www11.flamingtext.com Open in urlscan Pro
51.79.78.58 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www11.flamingtext.com/
Effective URL:
https://www11.flamingtext.com/
Submission: On March 12 via api (March 12th 2024, 6:45:06 pm UTC) from US — Scanned from CA

Summary HTTP 133 Redirects Links 21 Behaviour Indicators

Summary

This website contacted 25 IPs in 2 countries across 17 domains to perform 133 HTTP transactions. The main IP is 51.79.78.58, located in Québec, Canada and belongs to OVH, FR. The main domain is www11.flamingtext.com.
TLS certificate: Issued by R3 on February 9th 2024. Valid for: 3 months.

This is the only time www11.flamingtext.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 3	51.79.78.58 51.79.78.58	16276 (OVH) (OVH)
1	172.253.122.97 172.253.122.97	15169 (GOOGLE) (GOOGLE)
19	142.251.163.155 142.251.163.155	15169 (GOOGLE) (GOOGLE)
35	51.79.78.60 51.79.78.60	16276 (OVH) (OVH)
2	192.95.16.211 192.95.16.211	16276 (OVH) (OVH)
1	142.251.163.113 142.251.163.113	15169 (GOOGLE) (GOOGLE)
1 13	172.253.62.157 172.253.62.157	15169 (GOOGLE) (GOOGLE)
11	172.253.63.100 172.253.63.100	15169 (GOOGLE) (GOOGLE)
18	142.250.31.132 142.250.31.132	15169 (GOOGLE) (GOOGLE)
2 3	172.253.115.106 172.253.115.106	15169 (GOOGLE) (GOOGLE)
1	172.253.122.95 172.253.122.95	15169 (GOOGLE) (GOOGLE)
3	172.253.115.94 172.253.115.94	15169 (GOOGLE) (GOOGLE)
1	74.119.119.65 74.119.119.65	19750 (AS-CRITEO) (AS-CRITEO)
6	172.67.176.164 172.67.176.164	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	74.119.119.131 74.119.119.131	19750 (AS-CRITEO) (AS-CRITEO)
1	74.119.119.147 74.119.119.147	19750 (AS-CRITEO) (AS-CRITEO)
1	104.106.228.62 104.106.228.62	16625 (AKAMAI-AS) (AKAMAI-AS)
1	35.244.154.98 35.244.154.98	15169 (GOOGLE) (GOOGLE)
2	74.119.119.149 74.119.119.149	19750 (AS-CRITEO) (AS-CRITEO)
2	172.253.115.155 172.253.115.155	15169 (GOOGLE) (GOOGLE)
4	104.106.228.60 104.106.228.60	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.98.67.3 34.98.67.3	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	52.36.198.122 52.36.198.122	16509 (AMAZON-02) (AMAZON-02)
1	74.119.119.130 74.119.119.130	19750 (AS-CRITEO) (AS-CRITEO)
133	25

3 51.79.78.58 (Québec, Canada) 1 redirects

ASN16276 (OVH, FR)
PTR: ov11.flamingtext.com

www11.flamingtext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.122.97 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 142.251.163.155 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f155.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 51.79.78.60 (Québec, Canada)

ASN16276 (OVH, FR)
PTR: ov12.flamingtext.com

cdn1.ftimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.95.16.211 (Newark, United States)

ASN16276 (OVH, FR)

www.stat-bot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.163.113 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f113.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 172.253.62.157 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: bc-in-f157.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 172.253.63.100 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f100.1e100.net

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 142.250.31.132 (United States)

ASN15169 (GOOGLE, US)
PTR: bj-in-f132.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.253.115.106 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: bg-in-f106.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.122.95 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f95.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.253.115.94 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f94.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.65 (United States)

ASN19750 (AS-CRITEO, US)

ads.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.67.176.164 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.bidbrain.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g.bidbrain.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 74.119.119.131 (United States)

ASN19750 (AS-CRITEO, US)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.147 (United States)

ASN19750 (AS-CRITEO, US)

cat.va.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.106.228.62 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-106-228-62.deploy.static.akamaitechnologies.com

stats.mediaforge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.154.98 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 98.154.244.35.bc.googleusercontent.com

amp.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.119.119.149 (United States)

ASN19750 (AS-CRITEO, US)

csm.us.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.115.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f155.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.106.228.60 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-106-228-60.deploy.static.akamaitechnologies.com

ads.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.3 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com

ut.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.36.198.122 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-36-198-122.us-west-2.compute.amazonaws.com

app.leadsrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.130 (United States)

ASN19750 (AS-CRITEO, US)

rtb.va.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 104 tpc.googlesyndication.com — Cisco Umbrella Rank: 161	842 KB
35	ftimg.com cdn1.ftimg.com — Cisco Umbrella Rank: 779459	353 KB
14	google.com 2 redirects fundingchoicesmessages.google.com — Cisco Umbrella Rank: 647 www.google.com — Cisco Umbrella Rank: 2	71 KB
13	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 35	114 KB
8	criteo.net static.criteo.net — Cisco Umbrella Rank: 677 csm.us.criteo.net — Cisco Umbrella Rank: 3267	7 KB
6	linksynergy.com amp.rd.linksynergy.com — Cisco Umbrella Rank: 28970 ads.rd.linksynergy.com — Cisco Umbrella Rank: 29128 ut.rd.linksynergy.com — Cisco Umbrella Rank: 8738	236 KB
6	bidbrain.app cdn.bidbrain.app — Cisco Umbrella Rank: 42585 g.bidbrain.app — Cisco Umbrella Rank: 38392	168 KB
3	criteo.com ads.us.criteo.com — Cisco Umbrella Rank: 3191 cat.va.us.criteo.com — Cisco Umbrella Rank: 3391 rtb.va.us.criteo.com — Cisco Umbrella Rank: 6766	17 KB
3	gstatic.com www.gstatic.com	16 KB
3	flamingtext.com 1 redirects www11.flamingtext.com	28 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 124
2	stat-bot.com www.stat-bot.com — Cisco Umbrella Rank: 695841	3 KB
1	leadsrx.com app.leadsrx.com — Cisco Umbrella Rank: 11540	306 B
1	mediaforge.com stats.mediaforge.com — Cisco Umbrella Rank: 31003	316 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30	2 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 29	258 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	95 KB
133	17

	Domain	Requested by
35	cdn1.ftimg.com	www11.flamingtext.com cdn1.ftimg.com
19	pagead2.googlesyndication.com	www11.flamingtext.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
18	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com www11.flamingtext.com googleads.g.doubleclick.net
13	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com www11.flamingtext.com googleads.g.doubleclick.net
11	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
6	static.criteo.net	ads.us.criteo.com
4	ads.rd.linksynergy.com	amp.rd.linksynergy.com ads.rd.linksynergy.com
4	cdn.bidbrain.app	googleads.g.doubleclick.net
3	www.gstatic.com	www11.flamingtext.com googleads.g.doubleclick.net
3	www.google.com	2 redirects tpc.googlesyndication.com
3	www11.flamingtext.com	1 redirects www11.flamingtext.com
2	www.googleadservices.com
2	g.bidbrain.app	cdn.bidbrain.app
2	csm.us.criteo.net	ads.us.criteo.com
2	www.stat-bot.com	www11.flamingtext.com
1	rtb.va.us.criteo.com
1	app.leadsrx.com	ads.rd.linksynergy.com
1	ut.rd.linksynergy.com	ads.rd.linksynergy.com
1	amp.rd.linksynergy.com	ads.us.criteo.com
1	stats.mediaforge.com	ads.us.criteo.com
1	cat.va.us.criteo.com	ads.us.criteo.com
1	ads.us.criteo.com	www11.flamingtext.com
1	fonts.googleapis.com	www11.flamingtext.com
1	www.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	www11.flamingtext.com
133	25

This site contains links to these domains. Also see Links.

Domain
addtext.com
profile-cover.com
www.facebook.com
twitter.com
www.thefreesite.com
www.freebiedirectory.com
www.logogarden.com
www.textgiraffe.com
creator.me
flamingtext.com
ar.flamingtext.com
zh-cn.flamingtext.com
flamingtext.fr
de.flamingtext.com
hi-in.flamingtext.com
flamingtext.jp
flamingtext.com.br
flamingtext.ru
flamingtext.es

Subject Issuer	Validity	Valid
*.flamingtext.com R3	`2024-02-09` - `2024-05-09`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.ftimg.com R3	`2024-02-09` - `2024-05-09`	3 months	crt.sh
*.stat-bot.com R3	`2024-02-09` - `2024-05-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.us.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-12` - `2024-04-12`	3 months	crt.sh
bidbrain.app E1	`2024-02-28` - `2024-05-28`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-17` - `2024-05-17`	3 months	crt.sh
*.va.us.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-31` - `2024-05-01`	3 months	crt.sh
*.mediaforge.com DigiCert TLS RSA SHA256 2020 CA1	`2023-05-25` - `2024-05-24`	a year	crt.sh
*.rd.linksynergy.com ZeroSSL RSA Domain Secure Site CA	`2024-01-23` - `2025-01-22`	a year	crt.sh
*.us.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-29` - `2024-05-31`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.leadsrx.com GeoTrust TLS ECC CA G1	`2023-05-02` - `2024-06-01`	a year	crt.sh

This page contains 18 frames:

Primary Page: https://www11.flamingtext.com/
Frame ID: F1ED52F0670E5F48F42D5DECDE3855B9
Requests: 61 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20190131/zrt_lookup_fy2021.html
Frame ID: 2F5A5303B868722BA80591C77583AA60
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4221310471306460&output=html&adk=1314090037&adf=164220786&lmt=1710269101&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x810_l%7C188x810_r&format=0x0&url=https%3A%2F%2Fwww11.flamingtext.com%2F&pra=5&wgl=1&easpi=0&asro=0&aseiel=1~2~4~6~8~9~10~11~12~13~14~15~16~17~18~19~20~21&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710269101596&bpp=5&bdt=279&idt=365&shv=r20240306&mjsv=m202403070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5831583470441&frm=20&pv=2&ga_vid=288599542.1710269102&ga_sid=1710269102&ga_hid=867463092&ga_fc=1&u_tz=-420&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31081577%2C44785293%2C95326315%2C31081767%2C95324161%2C95325784%2C95326936&oid=2&pvsid=3571872486058928&tmod=1104736389&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=394
Frame ID: C773CA185D91205AB23AB7B4747ABE2F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html
Frame ID: 4336FD27482BE334DD94BCAE541C335D
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html
Frame ID: 638E71F576CF0C18D4DBF236ADC780AE
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html
Frame ID: ACC9BF1E2B8AA91C33A8CFA5CFE32012
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html
Frame ID: 6A6FA20FD3F81E991644392F777D12CC
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 1411321B6D0A99C2F52A73FB41AAAB56
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B8695A63E8FF239DFEC69F02701D96D9
Requests: 2 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: E79FBD4C2B9F0AADE90238317D9CFB59
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 88D0BED1DD387A867C711732B45BD5FF
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: E4801A3B145A5898F9AE1EF59F4122F9
Requests: 2 HTTP requests in this frame

Frame: https://ads.us.criteo.com/delivery/r/afr.php?z=ZfCirgAAhKYIaC0TAATJk4w8DT5zmYgPRWLFlg&u=%7CAbC%2FV6lM2MLAzpoo%2FP9vodNy7la%2B1Xthx1An8ERj5Pc%3D%7C&c1=TUPLs6ok1IhDgnvJmJgq2b8G6XvEBIvqi4VSciU_LzelNdNdJTtEK_lEZrcR-2V6vqRGFL537dByUwzXjpSA5Ow3obWN48gwIlSOboP2-GIIt6SuAX0cHvSMpZElyA6IorLrsAZfNRgGX6IBKkVLOVUmTKP-dcQTn9rChpbexzfOW4I4y73ryvnaNxbQ8hjx4bOdTbm-sx5aeFUKrmEVeAqcOlZIsgcK5j0MuQPv4nxeb2tOkm5w-bKlotXZjQU6SBOg69m5iNWwuX-NK_k2WhQw-pn7_rfWH4ogXmonKhGXp85sxe_dk0O7n4sqqgQ2dSWn53bIatr5-1m6z56Cj5lNIAc0Ub0Yc3Ry6cfVMHzNTVNyJS4mwOss60B1ZcLo-DQs6plNU-pLNyOEHOOhFHN0BWjPky_blWhZFszUvHhVdFXPcappVRA9Dg3iaFUDbEXVXgOfKlI7iKC5ISkoSpx-iCeFa_fTH7cyoJnqb2IZ35JRm8KLEOWbL3-kJOzr0kvrEVQIeA0fv69f2t0q0NZHsJt3iZIlylHENcYZwHSuNQsFHOkG2MxM14ZnQnc5c9UzizPi2T7iK2GVIZxme0wc8SmTdOsERZgX8YHiWly7zzs5TzZcAnkwjjzwZcEHcrhbKBcrV6zYHHJD8rF2uA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCOHxXrqLwZaaJApPaoPMPk5OTSJyB77BcosqnqnTAjbcBEAEgAGD9iJSB6AOCARdjYS1wdWItNDIyMTMxMDQ3MTMwNjQ2MMgBCagDAcgDAqoE6QFP0OHEWvG1OD5B3lC-LOZYo6CYZ3JXg_YQJRd85ldChEVe4lvda2B7owJi3UI8WSZ3d3feiB-d5F-XfPiBjiiiFhvEyG2ietETzNVL8y5G7NdMchhv_D3os7EJxwPboj_LnUsaFke1IRmXWVhUVSc3XPorcR_O-t4o1jQPW_kccikkrSGmMWV60XyoWatqRiKh46RWv2IZlhyzfhVvR6mJU2divPKldzURvh0ivsqw0lG7o9FSbm1k7e_qzhqhm_Gd5kYNCnDYctcgD0QxgEVCsMmGuBh5gU6lTcAqYrCYo72OW3KCskphcYAGxJy7mM-mnKLZAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCIIgGEQATICigI6CYBAgMCAgICgKEi9_cE6WJngr_Kw74QD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0p-EDInmNx4b5G2htdIqrvsLHysQ%26client%3Dca-pub-4221310471306460%26adurl%3D
Frame ID: EC988A2225AF7576ECE4DC138A5E0046
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/window_focus_fy2021.js
Frame ID: CB9201236981C7670DB2E96979CD729F
Requests: 7 HTTP requests in this frame

Frame: https://amp.rd.linksynergy.com/?merchant=bigagn10159&nID=102&width=160&height=600&strategy=similar-audiences-criteo&cb=65f0a2ae9f6d1aaf8f4512620e0671cb&redirecturl=Ihttps%3A%2F%2Fcat.va.us.criteo.com%2Fdelivery%2Fck.php%3Fcppv%3D3%26cpp%3DcC6yQeqTjjAvFWehVAHAAsTYjDhWCJyDYc7U0etEqHsuO8iOZEaGw5hpjFsdg91AUKXyAl3Z4bMlbTOQ72ZLVIwT7-XbinQzi-Uqj4kWxHWsp_1nGUZa2bEvGgbMo-rjwMHkL5o-i0n-nWJ62gxm1Sgo72GfLlVd5vOYqmdTUAsG1aYBa2Ol3GF2coJRXmq2IyGYT6yygLQacJ5Bm7j_XUK1EI9Gbsi_VnbKEgejrgWCQHU8TpxWqurZoBL6P5ZK1tudLUGcI7FzkOw05aRVSjTFBLCrNyElsPGAT45J8F0FWg3hH1rzlXzyE7qp8fzVPNEevnd9SMT8FQ_QLB2aDD5u84ztUDveXEx_Pf0sFfMAhV3r_iybXnMLC7XUdY0SVUh49QjMsnA9qxBcQsy0BG-la3z1Mwlcuv4944x-vkHhv5HUosuRDY3iXJHMXn-tAGSNEln1w7OWZWNTbnOn_3cYaA4rBBN5JyLdWgHfBd6o59QE%26maxdest%3Dhttps%253A%252F%252Fca.bigagnes.com%252F%253Fcto_pld%253DAj0k2NieAQA7N2JT962Ltw
Frame ID: 8462648F182EE0807337F8E4F750EBF4
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/KWAUkR2X_3396iiuIOVJJ1s4v9_BCXHf9116__MAGIw.js
Frame ID: 0D2DE308BC23E5760524FADFF7C6980F
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/KWAUkR2X_3396iiuIOVJJ1s4v9_BCXHf9116__MAGIw.js
Frame ID: 27E735E27F5DDA3290154A215B38DA45
Requests: 1 HTTP requests in this frame

Frame: https://ads.rd.linksynergy.com/advertisers/bigagn10159/rias/ria18431776/index.html?riaID=18431779&merchantID=10159&networkID=102&event_id=e5175633-6e71-4c03-b5fd-7f9169efe6aa&embedid=1&instanceid=1&rd_idfa=&locationurl=https%3A//amp.rd.linksynergy.com/%3Fmerchant%3Dbigagn10159%26nID%3D102%26width%3D160%26height%3D600%26strategy%3Dsimilar-audiences-criteo%26cb%3D65f0a2ae9f6d1aaf8f4512620e0671cb%26redirecturl%3DIhttps%253A%252F%252Fcat.va.us.criteo.com%252Fdelivery%252Fck.php%253Fcppv%253D3%2526cpp%253DcC6yQeqTjjAvFWehVAHAAsTYjDhWCJyDYc7U0etEqHsuO8iOZEaGw5hpjFsdg91AUKXyAl3Z4bMlbTOQ72ZLVIwT7-XbinQzi-Uqj4kWxHWsp_1nGUZa2bEvGgbMo-rjwMHkL5o-i0n-nWJ62gxm1Sgo72GfLlVd5vOYqmdTUAsG1aYBa2Ol3GF2coJRXmq2IyGYT6yygLQacJ5Bm7j_XUK1EI9Gbsi_VnbKEgejrgWCQHU8TpxWqurZoBL6P5ZK1tudLUGcI7FzkOw05aRVSjTFBLCrNyElsPGAT45J8F0FWg3hH1rzlXzyE7qp8fzVPNEevnd9SMT8FQ_QLB2aDD5u84ztUDveXEx_Pf0sFfMAhV3r_iybXnMLC7XUdY0SVUh49QjMsnA9qxBcQsy0BG-la3z1Mwlcuv4944x-vkHhv5HUosuRDY3iXJHMXn-tAGSNEln1w7OWZWNTbnOn_3cYaA4rBBN5JyLdWgHfBd6o59QE%2526maxdest%253Dhttps%25253A%25252F%25252Fca.bigagnes.com%25252F%25253Fcto_pld%25253DAj0k2NieAQA7N2JT962Ltw&redirecturl=Ihttps%3A%2F%2Fcat.va.us.criteo.com%2Fdelivery%2Fck.php%3Fcppv%3D3%26cpp%3DcC6yQeqTjjAvFWehVAHAAsTYjDhWCJyDYc7U0etEqHsuO8iOZEaGw5hpjFsdg91AUKXyAl3Z4bMlbTOQ72ZLVIwT7-XbinQzi-Uqj4kWxHWsp_1nGUZa2bEvGgbMo-rjwMHkL5o-i0n-nWJ62gxm1Sgo72GfLlVd5vOYqmdTUAsG1aYBa2Ol3GF2coJRXmq2IyGYT6yygLQacJ5Bm7j_XUK1EI9Gbsi_VnbKEgejrgWCQHU8TpxWqurZoBL6P5ZK1tudLUGcI7FzkOw05aRVSjTFBLCrNyElsPGAT45J8F0FWg3hH1rzlXzyE7qp8fzVPNEevnd9SMT8FQ_QLB2aDD5u84ztUDveXEx_Pf0sFfMAhV3r_iybXnMLC7XUdY0SVUh49QjMsnA9qxBcQsy0BG-la3z1Mwlcuv4944x-vkHhv5HUosuRDY3iXJHMXn-tAGSNEln1w7OWZWNTbnOn_3cYaA4rBBN5JyLdWgHfBd6o59QE%26maxdest%3Dhttps%253A%252F%252Fca.bigagnes.com%252F%253Fcto_pld%253DAj0k2NieAQA7N2JT962Ltw
Frame ID: 9E753B35E97786E9D4542F5E61471E1D
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Logo Design and Name Generator

Page URL History Show full URLs

http://www11.flamingtext.com/ HTTP 301
https://www11.flamingtext.com/ Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

133
Requests

99 %
HTTPS

0 %
IPv6

17
Domains

25
Subdomains

25
IPs

2
Countries

1952 kB
Transfer

4569 kB
Size

15
Cookies

21 Outgoing links

These are links going to different origins than the main page.

