paint.toys Open in urlscan Pro
15.197.167.90 Public Scan

Software

Netlify /

Resource Hash

70883a9270d54ca9914810ee600c39f62c1147243374c8b93b7095f9c78b4b66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://syd32.angelenean.com/tqayoubqyRM2lncGFLenZURUk5Tmt1dzZxNlQtMTczMC0yNjcyNjc5MC0wZmQwMDI3My0yMzk5LVlrNlA4WE1jOFZoNjRLVGh4NEl1/7i2erpzr23w/emyhpz
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 131321
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; hit
content-encoding: br
content-length: 1632
content-type: text/html; charset=UTF-8
date: Sat, 15 Feb 2025 21:36:46 GMT
etag: "7afa2eee23cef4ed7f87aab76b5bc74d-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-nf-request-id: 01JM5RNS8JC37AKSTYJ1REJK01

Redirect headers

accept-ranges: bytes
age: 131321
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; hit
content-length: 1632
content-type: text/html; charset=UTF-8
date: Sat, 15 Feb 2025 21:36:46 GMT
etag: "7afa2eee23cef4ed7f87aab76b5bc74d-ssl-df"
location: /oil/
server: Netlify
strict-transport-security: max-age=31536000
x-nf-request-id: 01JM5RNS4103WZA8JTF3Q4XPE1

GET
H2 200 ramp_config.js Show response
cdn.intergient.com/1024872/74068/ 35 KB
6 KB 1063ms
806ms Script
application/javascript 104.18.21.56
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://cdn.intergient.com/1024872/74068/ramp_config.js
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.21.56 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12d006f3a9b12ca585b090ff74a1fc9299d0a47980334f29349340a23f38b50

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

last-modified: Sat, 15 Feb 2025 21:36:47 GMT
hw-country-code: IS
cache-control: max-age=600, public, must-revalidate
content-encoding: br
cf-cache-status: EXPIRED
via: 1.1 ec0e2f034bee82259de23281111aa344.cloudfront.net (CloudFront)
cf-ray: 91286f777b81bd76-LHR
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: Z1ZBO4XhinvrpbwwM2MrRZtirff_d8i1GGQAWTr9hJ0s2EEUOL4wAA==
date: Sat, 15 Feb 2025 21:36:47 GMT
content-type: application/javascript
vary: Accept-Encoding
server: cloudflare
x-amz-cf-pop: CDG50-C1

GET
H2 200 apps.css
paint.toys/ 5 KB
1 KB 99ms
99ms Stylesheet
text/css 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://paint.toys/apps.css

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

2ff696f311f1afa7aafddb260becd45331aab7ce1741821b0f3e2d9e683382b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/oil/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
content-encoding: br
etag: "58d01e65c6625681e8891f6fbc8c18f5-ssl-df"
age: 137635
accept-ranges: bytes
content-length: 1373
x-nf-request-id: 01JM5RNSC5Q18KK1ZRHRET2W65
cache-status: "Netlify Edge"; hit
date: Sat, 15 Feb 2025 21:36:46 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
server: Netlify

GET
H2 200 index.js Show response
paint.toys/oil/ 4 KB
1 KB 146ms
145ms Script
application/javascript 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://paint.toys/oil/index.js

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

c91c09319c4b0a24c72c0036cef74c17b85d3c4e2a4abf8153f5710421fe5b4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/oil/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
content-encoding: br
etag: "687211e2ced405124b38663a13c97091-ssl-df"
age: 18792
accept-ranges: bytes
content-length: 1190
x-nf-request-id: 01JM5RNSDHTJDSA5SBF9NBZNRE
cache-status: "Netlify Edge"; hit
date: Sat, 15 Feb 2025 21:36:47 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Netlify

GET
H2 200 art-icon.png
paint.toys/assets/ 33 KB
33 KB 147ms
147ms Image
image/png 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://paint.toys/assets/art-icon.png

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

f4d368e4230539c778afbb020e0ea611b3e1d984179f5b3769b44081d6703f3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/oil/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
etag: "1394f8469f2ca5750397e3d7b6ec70a1-ssl"
age: 32435
accept-ranges: bytes
content-length: 33562
x-nf-request-id: 01JM5RNSDH3SB7CY4PM6X79AM9
cache-status: "Netlify Edge"; hit
date: Sat, 15 Feb 2025 21:36:47 GMT
content-type: image/png
server: Netlify

GET
H2 200 icon-hand.png
paint.toys/assets/ 27 KB
27 KB 153ms
152ms Image
image/png 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://paint.toys/assets/icon-hand.png

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

32aa05a5648678542ab9044647f0bf5549c0b53a070585edb773f0e92b72b97d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/oil/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
etag: "a0822110a4671ffdf710da1467460fba-ssl"
age: 124756
accept-ranges: bytes
content-length: 27394
x-nf-request-id: 01JM5RNSDHPRWHHY1QAZYQ1PXY
cache-status: "Netlify Edge"; hit
date: Sat, 15 Feb 2025 21:36:47 GMT
content-type: image/png
server: Netlify

GET
H2 200 icon-disk.png
paint.toys/assets/ 13 KB
14 KB 298ms
297ms Image
image/png 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://paint.toys/assets/icon-disk.png

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

436814c2374a6d92a42a02d39969ef7c56b5f225667abecb218e692c5569943c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/oil/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
etag: "26852fa1548a91e004629b01e4abf1dd-ssl"
age: 123453
accept-ranges: bytes
content-length: 13766
x-nf-request-id: 01JM5RNSGXN9HXYMBDG7TGKJ98
cache-status: "Netlify Edge"; hit
date: Sat, 15 Feb 2025 21:36:47 GMT
content-type: image/png
server: Netlify

