3HpRfAwLp_FUR9quXXhv9zNRdJV5dRE4WWL5P32LZrsQHwKKmsU1wjs3hHTl1OsbBOSdb4JDSsuBOFFF1gtI0OSs8D27m8FGDky8ZCSEbeYQTidxCZ_Qii6HoeWfsGl6syt25ZRHQSuZe0NGmKca89Nrcn-ZDEWkN6qeGIMGHF9LBXJMUpv4k3IempeoxXmwc52Dh2v9f8cnxC_mr6zdKmAa5CIV58LOtaVsoN5H0SgkUL063L-Sqmg6vfsAb-VcOY32Dy8vw7j11DLGkpgPeHiCV4P4KAF1tT75J-tZGyNQZb0yn7uQoflJvDc94u3WZUXWc6wmGqSWOi01iX4CcPZ8FLe2nfsXEflJZfN4D8nfdBcTgmPbgBUeGtpMYA78n2YdFwQxI_JkNpL2n16aSCtHT-qujpXWG5u-0pJ9xsw3JfMPYKdftHFoSJhLbIz6vUUPCLRVT86RAgvTvH580Nms4eY7aOFm4HtcLUanJmKooNUxeRZxYzB-JnDreoxWbBy3mwSmz2PJHKP9cLWgbfXCq39jfohuY8Jjab4c6WoTE3XtowK2ZWFkEoQ8vxxpbopxpiA7a0cX9-mFwsuGj34xvWc7KoVQ5zyHFRHBFMLZyCYF1rWOI7Dj2QFJSb8ko0AYEteQaXK3VN3XVgSNcj--5ozm4-QP0_EO28lio0IQMvVA&sai=AMfl-YT3ZzyS4RCPrbTdVRuhetECj6KAEhYJuHjHZpTUlPtXVf_jwEUVoTeJjqHKMW-Tg7-XgP8tziVbOGD1uXDVU69Lw2UZAt1HUpZKWbcgjIuqsZRkJwxjnHEMwva19obnpjwhOnoNSE_oELT-VrZ-AVn626G7yiqS460Zdk8&sig=Cg0ArKJSzEHWvutK7-UaEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=1&cisv=r20210607.87937&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 10 Jun 2021 18:57:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6002 41 KB
15 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 10:46:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29467
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 10 Jun 2022 10:46:20 GMT

GET
H2 200 PAY-CR-696_CoM_Summer_Campaign_Q2_Banner_728x90_Alternate_Grill.gif
s0.2mdn.net/8264868/ Frame 6002 51 KB
52 KB 42ms
6ms Image
image/gif 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8264868/PAY-CR-696_CoM_Summer_Campaign_Q2_Banner_728x90_Alternate_Grill.gif

Requested by

Host: 7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com
URL: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53e41816a483c797d9233d19860016e19433f30bfff5006f4ecd98a29804c2e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 09 Jun 2021 19:28:32 GMT
x-content-type-options: nosniff
last-modified: Thu, 20 May 2021 07:45:50 GMT
server: sffe
age: 84535
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52610
x-xss-protection: 0
expires: Thu, 10 Jun 2021 19:28:32 GMT

GET
H2 200 PAY-CR-696_CoM_Summer_Campaign_Q2_Banner_728x90_Alternate_Grill.gif
s0.2mdn.net/8264868/ Frame FD1B 51 KB
51 KB 54ms
19ms Image
image/gif 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8264868/PAY-CR-696_CoM_Summer_Campaign_Q2_Banner_728x90_Alternate_Grill.gif