URL: https://addtext.com/?_loc=top
Title: AddText

Search URL Search Domain Scan URL

URL: https://profile-cover.com/facebook/index?_loc=top
Title: Facebook Covers

Search URL Search Domain Scan URL

URL: https://www.facebook.com/FlamingText

Search URL Search Domain Scan URL

URL: https://twitter.com/#!/FlamingText

Search URL Search Domain Scan URL

URL: https://www.thefreesite.com/
Title: TheFreeSite.com

Search URL Search Domain Scan URL

URL: https://www.freebiedirectory.com/
Title: FreebieDirectory

Search URL Search Domain Scan URL

URL: https://www.logogarden.com/
Title: LogoGarden

Search URL Search Domain Scan URL

URL: https://www.textgiraffe.com/
Title: TextGiraffe

Search URL Search Domain Scan URL

URL: https://addtext.com/?_loc=fttrailer
Title: AddText

Search URL Search Domain Scan URL

URL: https://creator.me/?_loc=fttrailer
Title: Creator.me

Search URL Search Domain Scan URL

URL: https://flamingtext.com/imagebot/index.jsp?_loc=trailer
Title: ImageBot

Search URL Search Domain Scan URL

URL: https://flamingtext.com/
Title: English

Search URL Search Domain Scan URL

URL: https://ar.flamingtext.com/
Title: ‏ﺎﻠﻋﺮﺒﻳﺓ‏

Search URL Search Domain Scan URL

URL: https://zh-cn.flamingtext.com/
Title: 中文

Search URL Search Domain Scan URL

URL: https://flamingtext.fr/
Title: Français

Search URL Search Domain Scan URL

URL: https://de.flamingtext.com/
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://hi-in.flamingtext.com/
Title: हिन्दी

Search URL Search Domain Scan URL

URL: https://flamingtext.jp/
Title: 日本語

Search URL Search Domain Scan URL

URL: https://flamingtext.com.br/
Title: Português

Search URL Search Domain Scan URL

URL: https://flamingtext.ru/
Title: Русский

Search URL Search Domain Scan URL

URL: https://flamingtext.es/
Title: Español

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www11.flamingtext.com/ HTTP 301
https://www11.flamingtext.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 86

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 94

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 108

https://googleads.g.doubleclick.net/pagead/adview?ai=C4k75rqLwZaWJApPaoPMPk5OTSN2slqZ2xZGX6ZgS2tkeEAEg2ub7AWD9iJSB6AOgAZ27gd4qyAEDqQLlxpqZ4FKyPqgDAcgDyQSqBPMBT9BpVn448lO9twDGYg1YYj432gBl6asOaQl5lViOzStwEa2W5Gl3q6FXXxkqyW5Bd0DAy5fpHF_tDQuUZ_d767juF6jZLariMdEfyzz5DQYu8OuM3Jod-hTig2m-gU6JV9RFTXNfADM4LHzsbI08yglvHMU8a_FvuC2SeSdeZvtcMqD5NSEtFIZTR1nxLkn1PVHVULgfvAS7jR51TST1Elq1UxHvRuiS9ope_I-1WhQd-30RqeSlc235e3HvlVnnzJWmy7xnM-Z_rZEL7hd9SyyyOMYlfFlg6NYjjNkatcFSOXpfuQLWRRGpu6X8_R_uxVLMwATa_tmg2QSIBereoJROkgUECAQYAZIFBAgFGASgBgOAB53z0b0FqAfZtrECqAevvrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQLYBwHyBwQQ24sN0ggkCIBhEAEYHzICigI6CYBAgMCAgICgKEi9_cE6WJngr_Kw74QDmgmJAWh0dHBzOi8vd3d3Lmdsb2JhbC5udHQvaXNmL2luZGV4Lmh0bWw_dXRtX3NvdXJjZT1nZG4mdXRtX21lZGl1bT1kaXNwbGF5JnV0bV9jYW1wYWlnbj1iYW5uZXJfVVNBLUNBTkFEQS0yMDI0LUphbi1HRE5faW5ub3ZhdGlvbl9nbG9iYWxfMDA4gAoByAsB2gwQCgoQsNnindj9u_8fEgIBA9gTCtAVAYAXAbIXHAoaCAASFHB1Yi00MjIxMzEwNDcxMzA2NDYwGACyGAkSArdQGAMiAQA&sigh=ngXNfvFBPk4&uach_m=%5BUACH%5D&ase=2&cid=CAQSLgB7FLtqeTN8UQWh64ye3II5AYGiQBi9a_T_JY_APBZWGUFHJUvEX42NC0HdHKUYAQ&cbvp=2&vis=1&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x3a6b9dce18be37530000000000000000%22,%222%22:%220xc04615768de620710000000000000000%22,%223%22:%220x95e54d88d1846cd10000000000000000%22,%224%22:%220x94c31c20be8b8b4f0000000000000000%22,%225%22:%220xcd1567ddec6a3c650000000000000000%22},%22debug_key%22:%227050356638348623376%22,%22debug_reporting%22:true,%22destination%22:%22https://global.ntt%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211471445405%22],%2222%22:[%22true%22],%224%22:[%2203-12%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%226293954927680369025%22}&andc=true

133 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www11.flamingtext.com/
Redirect Chain

http://www11.flamingtext.com/
https://www11.flamingtext.com/

52 KB
14 KB

125ms
53ms

Document
text/html

51.79.78.58
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 51.79.78.58 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov11.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 2726ede0ff6fd3948d0be7cd64aa8a54e9c9ee11fa5613fdfb01425f531c11cf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-origin: *
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Tue, 12 Mar 2024 18:45:01 GMT
server: nginx/1.24.0

Redirect headers

Connection: keep-alive
Content-Length: 169
Content-Type: text/html
Date: Tue, 12 Mar 2024 18:45:01 GMT
Location: https://www11.flamingtext.com/
Server: nginx/1.24.0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 285 KB
95 KB 135ms
60ms Script
application/javascript 172.253.122.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5FBCKV4TZX

Requested by

Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

cc8afe0d403bf908ed115f82d393f5e5eb73aba7c38fc5616a2793ec952b2011

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 97337
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 12 Mar 2024 18:45:01 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 146 KB
50 KB 179ms
104ms Script
text/javascript 142.251.163.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4221310471306460

Requested by

Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f155.1e100.net

Software

cafe /

Resource Hash

e5638d0153c030ef29c8fe2cf02e0dca81c946061f428632c329161cf363b619

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www11.flamingtext.com/
Origin: https://www11.flamingtext.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50803
x-xss-protection: 0
server: cafe
etag: 11483179815254533376
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Tue, 12 Mar 2024 18:45:01 GMT

GET
H2 200 ft-nib-text-80.png
cdn1.ftimg.com/images/ 6 KB
6 KB 138ms
54ms Image
image/png 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/ft-nib-text-80.png
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: dac7016b9e04b66c8d0cbb94a80d9b01cd07bf4470d675fb0cb5f01bb7cedd1b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Sat, 14 Aug 2021 08:51:18 GMT
server: nginx/1.24.0
etag: "61178406-1708"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 5896
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 hamburger-grey-25x20.png
cdn1.ftimg.com/images/ 200 B
402 B 135ms
52ms Image
image/png 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/hamburger-grey-25x20.png
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 8952e62b7efc6563ac4d4afe8e09b57cad8b498c34b6f838b2fe3495b7fa26f5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Sat, 14 Aug 2021 08:51:18 GMT
server: nginx/1.24.0
etag: "61178406-c8"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 200
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 spinner-240x120.gif
cdn1.ftimg.com/images/ 5 KB
5 KB 162ms
51ms Image
image/gif 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/spinner-240x120.gif
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: bcc8793b8528c17c0190221b2ec11f7f3469949294b33e562da16ab73b1f142e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Sat, 14 Aug 2021 08:51:19 GMT
server: nginx/1.24.0
etag: "61178407-136e"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 4974
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 x.gif
cdn1.ftimg.com/images/ 43 B
244 B 138ms
55ms Image
image/gif 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/x.gif
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Sat, 14 Aug 2021 08:51:19 GMT
server: nginx/1.24.0
etag: "61178407-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 43
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 ft-902.min.css
cdn1.ftimg.com/css/ 33 KB
9 KB 147ms
37ms Stylesheet
text/css 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn1.ftimg.com/css/ft-902.min.css
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 3b6f4a0e63480e7a6fbf2146014b4655d2d16eb59e166be44be6e00745ec9120

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
content-encoding: gzip
last-modified: Sat, 09 Mar 2024 12:36:09 GMT
server: nginx/1.24.0
etag: W/"65ec57b9-84d0"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31622400
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 pagination-902.min.css
cdn1.ftimg.com/css/ 2 KB
995 B 138ms
55ms Stylesheet
text/css 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn1.ftimg.com/css/pagination-902.min.css
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: df1bf0ce0d36cdb7dcd394de0e38e2993dcd85b71badc7652e815552fb71be41

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
content-encoding: gzip
last-modified: Sat, 09 Mar 2024 12:36:11 GMT
server: nginx/1.24.0
etag: W/"65ec57bb-7c7"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31622400
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 ftnew2-en_US-902.min.js Show response
cdn1.ftimg.com/js/ 216 KB
77 KB 41ms
41ms Script
application/javascript 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn1.ftimg.com/js/ftnew2-en_US-902.min.js
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 95addd6fff7b596167e41e20c09111986802c21b93ac5151a8896130f1fe7e8e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
content-encoding: gzip
last-modified: Sat, 09 Mar 2024 12:37:44 GMT
server: nginx/1.24.0
etag: W/"65ec5818-36081"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31622400
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 analytics.js Show response
www.stat-bot.com/js/ 8 KB
3 KB 145ms
35ms Script
application/javascript 192.95.16.211
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stat-bot.com/js/analytics.js
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.95.16.211 Newark, United States, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: 827682e74a2a691014970536e1b59cf775cad0d859c274c34823a41fa717b521

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: public
date: Tue, 12 Mar 2024 18:45:01 GMT
content-encoding: gzip
last-modified: Sat, 09 Mar 2024 12:40:30 GMT
server: nginx/1.24.0
etag: W/"65ec58be-1f7e"
content-type: application/javascript
cache-control: max-age=31622400, public
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 ftsprite-902.png
www11.flamingtext.com/images/ 14 KB
14 KB 40ms
39ms Image
image/png 51.79.78.58
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www11.flamingtext.com/images/ftsprite-902.png
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 51.79.78.58 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov11.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: c688065c6ef7f1e49a502cd45a75356e65027402d3345176a310faa1ce61bba6

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Sat, 09 Mar 2024 12:36:06 GMT
server: nginx/1.24.0
content-type: image/png
cache-control: max-age=31622400, public
accept-ranges: bytes
content-length: 13995
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 ft-flags-sprite.png
cdn1.ftimg.com/images/ 3 KB
3 KB 61ms
60ms Image
image/png 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/ft-flags-sprite.png
Requested by: Host: cdn1.ftimg.com
URL: https://cdn1.ftimg.com/css/ft-902.min.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: a93648a598766273e060586f1e2870fb3211c0a08aa339dfaf8eadaf08e62ea7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://cdn1.ftimg.com/css/ft-902.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Sat, 14 Aug 2021 08:51:18 GMT
server: nginx/1.24.0
etag: "61178406-b8f"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 2959
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 ftsprite-902.png
cdn1.ftimg.com/images/ 14 KB
14 KB 64ms
63ms Image
image/png 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/ftsprite-902.png
Requested by: Host: cdn1.ftimg.com
URL: https://cdn1.ftimg.com/css/ft-902.min.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: c688065c6ef7f1e49a502cd45a75356e65027402d3345176a310faa1ce61bba6

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://cdn1.ftimg.com/css/ft-902.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Sat, 09 Mar 2024 12:36:06 GMT
server: nginx/1.24.0
etag: "65ec57b6-36ab"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 13995
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 ft-ico-font-1.ttf
cdn1.ftimg.com/fonts/ft-ico-font/ 2 KB
3 KB 104ms
34ms Font
application/octet-stream 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn1.ftimg.com/fonts/ft-ico-font/ft-ico-font-1.ttf?u9nwlh
Requested by: Host: cdn1.ftimg.com
URL: https://cdn1.ftimg.com/css/ft-902.min.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 2ed959c2ae6340b60d713acc77bfee9edcdd74ae67b2114d7258797a896fcdd0

Request headers

Referer: https://cdn1.ftimg.com/css/ft-902.min.css
Origin: https://www11.flamingtext.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Sat, 14 Aug 2021 08:51:18 GMT
server: nginx/1.24.0
etag: "61178406-9c0"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 2496
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 font-awesome.min.css
cdn1.ftimg.com/font-awesome/4.6.2/css/ 28 KB
7 KB 52ms
52ms Stylesheet
text/css 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn1.ftimg.com/font-awesome/4.6.2/css/font-awesome.min.css
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: b5675b0d1ee88db374b1e60e301fda9f0c1d3585f47173468827115fc4e529c2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
content-encoding: gzip
last-modified: Sat, 14 Aug 2021 08:51:18 GMT
server: nginx/1.24.0
etag: W/"61178406-7103"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31622400
expires: Thu, 13 Mar 2025 18:45:01 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
258 B 125ms
44ms Ping
text/plain 142.251.163.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-5FBCKV4TZX&gtm=45je43b0v889164020za200&_p=1710269101345&gcd=13l3l3l3l1&npa=0&dma=0&cid=288599542.1710269102&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1710269101&sct=1&seg=0&dl=https%3A%2F%2Fwww11.flamingtext.com%2F&dt=Logo%20Design%20and%20Name%20Generator&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=458
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5FBCKV4TZX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.163.113 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS: wv-in-f113.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 18:45:01 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www11.flamingtext.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403070101/ 405 KB
138 KB 200ms
122ms Script
text/javascript 142.251.163.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403070101/show_ads_impl_fy2021.js?bust=31081767

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4221310471306460

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f155.1e100.net

Software

cafe /

Resource Hash

0996ae2f74710ecce969ea4d80bfdb6de3758c31164d63fe0089f46906272178

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 140663
x-xss-protection: 0
server: cafe
etag: 2006253146890526707
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Mar 2024 18:45:01 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240306/r20190131/ Frame 2F5A 9 KB
4 KB 115ms
36ms Document
text/html 172.253.62.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240306/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4221310471306460

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www11.flamingtext.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 81342
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 11 Mar 2024 20:09:19 GMT
etag: 5035419970550746386
expires: Mon, 25 Mar 2024 20:09:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 comics-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 4 KB
4 KB 42ms
33ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/comics-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 13a8c01115939dfddf9d88d8d1b36a273be37eaabe97ddbfaf5b5b5ca526cb76

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:04:15 GMT
server: nginx/1.24.0
etag: "65ea8e3f-10da"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 4314
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 3d-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 2 KB
3 KB 43ms
34ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/3d-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 30dcc7cff8a25f469a04590c5c8d4a605982f1068d0e7b6f66ad922b696a97cc

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:05:47 GMT
server: nginx/1.24.0
etag: "65ea8e9b-9ae"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 2478
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 water-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 4 KB
4 KB 43ms
34ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/water-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 0e6b7a83ba50327229bb51d27eced3677583324277af4daf0faac5ede0f3ba38

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:04:15 GMT
server: nginx/1.24.0
etag: "65ea8e3f-f58"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 3928
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 blackbird-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 3 KB
3 KB 43ms
34ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/blackbird-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 290a85bbe9b93969026caebfe4362455f1886a8ff3bd4075c4c2e7269e342085

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:04:16 GMT
server: nginx/1.24.0
etag: "65ea8e40-d18"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 3352
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 smurfs-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 4 KB
4 KB 44ms
35ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/smurfs-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 11b9eed4e07de1f1d1513721c6e059961b0f1e3632060de47b358c0dfcb8f48b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:04:15 GMT
server: nginx/1.24.0
etag: "65ea8e3f-e7c"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 3708
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 style-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 3 KB
3 KB 44ms
36ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/style-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: b870e08dcc746ba5ef4e67885fa236889e4f5d55544a6c330d88da5bcf566157

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:04:17 GMT
server: nginx/1.24.0
etag: "65ea8e41-c92"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 3218
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 runner-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 4 KB
5 KB 44ms
36ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/runner-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 19e77354794bd1f31702c10187be8847a1fd21d1c5d737978014d46a7c4d926a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:04:18 GMT
server: nginx/1.24.0
etag: "65ea8e42-115e"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 4446
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 fluffy-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 4 KB
4 KB 44ms
37ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/fluffy-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 7f8aad72bf918fdb847cdbe93cba5efe73deeee65da47526dfe9fa8daa2e0529

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:04:46 GMT
server: nginx/1.24.0
etag: "65ea8e5e-f66"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 3942
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 fabulous-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 3 KB
3 KB 44ms
37ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/fabulous-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 4968d866996b655accf6340f7e1bd3589a2b9d50704d85efef9ddc8c7a030dbe

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:04:31 GMT
server: nginx/1.24.0
etag: "65ea8e4f-b9a"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 2970
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 memories-anim-logo.gif
cdn1.ftimg.com/images/logos/s240x120/en_US/ 90 KB
90 KB 44ms
37ms Image
image/gif 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/memories-anim-logo.gif
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 446564a050b32490e046ed4afcd2dab5b9461675452d2bfb770b2696ebc7ecf8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:05:46 GMT
server: nginx/1.24.0
etag: "65ea8e9a-166cd"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 91853
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 graffiti-3d-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 3 KB
4 KB 54ms
48ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/graffiti-3d-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 7328ee594cbea402d9a28c3e368d39dc2db9697f74269a3d7091604a05b1903b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:05:44 GMT
server: nginx/1.24.0
etag: "65ea8e98-d8e"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 3470
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 graffiti-burn-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 3 KB
3 KB 55ms
49ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/graffiti-burn-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 216baec686404581d713f214e2cfc6af208902aefe12c6e4392acae9d976176a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:05:48 GMT
server: nginx/1.24.0
etag: "65ea8e9c-ccc"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 3276
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 awards-night-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 2 KB
2 KB 55ms
49ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/awards-night-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 08b061a785f7a0e5112a24e036f77bef47f636d006f6fd2375103586272bce07