GET
H2 200 icon-trash.png
paint.toys/assets/ 50 KB
51 KB 597ms
596ms Image
image/png 15.197.167.90
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://paint.toys/assets/icon-trash.png

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.197.167.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

186.176.8.34.bc.googleusercontent.com

Software

Netlify /

Resource Hash

6ceb226c487cb85243545e768944e0e1ae0944be8fde6c1c43c7314a9287e6d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/oil/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
etag: "e91ef5e34b5154d392e8560031eaaa4c-ssl"
age: 127342
accept-ranges: bytes
content-length: 51680
x-nf-request-id: 01JM5RNSPVEZQXE4ENHJ45PBAJ
cache-status: "Netlify Edge"; hit
date: Sat, 15 Feb 2025 21:36:47 GMT
content-type: image/png
server: Netlify

GET
H2 200 ramp_core.js Show response
cdn.intergient.com/ 3 KB
2 KB 278ms
170ms Script
application/javascript 104.18.21.56
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://cdn.intergient.com/ramp_core.js
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.21.56 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df2f1a2da3096959c4a3d1e94d76063a74be1a09b9f5b5745f8e8efe169e4d3b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

hw-country-code: IS
cache-control: max-age=600, public, must-revalidate
content-encoding: br
cf-cache-status: DYNAMIC
via: 1.1 038af4146dbc9a4849948fa23bab14ec.cloudfront.net (CloudFront)
cf-ray: 91286f777b83bd76-LHR
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: MV8bi3OepZLLCZat6B0czUXOkDCRTvSurwlW2cIyaAf2yXmQ-_aaSg==
date: Sat, 15 Feb 2025 21:36:47 GMT
x-lambda-function: us-east-1.pageos_production:850
content-type: application/javascript
vary: Accept-Encoding
server: cloudflare
x-amz-cf-pop: LHR5-P7

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 334 KB
112 KB 427ms
139ms Script
application/javascript 142.250.184.200
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-VJBRK9986D

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

a8344b1b9b2ac5482df5dca06201efe792152385dede4f3b06f663e169bc6043

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: br
report-to: {"group":"ascgcycc:1003:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1003:0"}],}
expires: Sat, 15 Feb 2025 21:36:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 15 Feb 2025 21:36:47 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1003:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1003:0
content-length: 113741
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 277 KB
98 KB 167ms
166ms Script
application/javascript 142.250.184.200
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-CEFZJ359V8&l=dataLayer&cx=c&gtm=45je52d0v9101576445za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VJBRK9986D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

ecaef752dfb67e1d1a3a4270b4fb40dc32e5a7904942811e500124409ed086fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: br
report-to: {"group":"ascgcycc:1003:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1003:0"}],}
expires: Sat, 15 Feb 2025 21:36:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 15 Feb 2025 21:36:47 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1003:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1003:0
content-length: 99854
x-xss-protection: 0
server: Google Tag Manager

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 504ms
245ms Fetch
text/plain 142.250.185.238
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-VJBRK9986D&gtm=45je52d0v9101576445za200&_p=1739655406946&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102067808~102482432~102539968~102556566~102558064~102587591~102605417~102640600&cid=1117163006.1739655408&ul=is-is&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1739655407&sct=1&seg=0&dl=https%3A%2F%2Fpaint.toys%2Foil%2F&dr=https%3A%2F%2Fsyd32.angelenean.com%2F&dt=Paint%20with%20Oils&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2019
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VJBRK9986D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.185.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"ascnsrsggc:86:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://paint.toys
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:86:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 15 Feb 2025 21:36:48 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 387a75_1cbdea5624074e94ce02f0f5ac56a94c3cb53366c7.min.js Show response
faucetfoot.com/build/ 67 KB
25 KB 362ms
145ms Script
text/javascript 34.8.176.186
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL

https://faucetfoot.com/build/387a75_1cbdea5624074e94ce02f0f5ac56a94c3cb53366c7.min.js

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/1024872/74068/ramp_config.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.8.176.186 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

Resource Hash

d7de2af6b53a57e7ee26df70f67814dab6b3914b536b24e5a7c0b6c929ca83bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=15724800; preload
cache-control: private, must-revalidate, max-age=21600
timing-allow-origin: *
content-encoding: zstd
etag: W/"b106a70bb1c2a971e08edbbc8c16b5e86248f9e505749c91426690ba4681ac83"
x-buildname: hoothoot
x-datacenter: gce-europe-west1
via: 1.1 google
x-hostname: fen-hoothoot-europe-west1-x1l3
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-buildnumber: 1657128696
date: Sat, 15 Feb 2025 21:36:48 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Language

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 105 KB
33 KB 237ms
121ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/1024872/74068/ramp_config.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2dc0bd1bfd7f54362e483306e420d41d86dd9f9e572f9c756e85d18b6f0d2033

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: br
etag: 979 / 20134 / 31090404 / config-hash: 14340788361892452827
x-content-type-options: nosniff
expires: Sat, 15 Feb 2025 21:36:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Sat, 15 Feb 2025 21:36:48 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33996
x-xss-protection: 0
server: cafe

GET
H3 200 prebid.js.br Show response
cdn.intergi.com/prebid/ 564 KB
179 KB 210ms
112ms Script
text/javascript 104.18.24.242
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://cdn.intergi.com/prebid/prebid.js.br
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/1024872/74068/ramp_config.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.24.242 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 930f76466a9eb4f30d5eb615b47214dbde199ea4e41372f0a0f4234999effd26