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bn7tHTOgueEM_v7II7VyJl3-sVg607DzOQqvR8yV3OVhJv_IsoW88M_2u5-g8U5a6wWBe9i5WumnwcvbnoH8LSmUpMFkoTFlatZnUhaAvbipVlfE7oiWev4Dd6xdu6HBZClBaYsgDC1f16AZWZ6US4te7h9A&dbm_d=AKAmf-DJiOinqkecBcvuonVoUcJVK3mLjyZSA_C1-QzvTpZIVhduphXonp0Uw1HOi0tlSsjkLONjoYWRh74Td78SRUkVTJZSlkXKDQmUCTPh7tFSRHnTtT_d7mlNbIzp_2BNG8s4M_J101tlpU9zCdukW69tVTF6tW8YIBQJr0DWD8xV-0FmQNdOpnKOBQyNU7bdBvBp5XOirYm1suCzXIO8Ud3M5sDUm_GOO2tgCHyPqko1TwaVPK_1rq3t50jaBphrpmCL58w2uZWAYMSK6oEJkI21rvFIoFBvrZ5gAe1VcvlVFxWV8Xz0kFQM34ZUaNcDWSg9qQg5zBFXRO37-f0VFOqIozbTca6Y3EuyGxJMpBsV8SdJWh1AysJk0XITR8MV7ajzlJa-qFyKQlz9kw2EKXdyIF4QaG_XmK0d4AIU-SFk4-lgCBT0RrlylbJHOKngLucJHKjTdN19LwsqijAkdG1W-DbMObxJOfIvRqFpEPljEoDPOuK8NR_BqSXL94cY8e2xWZqqvWtz_iWcbV2rL-F5O8UdoG4mOE0doT3Huro4KIVaVFeHLp03GtpimiRv7tlkjXGAeH02bx1Iv73g4ZkwKWeX883RAcNqQsb5-nYUfwDVgsD58ASDQbyjUUP8t10aQiRxJAaDjjObq-jMbRrz-1ZhChhxljPjBUS5NkJaI0C2xY65pbVyTh7TOAWs3zxNcEbdM_LGDvWTBtF4Wco5nx9btegXxJUUgmz3am_T8VOOenWnUzP9aNoecevB4YLhbYtQfBD_9zDjxapwMoIvC17B5g4apre-P_BXic440ST37jBHGjQpomBX6erp46cLS6NZX5iIVIpl-8l5mEPPWW1Sj6IMeTyVjhmHjo4Qqvy_RHjGEFkP7GPsYpquHN5ZLiWW2JMJSMkZv1F47vO2dWZBa1VQql7KXalatWuvlLDoYVgYvfIds4F8q2dbeWyLhgwGTRk8hgy0yDFtjtLLA7FLKjMfEMpCU1BEV-TV5vpqbCKLYLczzMg6f6M8dSm6O7MdR5rA7axFJlFYeMonMfyrJN5x5rz0Ow7No4eV_j5yDp-TkT9oBtyAhsY0DiBVV-LwvYDNKYkWxHFHVwEm0pKwYTUSt75jFZOVddfuAScxOIYqGnMqbIs2vasp_I_7UoAG_Poag2JZTA-eWQPqTuKQbnZ_g-ABKtPlbjfkbMrKCBRGjJGtCednQ29BNkFYtMXwXXYW34JFpdV0Nr-bWketSiRXaeGjKaKLi63FWcepC3kFAm_A8czJDDpoNM-oCV1EzfuxthRY6il-FGawJP3He6gKybpiMnrNdIlByxUs-5jka9BcRKbd4jk-PuPOJi0ZzNiaVy6jWWmkcyH-zuC7oYibHpXMZmPuxB22nZf_BXVMvNUoMcfUis4YlmPaPLdXSQCTg6lIX_tWQPFKoCbDERBfUN8c3GUgY2ZaZrqQLXkb-pyiBDrfuSD0sQIXITl6ZWBAX3NPq2VfPPwSf3wARRfZM0hAnsSkzBlzgjMrGoh8W9jhMKcUyaW1XIIA_uJsiwKYCVec7me6bGebMmAIt_h8QBS3Ew6sTykFzxhFVm73J8RSJcX8YA-6P71Xo_SAkOhqpqzBnS9kfjfWG30-O7eO1A7x7JByZ5BesNjLSAv8fJMZK9B0t6oNEQRrBXyKT5zL4-4oVXDPmNbFZsWw6tQBPe3g0qGguchLowjh6KZX0qGsaODOWpmoSmApRZ62zkHwcmjhmCszy_bIlOALkmvGc5y7OZjzN3R8msdOIuymcv25JTSyF9hmX1HbdaoGTCADQav0PQrxC5R3kwOdEddYR_Vm4lsCwA6DIG7G48HWoujP_saTmKD8ZU2rZPnLRNVKMZL0O0OdrTI9jpeYTwjMsfRHkBi0Krh2S6fD-75It9EkXOhvzaWcHQ7ZaoctFY_6N-1FfPKoMRfCEAQLJWA4VcBXsCqPLrkS0LfLSx5uPO3cC2EFhZ_yHZlzEWlLNCl3YoEt4iRJpGCB6GSXI3sN7vGb01oZG02ZSCKBIGsLS2k9qKALEFLsrcm14uDPT0naEJWjWIZKC45U6c8xeFJWksI_LdQqvIlro96-mNWWPe2VOa2xI6VXlwabDfAdsY8gbH7TwCwqQz-yh5iTonweUokUsWSwbskuDweGAbR9npDwwxqVNoEvOLE-tEhMB1DvM4Qy4UzV2CPfFi6rSBiW1CJQYEY6JBBZqwpSpiUEtpxNmLuxmap5qUv8PRia-3MzaDdM4_2AlmxN0LzrzgDXPQSybXDq5C3Elwzd2gC7dd83ULqSqR_j5sNmz4VCZnlveCIN-XxABCEvI3KMlpRywdlS2OmO9UpGVCpQZN5ubQJrTBXPAsAuFc7ReyuygnYK5wkbqMgR-l0mhBlKYMeY67_uzD5dcYlbrjtC-InYXJacLyieKEbAZKmfGNz-PAZc4TIf3bolXB8-tp7GG4udNKQcYhiM7RedHx1Bjqw1bNlnyaRpLuHCIsiY9Y3CQ0ePGDbT3ADWo0nGZJxy2by9dw9_Llo5h5IikHzKv7YyfWivZ_HxCzm5m9lM5yAmpUeZD9KpNVUmQEY-jGn26FL_R0MoFucpM34m-i99FW961FbrduOzh1uOK51ZnUIlhEQ24uzAsHcIQ6B5XfX7oOxm1sa7qFN_M8ufYsWXOWAYzaNEYdrr602hLl-Z7tHE7R0WitgD6y3iRZLRU1feTnT7dJYhetKX7MQJCNll3IjsbHQd0IfJQ0iWN417lCXEGQnebTS_UULmd0OpEI0T0D-dQyvIksoyjYb7uwO3hbevKD4EqwuKs9yVqnqWkSAiYcqstseBX168aNvQ7M530m0i8FjOdTJQF2ga2MjsPKkozQ5a001QMlpGfIvlTp7r3iEo3CKXdSTKdTG8KgnGwrXiQvbushoW7Y9JePZQf2siFA1lYSYo5I_QMPMdK8xCz2lDlCng00nk4_xvzTX3WsNmpYcRttONoWZexSmB4zdfyKkz_jtNAqIQaGt3j5fsyqP3oSH7cTe7nRAxRDID3xpAEYliUA9JvVwoZh8BR9MI25GEY883PK0tfL3iCr4k_mKuqEPE5uEC1763zMlZUxMzEb4wGY1UF9qP7xK-dK1yip_fHMpSa8N5ITvBol6G&cid=CAASFeRoBCsJ7D1EE-X5oXyrC5UI6bMYUg&rfl=2%2Chttps%253A%252F%252Fprnt.sc%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53e41816a483c797d9233d19860016e19433f30bfff5006f4ecd98a29804c2e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 09 Jun 2021 19:28:32 GMT
x-content-type-options: nosniff
last-modified: Thu, 20 May 2021 07:45:50 GMT
server: sffe
age: 84535
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52610
x-xss-protection: 0
expires: Thu, 10 Jun 2021 19:28:32 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/ Frame FD1B 22 KB
8 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cabbde8502a6598896a3c812c89ecd99ecfb3e9ca68f632c8c9b3f2a7f6e0046