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:05:49 GMT
server: nginx/1.24.0
etag: "65ea8e9d-85e"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 2142
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 be-mine-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 3 KB
3 KB 56ms
50ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/be-mine-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: bae7e47479178022d4e173349259e1c6a043c28c62822f854d514e4bd878828c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:05:48 GMT
server: nginx/1.24.0
etag: "65ea8e9c-b0e"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 2830
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 birthday-wish-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 3 KB
3 KB 56ms
50ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/birthday-wish-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 0eab89626c29dc39d097468842ea2d4f5ac50d41f05b11cc2e0c0a07cb6e0784

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:05:49 GMT
server: nginx/1.24.0
etag: "65ea8e9d-ae0"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 2784
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 happy-4th-of-july3-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 6 KB
6 KB 56ms
51ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/happy-4th-of-july3-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 70e4ae02120c7222400ea550d5132ce971e4c4dbe148babaea081ce29462cb10

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 05:16:27 GMT
server: nginx/1.24.0
etag: "65ea9f2b-170c"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 5900
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 neon-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 1 KB
2 KB 56ms
51ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/neon-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: a4c3d85794c09ed63164a3382c662d6c79e3c2c5d4b94a6c6d3d1641937c96c8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:04:46 GMT
server: nginx/1.24.0
etag: "65ea8e5e-57e"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 1406
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 world-cup-2014-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 2 KB
2 KB 56ms
52ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/world-cup-2014-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 7cae477577017a2d3421b5f46fd37bb72b444f868415690d5b46959f55b1977e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:04:46 GMT
server: nginx/1.24.0
etag: "65ea8e5e-66e"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 1646
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 alien-glow-anim-logo.gif
cdn1.ftimg.com/images/logos/s240x120/en_US/ 63 KB
64 KB 57ms
52ms Image
image/gif 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/alien-glow-anim-logo.gif
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: eac1a53a2ad963420ba9448d9e33be2a8157d75e312bba1f0347f07b9e32c4c2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:04:47 GMT
server: nginx/1.24.0
etag: "65ea8e5f-fd83"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 64899
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 clan-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 2 KB
2 KB 62ms
58ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/clan-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: bec1be2285dbcd0eb971eb84660c6456671dee45d24a3b20a096a223e5432932

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:04:46 GMT
server: nginx/1.24.0
etag: "65ea8e5e-72a"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 1834
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 harry-potter-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 2 KB
2 KB 62ms
58ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/harry-potter-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: e5e29715b0882736712a09f06d2c8ce152817cb90ab15b9e09cdc0e084921bae

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:04:32 GMT
server: nginx/1.24.0
etag: "65ea8e50-924"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 2340
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 crafts-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 3 KB
3 KB 62ms
59ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/crafts-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 27b1f27b3824b186778cf4a0f89b45f0d13d0e25ae517593488bd77736269fbe

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:04:31 GMT
server: nginx/1.24.0
etag: "65ea8e4f-a44"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 2628
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 chrominium-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 3 KB
3 KB 62ms
59ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/chrominium-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: 6054de65a95ab7ff9e4694d752efe65e51628e9a9dd569854fbd745e5267f27e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:05:51 GMT
server: nginx/1.24.0
etag: "65ea8e9f-b98"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 2968
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 amped-logo.webp
cdn1.ftimg.com/images/logos/s240x120/en_US/ 5 KB
5 KB 62ms
60ms Image
image/webp 51.79.78.60
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.ftimg.com/images/logos/s240x120/en_US/amped-logo.webp
Requested by: Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.60 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ov12.flamingtext.com
Software: nginx/1.24.0 /
Resource Hash: aabf8e8f982e15496b1c59cdc2ad6af856f08de984ead3590e6b3c9eeeef35c4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:01 GMT
last-modified: Fri, 08 Mar 2024 04:05:51 GMT
server: nginx/1.24.0
etag: "65ea8e9f-1452"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-length: 5202
expires: Thu, 13 Mar 2025 18:45:01 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C773 449 KB
92 KB 982ms
981ms Document
text/html 172.253.62.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4221310471306460&output=html&adk=1314090037&adf=164220786&lmt=1710269101&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x810_l%7C188x810_r&format=0x0&url=https%3A%2F%2Fwww11.flamingtext.com%2F&pra=5&wgl=1&easpi=0&asro=0&aseiel=1~2~4~6~8~9~10~11~12~13~14~15~16~17~18~19~20~21&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1710269101596&bpp=5&bdt=279&idt=365&shv=r20240306&mjsv=m202403070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5831583470441&frm=20&pv=2&ga_vid=288599542.1710269102&ga_sid=1710269102&ga_hid=867463092&ga_fc=1&u_tz=-420&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31081577%2C44785293%2C95326315%2C31081767%2C95324161%2C95325784%2C95326936&oid=2&pvsid=3571872486058928&tmod=1104736389&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=394

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403070101/show_ads_impl_fy2021.js?bust=31081767

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

286b01d06beea7489c93aad6cfcd4612534fb7ed68e048bcf0198d33e8d6e666

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www11.flamingtext.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 94292
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Mar 2024 18:45:02 GMT
expires: Tue, 12 Mar 2024 18:45:02 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 97ms
96ms XHR
application/json 142.251.163.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240306&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403070101/show_ads_impl_fy2021.js?bust=31081767

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f155.1e100.net

Software

cafe /

Resource Hash

e13c646462e85d9e0889eaa32249d88460b022d6228c4504ac9613927d868290

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12242
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403070101/ 166 KB
56 KB 113ms
113ms Script
text/javascript 142.251.163.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403070101/reactive_library_fy2021.js?bust=31081767

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403070101/show_ads_impl_fy2021.js?bust=31081767

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f155.1e100.net

Software

cafe /

Resource Hash

467aa468d28aba0af9fb332ce45759162bad869d3020fff1718566a2fd271460

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57255
x-xss-protection: 0
server: cafe
etag: 6701439060468378782
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Mar 2024 18:45:03 GMT

GET
H2 200 ca-pub-4221310471306460 Show response
fundingchoicesmessages.google.com/i/ 183 KB
61 KB 143ms
69ms Script
application/javascript 172.253.63.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-4221310471306460?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403070101/show_ads_impl_fy2021.js?bust=31081767

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f100.1e100.net

Software

ESF /

Resource Hash

27db632b0da0b6aa278c88a4b43b6684d594a35fc5030be30b4c4f18e8eb5e49

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-duxlZnn1eY9w25q6etERGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:03 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-duxlZnn1eY9w25q6etERGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjStHikmLw1JBiOO90h-k6ENcyPGNqBWIDjedMFkD87stLJoGvL5kkgFgLiHf4eLDwrZvOqgLEhuuns0YCcczz6awpQOyUPoM1BIh96mewxgHxyQXnWS8CsRA3x_qjh9azCdx4dMAdAMoCLig"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 slotcar_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403070101/ 91 KB
32 KB 113ms
112ms Script
text/javascript 142.251.163.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403070101/slotcar_library_fy2021.js?bust=31081767

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4221310471306460

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f155.1e100.net

Software

cafe /

Resource Hash

4c4249a73ff3376fb2fcfa4a23f831fdd9693b4e173c3a204e9391bba2044cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32382
x-xss-protection: 0
server: cafe
etag: 15408706226103075246
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Mar 2024 18:45:03 GMT

GET
H2 200 pixel.gif
www.stat-bot.com/ 43 B
181 B 35ms
35ms Image
image/gif 192.95.16.211
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.stat-bot.com/pixel.gif?v=1.0&domain=www11.flamingtext.com&path=%2F&dns=0&pageLoad=1926&pageTime=126&ttfb=53&id=flamingtext&version=902&server=www11&userType=visitor&ab=b&type=pageview&_=0.14843592534165584
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.95.16.211 Newark, United States, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:03 GMT
server: nginx/1.24.0
content-length: 43
content-type: image/gif;charset=UTF-8

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 114ms
39ms Script
text/javascript 142.250.31.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403070101/show_ads_impl_fy2021.js?bust=31081767

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 12 Mar 2024 18:45:03 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/ Frame 4336 9 KB
4 KB 38ms
37ms Document
text/html 172.253.62.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403070101/show_ads_impl_fy2021.js?bust=31081767

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www11.flamingtext.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 32974
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Mar 2024 09:35:29 GMT
etag: 5035419970550746386
expires: Tue, 26 Mar 2024 09:35:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/ Frame 638E 9 KB
4 KB 37ms
37ms Document
text/html 172.253.62.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403070101/show_ads_impl_fy2021.js?bust=31081767

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www11.flamingtext.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 32974
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Mar 2024 09:35:29 GMT
etag: 5035419970550746386
expires: Tue, 26 Mar 2024 09:35:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/ Frame ACC9 9 KB
4 KB 37ms
36ms Document
text/html 172.253.62.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403070101/show_ads_impl_fy2021.js?bust=31081767

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www11.flamingtext.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 32974
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Mar 2024 09:35:29 GMT
etag: 5035419970550746386
expires: Tue, 26 Mar 2024 09:35:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/ Frame 6A6F 9 KB
4 KB 40ms
39ms Document
text/html 172.253.62.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403070101/show_ads_impl_fy2021.js?bust=31081767

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www11.flamingtext.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 32974
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Mar 2024 09:35:29 GMT
etag: 5035419970550746386
expires: Tue, 26 Mar 2024 09:35:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 AGSKWxV2-pRDVEKy-RzfuVtsc3DbZXzqg-SJ5r_LGN_P2HLdlgjDB9HHk2GveoHFDY8wqLstRBqWmTNs2_jb-5ybXSESUYPutJOcqP4KVomZaaKhbHhkK_pLfjPyYqZBdO7w33krhFZubA== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 63ms
61ms Script
application/javascript 172.253.63.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxV2-pRDVEKy-RzfuVtsc3DbZXzqg-SJ5r_LGN_P2HLdlgjDB9HHk2GveoHFDY8wqLstRBqWmTNs2_jb-5ybXSESUYPutJOcqP4KVomZaaKhbHhkK_pLfjPyYqZBdO7w33krhFZubA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEwMjY5MTAzLDI4NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cxMS5mbGFtaW5ndGV4dC5jb20vIixudWxsLFtbOCwiczdoaUdyb012eFUiXSxbOSwiZW4tVVMiXSxbMTgsIltbWzBdXV0iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.s7hiGroMvxU.es5.O/am=wA/d=1/rs=AJlcJMyM_jr8RvrXE105utb8YiWSdMrSNA/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f100.1e100.net

Software

ESF /

Resource Hash

32b016b3e71d298f13e20d078ccafda5b014fa721094bacb96b13461d5794891

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-EQ-aMjwQz8QzFUAuhdvG4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:03 GMT
content-security-policy: script-src 'report-sample' 'nonce-EQ-aMjwQz8QzFUAuhdvG4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjStHikmLw15BiOO90h-k6ENcyPGNqBWIDjedMFkD87stLJoGvL5kkgFgLiHf4eLDwrZvOqgLEhuuns0YCcczz6awpQOyUPoM1BIh96mewxgHxyQXnWS8CsRAPx_qjh9azCRxovz-bEQD57S4w"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1411 13 KB
5 KB 38ms
36ms Document
text/html 142.250.31.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www11.flamingtext.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 16840
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 12 Mar 2024 14:04:23 GMT
expires: Wed, 12 Mar 2025 14:04:23 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B869 829 B
1 KB 129ms
55ms Document
text/html 172.253.115.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f106.1e100.net

Software

GSE /

Resource Hash

51f7be79b6aa90326c33cda00232898a336614ce29af767a9e0c4ca458fd914f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-wW3Y4UssZnr5e-ulN6IFYw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www11.flamingtext.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-wW3Y4UssZnr5e-ulN6IFYw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 12 Mar 2024 18:45:03 GMT
expires: Tue, 12 Mar 2024 18:45:03 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ Frame E79F 14 KB
2 KB 125ms
47ms Stylesheet
text/css 172.253.122.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f95.1e100.net

Software

ESF /

Resource Hash

a6ee58f60c407b083623fdc4586ae66d10f4586920a825a74e26762bc262eefd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 12 Mar 2024 18:45:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 12 Mar 2024 16:52:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 12 Mar 2024 18:45:03 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame E79F 2 KB
1 KB 36ms
36ms Script
text/javascript 142.250.31.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Mon, 11 Mar 2024 22:43:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72089
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Mar 2024 22:43:34 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/ Frame E79F 23 KB
9 KB 36ms
36ms Script
text/javascript 142.250.31.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/abg_lite_fy2021.js

Requested by

Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

cafe /

Resource Hash

8a33861cdc370b2db8442132658b06069640881bc90f369feca9b30c77e5f460

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Mon, 11 Mar 2024 23:04:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70817
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8947
x-xss-protection: 0
server: cafe
etag: 12299188824252842506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Mar 2024 23:04:46 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 88D0 143 B
166 B 38ms
37ms Document
text/html 172.253.62.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 1607
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Mar 2024 18:18:16 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame E79F 3 KB
1 KB 42ms
41ms Script
text/javascript 142.250.31.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/window_focus_fy2021.js

Requested by

Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 17:29:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4507
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 26 Mar 2024 17:29:56 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame E79F 20 KB
8 KB 38ms
37ms Script
text/javascript 142.250.31.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

cafe /

Resource Hash

535487d55c5cbf22bf933588a42e38efdc60bcbd42591420ed217db20cf423c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Mon, 11 Mar 2024 23:04:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70813
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8212
x-xss-protection: 0
server: cafe
etag: 9277691884081322989
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Mar 2024 23:04:50 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame E79F 207 KB
63 KB 40ms
39ms Script
text/javascript 142.251.163.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f155.1e100.net

Software

cafe /

Resource Hash

6afee967915e87f217a98c38c9d5ed411a339eac603c3f25364fea36cff27b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 17:47:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3425
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64070
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 12 Mar 2024 18:47:58 GMT

GET
H2 200 fae6ba9c9cb9ec876bbde5988f04c6f7.js Show response
www.gstatic.com/mysidia/ Frame E79F 36 KB
15 KB 111ms
37ms Script
text/javascript 172.253.115.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fae6ba9c9cb9ec876bbde5988f04c6f7.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f94.1e100.net

Software

sffe /

Resource Hash

32993a86c58685503a2a375f9ed0ec5813961836562a3b5656fd9eb149a27d4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Thu, 07 Mar 2024 03:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 488007
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15132
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 22:04:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 05 Jun 2024 03:11:36 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/elements/html/ Frame 4336 15 KB
6 KB 38ms
38ms Script
text/javascript 142.250.31.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

cafe /

Resource Hash

5a1433553dad10b1617e945447ce8d2a7a4ce6542ad50fdb8b563f85560cbc3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Mon, 11 Mar 2024 22:59:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71137
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6454
x-xss-protection: 0
server: cafe
etag: 9518204868993021864
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Mar 2024 22:59:26 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4336 205 B
518 B 122ms
53ms Image
image/png 172.253.115.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f94.1e100.net

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 16:16:45 GMT
x-content-type-options: nosniff
age: 8898
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 12 Mar 2025 16:16:45 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4336 604 B
694 B 122ms
54ms Image
image/png 172.253.115.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f94.1e100.net

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:22:55 GMT
x-content-type-options: nosniff
age: 1328
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 12 Mar 2025 18:22:55 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/elements/html/ Frame 4336 22 KB
9 KB 39ms
39ms Script
text/javascript 142.250.31.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

cafe /

Resource Hash

5efd17aa9600929f5517878dd267b6fdfeca37478d6987b5d75caec4f1e4b1a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Mon, 11 Mar 2024 23:04:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70821
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9093
x-xss-protection: 0
server: cafe
etag: 981128176822753981
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Mar 2024 23:04:42 GMT

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 94ms
93ms Fetch
text/html 142.251.163.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4221310471306460
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS: wv-in-f155.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://www11.flamingtext.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/ Frame 638E 23 KB
9 KB 37ms
36ms Script
text/javascript 142.250.31.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

cafe /

Resource Hash

8a33861cdc370b2db8442132658b06069640881bc90f369feca9b30c77e5f460

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Mon, 11 Mar 2024 23:04:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70817
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8947
x-xss-protection: 0
server: cafe
etag: 12299188824252842506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Mar 2024 23:04:46 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E480 143 B
166 B 39ms
37ms Document
text/html 172.253.62.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 1607
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Mar 2024 18:18:16 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame 638E 3 KB
1 KB 38ms
38ms Script
text/javascript 142.250.31.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 17:29:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4507
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 26 Mar 2024 17:29:56 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame 638E 20 KB
8 KB 40ms
38ms Script
text/javascript 142.250.31.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

cafe /

Resource Hash

535487d55c5cbf22bf933588a42e38efdc60bcbd42591420ed217db20cf423c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Mon, 11 Mar 2024 23:04:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70813
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8212
x-xss-protection: 0
server: cafe
etag: 9277691884081322989
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Mar 2024 23:04:50 GMT

GET
H3 200 18145931863308005455
tpc.googlesyndication.com/simgad/ Frame 638E 102 KB
102 KB 44ms
43ms Image
image/gif 142.250.31.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/18145931863308005455

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

sffe /

Resource Hash

856d7879bb8227525df4d7f3c85c9b04d3955a50b13593506c4b789530356dd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

expires: Wed, 12 Mar 2025 12:28:33 GMT
date: Tue, 12 Mar 2024 12:28:33 GMT
x-content-type-options: nosniff
age: 22590
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104901
x-xss-protection: 0
last-modified: Wed, 31 Jan 2024 16:09:17 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 638E 207 KB
63 KB 41ms
40ms Script
text/javascript 142.251.163.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f155.1e100.net

Software

cafe /

Resource Hash

6afee967915e87f217a98c38c9d5ed411a339eac603c3f25364fea36cff27b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 17:47:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3425
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64070
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 12 Mar 2024 18:47:58 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame 638E 36 KB
14 KB 64ms
63ms Script
text/javascript 142.250.31.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

cafe /

Resource Hash

8ad5f1dc06e90eea91c3839cf0b767b877f89d92eed940ac50b7c1eb05982050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Mon, 11 Mar 2024 22:46:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71930
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14569
x-xss-protection: 0
server: cafe
etag: 13248958906723212501
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Mar 2024 22:46:13 GMT