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: _TYiC0cw4jjhOm7gGxg9EGWYjsRSWSiG
etag: W/"d5acf230567b5490882977b27dffbdf1"
age: 3874
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: PopPpT48SqKLwOXRiOD4GJPz7-SI55Q83x2yt8p0fKnTjKRh3Y6H7w==
date: Sat, 15 Feb 2025 21:36:48 GMT
content-type: text/javascript
last-modified: Thu, 13 Feb 2025 14:00:05 GMT
vary: Accept-Encoding
priority: u=3,i=?0
server-timing: cfExtPri
via: 1.1 7ce9bf658969fea1ceecfa00e5239dd6.cloudfront.net (CloudFront)
cf-ray: 91286f7ce8e4cce2-LHR
x-amz-cf-pop: AMS58-P6
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 pageos.js Show response
cdn.intergient.com/pageos/2.2.9/ 395 B
547 B 103ms
103ms Script
text/javascript 104.18.21.56
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://cdn.intergient.com/pageos/2.2.9/pageos.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/ramp_core.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.21.56 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7ab42d5e0259ca8be28e5e474053d316d4c2fd9f1b45d3069769d37247ce224

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"052df36524512fdd96e430fb7dd10157"
age: 273048
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: UjyQYK2LbevZ1JynFz7cQyfwiR-xIPXbuxSeaDcPNfIeghoXTk0iAg==
date: Sat, 15 Feb 2025 21:36:48 GMT
content-type: text/javascript
last-modified: Wed, 12 Feb 2025 15:59:26 GMT
vary: Accept-Encoding
hw-country-code: IS
cache-control: public, max-age=31536000
via: 1.1 093a91992b9e11df9fd56a3075af5858.cloudfront.net (CloudFront)
cf-ray: 91286f7c4839bd76-LHR
x-amz-cf-pop: DUB56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 runtime.faf6509395f8efe38a8c.js Show response
cdn.intergient.com/pageos/2.2.9/ 3 KB
2 KB 113ms
112ms Script
text/javascript 104.18.21.56
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://cdn.intergient.com/pageos/2.2.9/runtime.faf6509395f8efe38a8c.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/2.2.9/pageos.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.21.56 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 159edf91c94b58e20383804c1964656e6fe4f3cd90202285851638ce73d6bc0c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"4ba8130edf5266b758f6c21acd563a2e"
age: 273048
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: erx1vsMBsSWW8YbvkHvariitAqXxp4mFaS5Vnx13rDPcg47Nw3bLgQ==
date: Sat, 15 Feb 2025 21:36:48 GMT
content-type: text/javascript
last-modified: Wed, 12 Feb 2025 15:59:26 GMT
vary: accept-encoding
priority: u=3,i=?0
server-timing: cfExtPri
hw-country-code: IS
cache-control: public, max-age=31536000
via: 1.1 f097f68c5413fffd30e36380074e9418.cloudfront.net (CloudFront)
cf-ray: 91286f7cf8447796-LHR
x-amz-cf-pop: DUB56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 main.884d984457b5c04043a0.js Show response
cdn.intergient.com/pageos/2.2.9/ 1 MB
294 KB 123ms
123ms Script
text/javascript 104.18.21.56
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://cdn.intergient.com/pageos/2.2.9/main.884d984457b5c04043a0.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/2.2.9/pageos.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.21.56 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ef5006fc03b78e9714dd2efeb7662a0e0cd11714a9a3d5ab7a5f4a2f365d320

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"7958a6818d2bbcfd001d97d6c2096e53"
age: 273048
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: txR8wZeT_YCenINljJiRAl5GJSiXXCW5iAB-XBPBaX8VpR1PnKQ1Kw==
date: Sat, 15 Feb 2025 21:36:48 GMT
content-type: text/javascript
last-modified: Wed, 12 Feb 2025 15:59:26 GMT
vary: accept-encoding
priority: u=3,i=?0
server-timing: cfExtPri
hw-country-code: IS
cache-control: public, max-age=31536000
via: 1.1 f4152a7e3f38840de1666dec1da22a5c.cloudfront.net (CloudFront)
cf-ray: 91286f7cf8467796-LHR
x-amz-cf-pop: DUB56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 154ms
154ms Fetch
text/plain 142.250.185.238
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-CEFZJ359V8&gtm=45je52d0v9102396898za200zb9101576445&_p=1739655406946&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102067808~102482432~102539968~102558064~102587591~102605417~102640600&cid=1117163006.1739655408&ul=is-is&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1739655408&sct=1&seg=0&dl=https%3A%2F%2Fpaint.toys%2Foil%2F&dr=https%3A%2F%2Fsyd32.angelenean.com%2F&dt=Paint%20with%20Oils&en=ramp_js&_fv=1&_ss=1&_ee=1&ep.pageview_id=1739655406946&tfd=2370
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CEFZJ359V8&l=dataLayer&cx=c&gtm=45je52d0v9101576445za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.185.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"ascnsrsggc:86:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://paint.toys
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:86:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 15 Feb 2025 21:36:48 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
482 B 589ms
274ms Image
image/gif 18.66.112.50
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?ab=1&zoneid=5060489_advertisement_
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-50.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

etag: "45cf913e5d9d3c9b2058033056d3dd23"
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
age: 238259
x-cache: Hit from cloudfront
x-amz-cf-id: DqIEBV_8xx-4Ig_JffflZFoMrHKWQZtrKRx8S4iT57rfqz0Ae-GlZA==
date: Thu, 13 Feb 2025 03:25:50 GMT
content-type: image/gif
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
x-amz-replication-status: COMPLETED
cache-control: max-age=315360000
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf4.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 43
x-amz-cf-pop: FRA56-P5
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202502120101/ 515 KB
160 KB 115ms
115ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202502120101/pubads_impl.js?cb=31090404

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdd03858ad28e1991d44dce9c65bc6ec7eb3c43117b1137d018fe728e490c009

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: br
etag: 2634246485647693022
age: 30931
x-content-type-options: nosniff
expires: Sun, 15 Feb 2026 13:01:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Sat, 15 Feb 2025 13:01:17 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 163682
x-xss-protection: 0
server: cafe