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:55:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8601
x-xss-protection: 0
server: cafe
etag: 18280575870105241958
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 18:55:05 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/ Frame FD1B 8 KB
3 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/omrhp.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:46:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 648
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 18:46:39 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame FD1B 0
61 B 82ms
50ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstazEbVvBTN2NxwMs5IAFNz87NPQlGjK7e7oYTv9OMrxHIg6xRR5eNHWcw_HrfOpNFfEpwxaLQM88y0XrZZdxAscRqVXQZMCtHvzmBiJrRTDKMitnbLvJ1hjGR7N7PxwCgmqeTyaBtbTaaAZ6RU3983QsfcsIKMZ9PF_kk2i_-_06kys6wHkAaw2mzWylmbm9ZU5epPqGBxsZPETsd0pZzVrb9oegDwdemRVfUOr6uDe6k6vYnnuuFuoyi-Sb9ts5Jvdp0NJZigqI7rC2yyo3kf7bUxj0QM35E5-aQ4zHv3LD6V5KHP7M8tH6VcGs5U3YU6RKA4VQWtcNGS8Zk0Av7Ulslw5l7_nqRsFUyVVfG78oUZjS9m7s2SUJdCpVktFcspm4pWkgL6ljvSfbsz1kZu2kFG2ZT0g5bfPM97Kl4-XEMjBRQjHZRG247L1l3m85o9CqZoAFnOCVqnjusB72wpXUhyTxPYb_9ouUhn8CtbdwboGFxk6BQEP-iJqWQ10KihsIeibqhfT8qP7Q3_5Zb_EWEQB-IdktDhooADMSXABAG5cDEdBHT9Kh1ClKrxOeN2YNkQBDzyDl_gwT-2_QHbIemr1DZci8uKr7K2EAdXwcM6tUn_cu_vO7T5WiVW_zw5uIhgQC575F3jANH3nYzSnVU1JU3_HkJTDhT7eUdWdEeknts8DbAYgyM1-hzJ-ImarNG0AYatK1U6IFkl5_unDRl0pgN6Hw6VOH68-WrcrTJURami0L6WgI9fMEjxFHyMfCg7SGRFXbqHvxm2RNg95yfcnHlg1t_VJstSEsHz1DEi1YM2Zk-cMU68p5TATYEE4259XuBbLkzlmM0inObRfbJBsa8C6ipHEPOl_GNckPykLRWo5GIJCnGRMKZryhS2jno2S76pwWPCEupzZVgjSHg9EMrq2Sw5-8xozKmHd59reElWYpK3vLFTtUTt_UuH93vZIcm_1xaPFF-Z8U8XQVPJAIpEEu98TPbEK58trc0bYFN_O5cIi-fQ-wTkmH8n1siaM5_SoNeVgebl9sR9XdQZGYs2_pnq_6UDp9AsO0HbNG7X6wKVROa3u3bGxOQpzcCLhwuIDj0i3LYBSegANiWTQtsHmpW1-0QEXimNLqVp4BP_sBuJiwrndNcsvLvkKt874UjRSHEYI3US2AXiKdPjZSbgsiX20OWWq8m0OUk&sai=AMfl-YSE53OZxfPd-N01nUxE37yBMRnKBERVAOIPCuzZjirTJRbB5mV5XH9pQzjUW2xfHwdUg7okE0gDAY71W1MBiiBNk-rq1jSM9c5BIq7ZfrzLudjT6hi_7kBtJOrBe5l_Znp97H3NtUZYKVmmv3VrkNaJ-b2LSwjf6zHULOA&sig=Cg0ArKJSzBpWIE5dpQ5uEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210607.36393&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 10 Jun 2021 18:57:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame FD1B 41 KB
15 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 10:46:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29467
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 10 Jun 2022 10:46:20 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/ Frame 2441 22 KB
8 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D7hXWTsPstV3YaH0ShHBHKjc4Tf3jNmVMfI7693T0Uq_TMCBWqJSd1Ch0dqkvXXAyKJXs3QbxL6Oheo6l_YrVqTKSLQFe0_5DfkDDbMq7WrwKMZMl55iAUL4uWqqq6Urb18KG7DbitvQppTm_5Vtn4BLa_xQ&dbm_d=AKAmf-Bc4HerJitw3erLZPfmJErijIE6RdsSJPQR5CADTvrBXjI5ia8wU9FP6Y5aX-amav4-lkVTmjkt2hkRc-6j_-wW29MAQWHdZKTinj3R-N5vkfHZRYy6OH8rArBeLyzCScjiBIK43mzCUH6MNXCh1b9_cbzDtn6eQssM5HUFE0MPlveUZ7_ZF97cUS1V2q_Wz2GlnbZ3Ta0KpsHTDO9K82PVj8bfzNrCHB21qVxQqZt7dNxjnPWbhdD9hyC9c6zudzWUbESKfIU9f9frXb8DkWiYLJbiGsj6mjQUjhwOUCDfgUhTccDKxVoaEdeh2i9diVywITMHW-0hQU9i_wbAcK_nwkTwxzbi60j1lt0cdUURmL7WTBUMgsB9mO0p_5uDJr3QOD55FlpvNrP2OHpbRrMJ_lITtPQTCLoSPtXxKG2tTmeV1Jh9xB-fGFUmF_bLT6z2sDI3CRkICBos8oDv47t9htvwYdukRpv0uLtM7U4sigmw7QwCfbyldO6ET2e-WXJEA22tvyuNFpSAJ6xANjujefwcRACpmNQReMyiKbvnox-ZKohNri9Ol8rcq8G5-t1vhty2H_vy0If8AUYTFmzfJo5Cs8bwVC8afjbUF-SZ2gcJahUBk1NXo8q8lASUfb8B7HhglMBqf2lzvIuAie5s0_7CI-rhe5IJtWnDc4vxzdeQhwHODUUTOZ_DgVpw2rUk0UHSiuReNfxWCKPcFaqEkGB-7vbP5uQR_NxX5HQnuoRZEcYltdC89y06WxsC1lPWEOgqpSMUPjpv-cuB0mTNa5VlND4l6aNbKYMn8cgw5RnnqJ7bVW79fiZl8yY4HBe-xX57sngVc-geQBJyVYsjAPfScAry6kpPIrLaKxhEnGavSTboniTxj4adH44-InV_FVeDZBA49vHDUWYDzCjAPnwI0fBPfyrdcycoGOWuC7p_sRH1iQXNeMmo_aIRsQ9DFhoaAHlP2Zf_-fqKztSJ_PvVO0ov-pU57MyiiUkTtpdYL2BO5j00KQdns-cg1JKW7tOiJA5HNietEqdhsADSO32azNlstp4A0hTulpunFQN0MN2z3daQ0dgQQZRp-mWETswwCroIq7TWlvg7JjHSaXOYqlVNfHzXnevkCTgdyWHrewX0Eu3lYZo-GY0VNgQykaPAnNMO8vonCvHIMmHJTX4nu6rlmV-Wfbx728Y6r67gnZW6UHVrDdFaWDHzfGtcvbB64aLd7Duz5QaEcBtqSZzMPuCBxOEYyaKInn3F4Aow0AK_97NsveY7agOrrbm5L3Lf5x8v4g2tzf-wz8QxMc60yB2zH6yjboVEe64Y4oFh9hFasqAndP-rSpWl0M0BGY0E-vEGcv4J-AI8dgj0Ud6mw5KfxjhevF6UxeiISI7aRvdBGSvs3CsE6TAlRodM0tsId_A2jqf7riUAEMrr_sV34pDWkvhsbzugjzQX_9-kj1JLLgPOzydjgpwNZYE4pIY_i8KoRBt51hEisXzvUc7asTWwYCCFP8ygzgtLOOWGa1AwRZ_nPOA-IDBHLVIhur8Y1XqgJv-Gy0CKuWJALDxpFh-01elhlQ6oS2YOxwbve6mv4V8RxLf82AV58HT-sFtVfgS-t0Gcpkk-MtfPotttu2Y4YtKUJIOSzKzQScQFAUtKsv2b0cWXaJj3pbjazzlqSSMnqB1vqM2DpGXdjanw4gJwsdpqRyAR4hPgf-TzDgtDWkik7TsqfNfOcqAnPUCPWiqzXKKfIGtlqHhQNS3oaXaTbOPPhNJuqmNH-MVj5kqxwvgfyOj8j7OYUhUzMA688EdRVKtkgmzRv-jmpfEoCpxMF1EC9jKf1NFfuGUgK_G-Fznq9cihnTbKXP3LxOIA0RkbRW709142yhyERQhmtD4WtWX57XX6ScKOWCOH9bf8WiiqDdZ1DoXNvwgTkfg1KTFXXUnqKTE8ZSOB7QbwmQQ-qFMXkcJm66T4rDPF5h_h_ZuCjiN5gMun7bJ1GpRToAzvkh3N5rrceMqCvOiu66XySQ66Xf3Hn_CvceLDJZhdl2jF5XBWcCj_lZ4P3kXN73xWnZQ6L38h1OYRZP6k2rH0sHFGUXO2qkyHwJU_MvebQge3j-kybpv_B5V2xVjDab5NWp_kRySiYTF0hwA-v9-6WkLI2gNRd_mj0qc4vf2lqkWpdtZUv-yjzPd2mUTvjYxt0BhdQRlSt1tSsEY5XJN-EKrjGi99vplfvNRMpRQj_ymWgPRamLhtdT-aVFrLD4IYnMyw1b15ve0d121vef_XWXEZSkUkl07fGXiL-GtoRFM16_pw-E4MNGGrSmewGhL2989oGqdFO7OJdtxmp99xeabaNqKf4gCwXb31LSSnw8w7X5qECMX57wAoFTNlTiPbCN8_hQlqTAT6NOj_JEHIeY0i2SgVR7IgYcJ0qe72dpup2TMMk-l6Edt3iZMpYM4PP8_L5dhuwUNlDkJTPu2S4Hd_roPOjXSbT1fW4ySc2bK97r6kHJTGU1JlGS_bPp4asX9Bki5YUnwsR6GB8AhRKZI0YLEmasZ-sPn9Y0DGcUowXQyOy9lOJCGWdFvL0tRT8ixdFk5iFj3CbWJH-wA-RBfu-p04gfmtY4Ac8gBDcL5Trxce6jrsjG9Ro2SOdCd0qCtnjUUTZycCSUTkVq4QXDtzFMUKWgZ5UI3Ze8wjMoqKtXpDLLObI3fNx03thD5xAot0M3PIcuzi4Btiz3Vzom3SsHtrMco-LuePlii66uy5B3vnBbCfi27GvPKsTUuwTTbW0NmYEerVPNFK61S7B858DbPhn2AoLgsAY1Dawd_5lc0_r3lZudne8X1Z79dH1SFxLdKTaG2xoMWo_lNiGdu-RDyaSNql65RrHXZ3Ara3FchLybDXk6jrEH_DpDx50X_2bNnKGGQWn2e7HkOHnxgKqyAU5XP8PRW0tFtLSMtO710dGpP-0zFEw3O5kWLJEAX967Z2OBBq5pUoe-AdE9PG-V_FD2SkBFDACdn8raVFbKmLNumX7GTsKGi5dZAWIKCB-9n8iQkM7c0iLBU0k_1mLfUU8lKSfUf7IFmkqYWl1RsmhNKcpyRArh71g_olv4d19lWC7b0gxcApZQL-vimSfEFdbZuxAOxizCqhMinAuEiXwmFKOW-BviAtNLJTRj9m6gsj13KhAHah7A&cid=CAASFeRoprMvZGrfa_bxiEhFbCibqY0xhQ&rfl=1%2Chttps%253A%252F%252Fprnt.sc%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cabbde8502a6598896a3c812c89ecd99ecfb3e9ca68f632c8c9b3f2a7f6e0046