GET
H2 200 afr.php Show response
ads.us.criteo.com/delivery/r/ Frame EC98 42 KB
17 KB 119ms
48ms Document
text/html 74.119.119.65
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.us.criteo.com/delivery/r/afr.php?z=ZfCirgAAhKYIaC0TAATJk4w8DT5zmYgPRWLFlg&u=%7CAbC%2FV6lM2MLAzpoo%2FP9vodNy7la%2B1Xthx1An8ERj5Pc%3D%7C&c1=TUPLs6ok1IhDgnvJmJgq2b8G6XvEBIvqi4VSciU_LzelNdNdJTtEK_lEZrcR-2V6vqRGFL537dByUwzXjpSA5Ow3obWN48gwIlSOboP2-GIIt6SuAX0cHvSMpZElyA6IorLrsAZfNRgGX6IBKkVLOVUmTKP-dcQTn9rChpbexzfOW4I4y73ryvnaNxbQ8hjx4bOdTbm-sx5aeFUKrmEVeAqcOlZIsgcK5j0MuQPv4nxeb2tOkm5w-bKlotXZjQU6SBOg69m5iNWwuX-NK_k2WhQw-pn7_rfWH4ogXmonKhGXp85sxe_dk0O7n4sqqgQ2dSWn53bIatr5-1m6z56Cj5lNIAc0Ub0Yc3Ry6cfVMHzNTVNyJS4mwOss60B1ZcLo-DQs6plNU-pLNyOEHOOhFHN0BWjPky_blWhZFszUvHhVdFXPcappVRA9Dg3iaFUDbEXVXgOfKlI7iKC5ISkoSpx-iCeFa_fTH7cyoJnqb2IZ35JRm8KLEOWbL3-kJOzr0kvrEVQIeA0fv69f2t0q0NZHsJt3iZIlylHENcYZwHSuNQsFHOkG2MxM14ZnQnc5c9UzizPi2T7iK2GVIZxme0wc8SmTdOsERZgX8YHiWly7zzs5TzZcAnkwjjzwZcEHcrhbKBcrV6zYHHJD8rF2uA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCOHxXrqLwZaaJApPaoPMPk5OTSJyB77BcosqnqnTAjbcBEAEgAGD9iJSB6AOCARdjYS1wdWItNDIyMTMxMDQ3MTMwNjQ2MMgBCagDAcgDAqoE6QFP0OHEWvG1OD5B3lC-LOZYo6CYZ3JXg_YQJRd85ldChEVe4lvda2B7owJi3UI8WSZ3d3feiB-d5F-XfPiBjiiiFhvEyG2ietETzNVL8y5G7NdMchhv_D3os7EJxwPboj_LnUsaFke1IRmXWVhUVSc3XPorcR_O-t4o1jQPW_kccikkrSGmMWV60XyoWatqRiKh46RWv2IZlhyzfhVvR6mJU2divPKldzURvh0ivsqw0lG7o9FSbm1k7e_qzhqhm_Gd5kYNCnDYctcgD0QxgEVCsMmGuBh5gU6lTcAqYrCYo72OW3KCskphcYAGxJy7mM-mnKLZAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCIIgGEQATICigI6CYBAgMCAgICgKEi9_cE6WJngr_Kw74QD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0p-EDInmNx4b5G2htdIqrvsLHysQ%26client%3Dca-pub-4221310471306460%26adurl%3D

Requested by

Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.65 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

a3fbfaaaf3aec57fa6d72ae53ce2461ed0422a3700f4222bae6cbd29c0b7e7a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Tue, 12 Mar 2024 18:45:03 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.us.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.us.criteo.net/heavyad?cppv=3&cpp=FDCUQ4QZvE9WrJlTu43dHmGGwVV5BCW-yg88hV0IxTlKqD1EK8o37-4cF3iLRe47cUkOKM41ArkXCal9jTubhsmCZMdyKngBcGPRfHqE3pr3hQAY3u_UILGtq1CsUApRdWFMcXe25cjKySYgpUnSmMZSicDv1MH9gjN4-S60bx7oenENQsIbvxsKpEOCBAQXZYgMx3UBYybin6o4_gN6wHK-DafWFPcIcmdrEneBQUZBo9UzHpHTPupNtCnFQg9hDLzZ1Q"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 5898383
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame CB92 3 KB
1 KB 74ms
73ms Script
text/javascript 142.250.31.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/window_focus_fy2021.js

Requested by

Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 17:29:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4507
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 26 Mar 2024 17:29:56 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame CB92 20 KB
8 KB 38ms
37ms Script
text/javascript 142.250.31.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

cafe /

Resource Hash

535487d55c5cbf22bf933588a42e38efdc60bcbd42591420ed217db20cf423c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Mon, 11 Mar 2024 23:04:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70813
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8212
x-xss-protection: 0
server: cafe
etag: 9277691884081322989
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Mar 2024 23:04:50 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame CB92 207 KB
63 KB 39ms
39ms Script
text/javascript 142.251.163.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f155.1e100.net

Software

cafe /

Resource Hash

6afee967915e87f217a98c38c9d5ed411a339eac603c3f25364fea36cff27b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 17:47:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3425
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64070
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 12 Mar 2024 18:47:58 GMT

GET
H2 200 index-3259a6fc.js Show response
cdn.bidbrain.app/ng-assets/creative/assets/ Frame 6A6F 111 KB
41 KB 146ms
81ms Script
application/javascript 172.67.176.164
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bidbrain.app/ng-assets/creative/assets/index-3259a6fc.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.176.164 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed63ca4b22f33f50f5d71341ee513e6b472bfadba34bfc230b9416496f417af4

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:03 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2784
x-guploader-uploadid: ABPtcPpVhVZPZQFE5OzFnH24onJT0DVSnUW0dFPJ5brf7rCnEQ2iV9mzr8e8TSie345JfC5e60YiwpoOZg
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 05 Mar 2024 16:44:29 GMT
server: cloudflare
etag: W/"aebea2f983c85d9728262403d73bb2cc"
vary: Accept-Encoding
x-goog-generation: 1709657069312422
content-language: en
content-type: application/javascript
x-goog-hash: crc32c=d9nt9g==, md5=rr6i+YPIXZcoJiQD1zuyzA==
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DyHwxjBjxbQRvzUiBdwUDcqPtwQcKvLTlrJZZBte3PVMOHXJOaX9Z3zumtiv6mHi1%2B73tHzvsaghsjnzDDDkmuDIQ7gSvdVdrkP9jud4AXGlvxKooNUBzQezWwZUEOpS29TW"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 113875
access-control-allow-origin: *
cf-ray: 8635f069196a39e7-YYZ
expires: Tue, 12 Mar 2024 18:35:20 GMT

GET
H2 200 index-5ff488ba.css
cdn.bidbrain.app/ng-assets/creative/assets/ Frame 6A6F 13 KB
4 KB 101ms
36ms Stylesheet
text/css 172.67.176.164
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bidbrain.app/ng-assets/creative/assets/index-5ff488ba.css
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.176.164 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ff488ba8a49d41b55898ce4c5c03f2a499bc443cbcfc668bc0f067d0ae0964f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:03 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2883
x-guploader-uploadid: ABPtcPq1nvnN2SOneCIBHmLmVqMK3lge1jUAIelxuVxbz2PDjTXi0Pw6QllAjO7Gm7Xss0CUDA
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 05 Mar 2024 08:37:03 GMT
server: cloudflare
etag: W/"4db86410d8b5a7b97d01b017048c5649"
vary: Accept-Encoding
x-goog-hash: crc32c=SUyqwA==, md5=TbhkENi1p7l9AbAXBIxWSQ==
x-goog-generation: 1709627823511181
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R%2B4NJZXZ4U3gfXPYSYe2BSPTTS6BpjXOv1ofaZIN1cIg3KmN14jA9oy%2BNDzzJmSxRMDyliiIbTH0fQ0A7SKcQB3%2Fed4OHmMip7%2Bv6%2FLpqTwN4w%2BHeuQA%2BHuaSypbafuGd7bd"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 12941
cf-ray: 8635f0691d9ea22c-YYZ
expires: Tue, 12 Mar 2024 18:06:18 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame 6A6F 3 KB
1 KB 59ms
58ms Script
text/javascript 142.250.31.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 17:29:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4507
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 26 Mar 2024 17:29:56 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/ Frame 6A6F 20 KB
8 KB 40ms
39ms Script
text/javascript 142.250.31.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240306/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.31.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f132.1e100.net

Software

cafe /

Resource Hash

535487d55c5cbf22bf933588a42e38efdc60bcbd42591420ed217db20cf423c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Mon, 11 Mar 2024 23:04:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70813
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8212
x-xss-protection: 0
server: cafe
etag: 9277691884081322989
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Mar 2024 23:04:50 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 6A6F 207 KB
63 KB 46ms
44ms Script
text/javascript 142.251.163.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f155.1e100.net

Software

cafe /

Resource Hash

6afee967915e87f217a98c38c9d5ed411a339eac603c3f25364fea36cff27b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 17:47:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3425
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64070
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 12 Mar 2024 18:47:58 GMT

GET
H3 200 AGSKWxXeBGrTqyBRU8_XFaB441Xblroh5xHdvw0Jp1BYSdJPaQgsl7CmtPSufyICRPADPD-MtJgGf6qnlaoerXQCx__z65RgdGuODT86uH8rSem7tDUEFXKKA5FDfORDR3OaAi2yBZaGsg== Show response
fundingchoicesmessages.google.com/f/ 10 KB
5 KB 67ms
67ms Script
application/javascript 172.253.63.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXeBGrTqyBRU8_XFaB441Xblroh5xHdvw0Jp1BYSdJPaQgsl7CmtPSufyICRPADPD-MtJgGf6qnlaoerXQCx__z65RgdGuODT86uH8rSem7tDUEFXKKA5FDfORDR3OaAi2yBZaGsg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEwMjY5MTAzLDQ3OTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vd3d3MTEuZmxhbWluZ3RleHQuY29tLyIsbnVsbCxbWzgsInM3aGlHcm9NdnhVIl0sWzksImVuLVVTIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f100.1e100.net

Software

ESF /

Resource Hash

5e41292cfdffaefe58cf2505f21aea4bc8f27554aaf501d944162b79828a1bc0

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-MybisAhS_PCWJlpmmz7uVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:03 GMT
content-security-policy: script-src 'report-sample' 'nonce-MybisAhS_PCWJlpmmz7uVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjytHikmJw15BiOHHrNtMFID7vdIfpOhDXMjxjagViA43nTBZA_O7LSyaBry-ZJIBYC4h3-Hiw8K2bzqoCxIbrp7NGAnHM8-msKUDslD6DNQSIfepnsMYB8ckF51kvArEQD8f6o4fWswnc6H3-gxEAM3gzuQ"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 88D0
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

53ms
53ms

Document
text/html

172.253.62.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Mar 2024 18:45:03 GMT
expires: Tue, 12 Mar 2024 18:45:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Mar 2024 18:45:03 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame EC98 2 KB
1 KB 103ms
32ms Image
image/svg+xml 74.119.119.131
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.us.criteo.com
URL: https://ads.us.criteo.com/delivery/r/afr.php?z=ZfCirgAAhKYIaC0TAATJk4w8DT5zmYgPRWLFlg&u=%7CAbC%2FV6lM2MLAzpoo%2FP9vodNy7la%2B1Xthx1An8ERj5Pc%3D%7C&c1=TUPLs6ok1IhDgnvJmJgq2b8G6XvEBIvqi4VSciU_LzelNdNdJTtEK_lEZrcR-2V6vqRGFL537dByUwzXjpSA5Ow3obWN48gwIlSOboP2-GIIt6SuAX0cHvSMpZElyA6IorLrsAZfNRgGX6IBKkVLOVUmTKP-dcQTn9rChpbexzfOW4I4y73ryvnaNxbQ8hjx4bOdTbm-sx5aeFUKrmEVeAqcOlZIsgcK5j0MuQPv4nxeb2tOkm5w-bKlotXZjQU6SBOg69m5iNWwuX-NK_k2WhQw-pn7_rfWH4ogXmonKhGXp85sxe_dk0O7n4sqqgQ2dSWn53bIatr5-1m6z56Cj5lNIAc0Ub0Yc3Ry6cfVMHzNTVNyJS4mwOss60B1ZcLo-DQs6plNU-pLNyOEHOOhFHN0BWjPky_blWhZFszUvHhVdFXPcappVRA9Dg3iaFUDbEXVXgOfKlI7iKC5ISkoSpx-iCeFa_fTH7cyoJnqb2IZ35JRm8KLEOWbL3-kJOzr0kvrEVQIeA0fv69f2t0q0NZHsJt3iZIlylHENcYZwHSuNQsFHOkG2MxM14ZnQnc5c9UzizPi2T7iK2GVIZxme0wc8SmTdOsERZgX8YHiWly7zzs5TzZcAnkwjjzwZcEHcrhbKBcrV6zYHHJD8rF2uA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCOHxXrqLwZaaJApPaoPMPk5OTSJyB77BcosqnqnTAjbcBEAEgAGD9iJSB6AOCARdjYS1wdWItNDIyMTMxMDQ3MTMwNjQ2MMgBCagDAcgDAqoE6QFP0OHEWvG1OD5B3lC-LOZYo6CYZ3JXg_YQJRd85ldChEVe4lvda2B7owJi3UI8WSZ3d3feiB-d5F-XfPiBjiiiFhvEyG2ietETzNVL8y5G7NdMchhv_D3os7EJxwPboj_LnUsaFke1IRmXWVhUVSc3XPorcR_O-t4o1jQPW_kccikkrSGmMWV60XyoWatqRiKh46RWv2IZlhyzfhVvR6mJU2divPKldzURvh0ivsqw0lG7o9FSbm1k7e_qzhqhm_Gd5kYNCnDYctcgD0QxgEVCsMmGuBh5gU6lTcAqYrCYo72OW3KCskphcYAGxJy7mM-mnKLZAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCIIgGEQATICigI6CYBAgMCAgICgKEi9_cE6WJngr_Kw74QD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0p-EDInmNx4b5G2htdIqrvsLHysQ%26client%3Dca-pub-4221310471306460%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.131 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 07 Mar 2025 18:45:03 GMT

GET
H2 200 adchoices_en.svg
static.criteo.net/flash/icon/ Frame EC98 2 KB
1 KB 104ms
33ms Image
image/svg+xml 74.119.119.131
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_en.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.131 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-759"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 07 Mar 2025 18:45:03 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame EC98 308 B
636 B 52ms
34ms Image
image/svg+xml 74.119.119.131
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.131 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:03 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Fri, 07 Mar 2025 18:45:03 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame EC98 293 B
621 B 52ms
34ms Image
image/svg+xml 74.119.119.131
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.131 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:03 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Fri, 07 Mar 2025 18:45:03 GMT

GET
H2 200 lg.php
cat.va.us.criteo.com/delivery/ Frame EC98 43 B
348 B 104ms
34ms Image
image/gif 74.119.119.147
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.va.us.criteo.com/delivery/lg.php?cppv=3&cpp=1H2Dx-qTjjAvFWehVAHAAsTYjDhWCJyDYc7U0etEqHsuO8iOZEaGw5hpjFsdg91AUKXyAl3Z4bMlbTOQ72ZLVIwT7-XbinQzi-Uqj4kWxHWsp_1nGUZa2bEvGgbMo-rjwMHkL5o-i0n-nWJ62gxm1Sgo72EXphDQXAyIHuzF9m5JZ-wMy1LPKC1UJhAn4UvU6B53XQyV1vSgr4huh4ef_g-K_LV7dbMiyaqJblGCfuK0FJFxLATo-OmIdbLC6I3JL3hUydc9zADCHH7LDpmB0zdlF9ku-Ks_8RTrr2iys7IuFWfGE-kJPhwCdQJ3Xb0z4z51st2c25utfUQufhhg9OwmAs4jkyYA6RbFOxaUachEe_02kVkux-KXLkFY8WZrk0Fsu9VRTi1mwbmJSnHXiLcuK2VVxiohQtqlL-FrqiDSt6-J

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.147 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 18:45:03 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1743462
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B869 0
0 103ms
103ms Image
text/html 142.251.163.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240306&jk=3571872486058928&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS: wv-in-f155.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

GET
H3 200 O8T1Km08OhS5_Tz58jKeajrFynp-IyfJlJwKv1268Sc.js Show response
pagead2.googlesyndication.com/bg/ Frame 1411 39 KB
15 KB 39ms
38ms Script
text/javascript 142.251.163.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/O8T1Km08OhS5_Tz58jKeajrFynp-IyfJlJwKv1268Sc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f155.1e100.net

Software

sffe /

Resource Hash

3bc4f52a6d3c3a14b9fd3cf9f2329e6a3ac5ca7a7e2327c9949c0abf5dbaf127

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 10:08:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30972
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15541
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Mar 2025 10:08:51 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E480
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

51ms
51ms

Document
text/html

172.253.62.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Mar 2024 18:45:03 GMT
expires: Tue, 12 Mar 2024 18:45:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 12 Mar 2024 18:45:03 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK imps
stats.mediaforge.com/stat/ Frame EC98 37 B
316 B 100ms
33ms Image
image/gif 104.106.228.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stats.mediaforge.com/stat/imps?mid=10159&nid=102&width=160&height=600
Requested by: Host: ads.us.criteo.com
URL: https://ads.us.criteo.com/delivery/r/afr.php?z=ZfCirgAAhKYIaC0TAATJk4w8DT5zmYgPRWLFlg&u=%7CAbC%2FV6lM2MLAzpoo%2FP9vodNy7la%2B1Xthx1An8ERj5Pc%3D%7C&c1=TUPLs6ok1IhDgnvJmJgq2b8G6XvEBIvqi4VSciU_LzelNdNdJTtEK_lEZrcR-2V6vqRGFL537dByUwzXjpSA5Ow3obWN48gwIlSOboP2-GIIt6SuAX0cHvSMpZElyA6IorLrsAZfNRgGX6IBKkVLOVUmTKP-dcQTn9rChpbexzfOW4I4y73ryvnaNxbQ8hjx4bOdTbm-sx5aeFUKrmEVeAqcOlZIsgcK5j0MuQPv4nxeb2tOkm5w-bKlotXZjQU6SBOg69m5iNWwuX-NK_k2WhQw-pn7_rfWH4ogXmonKhGXp85sxe_dk0O7n4sqqgQ2dSWn53bIatr5-1m6z56Cj5lNIAc0Ub0Yc3Ry6cfVMHzNTVNyJS4mwOss60B1ZcLo-DQs6plNU-pLNyOEHOOhFHN0BWjPky_blWhZFszUvHhVdFXPcappVRA9Dg3iaFUDbEXVXgOfKlI7iKC5ISkoSpx-iCeFa_fTH7cyoJnqb2IZ35JRm8KLEOWbL3-kJOzr0kvrEVQIeA0fv69f2t0q0NZHsJt3iZIlylHENcYZwHSuNQsFHOkG2MxM14ZnQnc5c9UzizPi2T7iK2GVIZxme0wc8SmTdOsERZgX8YHiWly7zzs5TzZcAnkwjjzwZcEHcrhbKBcrV6zYHHJD8rF2uA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCOHxXrqLwZaaJApPaoPMPk5OTSJyB77BcosqnqnTAjbcBEAEgAGD9iJSB6AOCARdjYS1wdWItNDIyMTMxMDQ3MTMwNjQ2MMgBCagDAcgDAqoE6QFP0OHEWvG1OD5B3lC-LOZYo6CYZ3JXg_YQJRd85ldChEVe4lvda2B7owJi3UI8WSZ3d3feiB-d5F-XfPiBjiiiFhvEyG2ietETzNVL8y5G7NdMchhv_D3os7EJxwPboj_LnUsaFke1IRmXWVhUVSc3XPorcR_O-t4o1jQPW_kccikkrSGmMWV60XyoWatqRiKh46RWv2IZlhyzfhVvR6mJU2divPKldzURvh0ivsqw0lG7o9FSbm1k7e_qzhqhm_Gd5kYNCnDYctcgD0QxgEVCsMmGuBh5gU6lTcAqYrCYo72OW3KCskphcYAGxJy7mM-mnKLZAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCIIgGEQATICigI6CYBAgMCAgICgKEi9_cE6WJngr_Kw74QD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0p-EDInmNx4b5G2htdIqrvsLHysQ%26client%3Dca-pub-4221310471306460%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.106.228.62 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-106-228-62.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Tue, 12 Mar 2024 18:45:03 GMT
Last-Modified: Fri, 08 Jun 2018 16:09:13 GMT
Server: AkamaiNetStorage
ETag: "3eacd0132310ea44cad756b378a3bc07:1528474153.616126"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 37