GET
H3 200 gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202502130101/ 64 KB
23 KB 122ms
122ms Other
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/dict/m202502130101/gpt

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f4442b7df3166c285f18feed5c1d9bd46f15c41c0a7d899c171d5fc7343ceda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 8655983866465860880
age: 47428
x-content-type-options: nosniff
expires: Sun, 16 Feb 2025 08:26:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Sat, 15 Feb 2025 08:26:20 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=86400, stale-while-revalidate=7200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 23671
x-xss-protection: 0
server: cafe
use-as-dictionary: match="/gampad/ads", id="m202502130101"

GET
H2 200 154013155 Show response
fundingchoicesmessages.google.com/i/ 192 KB
63 KB 510ms
223ms Script
application/javascript 142.250.186.174
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/154013155?ers=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202502120101/pubads_impl.js?cb=31090404

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

186.176.8.34.bc.googleusercontent.com

Software

ESF /

Resource Hash

a18ef547170425654adf91547079c6a07437f79cb00777f9807cbf5ecd85452a

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-b6-gzq5ldxPrGMmyTUMoKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 15 Feb 2025 21:36:49 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjitDikmLw15BiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYgZvl5h5QDiky5XWS8C8WUgvg3EVb-usjYBsRAPx8eJR_ayCSy4t3gKo5JGUn5hfHJ-XklRZlJpSX5RWnJaanFqUVlqUbyRgZGpgZGhsZ6BWXyBAQCfejwd"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-b6-gzq5ldxPrGMmyTUMoKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

POST
H3 200 bbf4b6b_be39343df601f5ba8a946851cf0ef31cd6d3ff3fde6dc2551aefd Show response
faucetfoot.com/631982/ 303 B
330 B 210ms
110ms Fetch
application/json 34.8.176.186
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL

https://faucetfoot.com/631982/bbf4b6b_be39343df601f5ba8a946851cf0ef31cd6d3ff3fde6dc2551aefd

Requested by

Host: faucetfoot.com
URL: https://faucetfoot.com/build/387a75_1cbdea5624074e94ce02f0f5ac56a94c3cb53366c7.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.8.176.186 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

Resource Hash

ad5d3b32e9b919139496c5a325add234fa0383bee239da47b4fd3354ec47ef53

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://paint.toys/

Response headers

x-buildname: hoothoot
access-control-allow-methods: POST, OPTIONS
x-hostname: fen-hoothoot-europe-west1-x1l3
expires: Sat, 15 Feb 2025 21:36:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 15 Feb 2025 21:36:49 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding, Origin
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
strict-transport-security: max-age=15724800; preload
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
access-control-allow-credentials: true
x-datacenter: gce-europe-west1
via: 1.1 google
access-control-allow-origin: https://paint.toys
x-buildnumber: 1657128696
content-length: 303

GET
H2 200 AGSKWxUxmDQ-od43w9ofOXMoSfLTeyhCdi89qk7QdOxG920EZD1n7RpzTkfP6bM5nawdECwX-FreUa4SoqDYoWIAngmy4lQGHpBSmo569zyTaEc8grw0_7QKUcLMdyflq6_8CkbEDEbsmQ== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 199ms
199ms Script
application/javascript 142.250.186.174
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUxmDQ-od43w9ofOXMoSfLTeyhCdi89qk7QdOxG920EZD1n7RpzTkfP6bM5nawdECwX-FreUa4SoqDYoWIAngmy4lQGHpBSmo569zyTaEc8grw0_7QKUcLMdyflq6_8CkbEDEbsmQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzM5NjU1NDA5LDU4MDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9wYWludC50b3lzL29pbC8iLG51bGwsW1s4LCJsLTczTUdzcnhUTSJdLFs5LCJpcyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCJzeWQzMi5hbmdlbGVuZWFuLmNvbSJdXV0

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.is.l-73MGsrxTM.es5.O/d=1/rs=AJlcJMwTN6LFt2BTQ2bdVglZtBVZAGI5nA/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d921bbeaef606591b067e6803f444b9a3166c94261834de23750d5a94e2be349

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-aVJO_g6fZUQT3bxc8rCaOA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 15 Feb 2025 21:36:49 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjStDikmJw0pBiOHHrNtMFIG69eY51OhAbrT3P6gLEhgqXWJ2B-P66S6zPgfhD_WXWH0BcJHGFtQWIGb5eYeUA4pMuV1kvAvFlIL4NxFW_rrI2AbEQD8fHiUf2sgks-Hn0GpOSRlJ-YXxyfl5JUWZSaUl-UVpyWmpxalFZalG8kYGRqYGRobGegVl8gQEAgWpBng"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-aVJO_g6fZUQT3bxc8rCaOA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 200 topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame 8DDE 0
0 752ms
221ms Document
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/static/topics/topics_frame.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202502120101/pubads_impl.js?cb=31090404

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 2006
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000, stale-while-revalidate=3600
content-encoding: br
content-length: 29061
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 15 Feb 2025 21:03:24 GMT
expires: Sat, 15 Feb 2025 21:53:24 GMT
last-modified: Mon, 10 Feb 2025 20:42:44 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 664ms
132ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202502120101/pubads_impl.js?cb=31090404
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

x-goog-metageneration: 1
content-encoding: gzip
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
etag: "df5542b88bc0e368c6999754a5b9e2ba"
age: 104380
x-goog-stored-content-encoding: gzip
expires: Sat, 14 Feb 2026 16:37:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 7927
date: Fri, 14 Feb 2025 16:37:10 GMT
last-modified: Thu, 27 May 2021 18:30:51 GMT
content-type: application/javascript
x-guploader-uploadid: AHMx-iFJQN0dY1XY790zEGPsMcByVo0nGBXkPKwJBxRWVghHm-P0Qkd2F05L-1_5sd6ycwq261tWwZg
cache-control: no-transform
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
x-goog-generation: 1622140251693895
content-length: 7927
server: UploadServer