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:55:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8601
x-xss-protection: 0
server: cafe
etag: 18280575870105241958
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 18:55:05 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/ Frame 2441 8 KB
3 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/omrhp.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:46:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 648
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 18:46:39 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2441 0
592 B 76ms
50ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuRIHDr3x4k9DxRInm8HJ15FZQrhG8x0g-2HDeTTd8bAlxHXlm5yOGWWBQbt2beVsQpas2c0hnuISuXd4N_vHpWXoGuFgsrBBshpW66kzgOf93KN-fqlkEaS3yeapDkRvdHoJAAhDUJc3R4tM2IMAbdCCJy3xBzvIJeqJv3TH1ACzaXSY7urUhTBbjW9IMdtV-n8PHSiDdcvmRBbSLIDIPiBkBNynQ4F46Qtsy9zdKwRf9-80xco-qJULfpAeLLFNKI5Xi3quskNg2gIlw1TkPnjWWJ4295iAx9qsMMRFKwK2ZVTobOC0JtYpu9phUBJv75lJs9pcCjI_tcqQGHq0SiayPJaPdVawo8VpV4kuUO0qOVVqUjnFEVfh66dUzz7QxPjvWBwv4MQLJ3WiPbnSkEZPmWnIYzBJTjjCW7EDsy-bo4eh2eQc7_dKuqoLuHh5_gY2cvRwVeCQCR6DEBhcJVs7wRTu8D-qjl4HPFMptcTJv9PZ43jJIM1MsmD2EK65Z_uCjmz_4bA6zlYGP1Wrs082P6yZ0cG7Yalr1D6jFXJj1sKTrtWqdleSXXOijusoszeGBA361AW_1b2_KGotHBdZThnZk5fvSjDriXAq3l4vvafsXoi7AHJSrIGhVJXCQn5xrke1NeARUvzjn2Pa8uttEEwuUFElZkXYS0nZAyx0vvZ5rQvtonvd_mR26I3CNviqCc6hYi-oH2Boo8wJsBZkGKAdrgsuWdRD04GQzZThSPnm3JHIuzQVUfCUh1F3ZYCvWEPUA70MY2CbdJizb_wo9d8hU_GdK2EZBHjOR_QsDnwuiYhiPFNq9bN8s83PDTa9lQzOajhtW6GJxs0I8p5zANTK2XSBfUU_WT_eoKKnhtwfuyM33dxiSpkQfJcyosBFuVsrev1h5bAdbFp0fGMVLMJKq7EzVJOSRveIUQ_wTsVIOpNjvTYP84uK7UCcoTMJBiGlQAC0V2lOyR8rwPE2DBmwVDtIHOMf-eYIshYKPgyRbFeosXnztcPmwH-LIyAN9kOpZPa7jzR_28E2jHDcjtdvyA5COTi0NKSWJRxLnN0ZoSYLbkt_SKUZvKRqLjftwpaGXB2X-QuWcyTAEPpjFhVLyu0c6-hWg3D8e8dJcsnDXw8V6EDCTxGJkuMlS3AyJvayNzlLCHTZ56NGjCq3GOJifJpX18VJOgs90r3lG10sQqJjc&sai=AMfl-YRi0OsiTAd5Uv94s2Ai-qadtX7XRgatt5_2P_5d5h-EYrfSgoRXl-yYra0xFprjJZtv4ugJhoZ7GcPBKwnrrQ-nYye0Rquhj934LNz0I5E_mADDA-yPCBjPmgAv9_hoNj23e-iFcnVY4Ahc5Crd5txRVaRYXbqB50KX3Tk&sig=Cg0ArKJSzB6nf4C0zeCBEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210607.65845&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 10 Jun 2021 18:57:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2441 41 KB
15 KB 20ms
17ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 10:46:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29467
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 10 Jun 2022 10:46:20 GMT

GET
H2 200 CR-696_CoM_Summer_Campaign_Q2_Banner_300x250_Alternate_TV.gif
s0.2mdn.net/8264868/ Frame 2441 94 KB
94 KB 41ms
17ms Image
image/gif 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8264868/CR-696_CoM_Summer_Campaign_Q2_Banner_300x250_Alternate_TV.gif

Requested by

Host: 7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com
URL: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f02bdfeeccb01fcb3a26f9959a9632cb0fcad4f44deb9a5b5dec1a396ffa555f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 02:54:36 GMT
x-content-type-options: nosniff
last-modified: Thu, 20 May 2021 07:45:43 GMT
server: sffe
age: 57771
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 96137
x-xss-protection: 0
expires: Fri, 11 Jun 2021 02:54:36 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C3DC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED7lGve57W8g4h1IN7eeEII&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED7lGve57W8g4h1IN7eeEII&google_cver=1&C=1

43 B
894 B

25ms
25ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED7lGve57W8g4h1IN7eeEII&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQg-LRwAIYv5yNqgEwAQ&v=APEucNV1v7usRcQrVZiNhF58TmHeKDJhkRWQ01c5OS-_5IDR1e1QBTvd9mWqB7lXzmJUZuAjUOKS8vMIbgblqco8jvnDuOhh359Se22urF_pkdrhoacLHrsiMyhM1-3xE1U5tf_nLAXbk_W6cxiP6fwIIZnMJNmwEKyMwJu5QNcgkH6iOtnvkaA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 18:57:28 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 10 Jun 2021 18:57:28 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 18:57:28 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED7lGve57W8g4h1IN7eeEII&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Thu, 10 Jun 2021 18:57:28 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C3DC
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMJgl3q71XOdxsytNSDesAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED7lGve57W8g4h1IN7eeEII&google_cver=1