GET
H2 200 / Show response
amp.rd.linksynergy.com/ Frame 8462 1 KB
2 KB 168ms
44ms Document
text/html 35.244.154.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://amp.rd.linksynergy.com/?merchant=bigagn10159&nID=102&width=160&height=600&strategy=similar-audiences-criteo&cb=65f0a2ae9f6d1aaf8f4512620e0671cb&redirecturl=Ihttps%3A%2F%2Fcat.va.us.criteo.com%2Fdelivery%2Fck.php%3Fcppv%3D3%26cpp%3DcC6yQeqTjjAvFWehVAHAAsTYjDhWCJyDYc7U0etEqHsuO8iOZEaGw5hpjFsdg91AUKXyAl3Z4bMlbTOQ72ZLVIwT7-XbinQzi-Uqj4kWxHWsp_1nGUZa2bEvGgbMo-rjwMHkL5o-i0n-nWJ62gxm1Sgo72GfLlVd5vOYqmdTUAsG1aYBa2Ol3GF2coJRXmq2IyGYT6yygLQacJ5Bm7j_XUK1EI9Gbsi_VnbKEgejrgWCQHU8TpxWqurZoBL6P5ZK1tudLUGcI7FzkOw05aRVSjTFBLCrNyElsPGAT45J8F0FWg3hH1rzlXzyE7qp8fzVPNEevnd9SMT8FQ_QLB2aDD5u84ztUDveXEx_Pf0sFfMAhV3r_iybXnMLC7XUdY0SVUh49QjMsnA9qxBcQsy0BG-la3z1Mwlcuv4944x-vkHhv5HUosuRDY3iXJHMXn-tAGSNEln1w7OWZWNTbnOn_3cYaA4rBBN5JyLdWgHfBd6o59QE%26maxdest%3Dhttps%253A%252F%252Fca.bigagnes.com%252F%253Fcto_pld%253DAj0k2NieAQA7N2JT962Ltw
Requested by: Host: ads.us.criteo.com
URL: https://ads.us.criteo.com/delivery/r/afr.php?z=ZfCirgAAhKYIaC0TAATJk4w8DT5zmYgPRWLFlg&u=%7CAbC%2FV6lM2MLAzpoo%2FP9vodNy7la%2B1Xthx1An8ERj5Pc%3D%7C&c1=TUPLs6ok1IhDgnvJmJgq2b8G6XvEBIvqi4VSciU_LzelNdNdJTtEK_lEZrcR-2V6vqRGFL537dByUwzXjpSA5Ow3obWN48gwIlSOboP2-GIIt6SuAX0cHvSMpZElyA6IorLrsAZfNRgGX6IBKkVLOVUmTKP-dcQTn9rChpbexzfOW4I4y73ryvnaNxbQ8hjx4bOdTbm-sx5aeFUKrmEVeAqcOlZIsgcK5j0MuQPv4nxeb2tOkm5w-bKlotXZjQU6SBOg69m5iNWwuX-NK_k2WhQw-pn7_rfWH4ogXmonKhGXp85sxe_dk0O7n4sqqgQ2dSWn53bIatr5-1m6z56Cj5lNIAc0Ub0Yc3Ry6cfVMHzNTVNyJS4mwOss60B1ZcLo-DQs6plNU-pLNyOEHOOhFHN0BWjPky_blWhZFszUvHhVdFXPcappVRA9Dg3iaFUDbEXVXgOfKlI7iKC5ISkoSpx-iCeFa_fTH7cyoJnqb2IZ35JRm8KLEOWbL3-kJOzr0kvrEVQIeA0fv69f2t0q0NZHsJt3iZIlylHENcYZwHSuNQsFHOkG2MxM14ZnQnc5c9UzizPi2T7iK2GVIZxme0wc8SmTdOsERZgX8YHiWly7zzs5TzZcAnkwjjzwZcEHcrhbKBcrV6zYHHJD8rF2uA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCOHxXrqLwZaaJApPaoPMPk5OTSJyB77BcosqnqnTAjbcBEAEgAGD9iJSB6AOCARdjYS1wdWItNDIyMTMxMDQ3MTMwNjQ2MMgBCagDAcgDAqoE6QFP0OHEWvG1OD5B3lC-LOZYo6CYZ3JXg_YQJRd85ldChEVe4lvda2B7owJi3UI8WSZ3d3feiB-d5F-XfPiBjiiiFhvEyG2ietETzNVL8y5G7NdMchhv_D3os7EJxwPboj_LnUsaFke1IRmXWVhUVSc3XPorcR_O-t4o1jQPW_kccikkrSGmMWV60XyoWatqRiKh46RWv2IZlhyzfhVvR6mJU2divPKldzURvh0ivsqw0lG7o9FSbm1k7e_qzhqhm_Gd5kYNCnDYctcgD0QxgEVCsMmGuBh5gU6lTcAqYrCYo72OW3KCskphcYAGxJy7mM-mnKLZAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCIIgGEQATICigI6CYBAgMCAgICgKEi9_cE6WJngr_Kw74QD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0p-EDInmNx4b5G2htdIqrvsLHysQ%26client%3Dca-pub-4221310471306460%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.154.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 98.154.244.35.bc.googleusercontent.com
Software: /
Resource Hash: 8e2720cdb2e550cdbe8ed34d35fbdd7dc3ff2c26ced7aec9da45086372f53475

Request headers

Referer: https://ads.us.criteo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-language: en-CA
content-type: text/html;charset=UTF-8
date: Tue, 12 Mar 2024 18:45:03 GMT
p3p: CP="This is not a P3P policy! See http://marketing.rakuten.com/faq-privacy-policy-changes for more info."
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
via: 1.1 google

POST
H2 200 all
csm.us.criteo.net/ Frame EC98 0
128 B 102ms
33ms Ping
text/plain 74.119.119.149
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.us.criteo.net/all?cppv=3&cpp=FDCUQ4QZvE9WrJlTu43dHmGGwVV5BCW-yg88hV0IxTlKqD1EK8o37-4cF3iLRe47cUkOKM41ArkXCal9jTubhsmCZMdyKngBcGPRfHqE3pr3hQAY3u_UILGtq1CsUApRdWFMcXe25cjKySYgpUnSmMZSicDv1MH9gjN4-S60bx7oenENQsIbvxsKpEOCBAQXZYgMx3UBYybin6o4_gN6wHK-DafWFPcIcmdrEneBQUZBo9UzHpHTPupNtCnFQg9hDLzZ1Q&sds=2&rev=91031&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.149 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.us.criteo.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 12 Mar 2024 18:45:03 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame EC98 2 KB
1 KB 36ms
36ms Image
image/svg+xml 74.119.119.131
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.131 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 07 Mar 2025 18:45:03 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame EC98 2 KB
1 KB 38ms
38ms Image
image/svg+xml 74.119.119.131
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.131 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 07 Mar 2025 18:45:03 GMT

GET
DATA 200
OK truncated
/ Frame 6A6F 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4384b9440b34878eeb174651d391df9cebeb73f78ce4bb287f232a32be1802e8

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 KWAUkR2X_3396iiuIOVJJ1s4v9_BCXHf9116__MAGIw.js Show response
pagead2.googlesyndication.com/bg/ Frame 0D2D 51 KB
20 KB 38ms
38ms Script
text/javascript 142.251.163.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/KWAUkR2X_3396iiuIOVJJ1s4v9_BCXHf9116__MAGIw.js

Requested by

Host: www11.flamingtext.com
URL: https://www11.flamingtext.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f155.1e100.net

Software

sffe /

Resource Hash

296014911d97ff7dfdea28ae20e549275b38bfdfc10971dff75d7afff300188c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 04:55:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49789
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20259
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Mar 2025 04:55:14 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 6A6F 0
23 B 101ms
100ms Image
text/html 172.253.62.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CLwo7rqLwZaeJApPaoPMPk5OTSMPjyaF2udCuypYPwI23ARABIABg_YiUgegDggEXY2EtcHViLTQyMjEzMTA0NzEzMDY0NjDIAQmoAwHIAwKqBOoBT9BRVuVHV36kU162QhIYLoqB6BrX1il0fwYn1xUpiJJbOy4JDxt53ImJSi8-fhZk8UBU05HqG0r0xSyw1WC8lLbDz5KOlD9I356586avAqpEMvgBzk3coHCr49pzNm8yODkgoxElymvz6zRx-hmaUn078yRu-9knlg6-wwtRxvoGSt_01pZFb26BT2JupU_yiMJJF2v4Vl6F6Z30ozODGgYsM-m-7JcJ3P1ZN8rq9XzzsqgTcLo6V-140Jp8pV5oItX7z07wG-BicCsbgAJ221A1Ja-g6bFkU1LAmppsBtGzQ8WTNOfDD8JDgAb8o4eVw-Dy70WgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggiCIBhEAEyAooCOgmAQIDAgICAoChIvf3BOliZ4K_ysO-EA4AKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi00MjIxMzEwNDcxMzA2NDYwGAA&sigh=qk6Tb3X12Ho&uach_m=%5BUACH%5D&cid=CAQSLgB7FLtqeTN8UQWh64ye3II5AYGiQBi9a_T_JY_APBZWGUFHJUvEX42NC0HdHKUYAQ&cbvp=2&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 12 Mar 2024 18:45:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 12 Mar 2024 18:45:03 GMT

GET
H2 204 rtimp
g.bidbrain.app/ Frame 6A6F 0
924 B 117ms
111ms Image
text/plain 172.67.176.164
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.bidbrain.app/rtimp?sid=a28e2217-e0a0-11ee-b852-5a774f1f95f5&d=www11.flamingtext.com&cr=ext_ng_start_sqt6&a=imp&p=ZfCirgAAhKcIaC0TAATJk_Jlb-JF1IDxFpCBsg&im=G35LYLkCi1HADv9-Gcg394_2ela3DLEUqSlx_fnzrvqKvjqfCP_VRXbvo-GBfdGVhti9CEu51Zx2nt49lvkeyJcSbSdLnb-BJ-BFngeUg7Vmm-RSZIyXu2La5NSFeyYSMgRz1O3UbTWZEVRfcrgNcAfAyew-OyR8HgiOPgIna_0nOMuiSL5d8g6gfqMYiJvicm3u3z9IJ5phBW6j8sdLkklrNT24mQ0fiiOmNrGML6W8H75p1sg5YsNLqaMVADa4QCO5tafBdZKhvdyKmlAgW_vpopBKKozorGg6YXRg2TvZS0AV-jPLoDLpGFMHX55n6mgorDTSNl91A3A46u1BIXAEQnm49d5ZDT0lMBwy54E&cbvp=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.176.164 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:03 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JF6Ix6Zvkx4ZsT215DuM%2FmK%2BIN9gpZy7TGQFXY%2Fikmk3DnYH75cnEuEkPqbpYAj1KgZv7T2WuYTer76N0qBto1z7ePyhAKBHBiG3w07oSnmcfZlaiG%2FM%2FD6zql664bM5XQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 8635f06b4904a22c-YYZ
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
DATA 200
OK truncated
/ Frame 638E 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 877f3458e77fc43e1a3a7df7027fd56d8bad92b5d6af101a0611bc8bb086e474

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 RobotoRegular.woff2
cdn.bidbrain.app/compressedFonts/ Frame 6A6F 60 KB
61 KB 46ms
45ms Font
application/octet-stream 172.67.176.164
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bidbrain.app/compressedFonts/RobotoRegular.woff2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.176.164 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 02f1dcc0c722e24cba9be4b720831a79489e766d5edf8b77f582e0869312d86e

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2784
x-guploader-uploadid: ABPtcPrqhKX6p2KrpRKDMqH_xpEiK6s6qom347n2WHjM9FBvexolNPXG3tvEC4P5tSfcbhNcfBA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
content-length: 61736
last-modified: Wed, 29 Nov 2023 10:07:40 GMT
server: cloudflare
etag: "ede84d96808c486e3de74cbd8f2a2c80"
vary: Accept-Encoding
x-goog-generation: 1701252459996546
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=fte1vA==, md5=7ehNloCMSG4950y9jyosgA==
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eq2X2OlCAY3UcE1xKOtnJejFk%2FPKp6MshD6oxXY3X5FRVc96NeHt6syjHiBuYLWvO%2BCg3tWh5alW4BsL%2FgUNAFhGRcxLuiEBmx8an7%2BdWpDgFfCFiJ7OL7DpkiqWjTsVcLxc"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 61736
accept-ranges: bytes
cf-ray: 8635f06b5da939e7-YYZ
expires: Tue, 12 Mar 2024 18:58:25 GMT

GET
H2 200 RobotoBold.woff2
cdn.bidbrain.app/compressedFonts/ Frame 6A6F 60 KB
61 KB 29ms
28ms Font
application/octet-stream 172.67.176.164
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bidbrain.app/compressedFonts/RobotoBold.woff2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.176.164 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61c412fbdbbf1417355373a80125c8cf7e5cbaab4218bae0316fe6ef917bf798

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2784
x-guploader-uploadid: ABPtcPopKroEmrUdsVOrmkQKa6qG6qbIDmQj1IMuJB8uTUJcS0rVGKoSL4JuYE6wekSObK2xvUQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
content-length: 61628
last-modified: Wed, 29 Nov 2023 10:09:00 GMT
server: cloudflare
etag: "1033a47731e45f7bd46a1962359e96b4"
vary: Accept-Encoding
x-goog-generation: 1701252540208192
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=8QCKtg==, md5=EDOkdzHkX3vUahliNZ6WtA==
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gYT3EJphoBuedHWDJXIDefv%2Bt5FwWbqhOcO%2FxZmpm6bCsyXtIPUVpvdC42somEh%2FFFIt%2B%2B59ndRbZMc4IdE%2BxOqSp7davxH7wXGzZi3P3nIEBr23bYmPnfoXXhS%2BMjwzbPXx"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 61628
accept-ranges: bytes
cf-ray: 8635f06b5dac39e7-YYZ
expires: Tue, 12 Mar 2024 18:29:38 GMT

GET
H3 200 KWAUkR2X_3396iiuIOVJJ1s4v9_BCXHf9116__MAGIw.js Show response
pagead2.googlesyndication.com/bg/ Frame 27E7 51 KB
20 KB 39ms
39ms Script
text/javascript 142.251.163.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/KWAUkR2X_3396iiuIOVJJ1s4v9_BCXHf9116__MAGIw.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f155.1e100.net

Software

sffe /

Resource Hash

296014911d97ff7dfdea28ae20e549275b38bfdfc10971dff75d7afff300188c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 04:55:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49789
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20259
x-xss-protection: 0
last-modified: Mon, 04 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Mar 2025 04:55:14 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 638E
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=C4k75rqLwZaWJApPaoPMPk5OTSN2slqZ2xZGX6ZgS2tkeEAEg2ub7AWD9iJSB6AOgAZ27gd4qyAEDqQLlxpqZ4FKyPqgDAcgDyQSqBPMBT9BpVn448lO9twDGYg1YYj432gBl6asOaQl5lVi...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x3a6b9dce18be37530000000000000000%22,%222%22:%220xc04615768de620710000000000000000%22,%223%22:%220x95e54d...

0
0

169ms
93ms

Fetch
text/css

172.253.115.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x3a6b9dce18be37530000000000000000%22,%222%22:%220xc04615768de620710000000000000000%22,%223%22:%220x95e54d88d1846cd10000000000000000%22,%224%22:%220x94c31c20be8b8b4f0000000000000000%22,%225%22:%220xcd1567ddec6a3c650000000000000000%22},%22debug_key%22:%227050356638348623376%22,%22debug_reporting%22:true,%22destination%22:%22https://global.ntt%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211471445405%22],%2222%22:[%22true%22],%224%22:[%2203-12%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%226293954927680369025%22}&andc=true

Protocol

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:04 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x3a6b9dce18be37530000000000000000","2":"0xc04615768de620710000000000000000","3":"0x95e54d88d1846cd10000000000000000","4":"0x94c31c20be8b8b4f0000000000000000","5":"0xcd1567ddec6a3c650000000000000000"},"debug_key":"7050356638348623376","debug_reporting":true,"destination":"https://global.ntt","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11471445405"],"22":["true"],"4":["03-12"],"6":["true"]},"priority":"500","source_event_id":"6293954927680369025"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 12 Mar 2024 18:45:04 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 12 Mar 2024 18:45:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x3a6b9dce18be37530000000000000000","2":"0xc04615768de620710000000000000000","3":"0x95e54d88d1846cd10000000000000000","4":"0x94c31c20be8b8b4f0000000000000000","5":"0xcd1567ddec6a3c650000000000000000"},"debug_key":"7050356638348623376","debug_reporting":true,"destination":"https://global.ntt","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11471445405"],"22":["true"],"4":["03-12"],"6":["true"]},"priority":"500","source_event_id":"6293954927680369025"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

POST
H2 204 rtimp
g.bidbrain.app/ Frame 6A6F 0
492 B 139ms
139ms Ping
text/plain 172.67.176.164
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rtimp
Requested by: Host: cdn.bidbrain.app
URL: https://cdn.bidbrain.app/ng-assets/creative/assets/index-3259a6fc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.176.164 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 12 Mar 2024 18:45:04 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DF9ZS7lteUtoPZSAqqjH3vA3E%2F26xIVGPeh7c2jKVKxJt6Vfc%2BYbMkHs%2F8As4G%2FUAgpnBmmmaV8qpqikAClxPzZ7e1VMltxZRWa6dNWJOTDQTA1aTe3wJvlXglpQiWjp3g%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 8635f06b9996a22c-YYZ
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
expires: 0