GET ob.js
cdn-ima.33across.com/ 0
0

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 3 KB
3 KB 998ms
166ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202502120101/pubads_impl.js?cb=31090404
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 2e5f5cb912c0619933ea6c3ad8ac1466a005f792e3338d96a8432d144c63520f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

etag: 861bdaf24bda5c0db45c6ebe1c94a9eb
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2729
date: Sat, 15 Feb 2025 21:36:50 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 05 Feb 2025 14:45:21 GMT
server: Google Frontend
x-cloud-trace-context: 703308ecd20347bf29b0ce1bd4bd4c94

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
13 KB 656ms
187ms Script
text/javascript 178.250.1.39
ASN-CRITEO-EUROPE...

General

Check archive.org

Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202502120101/pubads_impl.js?cb=31090404

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.39 , France, ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR),

Reverse DNS

Software

nginx /

Resource Hash

1635d2075d3343c86490d2229c1fb868ad59d92958ef65e04cb65767c703e9f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"670e3454-a69c"
cross-origin-resource-policy: cross-origin
expires: Sun, 16 Feb 2025 21:36:50 GMT
access-control-allow-origin: *
date: Sat, 15 Feb 2025 21:36:50 GMT
content-type: text/javascript
last-modified: Tue, 15 Oct 2024 09:22:28 GMT
server: nginx

GET
H3 200 AGSKWxWWV9So6WqPWAVS2ibsYldlw-ZGNjxXCLvHLCFk3I0PjCqRcwfXqMrKRcHKzHtqNsqBhVAsnTu_PojWRQtbo48HAWcwxup1mfJ6g1jmsXbz4-DfxWcM1Og19S1lu5gEYkNn4GWJBw== Show response
fundingchoicesmessages.google.com/f/ 10 KB
4 KB 340ms
339ms Script
application/javascript 142.250.186.174
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWWV9So6WqPWAVS2ibsYldlw-ZGNjxXCLvHLCFk3I0PjCqRcwfXqMrKRcHKzHtqNsqBhVAsnTu_PojWRQtbo48HAWcwxup1mfJ6g1jmsXbz4-DfxWcM1Og19S1lu5gEYkNn4GWJBw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzM5NjU1NDA5LDg0NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vcGFpbnQudG95cy9vaWwvIixudWxsLFtbOCwibC03M01Hc3J4VE0iXSxbOSwiaXMiXSxbMTksIjIiXSxbMTcsIlswXSJdLFsyNCwic3lkMzIuYW5nZWxlbmVhbi5jb20iXV1d

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

cdn-185-199-109-133.github.com

Software

ESF /

Resource Hash

f6d64534bd03c8ff5601eb2021d9e1b8b432c884bc3e919759368a75e8854034

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-JSlhL2f6-3xq7U0t7YCrHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 15 Feb 2025 21:36:50 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjitDikmJw0JBiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYgZvl5h5QDiky5XWS8C8WUgvg3EVb-usjYBsRA3x6eJR_ayCUzo2mOppJGUXxifnJ9XUpSZVFqSX5SWnJZanFpUlloUb2RgZGpgZGisZ2AWX2AAAEy9O2c"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-JSlhL2f6-3xq7U0t7YCrHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H2 200 syncframe
gum.criteo.com/ Frame B2A6 0
0 1458ms
188ms Document
text/html 178.250.1.11
ASN-CRITEO-EUROPE...

General

Check archive.org

Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=paint.toys&gdpr=0&gdpr_consent=

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE Criteo Technology SAS, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 15 Feb 2025 21:36:50 GMT
server: Kestrel
server-processing-duration-in-ticks: 328948
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
x-robots-tag: noindex

GET
H3 200 videoCard.5ed8eb34c11835040def.js Show response
cdn.intergient.com/pageos/2.2.9/ 559 B
751 B 120ms
120ms Script
text/javascript 104.18.21.56
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://cdn.intergient.com/pageos/2.2.9/videoCard.5ed8eb34c11835040def.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/2.2.9/runtime.faf6509395f8efe38a8c.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.21.56 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 795041923e6338abe450ff9524ef70fd40432f278f32c9c35cdbb08239574fb1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6880c1609e3243c11c7b4f1285e14d89"
age: 273050
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: SJdh9vIy1_JGweCFnPDX18xELGnSjLFx5doqUB18A3mt0rOpDmbb9A==
date: Sat, 15 Feb 2025 21:36:50 GMT
content-type: text/javascript
last-modified: Wed, 12 Feb 2025 15:59:26 GMT
vary: Accept-Encoding
priority: u=3,i=?0
server-timing: cfExtPri
hw-country-code: IS
cache-control: public, max-age=31536000
via: 1.1 f0868511430dcb4e806371168cafb072.cloudfront.net (CloudFront)
cf-ray: 91286f8da9607796-LHR
x-amz-cf-pop: DUB56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 iframe.html
cdn.intergient.com/pageos/2.2.9/iframe/ Frame 0419 0
0 425ms
309ms Document
text/html 104.18.20.56
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://cdn.intergient.com/pageos/2.2.9/iframe/iframe.html
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/2.2.9/main.884d984457b5c04043a0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.20.56 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36