43 B
894 B

41ms
40ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED7lGve57W8g4h1IN7eeEII&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQg-LRwAIYv5yNqgEwAQ&v=APEucNV1v7usRcQrVZiNhF58TmHeKDJhkRWQ01c5OS-_5IDR1e1QBTvd9mWqB7lXzmJUZuAjUOKS8vMIbgblqco8jvnDuOhh359Se22urF_pkdrhoacLHrsiMyhM1-3xE1U5tf_nLAXbk_W6cxiP6fwIIZnMJNmwEKyMwJu5QNcgkH6iOtnvkaA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 18:57:28 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 10 Jun 2021 18:57:28 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:28 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED7lGve57W8g4h1IN7eeEII&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame C3DC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHHOCfsyNSvY-UhxlP2t5S8&google_cver=1

43 B
1023 B

14ms
14ms

Image
image/gif

185.33.220.242
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEHHOCfsyNSvY-UhxlP2t5S8&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQg-LRwAIYv5yNqgEwAQ&v=APEucNV1v7usRcQrVZiNhF58TmHeKDJhkRWQ01c5OS-_5IDR1e1QBTvd9mWqB7lXzmJUZuAjUOKS8vMIbgblqco8jvnDuOhh359Se22urF_pkdrhoacLHrsiMyhM1-3xE1U5tf_nLAXbk_W6cxiP6fwIIZnMJNmwEKyMwJu5QNcgkH6iOtnvkaA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.242 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

724.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 18:57:27 GMT
X-Proxy-Origin: 89.249.64.211; 89.249.64.211; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.222.241:80
AN-X-Request-Uuid: 47422a70-345a-4a69-bfe0-c5285d55228d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:27 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHHOCfsyNSvY-UhxlP2t5S8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C3DC
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc3MTY0NDY1NzQ1NDY4Nzg5MA%3D%3D

170 B
188 B

22ms
21ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc3MTY0NDY1NzQ1NDY4Nzg5MA%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 18:57:28 GMT
X-Proxy-Origin: 89.249.64.211; 89.249.64.211; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.121:80
AN-X-Request-Uuid: 705000f5-3c10-4507-83cb-828032ae2f33
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc3MTY0NDY1NzQ1NDY4Nzg5MA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame AEB8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENBFUg38YDKXmGgTuAeDadE&google_cver=1

43 B
180 B

17ms
16ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENBFUg38YDKXmGgTuAeDadE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQg-LRwAIY86mNqgEwAQ&v=APEucNUYPtSg-ppizMxiCj8k_sC7PaemKk5ykZWCO5attwUDbTKC9T9k9agy8DFdOK7XhS02Ka0ckP4kmQyujy9sDUOikxNpzlr5PttxezdU7ozgXH7Y7cCRfqOj6PwVRTGfX1bRKN8JoPAxqjnUI-XBkIQDBtj9nEquhJog_UP1AGyqwvMrfWw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:27 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:27 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENBFUg38YDKXmGgTuAeDadE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame AEB8
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MGY1NzQyYzMtN2VmMy0yMzEzLWQzNzUtMGYyY2QyYjM0OTI2

170 B
188 B

16ms
16ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MGY1NzQyYzMtN2VmMy0yMzEzLWQzNzUtMGYyY2QyYjM0OTI2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQg-LRwAIY86mNqgEwAQ&v=APEucNUYPtSg-ppizMxiCj8k_sC7PaemKk5ykZWCO5attwUDbTKC9T9k9agy8DFdOK7XhS02Ka0ckP4kmQyujy9sDUOikxNpzlr5PttxezdU7ozgXH7Y7cCRfqOj6PwVRTGfX1bRKN8JoPAxqjnUI-XBkIQDBtj9nEquhJog_UP1AGyqwvMrfWw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 10 Jun 2021 18:57:27 GMT
content-encoding: gzip
server: OXGW/16.208.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MGY1NzQyYzMtN2VmMy0yMzEzLWQzNzUtMGYyY2QyYjM0OTI2
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2

200

um
sync.teads.tv/ Frame AEB8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEF9RGJB3L0QzWDI_3Sq1smI&google_cver=1

23 B
172 B

32ms
32ms

Image
image/gif

184.31.88.106
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEF9RGJB3L0QzWDI_3Sq1smI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQg-LRwAIY86mNqgEwAQ&v=APEucNUYPtSg-ppizMxiCj8k_sC7PaemKk5ykZWCO5attwUDbTKC9T9k9agy8DFdOK7XhS02Ka0ckP4kmQyujy9sDUOikxNpzlr5PttxezdU7ozgXH7Y7cCRfqOj6PwVRTGfX1bRKN8JoPAxqjnUI-XBkIQDBtj9nEquhJog_UP1AGyqwvMrfWw
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.31.88.106 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-88-106.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.3 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:28 GMT
cache-control: max-age=0, no-cache, no-store
expires: Thu, 10 Jun 2021 18:57:28 GMT
server: akka-http/10.2.3
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:27 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEF9RGJB3L0QzWDI_3Sq1smI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame AEB8
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=M2JlZGFjYWNlN2MyOTU0Yjk0NmNkYjYyYTc2OTg2NDgyMjhjMDUxZA==

170 B
188 B

32ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=M2JlZGFjYWNlN2MyOTU0Yjk0NmNkYjYyYTc2OTg2NDgyMjhjMDUxZA==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:27 GMT
server: akka-http/10.2.3
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=M2JlZGFjYWNlN2MyOTU0Yjk0NmNkYjYyYTc2OTg2NDgyMjhjMDUxZA==
cache-control: max-age=0, no-cache, no-store
content-length: 197
expires: Thu, 10 Jun 2021 18:57:27 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C8E1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED7lGve57W8g4h1IN7eeEII&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED7lGve57W8g4h1IN7eeEII&google_cver=1&C=1

43 B
894 B

45ms
45ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED7lGve57W8g4h1IN7eeEII&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQg-LRwAIYv5yNqgEwAQ&v=APEucNX-gfgmLPaN4qxOqqPeWcYZwyzNrvG-Yv7Z7zhPZzYo4_hp8h0AFDiiCIany3HklobMxqokYyhXDox63ICsyJmHA4nHwG5AryOEx2NE1gVQz4rg-wytaU6f9f5TtHIx23ZOsWE-mor1VIA4SnWcodxbcezqLI7CUUqP-jgJwvn3MtGc4Ow
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 18:57:28 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 10 Jun 2021 18:57:28 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 18:57:28 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED7lGve57W8g4h1IN7eeEII&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Thu, 10 Jun 2021 18:57:28 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C8E1
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMJgl3q71XOdxsytNSDesAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED7lGve57W8g4h1IN7eeEII&google_cver=1

43 B
894 B

25ms
25ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED7lGve57W8g4h1IN7eeEII&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQg-LRwAIYv5yNqgEwAQ&v=APEucNX-gfgmLPaN4qxOqqPeWcYZwyzNrvG-Yv7Z7zhPZzYo4_hp8h0AFDiiCIany3HklobMxqokYyhXDox63ICsyJmHA4nHwG5AryOEx2NE1gVQz4rg-wytaU6f9f5TtHIx23ZOsWE-mor1VIA4SnWcodxbcezqLI7CUUqP-jgJwvn3MtGc4Ow
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 18:57:28 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 10 Jun 2021 18:57:28 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:28 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED7lGve57W8g4h1IN7eeEII&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame C8E1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHHOCfsyNSvY-UhxlP2t5S8&google_cver=1