GET
H/1.1 200
OK index.html Show response
ads.rd.linksynergy.com/advertisers/bigagn10159/rias/ria18431776/ Frame 9E75 1 KB
1 KB 109ms
28ms Document
text/html 104.106.228.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rd.linksynergy.com/advertisers/bigagn10159/rias/ria18431776/index.html?riaID=18431779&merchantID=10159&networkID=102&event_id=e5175633-6e71-4c03-b5fd-7f9169efe6aa&embedid=1&instanceid=1&rd_idfa=&locationurl=https%3A//amp.rd.linksynergy.com/%3Fmerchant%3Dbigagn10159%26nID%3D102%26width%3D160%26height%3D600%26strategy%3Dsimilar-audiences-criteo%26cb%3D65f0a2ae9f6d1aaf8f4512620e0671cb%26redirecturl%3DIhttps%253A%252F%252Fcat.va.us.criteo.com%252Fdelivery%252Fck.php%253Fcppv%253D3%2526cpp%253DcC6yQeqTjjAvFWehVAHAAsTYjDhWCJyDYc7U0etEqHsuO8iOZEaGw5hpjFsdg91AUKXyAl3Z4bMlbTOQ72ZLVIwT7-XbinQzi-Uqj4kWxHWsp_1nGUZa2bEvGgbMo-rjwMHkL5o-i0n-nWJ62gxm1Sgo72GfLlVd5vOYqmdTUAsG1aYBa2Ol3GF2coJRXmq2IyGYT6yygLQacJ5Bm7j_XUK1EI9Gbsi_VnbKEgejrgWCQHU8TpxWqurZoBL6P5ZK1tudLUGcI7FzkOw05aRVSjTFBLCrNyElsPGAT45J8F0FWg3hH1rzlXzyE7qp8fzVPNEevnd9SMT8FQ_QLB2aDD5u84ztUDveXEx_Pf0sFfMAhV3r_iybXnMLC7XUdY0SVUh49QjMsnA9qxBcQsy0BG-la3z1Mwlcuv4944x-vkHhv5HUosuRDY3iXJHMXn-tAGSNEln1w7OWZWNTbnOn_3cYaA4rBBN5JyLdWgHfBd6o59QE%2526maxdest%253Dhttps%25253A%25252F%25252Fca.bigagnes.com%25252F%25253Fcto_pld%25253DAj0k2NieAQA7N2JT962Ltw&redirecturl=Ihttps%3A%2F%2Fcat.va.us.criteo.com%2Fdelivery%2Fck.php%3Fcppv%3D3%26cpp%3DcC6yQeqTjjAvFWehVAHAAsTYjDhWCJyDYc7U0etEqHsuO8iOZEaGw5hpjFsdg91AUKXyAl3Z4bMlbTOQ72ZLVIwT7-XbinQzi-Uqj4kWxHWsp_1nGUZa2bEvGgbMo-rjwMHkL5o-i0n-nWJ62gxm1Sgo72GfLlVd5vOYqmdTUAsG1aYBa2Ol3GF2coJRXmq2IyGYT6yygLQacJ5Bm7j_XUK1EI9Gbsi_VnbKEgejrgWCQHU8TpxWqurZoBL6P5ZK1tudLUGcI7FzkOw05aRVSjTFBLCrNyElsPGAT45J8F0FWg3hH1rzlXzyE7qp8fzVPNEevnd9SMT8FQ_QLB2aDD5u84ztUDveXEx_Pf0sFfMAhV3r_iybXnMLC7XUdY0SVUh49QjMsnA9qxBcQsy0BG-la3z1Mwlcuv4944x-vkHhv5HUosuRDY3iXJHMXn-tAGSNEln1w7OWZWNTbnOn_3cYaA4rBBN5JyLdWgHfBd6o59QE%26maxdest%3Dhttps%253A%252F%252Fca.bigagnes.com%252F%253Fcto_pld%253DAj0k2NieAQA7N2JT962Ltw
Requested by: Host: amp.rd.linksynergy.com
URL: https://amp.rd.linksynergy.com/?merchant=bigagn10159&nID=102&width=160&height=600&strategy=similar-audiences-criteo&cb=65f0a2ae9f6d1aaf8f4512620e0671cb&redirecturl=Ihttps%3A%2F%2Fcat.va.us.criteo.com%2Fdelivery%2Fck.php%3Fcppv%3D3%26cpp%3DcC6yQeqTjjAvFWehVAHAAsTYjDhWCJyDYc7U0etEqHsuO8iOZEaGw5hpjFsdg91AUKXyAl3Z4bMlbTOQ72ZLVIwT7-XbinQzi-Uqj4kWxHWsp_1nGUZa2bEvGgbMo-rjwMHkL5o-i0n-nWJ62gxm1Sgo72GfLlVd5vOYqmdTUAsG1aYBa2Ol3GF2coJRXmq2IyGYT6yygLQacJ5Bm7j_XUK1EI9Gbsi_VnbKEgejrgWCQHU8TpxWqurZoBL6P5ZK1tudLUGcI7FzkOw05aRVSjTFBLCrNyElsPGAT45J8F0FWg3hH1rzlXzyE7qp8fzVPNEevnd9SMT8FQ_QLB2aDD5u84ztUDveXEx_Pf0sFfMAhV3r_iybXnMLC7XUdY0SVUh49QjMsnA9qxBcQsy0BG-la3z1Mwlcuv4944x-vkHhv5HUosuRDY3iXJHMXn-tAGSNEln1w7OWZWNTbnOn_3cYaA4rBBN5JyLdWgHfBd6o59QE%26maxdest%3Dhttps%253A%252F%252Fca.bigagnes.com%252F%253Fcto_pld%253DAj0k2NieAQA7N2JT962Ltw
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.106.228.60 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-106-228-60.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 1e15652f7730d5f02ec1fa1966f606cd3fbe58f68f04824b163b221e5c6fb0e0

Request headers

Referer: https://amp.rd.linksynergy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 686
Content-Type: text/html
Date: Tue, 12 Mar 2024 18:45:04 GMT
ETag: "3aa0c82469df8fcc100dd783d667e3eb:1707326349.299077"
Last-Modified: Wed, 07 Feb 2024 17:19:09 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 167ms
93ms Preflight
text/html 172.253.115.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 12 Mar 2024 18:45:04 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK phoenix-2.26.min.js Show response
ads.rd.linksynergy.com/phoenix/ Frame 9E75 181 KB
55 KB 41ms
41ms Script
application/x-javascript 104.106.228.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rd.linksynergy.com/phoenix/phoenix-2.26.min.js
Requested by: Host: ads.rd.linksynergy.com
URL: https://ads.rd.linksynergy.com/advertisers/bigagn10159/rias/ria18431776/index.html?riaID=18431779&merchantID=10159&networkID=102&event_id=e5175633-6e71-4c03-b5fd-7f9169efe6aa&embedid=1&instanceid=1&rd_idfa=&locationurl=https%3A//amp.rd.linksynergy.com/%3Fmerchant%3Dbigagn10159%26nID%3D102%26width%3D160%26height%3D600%26strategy%3Dsimilar-audiences-criteo%26cb%3D65f0a2ae9f6d1aaf8f4512620e0671cb%26redirecturl%3DIhttps%253A%252F%252Fcat.va.us.criteo.com%252Fdelivery%252Fck.php%253Fcppv%253D3%2526cpp%253DcC6yQeqTjjAvFWehVAHAAsTYjDhWCJyDYc7U0etEqHsuO8iOZEaGw5hpjFsdg91AUKXyAl3Z4bMlbTOQ72ZLVIwT7-XbinQzi-Uqj4kWxHWsp_1nGUZa2bEvGgbMo-rjwMHkL5o-i0n-nWJ62gxm1Sgo72GfLlVd5vOYqmdTUAsG1aYBa2Ol3GF2coJRXmq2IyGYT6yygLQacJ5Bm7j_XUK1EI9Gbsi_VnbKEgejrgWCQHU8TpxWqurZoBL6P5ZK1tudLUGcI7FzkOw05aRVSjTFBLCrNyElsPGAT45J8F0FWg3hH1rzlXzyE7qp8fzVPNEevnd9SMT8FQ_QLB2aDD5u84ztUDveXEx_Pf0sFfMAhV3r_iybXnMLC7XUdY0SVUh49QjMsnA9qxBcQsy0BG-la3z1Mwlcuv4944x-vkHhv5HUosuRDY3iXJHMXn-tAGSNEln1w7OWZWNTbnOn_3cYaA4rBBN5JyLdWgHfBd6o59QE%2526maxdest%253Dhttps%25253A%25252F%25252Fca.bigagnes.com%25252F%25253Fcto_pld%25253DAj0k2NieAQA7N2JT962Ltw&redirecturl=Ihttps%3A%2F%2Fcat.va.us.criteo.com%2Fdelivery%2Fck.php%3Fcppv%3D3%26cpp%3DcC6yQeqTjjAvFWehVAHAAsTYjDhWCJyDYc7U0etEqHsuO8iOZEaGw5hpjFsdg91AUKXyAl3Z4bMlbTOQ72ZLVIwT7-XbinQzi-Uqj4kWxHWsp_1nGUZa2bEvGgbMo-rjwMHkL5o-i0n-nWJ62gxm1Sgo72GfLlVd5vOYqmdTUAsG1aYBa2Ol3GF2coJRXmq2IyGYT6yygLQacJ5Bm7j_XUK1EI9Gbsi_VnbKEgejrgWCQHU8TpxWqurZoBL6P5ZK1tudLUGcI7FzkOw05aRVSjTFBLCrNyElsPGAT45J8F0FWg3hH1rzlXzyE7qp8fzVPNEevnd9SMT8FQ_QLB2aDD5u84ztUDveXEx_Pf0sFfMAhV3r_iybXnMLC7XUdY0SVUh49QjMsnA9qxBcQsy0BG-la3z1Mwlcuv4944x-vkHhv5HUosuRDY3iXJHMXn-tAGSNEln1w7OWZWNTbnOn_3cYaA4rBBN5JyLdWgHfBd6o59QE%26maxdest%3Dhttps%253A%252F%252Fca.bigagnes.com%252F%253Fcto_pld%253DAj0k2NieAQA7N2JT962Ltw
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.106.228.60 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-106-228-60.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 8e4ce57af93d161942ceb5bc6adcd5fd143221deca893662553351f3ee65dab0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.rd.linksynergy.com/advertisers/bigagn10159/rias/ria18431776/index.html?riaID=18431779&merchantID=10159&networkID=102&event_id=e5175633-6e71-4c03-b5fd-7f9169efe6aa&embedid=1&instanceid=1&rd_idfa=&locationurl=https%3A//amp.rd.linksynergy.com/%3Fmerchant%3Dbigagn10159%26nID%3D102%26width%3D160%26height%3D600%26strategy%3Dsimilar-audiences-criteo%26cb%3D65f0a2ae9f6d1aaf8f4512620e0671cb%26redirecturl%3DIhttps%253A%252F%252Fcat.va.us.criteo.com%252Fdelivery%252Fck.php%253Fcppv%253D3%2526cpp%253DcC6yQeqTjjAvFWehVAHAAsTYjDhWCJyDYc7U0etEqHsuO8iOZEaGw5hpjFsdg91AUKXyAl3Z4bMlbTOQ72ZLVIwT7-XbinQzi-Uqj4kWxHWsp_1nGUZa2bEvGgbMo-rjwMHkL5o-i0n-nWJ62gxm1Sgo72GfLlVd5vOYqmdTUAsG1aYBa2Ol3GF2coJRXmq2IyGYT6yygLQacJ5Bm7j_XUK1EI9Gbsi_VnbKEgejrgWCQHU8TpxWqurZoBL6P5ZK1tudLUGcI7FzkOw05aRVSjTFBLCrNyElsPGAT45J8F0FWg3hH1rzlXzyE7qp8fzVPNEevnd9SMT8FQ_QLB2aDD5u84ztUDveXEx_Pf0sFfMAhV3r_iybXnMLC7XUdY0SVUh49QjMsnA9qxBcQsy0BG-la3z1Mwlcuv4944x-vkHhv5HUosuRDY3iXJHMXn-tAGSNEln1w7OWZWNTbnOn_3cYaA4rBBN5JyLdWgHfBd6o59QE%2526maxdest%253Dhttps%25253A%25252F%25252Fca.bigagnes.com%25252F%25253Fcto_pld%25253DAj0k2NieAQA7N2JT962Ltw&redirecturl=Ihttps%3A%2F%2Fcat.va.us.criteo.com%2Fdelivery%2Fck.php%3Fcppv%3D3%26cpp%3DcC6yQeqTjjAvFWehVAHAAsTYjDhWCJyDYc7U0etEqHsuO8iOZEaGw5hpjFsdg91AUKXyAl3Z4bMlbTOQ72ZLVIwT7-XbinQzi-Uqj4kWxHWsp_1nGUZa2bEvGgbMo-rjwMHkL5o-i0n-nWJ62gxm1Sgo72GfLlVd5vOYqmdTUAsG1aYBa2Ol3GF2coJRXmq2IyGYT6yygLQacJ5Bm7j_XUK1EI9Gbsi_VnbKEgejrgWCQHU8TpxWqurZoBL6P5ZK1tudLUGcI7FzkOw05aRVSjTFBLCrNyElsPGAT45J8F0FWg3hH1rzlXzyE7qp8fzVPNEevnd9SMT8FQ_QLB2aDD5u84ztUDveXEx_Pf0sFfMAhV3r_iybXnMLC7XUdY0SVUh49QjMsnA9qxBcQsy0BG-la3z1Mwlcuv4944x-vkHhv5HUosuRDY3iXJHMXn-tAGSNEln1w7OWZWNTbnOn_3cYaA4rBBN5JyLdWgHfBd6o59QE%26maxdest%3Dhttps%253A%252F%252Fca.bigagnes.com%252F%253Fcto_pld%253DAj0k2NieAQA7N2JT962Ltw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Tue, 12 Mar 2024 18:45:04 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 Aug 2021 00:54:35 GMT
Server: AkamaiNetStorage
ETag: "8a2a829f10cbe590f556ad5b0cea37c0:1628816075.691081"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Connection: keep-alive, Transfer-Encoding
Accept-Ranges: bytes

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 1411 0
10 B 36ms
35ms Image
text/plain 142.250.31.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ntEXOQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.31.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bj-in-f132.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:04 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 t
ut.rd.linksynergy.com/ Frame 9E75 37 B
373 B 87ms
40ms Image
image/gif 34.98.67.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ut.rd.linksynergy.com/t?eID=1&type=1&rmch=rd&duration=14&tp=imp&nID=102&mID=10159&v=2.26.15&engine=phoenix&aID=18431779&cts=03%2F12%2F2024+11%3A45%3A04&sID=e5175633-6e71-4c03-b5fd-7f9169efe6aa&url=https%3A%2F%2Famp.rd.linksynergy.com%2F%3Fmerchant%3Dbigagn10159%26nID%3D102%26width%3D160%26height%3D600%26strategy%3Dsimilar-audiences-criteo%26cb%3D65f0a2ae9f6d1aaf8f4512620e0671cb%26redirecturl%3DIhttps%253A%252F%252Fcat.va.us.criteo.com%252Fdelivery%252Fck.php%253Fcppv%253D3%2526cpp%253DcC6yQeqTjjAvFWehVAHAAsTYjDhWCJyDYc7U0etEqHsuO8iOZEaGw5hpjFsdg91AUKXyAl3Z4bMlbTOQ72ZLVIwT7-XbinQzi-Uqj4kWxHWsp_1nGUZa2bEvGgbMo-rjwMHkL5o-i0n-nWJ62gxm1Sgo72GfLlVd5vOYqmdTUAsG1aYBa2Ol3GF2coJRXmq2IyGYT6yygLQacJ5Bm7j_XUK1EI9Gbsi_VnbKEgejrgWCQHU8TpxWqurZoBL6P5ZK1tudLUGcI7FzkOw05aRVSjTFBLCrNyElsPGAT45J8F0FWg3hH1rzlXzyE7qp8fzVPNEevnd9SMT8FQ_QLB2aDD5u84ztUDveXEx_Pf0sFfMAhV3r_iybXnMLC7XUdY0SVUh49QjMsnA9qxBcQsy0BG-la3z1Mwlcuv4944x-vkHhv5HUosuRDY3iXJHMXn-tAGSNEln1w7OWZWNTbnOn_3cYaA4rBBN5JyLdWgHfBd6o59QE%2526maxdest%253Dhttps%25253A%25252F%25252Fca.bigagnes.com%25252F%25253Fcto_pld%25253DAj0k2NieAQA7N2JT962Ltw

Requested by

Host: ads.rd.linksynergy.com
URL: https://ads.rd.linksynergy.com/advertisers/bigagn10159/rias/ria18431776/index.html?riaID=18431779&merchantID=10159&networkID=102&event_id=e5175633-6e71-4c03-b5fd-7f9169efe6aa&embedid=1&instanceid=1&rd_idfa=&locationurl=https%3A//amp.rd.linksynergy.com/%3Fmerchant%3Dbigagn10159%26nID%3D102%26width%3D160%26height%3D600%26strategy%3Dsimilar-audiences-criteo%26cb%3D65f0a2ae9f6d1aaf8f4512620e0671cb%26redirecturl%3DIhttps%253A%252F%252Fcat.va.us.criteo.com%252Fdelivery%252Fck.php%253Fcppv%253D3%2526cpp%253DcC6yQeqTjjAvFWehVAHAAsTYjDhWCJyDYc7U0etEqHsuO8iOZEaGw5hpjFsdg91AUKXyAl3Z4bMlbTOQ72ZLVIwT7-XbinQzi-Uqj4kWxHWsp_1nGUZa2bEvGgbMo-rjwMHkL5o-i0n-nWJ62gxm1Sgo72GfLlVd5vOYqmdTUAsG1aYBa2Ol3GF2coJRXmq2IyGYT6yygLQacJ5Bm7j_XUK1EI9Gbsi_VnbKEgejrgWCQHU8TpxWqurZoBL6P5ZK1tudLUGcI7FzkOw05aRVSjTFBLCrNyElsPGAT45J8F0FWg3hH1rzlXzyE7qp8fzVPNEevnd9SMT8FQ_QLB2aDD5u84ztUDveXEx_Pf0sFfMAhV3r_iybXnMLC7XUdY0SVUh49QjMsnA9qxBcQsy0BG-la3z1Mwlcuv4944x-vkHhv5HUosuRDY3iXJHMXn-tAGSNEln1w7OWZWNTbnOn_3cYaA4rBBN5JyLdWgHfBd6o59QE%2526maxdest%253Dhttps%25253A%25252F%25252Fca.bigagnes.com%25252F%25253Fcto_pld%25253DAj0k2NieAQA7N2JT962Ltw&redirecturl=Ihttps%3A%2F%2Fcat.va.us.criteo.com%2Fdelivery%2Fck.php%3Fcppv%3D3%26cpp%3DcC6yQeqTjjAvFWehVAHAAsTYjDhWCJyDYc7U0etEqHsuO8iOZEaGw5hpjFsdg91AUKXyAl3Z4bMlbTOQ72ZLVIwT7-XbinQzi-Uqj4kWxHWsp_1nGUZa2bEvGgbMo-rjwMHkL5o-i0n-nWJ62gxm1Sgo72GfLlVd5vOYqmdTUAsG1aYBa2Ol3GF2coJRXmq2IyGYT6yygLQacJ5Bm7j_XUK1EI9Gbsi_VnbKEgejrgWCQHU8TpxWqurZoBL6P5ZK1tudLUGcI7FzkOw05aRVSjTFBLCrNyElsPGAT45J8F0FWg3hH1rzlXzyE7qp8fzVPNEevnd9SMT8FQ_QLB2aDD5u84ztUDveXEx_Pf0sFfMAhV3r_iybXnMLC7XUdY0SVUh49QjMsnA9qxBcQsy0BG-la3z1Mwlcuv4944x-vkHhv5HUosuRDY3iXJHMXn-tAGSNEln1w7OWZWNTbnOn_3cYaA4rBBN5JyLdWgHfBd6o59QE%26maxdest%3Dhttps%253A%252F%252Fca.bigagnes.com%252F%253Fcto_pld%253DAj0k2NieAQA7N2JT962Ltw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