Response headers

age: 273050
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=31536000
cf-cache-status: HIT
cf-ray: 91286f8e786763cd-LHR
content-encoding: br
content-type: text/html
date: Sat, 15 Feb 2025 21:36:50 GMT
hw-country-code: IS
last-modified: Wed, 12 Feb 2025 15:59:26 GMT
priority: u=0,i
server: cloudflare
server-timing: cfExtPri
vary: Accept-Encoding
via: 1.1 01ff8231ac3eb0824a64f71dd911997c.cloudfront.net (CloudFront)
x-amz-cf-id: fvotcUp4KF8n-dxEsIrOPXvqo2JvCmoG5iGkpnuW5xEMHcMzm3v6uA==
x-amz-cf-pop: DUB56-P2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront

GET
H3 200 gdpr.80ecc6d950abd7ae1e79.js Show response
cdn.intergient.com/pageos/2.2.9/ 6 KB
2 KB 120ms
119ms Script
text/javascript 104.18.21.56
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://cdn.intergient.com/pageos/2.2.9/gdpr.80ecc6d950abd7ae1e79.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/2.2.9/runtime.faf6509395f8efe38a8c.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.21.56 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7af7d6e87956d5fa4efa79a20dadf99c8646b041ae992cc64f53cf7e4ca5dc4e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"5f9d5d36376d3631f41c8f82fda1adbf"
age: 273050
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: -2fGKNHNTBpwy4rnCbeHI6msFYTlihbre2IyQ2LQzpArJueWajH_qA==
date: Sat, 15 Feb 2025 21:36:50 GMT
content-type: text/javascript
last-modified: Wed, 12 Feb 2025 15:59:26 GMT
vary: accept-encoding
priority: u=3,i=?0
server-timing: cfExtPri
hw-country-code: IS
cache-control: public, max-age=31536000
via: 1.1 89272fa8378ebd4efc80c03ddba9dd9e.cloudfront.net (CloudFront)
cf-ray: 91286f8db9887796-LHR
x-amz-cf-pop: DUB56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 GDPR Show response
impression-inferences-edge-prod.playwire.com/websites/74068/v1/Sat/16/desktop/Chrome/ 584 B
920 B 744ms
428ms XHR
application/json 18.245.46.126
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://impression-inferences-edge-prod.playwire.com/websites/74068/v1/Sat/16/desktop/Chrome/GDPR
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/2.2.9/main.884d984457b5c04043a0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.46.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-46-126.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: 7a3ba3374146233138ff732bdc370dfc0a4059b2f8312f0af21024dd6f7c8c05

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

cache-control: max-age=3600, public, must-revalidate
access-control-expose-headers: *
age: 2181
via: 1.1 5a2cb96a37aeca3f9626798c4e9dab28.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Hit from cloudfront
content-length: 584
x-amz-cf-id: sXkC4FLdN1VaWq14hwgb91BjYRiJkzLzh87uV6kAMmb0MZU-KrJdgQ==
date: Sat, 15 Feb 2025 21:00:30 GMT
content-type: application/json
x-amz-cf-pop: FRA56-P9
server: CloudFront

GET
H2 200 tag Show response
btloader.com/ 117 KB
32 KB 427ms
214ms Script
application/javascript 104.22.74.216
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://btloader.com/tag?o=5150306120761344&upapi=true
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/2.2.9/main.884d984457b5c04043a0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.74.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe0f273f032b6760d7d04a5bab664f7fb0558215e5bdb6400b8d453547410de8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

x-robots-tag: noindex, nofollow
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
content-encoding: gzip
cf-cache-status: HIT
etag: "86ecd074da602dff42838c5368cca252"
age: 218
via: 1.1 google
cf-ray: 91286f8f68957711-LHR
accept-ranges: bytes
content-length: 32925
date: Sat, 15 Feb 2025 21:36:51 GMT
content-type: application/javascript
last-modified: Sat, 15 Feb 2025 21:31:43 GMT
vary: Origin, Accept-Encoding
server: cloudflare

GET
H2 200 1x1.gif
raw.githubusercontent.com/easylist/easylist/master/docs/ 43 B
591 B 603ms
144ms Image
image/gif 185.199.109.133
FASTLY

General

Check archive.org

Download Go to Show image

Full URL

https://raw.githubusercontent.com/easylist/easylist/master/docs/1x1.gif

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.109.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

x-fastly-request-id: d48d7fd244be90e99e07c3a97afb34357fadc379
etag: W/"0c4a5773f7e435c57c40bd270aef756513eba26bd7ba5317b5bd765569a7325d"
x-content-type-options: nosniff
x-github-request-id: 6ABB:1044ED:AD5DC:DE77F:67AC3000
expires: Sat, 15 Feb 2025 21:41:51 GMT
x-cache: HIT
date: Sat, 15 Feb 2025 21:36:51 GMT
content-type: image/gif
x-served-by: cache-lcy-eglc8600082-LCY
x-cache-hits: 24
source-age: 273
x-frame-options: deny
strict-transport-security: max-age=31536000
vary: Authorization,Accept-Encoding,Origin
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
cache-control: max-age=300
x-timer: S1739655411.334039,VS0,VE0
cross-origin-resource-policy: cross-origin
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 43
x-xss-protection: 1; mode=block

GET
H3 200 getadvertiserimage.=dynamicads& Show response
fundingchoicesmessages.google.com/f/AGSKWxXhLfm-_NHkTPjaQkEF3qhQrzmj_lu4QBAgjSqP1hYDAY-rY5P3dxcXZnBjtzFBU8uURQincNIXDrsoeiioljved6hUutoHOEiPqUqcSrQEAhmuxaXdq077ZS708mMdK_madbUVqipoxhfMPKYP3F4j0w3jT... 54 B
109 B 334ms
334ms Script
application/javascript 142.250.186.174
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXhLfm-_NHkTPjaQkEF3qhQrzmj_lu4QBAgjSqP1hYDAY-rY5P3dxcXZnBjtzFBU8uURQincNIXDrsoeiioljved6hUutoHOEiPqUqcSrQEAhmuxaXdq077ZS708mMdK_madbUVqipoxhfMPKYP3F4j0w3jTdNva17Qe8mahnsL3jfiRYMHWiPch6Z6/_/top-ad_/adscdn./ads2./getadvertiserimage.=dynamicads&