43 B
1023 B

81ms
60ms

Image
image/gif

185.33.220.242
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEHHOCfsyNSvY-UhxlP2t5S8&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQg-LRwAIYv5yNqgEwAQ&v=APEucNX-gfgmLPaN4qxOqqPeWcYZwyzNrvG-Yv7Z7zhPZzYo4_hp8h0AFDiiCIany3HklobMxqokYyhXDox63ICsyJmHA4nHwG5AryOEx2NE1gVQz4rg-wytaU6f9f5TtHIx23ZOsWE-mor1VIA4SnWcodxbcezqLI7CUUqP-jgJwvn3MtGc4Ow

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.242 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

724.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 18:57:28 GMT
X-Proxy-Origin: 89.249.64.211; 89.249.64.211; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.222.251:80
AN-X-Request-Uuid: 79aefcfc-ea97-4c8d-ae24-b3d6e2e74edb
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:27 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHHOCfsyNSvY-UhxlP2t5S8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C8E1
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc3MTY0NDY1NzQ1NDY4Nzg5MA%3D%3D

170 B
188 B

20ms
19ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc3MTY0NDY1NzQ1NDY4Nzg5MA%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 18:57:28 GMT
X-Proxy-Origin: 89.249.64.211; 89.249.64.211; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.182:80
AN-X-Request-Uuid: c33393e0-cdde-47d2-9e46-43e1c8beef67
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc3MTY0NDY1NzQ1NDY4Nzg5MA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
DATA 200
OK truncated
/ Frame FD1B 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c1b709f6aa4159fb5f147ad89e31264cd6a3aa068ddfc8651d04b01b60d899c1

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 6002 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 612e9745b7241cd6cfba981772afc796092854e89638a566217a670380b9a926

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame FBAE 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Thu, 10 Jun 2021 11:50:06 GMT
expires: Fri, 10 Jun 2022 11:50:06 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 25641
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 654F 22 KB
8 KB 9ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Thu, 10 Jun 2021 11:50:06 GMT
expires: Fri, 10 Jun 2022 11:50:06 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 25642
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6002 0
23 B 59ms
44ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 18:57:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame FD1B 0
23 B 53ms
44ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 18:57:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame EEFF 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Thu, 10 Jun 2021 11:50:06 GMT
expires: Fri, 10 Jun 2022 11:50:06 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 25642
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2441 0
23 B 47ms
47ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 18:57:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame 2441 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 644fe3cbc4b014addd152a43b6473a2b4cedee942d2e951c6402f18a222d419d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js Show response
pagead2.googlesyndication.com/bg/ Frame FBAE 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 14:47:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15011
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5749
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 10 Jun 2022 14:47:17 GMT

GET
H3-29 200 6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js Show response
pagead2.googlesyndication.com/bg/ Frame 654F 14 KB
6 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 14:47:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15011
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5749
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 10 Jun 2022 14:47:17 GMT

GET
H3-29 200 6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js Show response
pagead2.googlesyndication.com/bg/ Frame EEFF 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 14:47:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15011
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5749
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 10 Jun 2022 14:47:17 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 654F 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B39Wel2DCYNzBMe_C7_UPkMyO4AYAAAAAOAHgBAI&bg=!NjWlNXHNAAY6sG-_OrA7ACkAdvg8WqDRacLdFVslXKhvd3PrrnY8R_4Db3wLm00nGDA96EPMa2JOZgIAAACYUgAAAAxoAQeZAv9xzih_IMtOJE6MWDkXp1DC2dK8JRNDHPtxOmA-G81VA0zEQkT498rJaLdJy2fxykCnVZ6rxjbNHqeH0eYrKkboZE2UyF0EcLY0rRBfdnkKGH_KF251e8mdmoFVg2AzYtwHII2SuBsGpCP-wc_xo66ox1Jqvx90kFOrU458ij9qa_4Q_l0vligGA6yX8EOURPkdEIdaXuhFqKb7GJiQqZKGXUgT-tVBU1z4Z-LiEi32v2eCc8LGXIzTTk2LPsFyzfvbKMSUPDWI5cXlR6Q0cpm6NWISss1LoOn09UFAsA5rkWvmTfjSLSuUuF6k9OhL5wclTTqcYiAc6xxYulXGcaKxiUkuyC33lmu9SewB-_ae31dQ-do5ZurWizeGrcVTr4hH0PeesMOS8pEf_i-8TNHHnVvnnkcX9BsTfdj7QOeCzYqOqvu4g9BLH6tYgPEyERMXaGhVOfmSnuE1pJSfHRj_eM5aQklNedSV71vfKBtJJFZljpRGR5HBmtvq0GjEFh6QeHKWDFkkSojFQso44R29Pwe6hoMj0zfwL9T412-Te7vHTR8KBAo0-nF3UHL_soQQpCmYQGZQ-EvV9vkgif1MdjzfZW8ZqwdInjYcwOH8eMSo3kNxyXT42wouhnvtjMjS9Jh2R-4LxdHjWu9WEPAFx7L0Ojk0y90dTBYPCK3A93wBoavOUGplMK94RZGXoNq3_15QDON_5ok8R8mFUfBmkU6TiRgamENHoJ-jUHSHnxXDW08h3ADg-ues9sDXVcQgvI6JeMraTitJthpPrM8kNAhAqmPf25BCQvmGH3zWu0bn2fdVt3wJ5TENQfEJKceBpUWMGTk8osKdWrtezgDdEsx3kYOqq-ZZcIsiIDOpvRth6h3RWsJRD9MZT_ZDW13ZtDjOIYE1r81xbycs_mab9ceRgKN4JM-YsqR1tZCO5Og_39KfyJhtGjGjG52RvoY85G8tBWD3H_9q3SSTLfeou8xzCAsZQjFvU_m9885BnKxtp30EecGR0NXPuvNkPw

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EEFF 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B8qOdl2DCYPqHM7-v7_UPwIa0gAYAAAAAOAHgBAI&bg=!xsWlxYHNAAY6sG-_OrA7ACkAdvg8Wqw1zPCcpYrs3AIUMizbAZPYBvGIa4456ki86V5dSxi-7ua95QIAAACVUgAAAAtoAQcKAEuozyZhBOEVgYcUtRghPYg2GxV7jZv4tl9DpKS2JK948XoRSWGURW_B2jknzAB1H4qOJCi9X5-ScjB8cr2KzMydGzuTsWx4F_gNdrSZArqc6zLt3d6W8TPg7x1wuaKQF_Kca598O2yWbZFIWtHu1sdDu0ewpFzuu0gnjc3SmcKbVGl0D4fFsmjei49pEoBCq5D8M83Qqix-Rm8ePKpJIDCJ6I67VxQSF8RtwUX6YCQvOtHQmJVkslbgHelAXuyupcyZ5N2slC4Cvrv_pAtGD6j9eCvtuZjARS5mMzMZOpsh8bWa8U8a2a9tSwf-bstDWduOWyQkOEd7X2PI11wFea0mkwgCkIalfGBpZbcdYymrXNU9pdHAKFZZkhwvy0v6UJIBDEtrCrTSm9kr6I5bqFUKjZiuvik4dP3UhWKzYcVCa2IaIcMC431OmgNpBta8tJhVF8aJsOE0N6c8oF2OKy-0zq06-JOy8UzeVWoyZJciDzOR2rxrc6QVNtXMv30ZhR2jra88CNPD_CfT76q6LZXfBfsy8i7NzaUCl2PfGHcr4C7r9l9Upu89DEw-U1mYUpb_UWEcUBmWdihhG63QIzz-Uz70HZv6maM-br5w8EknO41GV2N2I0PbTGeLx6TIrAUY76YIdfIH06MeWALHlLBCjDyyEyaUBH0kmhe_bz9wwpTy75GCTpJDoi_kVx53xqenLO9Q5c1zXTF1RxngsR5TUQ15L417wvJigv6R2saTuyyhjiXNm3E-xXwSmVWO9Gw8qlI0oriXcJnFpOc4IPt4JW7XEPpd_1Wp8Wp-_aLIjUeIgfSl8dIEXOmJ2SdzRumre_DVysjcELWVTLw8XtxkpiHGWQXVnpyxZjaNJrIXgYCzdTZgs4XiBw64cj5AGRVUhPjL4wV6sOhpcZtAacx6NXCTV1KCIBPhpD7a2TUv9k0R7IKXUBa3wCuZYFwppM_Y8Minw6FPwUmCVQiNRxoAWWRw1ZDa2p1Qhg4v2CabfBpBjufvyaSDgvNaxbCyLuh8oUQmqog5BA