3.67.98.34.bc.googleusercontent.com

Software

Resource Hash

bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.rd.linksynergy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

content-type: image/gif
date: Tue, 12 Mar 2024 18:45:04 GMT
via: 1.1 google
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37
x-samesite: secure

GET
H2 200 impression
app.leadsrx.com/ Frame 9E75 42 B
306 B 322ms
93ms Image
image/gif 52.36.198.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.leadsrx.com/impression?at=&rdmid=10159&rdadid=18431779&rdevent=eng&tz=420&ra=79908911

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

52.36.198.122 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-36-198-122.us-west-2.compute.amazonaws.com

Software

nginx/1.20.1 / PHP/5.6.40

Resource Hash

b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.rd.linksynergy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 18:45:04 GMT
content-encoding: none
x-content-type-options: nosniff
server: nginx/1.20.1
x-powered-by: PHP/5.6.40
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length: 42
expires: Wed, 11 Jan 2000 12:59:00 GMT

GET
H3 200 cpxads. Show response
fundingchoicesmessages.google.com/f/AGSKWxWVF8Jdz2YMH1M-mvoirCNAn2zn_EWsewM3sAdEcNbWCr7r32TvxdMqiglAMDKPPqm7NlLKCu_PIVXV4Pc39whQZ-I51yKRlJzQSXU0K4VDmoIQzUK69K2sb7aO32xDHHG1VE1TwjSv4XUi9e9FrYWq0znNW... 54 B
110 B 53ms
52ms Script
application/javascript 172.253.63.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWVF8Jdz2YMH1M-mvoirCNAn2zn_EWsewM3sAdEcNbWCr7r32TvxdMqiglAMDKPPqm7NlLKCu_PIVXV4Pc39whQZ-I51yKRlJzQSXU0K4VDmoIQzUK69K2sb7aO32xDHHG1VE1TwjSv4XUi9e9FrYWq0znNWrfSRJp4Lx_U9Vo-_VXxMop3MBmnToFB/_/loadadsmainparam./ad_skin__ad_bsb./thunder/ad./cpxads.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.s7hiGroMvxU.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMwI1hJDnoRrpPPGA0C2XADTNmznEw/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f100.1e100.net

Software

ESF /

Resource Hash

3966c47d536a43e47854c0fa11b8474f9e2863b35bacf4bcbb97560dc4207302

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-5QLQFew5fc4vXLHHaV8kQg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:04 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-5QLQFew5fc4vXLHHaV8kQg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjytHikmII0JBiOHnrNtNFID7vdIfpOhDXMjxjagViA43nTBZA_O7LSyaBry-ZJIBYC4h3-Hiw8K2bzqoCxIbrp7NGAnHM8-msKUDslD6DNQSIfepnsMYB8ckF51kvArEQD8eGo4fWswmceHH_FiMAOVEz6g"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
50 KB 112ms
112ms Script
text/javascript 142.251.163.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?fcd=true

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f155.1e100.net

Software

cafe /

Resource Hash

0d55f45be80ef49316906942ee3e53ed630d70cb1814f7bc7c08b8d1e974d9a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50762
x-xss-protection: 0
server: cafe
etag: 5605158631917189832
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Tue, 12 Mar 2024 18:45:04 GMT

POST
H3 204 AGSKWxXueDx6bYBNu-2FeCxa-tZUYpzguwSnryQPSeAHR7viq_krAjSK_FsHkJI1qn9q0QrK7O_qy-tUwAI4aP3E5Mvios3hMEN175qOGoOgKts2M1sGwJIEa1HbnjLJHw56hRjrSy-nUQ== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 130ms
56ms XHR
text/html 172.253.63.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXueDx6bYBNu-2FeCxa-tZUYpzguwSnryQPSeAHR7viq_krAjSK_FsHkJI1qn9q0QrK7O_qy-tUwAI4aP3E5Mvios3hMEN175qOGoOgKts2M1sGwJIEa1HbnjLJHw56hRjrSy-nUQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f100.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-hZCI93-GlrTr-NU5y-QVlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www11.flamingtext.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 12 Mar 2024 18:45:04 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-hZCI93-GlrTr-NU5y-QVlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktHikmLw1pBiqGV4xtQKxDt8PFic0mewhgCxEA_HhqOH1rMJvHj24z8jAPt5Dqo"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www11.flamingtext.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXueDx6bYBNu-2FeCxa-tZUYpzguwSnryQPSeAHR7viq_krAjSK_FsHkJI1qn9q0QrK7O_qy-tUwAI4aP3E5Mvios3hMEN175qOGoOgKts2M1sGwJIEa1HbnjLJHw56hRjrSy-nUQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f100.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-FiwAQoPOiTx8-4M8vxE0Yw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www11.flamingtext.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 12 Mar 2024 18:45:04 GMT
content-security-policy: script-src 'report-sample' 'nonce-FiwAQoPOiTx8-4M8vxE0Yw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktHikmJw15BiqGV4xtQKxDt8PFic0mewhgCxEA_HhqOH1rMJLPj3-x8jAPngDng"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www11.flamingtext.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame CB92 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a132f852daea9d34279b340de35a090f2d94c9249b79aa14fc0e871caf70b06c

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame CB92 0
19 B 102ms
101ms Image
text/html 172.253.62.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CQQ_FrqLwZaaJApPaoPMPk5OTSJyB77BcosqnqnTAjbcBEAEgAGD9iJSB6AOCARdjYS1wdWItNDIyMTMxMDQ3MTMwNjQ2MMgBCagDAcgDAqoE5gFP0OHEWvG1OD5B3lC-LOZYo6CYZ3JXg_YQJRd85ldChEVe4lvda2B7owJi3UI8WSZ3d3feiB-d5F-XfPiBjiiiFhvEyG2ietETzNVL8y5G7NdMchhv_D3os7EJxwPboj_LnUsaFke1IRmXWVhUVSc3XPorcR_O-t4o1jQPW_kccikkrSGmMWV60XyoWatqRiKh46RWv2IZlhyzfhVvR6mJU2divPKldzURvh0ivsqw0lG7o9FSbm1k7e_qzhqhm_GdpEQtmLZlma2p5HvlDHylFHiJkBFXmYo-vrqjqw6Gj6UPn-a7VYAGxJy7mM-mnKLZAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCIIgGEQATICigI6CYBAgMCAgICgKEi9_cE6WJngr_Kw74QDgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTQyMjEzMTA0NzEzMDY0NjAYAA&sigh=zFuMzNx5_5Y&uach_m=%5BUACH%5D&cid=CAQSLgB7FLtqeTN8UQWh64ye3II5AYGiQBi9a_T_JY_APBZWGUFHJUvEX42NC0HdHKUYAQ&cbvp=2&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20240306/r20110914/zrt_lookup_fy2021.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 12 Mar 2024 18:45:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.va.us.criteo.com/google/auction/ Frame CB92 0
126 B 107ms
33ms Image
text/plain 74.119.119.130
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.va.us.criteo.com/google/auction/notify?profile=14&payload=mJG1GdekAaAB2ATiIp0XAgAAAAPEOO7gAInnEK2i8GVHQnX_um2MqN2MAAASAAAKCkFRVUJDZ0VQQ2e6EzWCZheFpqOZDlh9OnBp&wp=ZfCirgAAhKYIaC0TAATJk4w8DT5zmYgPRWLFlg&cbvp=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.130 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:04 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 189816
server: Kestrel
content-length: 0

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXueDx6bYBNu-2FeCxa-tZUYpzguwSnryQPSeAHR7viq_krAjSK_FsHkJI1qn9q0QrK7O_qy-tUwAI4aP3E5Mvios3hMEN175qOGoOgKts2M1sGwJIEa1HbnjLJHw56hRjrSy-nUQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f100.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vu4l6_iXkVqsEJhmhj8eSA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www11.flamingtext.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 12 Mar 2024 18:45:04 GMT
content-security-policy: script-src 'report-sample' 'nonce-vu4l6_iXkVqsEJhmhj8eSA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktHikmJw0JBiqGV4xtQKxDt8PFic0mewhgCxEA_HhqOH1rMJdKzfMY8JAPWaDWg"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www11.flamingtext.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXueDx6bYBNu-2FeCxa-tZUYpzguwSnryQPSeAHR7viq_krAjSK_FsHkJI1qn9q0QrK7O_qy-tUwAI4aP3E5Mvios3hMEN175qOGoOgKts2M1sGwJIEa1HbnjLJHw56hRjrSy-nUQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f100.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-8mTmvhSAUgq2MsNUXKmj5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www11.flamingtext.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 12 Mar 2024 18:45:04 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-8mTmvhSAUgq2MsNUXKmj5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktHikmII1pBiqGV4xtQKxDt8PFic0mewhgCxEA_HhqOH1rMJHNj_ZB4TAPpIDe8"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www11.flamingtext.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxVpsWultJnR0k440_l1XkB2bUjY-T48qnxAjlFzu-WKYiTrC1jt0N5--gswW7PowVJMlVQ1P6FOoG_9fP_6pYYTynUu3E0D6LPpC0XhFGPejFo5pCrarrToaKc8hoUzBY1zcFur3A== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 63ms
63ms Script
application/javascript 172.253.63.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVpsWultJnR0k440_l1XkB2bUjY-T48qnxAjlFzu-WKYiTrC1jt0N5--gswW7PowVJMlVQ1P6FOoG_9fP_6pYYTynUu3E0D6LPpC0XhFGPejFo5pCrarrToaKc8hoUzBY1zcFur3A==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEwMjY5MTA0LDU3MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cxMS5mbGFtaW5ndGV4dC5jb20vIixudWxsLFtbOCwiczdoaUdyb012eFUiXSxbOSwiZW4tVVMiXSxbMTgsIltbWzBdXV0iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f100.1e100.net

Software

ESF /

Resource Hash

e188b6427ca109d6a60d2657b35952d25b602ae3247ed8feefe891f3cd50f0af

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-wzxDZ4aL9Kly_v64BtsqPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 18:45:04 GMT
content-security-policy: script-src 'report-sample' 'nonce-wzxDZ4aL9Kly_v64BtsqPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjStHikmII0pBiOO90h-k6ENcyPGNqBWIDjedMFkD87stLJoGvL5kkgFgLiHf4eLDwrZvOqgLEhuuns0YCcczz6awpQOyUPoM1BIh96mewxgHxyQXnWS8CsRAPx4ajh9azCWzYNXkxEwD66y4U"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 160x600.gif
ads.rd.linksynergy.com/advertisers/bigagn10159/rias/ria18431776/ Frame 9E75 174 KB
175 KB 35ms
33ms Image
image/gif 104.106.228.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.rd.linksynergy.com/advertisers/bigagn10159/rias/ria18431776/160x600.gif?ver=1710269104183
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.106.228.60 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-106-228-60.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a82d5f3bb6144c50486d0d94e202ec7ef54469762f8a044d37d4cf95adae0534

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.rd.linksynergy.com/advertisers/bigagn10159/rias/ria18431776/index.html?riaID=18431779&merchantID=10159&networkID=102&event_id=e5175633-6e71-4c03-b5fd-7f9169efe6aa&embedid=1&instanceid=1&rd_idfa=&locationurl=https%3A//amp.rd.linksynergy.com/%3Fmerchant%3Dbigagn10159%26nID%3D102%26width%3D160%26height%3D600%26strategy%3Dsimilar-audiences-criteo%26cb%3D65f0a2ae9f6d1aaf8f4512620e0671cb%26redirecturl%3DIhttps%253A%252F%252Fcat.va.us.criteo.com%252Fdelivery%252Fck.php%253Fcppv%253D3%2526cpp%253DcC6yQeqTjjAvFWehVAHAAsTYjDhWCJyDYc7U0etEqHsuO8iOZEaGw5hpjFsdg91AUKXyAl3Z4bMlbTOQ72ZLVIwT7-XbinQzi-Uqj4kWxHWsp_1nGUZa2bEvGgbMo-rjwMHkL5o-i0n-nWJ62gxm1Sgo72GfLlVd5vOYqmdTUAsG1aYBa2Ol3GF2coJRXmq2IyGYT6yygLQacJ5Bm7j_XUK1EI9Gbsi_VnbKEgejrgWCQHU8TpxWqurZoBL6P5ZK1tudLUGcI7FzkOw05aRVSjTFBLCrNyElsPGAT45J8F0FWg3hH1rzlXzyE7qp8fzVPNEevnd9SMT8FQ_QLB2aDD5u84ztUDveXEx_Pf0sFfMAhV3r_iybXnMLC7XUdY0SVUh49QjMsnA9qxBcQsy0BG-la3z1Mwlcuv4944x-vkHhv5HUosuRDY3iXJHMXn-tAGSNEln1w7OWZWNTbnOn_3cYaA4rBBN5JyLdWgHfBd6o59QE%2526maxdest%253Dhttps%25253A%25252F%25252Fca.bigagnes.com%25252F%25253Fcto_pld%25253DAj0k2NieAQA7N2JT962Ltw&redirecturl=Ihttps%3A%2F%2Fcat.va.us.criteo.com%2Fdelivery%2Fck.php%3Fcppv%3D3%26cpp%3DcC6yQeqTjjAvFWehVAHAAsTYjDhWCJyDYc7U0etEqHsuO8iOZEaGw5hpjFsdg91AUKXyAl3Z4bMlbTOQ72ZLVIwT7-XbinQzi-Uqj4kWxHWsp_1nGUZa2bEvGgbMo-rjwMHkL5o-i0n-nWJ62gxm1Sgo72GfLlVd5vOYqmdTUAsG1aYBa2Ol3GF2coJRXmq2IyGYT6yygLQacJ5Bm7j_XUK1EI9Gbsi_VnbKEgejrgWCQHU8TpxWqurZoBL6P5ZK1tudLUGcI7FzkOw05aRVSjTFBLCrNyElsPGAT45J8F0FWg3hH1rzlXzyE7qp8fzVPNEevnd9SMT8FQ_QLB2aDD5u84ztUDveXEx_Pf0sFfMAhV3r_iybXnMLC7XUdY0SVUh49QjMsnA9qxBcQsy0BG-la3z1Mwlcuv4944x-vkHhv5HUosuRDY3iXJHMXn-tAGSNEln1w7OWZWNTbnOn_3cYaA4rBBN5JyLdWgHfBd6o59QE%26maxdest%3Dhttps%253A%252F%252Fca.bigagnes.com%252F%253Fcto_pld%253DAj0k2NieAQA7N2JT962Ltw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Tue, 12 Mar 2024 18:45:04 GMT
Last-Modified: Wed, 07 Feb 2024 17:19:06 GMT
Server: AkamaiNetStorage
ETag: "59cc2ea6690726bfc5d70ca77e7fd7bd:1707326346.097255"
Content-Type: image/gif
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 178476

GET
H/1.1 200
OK ad_choices.png
ads.rd.linksynergy.com/privacy/ Frame 9E75 3 KB
3 KB 87ms
28ms Image
image/png 104.106.228.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.rd.linksynergy.com/privacy/ad_choices.png
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.106.228.60 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-106-228-60.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 042a432143a4157f9b4c6a0045609434f960176a9c0ca2401f94c549d2594a9e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.rd.linksynergy.com/advertisers/bigagn10159/rias/ria18431776/index.html?riaID=18431779&merchantID=10159&networkID=102&event_id=e5175633-6e71-4c03-b5fd-7f9169efe6aa&embedid=1&instanceid=1&rd_idfa=&locationurl=https%3A//amp.rd.linksynergy.com/%3Fmerchant%3Dbigagn10159%26nID%3D102%26width%3D160%26height%3D600%26strategy%3Dsimilar-audiences-criteo%26cb%3D65f0a2ae9f6d1aaf8f4512620e0671cb%26redirecturl%3DIhttps%253A%252F%252Fcat.va.us.criteo.com%252Fdelivery%252Fck.php%253Fcppv%253D3%2526cpp%253DcC6yQeqTjjAvFWehVAHAAsTYjDhWCJyDYc7U0etEqHsuO8iOZEaGw5hpjFsdg91AUKXyAl3Z4bMlbTOQ72ZLVIwT7-XbinQzi-Uqj4kWxHWsp_1nGUZa2bEvGgbMo-rjwMHkL5o-i0n-nWJ62gxm1Sgo72GfLlVd5vOYqmdTUAsG1aYBa2Ol3GF2coJRXmq2IyGYT6yygLQacJ5Bm7j_XUK1EI9Gbsi_VnbKEgejrgWCQHU8TpxWqurZoBL6P5ZK1tudLUGcI7FzkOw05aRVSjTFBLCrNyElsPGAT45J8F0FWg3hH1rzlXzyE7qp8fzVPNEevnd9SMT8FQ_QLB2aDD5u84ztUDveXEx_Pf0sFfMAhV3r_iybXnMLC7XUdY0SVUh49QjMsnA9qxBcQsy0BG-la3z1Mwlcuv4944x-vkHhv5HUosuRDY3iXJHMXn-tAGSNEln1w7OWZWNTbnOn_3cYaA4rBBN5JyLdWgHfBd6o59QE%2526maxdest%253Dhttps%25253A%25252F%25252Fca.bigagnes.com%25252F%25253Fcto_pld%25253DAj0k2NieAQA7N2JT962Ltw&redirecturl=Ihttps%3A%2F%2Fcat.va.us.criteo.com%2Fdelivery%2Fck.php%3Fcppv%3D3%26cpp%3DcC6yQeqTjjAvFWehVAHAAsTYjDhWCJyDYc7U0etEqHsuO8iOZEaGw5hpjFsdg91AUKXyAl3Z4bMlbTOQ72ZLVIwT7-XbinQzi-Uqj4kWxHWsp_1nGUZa2bEvGgbMo-rjwMHkL5o-i0n-nWJ62gxm1Sgo72GfLlVd5vOYqmdTUAsG1aYBa2Ol3GF2coJRXmq2IyGYT6yygLQacJ5Bm7j_XUK1EI9Gbsi_VnbKEgejrgWCQHU8TpxWqurZoBL6P5ZK1tudLUGcI7FzkOw05aRVSjTFBLCrNyElsPGAT45J8F0FWg3hH1rzlXzyE7qp8fzVPNEevnd9SMT8FQ_QLB2aDD5u84ztUDveXEx_Pf0sFfMAhV3r_iybXnMLC7XUdY0SVUh49QjMsnA9qxBcQsy0BG-la3z1Mwlcuv4944x-vkHhv5HUosuRDY3iXJHMXn-tAGSNEln1w7OWZWNTbnOn_3cYaA4rBBN5JyLdWgHfBd6o59QE%26maxdest%3Dhttps%253A%252F%252Fca.bigagnes.com%252F%253Fcto_pld%253DAj0k2NieAQA7N2JT962Ltw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Tue, 12 Mar 2024 18:45:04 GMT
Last-Modified: Wed, 18 Apr 2018 16:21:36 GMT
Server: AkamaiNetStorage
ETag: "f81a0dff141cd8d4d0d8cd4cf87f7eb9:1524155673.947612"
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2709