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.is.l-73MGsrxTM.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMwTN6LFt2BTQ2bdVglZtBVZAGI5nA/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7e59975436e9e8b00f9113d8bcbb67050d38a001824b8ef432a0bf1eea387602

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-X8iZHcrPp1_ze79AJ9yb4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 15 Feb 2025 21:36:51 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjitDikmJw1ZBiaL15jnU6EButPc_qAsSGCpdYnYH4_rpLrM-B-EP9ZdYfQFwkcYW1BYgZvl5h5QDiky5XWS8C8WUgvg3EVb-usjYBsRA3x-eJR_ayCczYM09NSSMpvzA-OT-vpCgzqbQkvygtOS21OLWoLLUo3sjAyNTAyNBYz8AsvsAAAFGJO3Y"
content-security-policy: script-src 'report-sample' 'nonce-X8iZHcrPp1_ze79AJ9yb4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 200 lidar.js Show response
pagead2.googlesyndication.com/pagead/js/ 250 KB
79 KB 247ms
119ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/lidar.js?fcd=true

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

4b675e67e7c5db917e723d038c6898c5035d2c4fa26c37f89eee8a0b627ccf29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: br
etag: 15800702649357058886
age: 287
x-content-type-options: nosniff
expires: Sat, 15 Feb 2025 22:32:03 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Sat, 15 Feb 2025 21:32:03 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 80451
x-xss-protection: 0
server: cafe

POST
H3 204 AGSKWxVIPWeRH169J9vu0bUocQD3a5BFDZPmxTb3YlrnNN_PfZwp_wJKEdn0L978JFT8iRgf0_EsHKy2IvDHj-nTxgfGHRlomNIcv3qzV-OjPwfSpMXTTsGSDSbVKMLixYlamL7UuQwJVQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 539ms
416ms XHR
text/html 142.250.186.174
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVIPWeRH169J9vu0bUocQD3a5BFDZPmxTb3YlrnNN_PfZwp_wJKEdn0L978JFT8iRgf0_EsHKy2IvDHj-nTxgfGHRlomNIcv3qzV-OjPwfSpMXTTsGSDSbVKMLixYlamL7UuQwJVQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-xIUi7pX3X8UUuyeZTLvBBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://paint.toys/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 15 Feb 2025 21:36:51 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tDikmLw1ZBi-FB_mfUHEDN8vcLKAcQnXa6yXgTiy0B8G4iFuDk-Tzyyl01gw8ZDLkouSfmF8cn5eSWpeSW6iSnFuiB2UWZSaUl-EQo7tQykIic_PT0zLz3eyMDI1MDI0FjPwDy-wAAAIzcvzQ"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-xIUi7pX3X8UUuyeZTLvBBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://paint.toys
content-length: 0
x-xss-protection: 0
server: ESF

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVIPWeRH169J9vu0bUocQD3a5BFDZPmxTb3YlrnNN_PfZwp_wJKEdn0L978JFT8iRgf0_EsHKy2IvDHj-nTxgfGHRlomNIcv3qzV-OjPwfSpMXTTsGSDSbVKMLixYlamL7UuQwJVQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-YJeg0WpFGm2v8AisZCebbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://paint.toys/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 15 Feb 2025 21:36:51 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tDikmII1JBi-FB_mfUHEDN8vcLKAcQnXa6yXgTiy0B8G4iFeDg-Tzyyl03gx4GPaxmVXJLyC-OT8_NKUvNKdBNTinVB7KLMpNKS_CIUdmoZSEVOfnp6Zl56vJGBkamBkaGxnoF5fIEBAIC_MMI"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-YJeg0WpFGm2v8AisZCebbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://paint.toys
content-length: 0
x-xss-protection: 0
server: ESF

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVIPWeRH169J9vu0bUocQD3a5BFDZPmxTb3YlrnNN_PfZwp_wJKEdn0L978JFT8iRgf0_EsHKy2IvDHj-nTxgfGHRlomNIcv3qzV-OjPwfSpMXTTsGSDSbVKMLixYlamL7UuQwJVQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-UJ-dQ7CaKLHpAtXTpGEG8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://paint.toys/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 15 Feb 2025 21:36:51 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tDikmLw15Bi-FB_mfUHEDN8vcLKAcQnXa6yXgTiy0B8G4iFeDg-Tzyyl03gw6qtZxmVXJLyC-OT8_NKUvNKdBNTinVB7KLMpNKS_CIUdmoZSEVOfnp6Zl56vJGBkamBkaGxnoF5fIEBAG7_MIY"
content-security-policy: script-src 'report-sample' 'nonce-UJ-dQ7CaKLHpAtXTpGEG8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://paint.toys
content-length: 0
x-xss-protection: 0
server: ESF

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVIPWeRH169J9vu0bUocQD3a5BFDZPmxTb3YlrnNN_PfZwp_wJKEdn0L978JFT8iRgf0_EsHKy2IvDHj-nTxgfGHRlomNIcv3qzV-OjPwfSpMXTTsGSDSbVKMLixYlamL7UuQwJVQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-pbYofwwAb5CbaGz2fxIHYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://paint.toys/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 15 Feb 2025 21:36:51 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tDikmLw0ZBi-FB_mfUHEDN8vcLKAcQnXa6yXgTiy0B8G4iFeDg-Tzyyl03gQfP8C4xKLkn5hfHJ-XklqXkluokpxbogdlFmUmlJfhEKO7UMpCInPz09My893sjAyNTAyNBYz8A8vsAAAFgzMDk"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-pbYofwwAb5CbaGz2fxIHYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://paint.toys
content-length: 0
x-xss-protection: 0
server: ESF