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FBAE 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bt1n6l2DCYNb5MauK7_UP1vKk6AUAAAAAOAHgBAI&bg=!-Pul-7_NAAY6sG-_OrA7ACkAdvg8WkMVVlcPcakm1cabDLAgl5IkgjO3wQ1_07QxcLuwjQcLzcULzgIAAADDUgAAAAtoAQeZAv-Sm47LPH2Q8_ZL6KZqa14stcrru3jxq5_L-WleAhB6ucAEyq1U4O1LELCeGgQZShsUUGdbfe_UR3rVRPQXg1hACAgq3udWgbjKhDDwm0b0sMazFEQ1__GA2wY8WCalLoMORy3VMDBZ-oWkmlvUQWVx_cREea-Axsd0PdK-GfywFnqku2IS1hZEyXfi8w4DrKnLSNc6jg0zpsGeRAkw4tszQm6qTVh2511VILX5XaPn_uLCbQBIegHAkUIQWNe8OkOYFwd-iGH6dT2chemYtLVP-PMGAjIGwovbFUFUbobH6wv1OBnnFLndyxm69fIN7BxnaaEQ8_GJ_HigrP2uCjB1l3s5or5DK23fDjrxkVkWCf8u2LmBtU_JEkSjDLV7kQeEBDmxicQ2eVTaBWsCgH4pf9GoZP7gwdYFsbPCkg3Y5eSx0jY_ISaPaz0qsE_ftbplFWKZ5R1pN8cnQhscMKwjAoroPbs0YvuHT6C4ymMTOeQRv-8mY4X2mlSp7uWuJCp5oUryoLpuQv2M6fboLu1wxWlzfmQjOukCSiMPxVldoMCiIOcYmdfMIJr0FmpYysqQsLSa3SzhDsl5L2k3UeyG1ZgmLZTYHN3cHyiomdLycUShNUg5b-uj1l1ZkVkW5cl4AV-LKUB4OX9eqe3z4hKI2jXxeXyP4G3GCO2fsr7IgSdvSF-dBkeMcr_bgFPa0k5rI-z3jOaHkG6pUGnp2HcBFCpFDBrgXz1ZH7k63TKsUPU0GECjettnEgr2sMbNAqM7FHMA_6dXvGcepUDB7IPsmIR8_QLWZa2dJ4Axr5DDrduQBG_XQZ4AwFWhJ3ybSEJmgh_SGD3TjjQM_J2TSgxfvCWAWNXaAK5mqqlARtu9eKuOhKr6J9JIpQHqeC6HhSJUIef_fnvDHVyueazu1tne2sD-BqXyFDFa6zTD8DYrOwVGfXoT_F80Eg_DKP1z0zOvdnONI7oAsL2auFrRnX0qjRQZer6gRhmhZIhN1sG4vIjGmJypIDqZJW66LDB_rQ

Requested by

Host: prnt.sc
URL: https://prnt.sc/14v89rs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6002 42 B
64 B 53ms
48ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssH2WvJTlPcSNLlqczcPvX1bJhsfdYDYkbKnGDxVeiVUQW6OpdnLG3xwhHD0mxcQZlRSSfndSbPWGgTkymLUOW5Ozw1YuMHeZh2bWUO3lab3nng272MoGDJMFbAPg&sai=AMfl-YQHPfPQn-khJ7SoN28TBdO680SrVWsrbCwi-Y2Rrzr86iYUw37c3uAjhNQXOh6OwGS1voLBnCLW8DlTzbrLEVArBMBLjfY5WvA3dnuuFGHRUe8FB9F1yO45x7Eizkw&sig=Cg0ArKJSzM2SLYbShYn5EAE&cid=CAASFeRoxYdi-LbRwoZ2vEp9JYquHv9Qeg&id=lidar2&mcvt=1000&p=70,315,164,1043&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20210609&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=20&adk=1432691387&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1623351447760&dlt=30&rpt=220&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FD1B 42 B
64 B 49ms
48ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstt3Arti1yUwVFrOwkNKlYEYfi_qbq09XEwsHsivJzaQSMgJFm1SjaBBi-9Fg1QTECr0sNlu2ae2FAC9V_vZXPHC2XVDaae59aCIxuJQmFkqIxJDi-qb-vqtLTFPQ&sai=AMfl-YQYqhpP6tJ6vykVMkz_VpES52vRuIPEtpIT9LQdAMwxMh5Tkp60xlwwKmTE_HjAbDHZTrBqa7u_pyFmITuFuyrwrirny4tXzFwumo0gjAVF1V-GJ195XnfZeeqhjwI&sig=Cg0ArKJSzFiLlTDi85eAEAE&cid=CAASFeRoBCsJ7D1EE-X5oXyrC5UI6bMYUg&id=lidar2&mcvt=1003&p=340,315,434,1043&mtos=0,1003,1003,1003,1003&tos=0,1003,0,0,0&v=20210609&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=20&adk=3120184932&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1623351447761&dlt=38&rpt=212&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2441 42 B
64 B 41ms
41ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsusy17W_vSeyQiDAG15_SG_6Bmlb5reOt2WLdWucU6IWEtFkEZjKVY3armQ1MDNE6GggtmOeJ9RfwY9J6KZOkTinlCanKmezG9_fCHs4vtME4ih5NuE4OL3R09H2g&sai=AMfl-YTLHAZB9zSUZ_iGbGK7lKg2BzcVCHBjYPp0efLlRokNWuFvQkA0ABZzJ17w59GLJx2vLaPYfui8AKUgoy6at-v8GTCyR9V-d25_JSFqrubz1lB_VyLXeTw4FZb8UUo&sig=Cg0ArKJSzMfM-ChfqFXdEAE&cid=CAASFeRoprMvZGrfa_bxiEhFbCibqY0xhQ&id=lidar2&mcvt=1001&p=462,315,716,615&mtos=0,1001,1001,1001,1001&tos=0,1001,0,0,0&v=20210609&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&app=0&itpl=20&adk=4042975291&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1623351447761&dlt=23&rpt=291&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 18:57:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: image.prntscr.com
URL: https://image.prntscr.com/image/uFtX-oiqQUKd1uueeuW7Eg.png

Verdicts & Comments Add Verdict or Comment

112 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=prnt.sc(Line 1) Message: TypeError: Cannot read property 'getItem' of null

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

7251cd3401af9f67fcd107f7d0cfe1f3.safeframe.googlesyndication.com
ads.ad4game.com
adservice.google.com
adservice.google.de
api.prntscr.com
c.amazon-adsystem.com
cdn.ad4game.com
cm.g.doubleclick.net
connect.facebook.net
dsum-sec.casalemedia.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
htlb.casalemedia.com
ib.adnxs.com
image.prntscr.com
pagead2.googlesyndication.com
pixel.quantcount.com
platform.twitter.com
prnt.sc
quantcast.mgr.consensu.org
rules.quantcount.com
s0.2mdn.net
secure.quantserve.com
securepubads.g.doubleclick.net
st.prntscr.com
stats.g.doubleclick.net
sync.teads.tv
syndication.twitter.com
tpc.googlesyndication.com
us-u.openx.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
image.prntscr.com
104.23.139.12
104.244.42.136
104.26.14.80
142.250.184.226
142.250.185.162
142.250.185.66
143.204.141.33
151.139.242.3
184.31.88.106
185.33.220.242
192.207.255.147
2.18.234.21
2.21.111.28
2600:9000:218c:9c00:9:46dc:4700:93a1
2600:9000:218d:1a00:6:44e3:f8c0:93a1
2606:2800:234:46c:e8b:1e2f:2bd:694
2620:116:800d:21:51e4:db4b:4436:b305
2a00:1450:4001:800::2003
2a00:1450:4001:802::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:812::2001
2a00:1450:4001:813::200e
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2006
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2004
2a00:1450:4001:830::2002
2a00:1450:4001:831::2002
2a00:1450:400c:c0a::9b
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
35.244.159.8
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0f4b08d07ecca9f8fcaf108ea78bb163fc98cfc19a844bd0f87412ab34a41873
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
14a0e975c6d240c8347273a5a64dd89e8ef1d121bbfc17010fc8bc833ce3ba88
1b185d89e437f1591af8c51d5e6dad41d3666e22a81931ee9df22e2cfdacaddb
2875a6fc4266fec00a383377cb4530b6407912897b0727e26249d89c6dfe0359
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2ddef05ee7b0caa6fd9be281a5b4e53ada42bff7814578d748144f2f9181e476
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
34e9a619897b9223115c6588f352612268c90c3d83990829768973759b0d1a6e
3930375a8b682fc44d17b9a0c437b93ecfff48f3f1b8aac11730a6d919dc413f
3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820
40ec0b04019845302a5052b4689b5d3477c9717dca73243e5faf7cf98f3af564
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
444173b48f18d3e5e0d2caa5e248c120dd6f732f167538c168aea0182e9237d8
45b8a13dcb32541a7703dec7eba4c4195cb62ed00029c2ea5a0b61fd16864b55
483cc9a5ece5c92d5a2f1ea6e92e7f8bc29844a6c06bf36c0349d70334685dc7
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
53e41816a483c797d9233d19860016e19433f30bfff5006f4ecd98a29804c2e0
5a3a63b2ac124cb9a194ec01ea1f0d3123e4019bf658c6f47a77b4faea84c079
5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3
612e9745b7241cd6cfba981772afc796092854e89638a566217a670380b9a926
644fe3cbc4b014addd152a43b6473a2b4cedee942d2e951c6402f18a222d419d
657e418aa106813f735516500df7c43f92658cee76b3b538fa92f19cd853e7fd
6c886829900e15065d82d7d2d1be325aadb12483443f7e1a558558841a42f2fc
733f44e4d42f00e0a8c267d516e9f6939d36f65ceb3bf851998475b9f6650d3f
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
77037ee4dbbc12af593132d67ef32065fda5f1d2f5800094e3dc7c0a15fede7e
7b67ae2416a166f4238581097d4ce984a69d9662aab12ecc4b2b881c45164e36
83817752fb260ff66b3bca1471bb20dbb6a1e6a17174c657efe0912ad161b382
847b752a86dc45b468e83e21204f7cb2099c39050c521827d9648f8514c6a717
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
851ee4c02ef1ce0d27c629dc91e1bcd5176a6b2b0a86fc53544f701ae34b11f1
86a1b8f94f48c4e82d2616d4c581f10a34ff447a2bd95be08714fa0d19ba3f51
8885b148fd935be13a377bbea1d21bf7eb4f42127f3795428e68eeee7c0c022e
8a19707bd88a29100f84e106852ddd5bfeebe1fe562960c4932d1347210d13a1
8bfd2fa3b3b5924e3655bcf9f63427e792bd8572b7ed0992373bdb4b21c7cb89
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
9bd7952daefc70291b0a0bc163e80b8654b7600d1c590f24fa57a5cb8a218964
9c9935e1daafc929a9866a206e769e084cd83f19d436ca22887adc2798408646
9cba18b92e9e26a6c192ad3b5d9349387d664a888ccf512073aedb88a618ac8b
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a093d2047e1a59b7103810b947780e5f94d865915cb923ebcaa7e50f557c2102
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5e762276ffd20732a10037842bac383dc64a7b230ab1f48f2a0ff7406b8b9c8
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b6a1120cc303b1c6ee6d548a5b418c2707b59de0c1f13c8ab870ca4e734b6acc
bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012
bca2c1abcf4b76a46306bc7f1a607a459371ccf5e7213aae988c33b4dabb1758
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c1b709f6aa4159fb5f147ad89e31264cd6a3aa068ddfc8651d04b01b60d899c1
c9815821ab1442501b9e9bae3d4bc5730315d6a513c8b40141b2d47b76da1916
cabbde8502a6598896a3c812c89ecd99ecfb3e9ca68f632c8c9b3f2a7f6e0046
cb09c3720b53d8651d6f5825cf643e6249aefbe82a1ba1417d230cdb9b36cba6
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5
d91d13fd8f9d253a8213aeee7ebaa7e073683fc600a3d82902c3c669b8ffdee7
dc9f7cdaabb3201fd2ead8c0cfd974710305362d0ea77c96069cb189796d6238
e05edf2ae58e3a9f1d2a84d32a8b216fd0aece46f527b58dcbce75255989ea88
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f
e926f30958d0c21d088e6a671d3356a3c3fab9cc6220b8e408f19d868a7dc5c8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f02bdfeeccb01fcb3a26f9959a9632cb0fcad4f44deb9a5b5dec1a396ffa555f
f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729
ff435c12fbb6f6b16fe568369dda74ec57643c23ae168e74990283a71902daef

prnt.sc Open in urlscan Pro 104.26.14.80 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

120 Requests

99 %HTTPS

58 %IPv6

21 Domains

35 Subdomains

34 IPs

4 Countries

1263 kBTransfer

3244 kBSize

0 Cookies

12 Outgoing links

Redirected requests

120 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

prnt.sc Open in urlscan Pro
104.26.14.80 Public Scan

Screenshot
Live screenshot

Full Image

120
Requests

99 %
HTTPS

58 %
IPv6

21
Domains

35
Subdomains

34
IPs

4
Countries

1263 kB
Transfer

3244 kB
Size

0
Cookies

120 HTTP transactions
4 data transactions