POST
H3 204 AGSKWxXjQqeH_WRjFsvNZqY9pp3mRwIKbW6NGTqyfxCk1lAht07eAW93muDnyNLmgOeafOHMHIF2R0rXdtPROAhwhdeG5TQ96EQK-1JmmVjcGrQYb3pPQMlXmrwooHIyktHk2cvGoPei9w== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 56ms
56ms XHR
text/html 172.253.63.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXjQqeH_WRjFsvNZqY9pp3mRwIKbW6NGTqyfxCk1lAht07eAW93muDnyNLmgOeafOHMHIF2R0rXdtPROAhwhdeG5TQ96EQK-1JmmVjcGrQYb3pPQMlXmrwooHIyktHk2cvGoPei9w==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f100.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-F55SjKzZFDsZX431uDwnmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www11.flamingtext.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 12 Mar 2024 18:45:04 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-F55SjKzZFDsZX431uDwnmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktHikmII0pBiqGV4xtQKxDt8PFic0mewhgCxEA_HhqOH1rMJNCw7sZ8JAPhsDZo"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www11.flamingtext.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXueDx6bYBNu-2FeCxa-tZUYpzguwSnryQPSeAHR7viq_krAjSK_FsHkJI1qn9q0QrK7O_qy-tUwAI4aP3E5Mvios3hMEN175qOGoOgKts2M1sGwJIEa1HbnjLJHw56hRjrSy-nUQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f100.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-uCHGVjn2R0s6C5jVyanGrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www11.flamingtext.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 12 Mar 2024 18:45:04 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-uCHGVjn2R0s6C5jVyanGrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktHikmLw0pBiqGV4xtQKxDt8PFic0mewhgCxEA_HhqOH1rMJbLi08QATAPiZDdg"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www11.flamingtext.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 103ms
103ms Image
text/html 142.251.163.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240306&jk=3571872486058928&bg=!NDelN3jNAAZsmiNCTJo7ADQBe5WfOHpEQE6jPRKPNU7YRZda2HSOC4IeInBjWgGUxEaDe3V9H8QsYkVEqVJRH_i4i1PlAgAAAR5SAAAABGgBB5kCx0Yeq8o-XEyxZa86tXf16pUBKBzG3ejFxm-k8O9J4-qik0RI6KxAHXpaXRScng8rpSzdlEd93qdNr2IbVybinJdIfKATynNRwWKb-dQlmw198Pqmcwu25l7RjaOKni5UjC_XcL1e1vsRmCSuYNy5GknbYrH_MdE_hdAnZo_R112DM-of-voEbJNSP4WY-eR2BJkRR9pd9XyTn6MBiU3DIphVE_9KCz-n80w9a7qmQGyseKkYlMp4SWnqO-QgsY7az-DEv4U7uYRINh6jE2AImQVFDKex3psMjritsKARyVNniemMl90rsGUSgYOaR8-CdDD_eGT7-4HkUiMmjr5DBZRn8b7XYJ0krFaM02I6yshXmuJN1Pamfo35RQCZHUHtptlYM8_tuVQgD8z6YFO9qoPag5GiY1tJbzLfkOsnPBa50UxebqR0viNEJ2HF0FFVNJrVd9ZzQsyy9Lda4vQintIY9yHDsCiJYd41X-LHSP-4QQKs7IZyx0BmkiSYnHXDkn2XrZH8gGGfZSsJIlFHArNlYaARgGdlyh_cakYWuREDIho-ywk-1YWSUEaDf31zf7XPdbpJi1jlnzHVXHrE4SkeR1Uykm8IAZpqgD5f2fbb5H6VpNqtota45qKJxpN0wNdaYIaUGPAu8-ru2RErRicqCXDya4UwZBNOo1wkeqBtpeihFpswXKn3AIvjWf0mJUfNav53YoH46Kn0ZoFBE5NFRIEu475GqbOUqCMsD7Ie_N9tpSwjwk0-BWXRbe9CHgfqB6msYu1cHy_jJbbyMMzJs5nxftuXYyAPiOJ3WOZgJ8galA22L0Ycjw7_LNbEw34WqFLk9IFEB-wrVD64dgL4LJE8hvIvPSBBt_Qyzg5Jqh0-ANOrbNZod9hphXlUpk4Db0MWRa8aTG_jl7k1W0HznRubZEqkLLvAtMUSPTG7DUIXkYx_KA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS: wv-in-f155.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www11.flamingtext.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6A6F 42 B
64 B 101ms
101ms Fetch
image/gif 142.251.163.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstaMuEnwl4yghB1rwrLYmjq2UdLFIFHi1rOpTFpgaTm5wlt5ILAQkIKZNCGBkA0V7KGG3kgJ3cWltx3Xu2uewLb1TTHH-LNVcPxZ9Zdb1hL2kjCccQYUctyW6ZQoU0YX2oRQFw_HZY&sig=Cg0ArKJSzFbeDcyu25omEAE&id=lidar2&mcvt=1001&p=0,0,124,1005&mtos=321,979,1001,1001,1001&tos=321,658,22,0,0&v=20240306&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1314090031&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=620190300&rst=1710269103276&rpt=595&met=mue&wmsd=0&pbe=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f155.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 18:45:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 638E 42 B
64 B 101ms
100ms Fetch
image/gif 142.251.163.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuN7PtyD_cJKLkWGb4rfajW8JtmpzNBo0nudcTnJVlJ0KSXuPo000GTXavb8Ym_nzC3Z38-59gGTyhT3CLoBQyRQ0A89JqvDLVuWK0nIpXdFUF8IxPooHS74aXZJWpMLRMoNpwE41QpPJpl9NuM2fm7cWaE2rVfgMM&sai=AMfl-YRDk6O8cV4KapwY1TNtpEP-JIiHbVcUGqEeZ7RVyhzm6F0GeIvgYdbsvFMn_6blNKDl-7Gb2wR4VHEBIMMS7ysYZ6ghFBw6lkdvN9n5BQ&sig=Cg0ArKJSzJJ-s65iGquwEAE&cid=CAQSLgB7FLtqeTN8UQWh64ye3II5AYGiQBi9a_T_JY_APBZWGUFHJUvEX42NC0HdHKUYAQ&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240306&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=1314090033&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=620190300&rst=1710269103272&rpt=341&met=mue&wmsd=0&pbe=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f155.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 18:45:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame CB92 42 B
64 B 99ms
99ms Fetch
image/gif 142.251.163.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvSHvaglHmA6iAJBGYlzfA6FGTwplJF0L3su3uM-ED000iCPk47Qn3n-PFr_a2g_llQitBAx90GCg0NxqEXRcPXYMocdGPgR0wr2zf8vGV7jjTVInkjrqR9ipIDu6YLxwm4ldx6Ag&sig=Cg0ArKJSzNs7o2WCvOuZEAE&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240306&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1314090034&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=620190300&rst=1710269103434&rpt=236&met=ie&wmsd=0&pbe=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f155.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 18:45:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.us.criteo.net/ Frame EC98 0
127 B 33ms
33ms Ping
text/plain 74.119.119.149
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.149 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.us.criteo.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 12 Mar 2024 18:45:05 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

Verdicts & Comments Add Verdict or Comment

101 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www11.flamingtext.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: E9D459B8DAF81996409A67FD4A7F6588
.flamingtext.com/	1970-01-21 04:40:29	Name: _ga Value: GA1.1.288599542.1710269102
.flamingtext.com/	1970-01-21 04:26:05	Name: __gads Value: ID=b7eab0283a9aae74:T=1710269102:RT=1710269102:S=ALNI_MaV0NHsIABSWwOAil-oksFpL1RcRA
.flamingtext.com/	1970-01-21 04:26:05	Name: __gpi Value: UID=00000dd1e00eb1dd:T=1710269102:RT=1710269102:S=ALNI_MbH0OcROua8C0BQGTq7mhbCrzThpw
.flamingtext.com/	1970-01-20 23:23:41	Name: __eoi Value: ID=92b0c7fa9496bca5:T=1710269102:RT=1710269102:S=AA-AfjaU12NhCDmC7jPYeqU1ybYN
.criteo.com/	1970-01-21 04:26:05	Name: receive-cookie-deprecation Value: 1
.doubleclick.net/	1970-01-20 19:04:32	Name: DSID Value: NO_DATA
.flamingtext.com/	1970-01-21 04:40:29	Name: _ga_5FBCKV4TZX Value: GS1.1.1710269101.1.0.1710269103.0.0.0
.linksynergy.com/	1970-01-21 03:50:05	Name: rmuid Value: b9e1115a-918e-4465-a836-23e0f4bfe5e3
.bidbrain.app/	1970-01-20 19:04:36	Name: sid_cross Value: a28e2217-e0a0-11ee-b852-5a774f1f95f5
.doubleclick.net/	1970-01-21 04:40:29	Name: IDE Value: AHWqTUnRL3zHS7vwL7JMnIHY89JQgrZEwGlmG9Hblzxr2BAerEsb5V5WBzamz7t8JHY
.bidbrain.app/	1970-01-21 04:40:29	Name: uid_cross Value: a3ab5d28-e0a0-11ee-9f53-1616c5e63475
.linksynergy.com/	1970-01-21 03:50:05	Name: icts Value: 2024-03-12T18:45:04Z
.googleadservices.com/	1970-01-20 21:14:05	Name: ar_debug Value: 1
.flamingtext.com/	1970-01-21 03:50:05	Name: FCNEC Value: %5B%5B%22AKsRol8NznV_R5JzfZnZMYauCfT9RRgw-gjP_yUVtnNwEFD6UQkIEgM7JY2Gtf4sSTdThgJc-Oq9-a8zoe0bEV2MGsbOgiHXa3mAEGXJszVrWtNhfaASpRwqDg7gUd9lwqOGKsczTr69PtXHu2LbcHZ3AjFJHwIrdA%3D%3D%22%5D%5D

38 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www11.flamingtext.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.rd.linksynergy.com
ads.us.criteo.com
amp.rd.linksynergy.com
app.leadsrx.com
cat.va.us.criteo.com
cdn.bidbrain.app
cdn1.ftimg.com
csm.us.criteo.net
fonts.googleapis.com
fundingchoicesmessages.google.com
g.bidbrain.app
googleads.g.doubleclick.net
pagead2.googlesyndication.com
rtb.va.us.criteo.com
static.criteo.net
stats.mediaforge.com
tpc.googlesyndication.com
ut.rd.linksynergy.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.stat-bot.com
www11.flamingtext.com
104.106.228.60
104.106.228.62
142.250.31.132
142.251.163.113
142.251.163.155
172.253.115.106
172.253.115.155
172.253.115.94
172.253.122.95
172.253.122.97
172.253.62.157
172.253.63.100
172.67.176.164
192.95.16.211
34.98.67.3
35.244.154.98
51.79.78.58
51.79.78.60
52.36.198.122
74.119.119.130
74.119.119.131
74.119.119.147
74.119.119.149
74.119.119.65
02f1dcc0c722e24cba9be4b720831a79489e766d5edf8b77f582e0869312d86e
042a432143a4157f9b4c6a0045609434f960176a9c0ca2401f94c549d2594a9e
08b061a785f7a0e5112a24e036f77bef47f636d006f6fd2375103586272bce07
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0996ae2f74710ecce969ea4d80bfdb6de3758c31164d63fe0089f46906272178
0d55f45be80ef49316906942ee3e53ed630d70cb1814f7bc7c08b8d1e974d9a7
0e6b7a83ba50327229bb51d27eced3677583324277af4daf0faac5ede0f3ba38
0eab89626c29dc39d097468842ea2d4f5ac50d41f05b11cc2e0c0a07cb6e0784
11b9eed4e07de1f1d1513721c6e059961b0f1e3632060de47b358c0dfcb8f48b
13a8c01115939dfddf9d88d8d1b36a273be37eaabe97ddbfaf5b5b5ca526cb76
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
19e77354794bd1f31702c10187be8847a1fd21d1c5d737978014d46a7c4d926a
1e15652f7730d5f02ec1fa1966f606cd3fbe58f68f04824b163b221e5c6fb0e0
216baec686404581d713f214e2cfc6af208902aefe12c6e4392acae9d976176a
2726ede0ff6fd3948d0be7cd64aa8a54e9c9ee11fa5613fdfb01425f531c11cf
27b1f27b3824b186778cf4a0f89b45f0d13d0e25ae517593488bd77736269fbe
27db632b0da0b6aa278c88a4b43b6684d594a35fc5030be30b4c4f18e8eb5e49
286b01d06beea7489c93aad6cfcd4612534fb7ed68e048bcf0198d33e8d6e666
290a85bbe9b93969026caebfe4362455f1886a8ff3bd4075c4c2e7269e342085
296014911d97ff7dfdea28ae20e549275b38bfdfc10971dff75d7afff300188c
2ed959c2ae6340b60d713acc77bfee9edcdd74ae67b2114d7258797a896fcdd0
30dcc7cff8a25f469a04590c5c8d4a605982f1068d0e7b6f66ad922b696a97cc
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
32993a86c58685503a2a375f9ed0ec5813961836562a3b5656fd9eb149a27d4a
32b016b3e71d298f13e20d078ccafda5b014fa721094bacb96b13461d5794891
3966c47d536a43e47854c0fa11b8474f9e2863b35bacf4bcbb97560dc4207302
3b6f4a0e63480e7a6fbf2146014b4655d2d16eb59e166be44be6e00745ec9120
3bc4f52a6d3c3a14b9fd3cf9f2329e6a3ac5ca7a7e2327c9949c0abf5dbaf127
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
4384b9440b34878eeb174651d391df9cebeb73f78ce4bb287f232a32be1802e8
446564a050b32490e046ed4afcd2dab5b9461675452d2bfb770b2696ebc7ecf8
467aa468d28aba0af9fb332ce45759162bad869d3020fff1718566a2fd271460
4968d866996b655accf6340f7e1bd3589a2b9d50704d85efef9ddc8c7a030dbe
4c4249a73ff3376fb2fcfa4a23f831fdd9693b4e173c3a204e9391bba2044cbf
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
51f7be79b6aa90326c33cda00232898a336614ce29af767a9e0c4ca458fd914f
535487d55c5cbf22bf933588a42e38efdc60bcbd42591420ed217db20cf423c6
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5a1433553dad10b1617e945447ce8d2a7a4ce6542ad50fdb8b563f85560cbc3e
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5e41292cfdffaefe58cf2505f21aea4bc8f27554aaf501d944162b79828a1bc0
5efd17aa9600929f5517878dd267b6fdfeca37478d6987b5d75caec4f1e4b1a8
5ff488ba8a49d41b55898ce4c5c03f2a499bc443cbcfc668bc0f067d0ae0964f
6054de65a95ab7ff9e4694d752efe65e51628e9a9dd569854fbd745e5267f27e
60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61c412fbdbbf1417355373a80125c8cf7e5cbaab4218bae0316fe6ef917bf798
6afee967915e87f217a98c38c9d5ed411a339eac603c3f25364fea36cff27b9a
70e4ae02120c7222400ea550d5132ce971e4c4dbe148babaea081ce29462cb10
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
7328ee594cbea402d9a28c3e368d39dc2db9697f74269a3d7091604a05b1903b
7cae477577017a2d3421b5f46fd37bb72b444f868415690d5b46959f55b1977e
7f8aad72bf918fdb847cdbe93cba5efe73deeee65da47526dfe9fa8daa2e0529
827682e74a2a691014970536e1b59cf775cad0d859c274c34823a41fa717b521
856d7879bb8227525df4d7f3c85c9b04d3955a50b13593506c4b789530356dd0
877f3458e77fc43e1a3a7df7027fd56d8bad92b5d6af101a0611bc8bb086e474
8952e62b7efc6563ac4d4afe8e09b57cad8b498c34b6f838b2fe3495b7fa26f5
8a33861cdc370b2db8442132658b06069640881bc90f369feca9b30c77e5f460
8ad5f1dc06e90eea91c3839cf0b767b877f89d92eed940ac50b7c1eb05982050
8e2720cdb2e550cdbe8ed34d35fbdd7dc3ff2c26ced7aec9da45086372f53475
8e4ce57af93d161942ceb5bc6adcd5fd143221deca893662553351f3ee65dab0
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
95addd6fff7b596167e41e20c09111986802c21b93ac5151a8896130f1fe7e8e
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a132f852daea9d34279b340de35a090f2d94c9249b79aa14fc0e871caf70b06c
a3fbfaaaf3aec57fa6d72ae53ce2461ed0422a3700f4222bae6cbd29c0b7e7a3
a4c3d85794c09ed63164a3382c662d6c79e3c2c5d4b94a6c6d3d1641937c96c8
a6ee58f60c407b083623fdc4586ae66d10f4586920a825a74e26762bc262eefd
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a82d5f3bb6144c50486d0d94e202ec7ef54469762f8a044d37d4cf95adae0534
a93648a598766273e060586f1e2870fb3211c0a08aa339dfaf8eadaf08e62ea7
aabf8e8f982e15496b1c59cdc2ad6af856f08de984ead3590e6b3c9eeeef35c4
b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d
b5675b0d1ee88db374b1e60e301fda9f0c1d3585f47173468827115fc4e529c2
b870e08dcc746ba5ef4e67885fa236889e4f5d55544a6c330d88da5bcf566157
bae7e47479178022d4e173349259e1c6a043c28c62822f854d514e4bd878828c
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bcc8793b8528c17c0190221b2ec11f7f3469949294b33e562da16ab73b1f142e
bec1be2285dbcd0eb971eb84660c6456671dee45d24a3b20a096a223e5432932
c688065c6ef7f1e49a502cd45a75356e65027402d3345176a310faa1ce61bba6
cc8afe0d403bf908ed115f82d393f5e5eb73aba7c38fc5616a2793ec952b2011
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
dac7016b9e04b66c8d0cbb94a80d9b01cd07bf4470d675fb0cb5f01bb7cedd1b
df1bf0ce0d36cdb7dcd394de0e38e2993dcd85b71badc7652e815552fb71be41
df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0
e13c646462e85d9e0889eaa32249d88460b022d6228c4504ac9613927d868290
e188b6427ca109d6a60d2657b35952d25b602ae3247ed8feefe891f3cd50f0af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5638d0153c030ef29c8fe2cf02e0dca81c946061f428632c329161cf363b619
e5e29715b0882736712a09f06d2c8ce152817cb90ab15b9e09cdc0e084921bae
eac1a53a2ad963420ba9448d9e33be2a8157d75e312bba1f0347f07b9e32c4c2
ed63ca4b22f33f50f5d71341ee513e6b472bfadba34bfc230b9416496f417af4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

www11.flamingtext.com Open in urlscan Pro 51.79.78.58 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

133 Requests

99 %HTTPS

0 %IPv6

17 Domains

25 Subdomains

25 IPs

2 Countries

1952 kBTransfer

4569 kBSize

15 Cookies

21 Outgoing links

Page URL History

Redirected requests

133 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www11.flamingtext.com Open in urlscan Pro
51.79.78.58 Public Scan

Screenshot
Live screenshot

Full Image

133
Requests

99 %
HTTPS

0 %
IPv6

17
Domains

25
Subdomains

25
IPs

2
Countries

1952 kB
Transfer

4569 kB
Size

15
Cookies

133 HTTP transactions
3 data transactions