GET
H3 200 AGSKWxVrCWIuRU2hJLex2yWiRFwO761qv5Pnf0oJcB1HxCEPcOQan7qMzB-7dNABTJU0-XpqJ08TR1yU8lZNUUb9XWajpgLeuKjvqnNXbq2WdNd5tXJfZMgVaS4Z0D6fDolCCum1fQY3dA== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 139ms
139ms Script
application/javascript 142.250.186.174
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVrCWIuRU2hJLex2yWiRFwO761qv5Pnf0oJcB1HxCEPcOQan7qMzB-7dNABTJU0-XpqJ08TR1yU8lZNUUb9XWajpgLeuKjvqnNXbq2WdNd5tXJfZMgVaS4Z0D6fDolCCum1fQY3dA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzM5NjU1NDExLDM4MDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9wYWludC50b3lzL29pbC8iLG51bGwsW1s4LCJsLTczTUdzcnhUTSJdLFs5LCJpcyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCJzeWQzMi5hbmdlbGVuZWFuLmNvbSJdXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

05bb604835b2916d5cdc965702a8a03371b8301c5257ecf7338c4a3061261429

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-0e9UGL_tImFxd0rB_Kt9cQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 15 Feb 2025 21:36:51 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjStDikmJw05BiOHHrNtMFIG69eY51OhAbrT3P6gLEhgqXWJ2B-P66S6zPgfhD_WXWH0BcJHGFtQWIGb5eYeUA4pMuV1kvAvFlIL4NxFW_rrI2AbEQD8fniUf2sglsmN98g1FJIym_MD45P6-kKDOptCS_KC05LbU4tagstSjeyMDI1MDI0FjPwCy-wAAAa3tBGQ"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-0e9UGL_tImFxd0rB_Kt9cQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET px.gif
ag.dns-finder.com/ 0
0

GET
H2 200 px.gif
ad-delivery.net/ 43 B
1004 B 340ms
146ms Image
image/gif 104.26.2.70
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=2
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.2.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 29
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XUI%2FFSY4l5Ku%2FqqhYapVUEZjGuV6zjd1AtkvDHUxWld8MkC8Q4uKp%2FI4UWLI8yX%2F%2B6TrNWNZaj73ueDwnGPpyUUy8rUAF92OE0lBj3wGf7uPYQ%2BSXKL04al2z5tH750%2FGA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-encoding: identity
expires: Sun, 16 Feb 2025 21:36:51 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=38085&min_rtt=37899&rtt_var=6336&sent=6&recv=9&lost=0&retrans=0&sent_bytes=4358&recv_bytes=2384&delivery_rate=114189&cwnd=251&unsent_bytes=0&cid=216529148e3e7800&ts=148&x=0"
x-goog-stored-content-length: 43
date: Sat, 15 Feb 2025 21:36:51 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
vary: Accept-Encoding
x-guploader-uploadid: AFiumC5warNsL64FDWdT1QwotQvG7aaGjsX7aSIh-yUnk_0YF9tQK3renbqRJd37KTmSwpVut9Bezlw
cache-control: public, max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 91286f93be8f631f-LHR
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

GET
H3 200 favicon.ico
ad.doubleclick.net/ 1 KB
130 B 221ms
106ms Image
image/x-icon 142.250.184.230
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: gzip
age: 45279
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options: nosniff
expires: Sun, 16 Feb 2025 09:02:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 15 Feb 2025 09:02:12 GMT
last-modified: Tue, 08 May 2012 13:08:06 GMT
content-type: image/x-icon
vary: Accept-Encoding
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
content-length: 104
x-xss-protection: 0
server: sffe

GET
H2 200 px.gif
ad-delivery.net/ 43 B
479 B 443ms
249ms Image
image/gif 104.26.2.70
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.5333172905757448
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.2.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 29
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iWLTyTzxO6QCz5jVd74P3nPHtxQY9%2F%2B9yI9LBShKi1RD2T5jL6t%2BDa%2FZKiDzsLs5Wu5F2oSxG0RbbnEZG8KyhrMkGWp9typTin8E1pl1VvDhh%2BfofxoBMeVSdYJ0MVBKPg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-encoding: identity
expires: Sun, 16 Feb 2025 21:36:51 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=38085&min_rtt=37899&rtt_var=6336&sent=8&recv=9&lost=0&retrans=0&sent_bytes=5428&recv_bytes=2384&delivery_rate=114189&cwnd=251&unsent_bytes=0&cid=216529148e3e7800&ts=152&x=0"
x-goog-stored-content-length: 43
date: Sat, 15 Feb 2025 21:36:51 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
vary: Accept-Encoding
x-guploader-uploadid: AFiumC5warNsL64FDWdT1QwotQvG7aaGjsX7aSIh-yUnk_0YF9tQK3renbqRJd37KTmSwpVut9Bezlw
cache-control: public, max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 91286f93be94631f-LHR
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

POST
H3 204 AGSKWxUgOv3aU3AB_8FWd2yqT5VSYWl6plwo3vt47uOjBKZCJ_37tB0JTOqj5M7OetYRUZh1vTglx_BPTZ_1--sifEpoSZ2mqbR3iv36Q6k0Gim47JKL02pelgj4Es19di0RJ5SPWdIVDg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 117ms
116ms XHR
text/html 142.250.186.174
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUgOv3aU3AB_8FWd2yqT5VSYWl6plwo3vt47uOjBKZCJ_37tB0JTOqj5M7OetYRUZh1vTglx_BPTZ_1--sifEpoSZ2mqbR3iv36Q6k0Gim47JKL02pelgj4Es19di0RJ5SPWdIVDg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS